Software common hacks

Software Common Hacks and Counterattacks
A Guide to Protecting Software Products against the Top 7 Piracy Threats

OVERVIEW
In order to ensure they are properly paid for use of their application, Independent Software Vendors (ISV) must implement some type of software protection. The goal of any software protection solution is to restrict the use of software to abide by some specific licenseconditions. This can be done via hardware tokens (also known as dongles), software-only licenses, or homegrown code. External hardware-based solutions provide the highest level of security currently available. Unfortunately, hackers are a persistent nuisance that cost software vendors worldwide billions of dollars in lost revenue. It is important to be sure that the hardware-based solution youselect, as well as your implementation, seal off common hacker entry points. This white paper examines a variety of the most common hacking techniques, and the best counterattacks available for protecting your application from piracy.

GENERIC VS. SPECIFIC HACKS
Hacks on software protection dongles come in two forms: generic and specific. A generic hack means that the dongle itself is compromised.No amount of implementation improvement can counter a generic hack. All applications protected by the hacked dongle type are threatened. Specific hacks break only one specific dongle implementation for one particular software application. They do not pose a risk for other software vendors using the same dongle.

SECURE TUNNELING
Software protection tokens are integrated into applications usinga software toolkit. In order for the software to function, the token must be attached to the user’s computer or network. The protected application checks for the presence of the key during runtime to ensure that the software usage is authorized and the parameters of the license agreement are enforced. In defending against attack, we must defend the communication between the token and the softwareapplication, as this is typically the greatest point of potential vulnerability. In order to secure this communication, some hardware tokens use encryption algorithms to create a secure, hack-proof end to end tunnel. In order to create a secure communication tunnel between the hardware token and the application, they must first exchange encryption keys. The key exchange process begins when theapplication generates a random AES (Advanced Encryption Standard) key. Generation of a new random key for every communication session greatly increases security. It is particularly important not to use a static key because that creates an increased vulnerability to attack. The application then wraps the AES key using a public ECC (Elliptic Curve Cryptography) key. Next, the driver transfers thewrapped AES key to the token. The token, upon receipt, unwraps the AES key using its private ECC key and the key exchange process is complete. Storing the private ECC key in the token, rather than the application, also greatly increases security. Hacking a software application is relatively easier than hacking the token because it runs on a well understood hardware/OS platform for which plenty ofthird party tools exist to assist in debugging and reverse engineering programs. The same is not true for the firmware that runs inside the token. Therefore debugging the token firmware to find the keys is not an easy undertaking for anyone other than the token manufacturer.

All communications between the driver and the dongle are now protected using the encryption key that has been exchanged. Thekey exchange process is a form of public key cryptography and results in the creation of a session based symmetric keys that protect the communication. The token and application communicate through a secure tunnel by encrypting and decrypting all communication using the AES key. For each subsequent communication session, a new AES key will be used. The AES algorithm was adopted by National...