[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PC MSDOS hardware key proposal
Frgiv me if i am a bit off theme, but it just seemed as a good idea.
As I am going to have some off-time tonight I might forget that and on
the other hand maybe someone can use it in protecting his/her
intellectual property and this would certainly be linked with our topic.
The idea came to me after seeing some incredibly small piece of code
doing some unbelievable damage. Like 3 kbytes of com making hardware key
useless. I started to play with idea of having something more reasonable
for PC SW developers. For start it is not possible to use any type of key
checking, because dos is open system and allows everyone to intercept and
disable it. The lock must be a part of program itself. Also one must
concider the dataflow and power consumption, meaning you cannot have
second floating point unit in printer/serial port.You cnt put it
into slot , cause it should be reasonably cheap. My idea for such device
is the following:
Have the HW unit calculate the If-then-else conditions in program flow.
it is not reasonable to do it everywhere, but just in some places(
depends on the money/time one used to devolop product and similar
relation of expected hacking )
. For that purposes you could collect all results into flags and
present them to this Hw unit. It calculates the condition as boolean
function of input variables. If you want more entropy you could involve
state machine in this unit. Also some delay, what would be built into (
one cannot just send data through printer port with 32 Mbytes /sec.)
although for user it would be unnoticed , but using brute force and 32 bits
of data this would make our friendly hacker quite old. Another alternative
is to understand the dataflow in program but from binary to get the idea...
no , this is a bad idea. so - just when it comes to ITE you present
printer port with 3-4 bytes calling some procedure what reads flags from
global variables and returns carry - to go or to stay.
that's it. An attack might also concider just listening the device and writing
down the values but you would have to go through all checkpoints using all
possible flag values and that would take some and also involve
understanding of program dataflow.
One good point using that system is that it would possibly not always
crash- it would just for starters give you wrong answers.
JP from Estonia.