Decompile Pascal Binaries - some advice please

[avra]

If you are really concerned about protecting your intelectual property then you can combine your PC based software with some external custom made micro controller (MCU like AVR, PIC, 8051...) based hardware key

Also known as a dongle (for example http://www.microcosm.com/dinkey_pro_models.php).

No. Dongles are usually not hard for cracking, since they usually provide some ID that gets linked to features bought by a customer with some internal vendor application, which then generates an unlock key you enter in application. This is bad approach since once cracker has some valid hardware key (although possible to crack with no key at all but much harder), cracker can step through code and see code branches and what gets executed. Then cracker just has to change few jumps with a HEX patch and that's it. It works with numerous dongle protected applications, but why I call it bad? Because all you need to have a full running application already exists in executable. It is much better if you have some important function executed inside the smart hardware key. Then a result of that function cracker would need to replicate on a PC without hardware key, and to do that, a cracker would need to have knowledge of electronics, specific MCU, it's architecture, disassembly, and to have proper tools to read code from it, just to analyze it and be able to replicate it in PC. How much crackers do you think are capable of that? What ever the number is, it is thousands of times less then with usual simple off the shelf commercial dongle approach.

[Marc]

A dongle is not just a key. The ones we use have several cryptographic functions and 4k of flash
The result of these functions + data is used for further signing of our data. A hacker cannot predict what values the dongle will generate on a given input.

[eny]

How much crackers do you think are capable of that?

How many software developers are capable of developing such a HW solution  

[avra]

A dongle is not just a key. The ones we use have several cryptographic functions and 4k of flash
The result of these functions + data is used for further signing of our data. A hacker cannot predict what values the dongle will generate on a given input.

If you are talking about Aladdin HASP then I must tell you that there exists a good software emulator for it.

[avra]

How much crackers do you think are capable of that?

How many software developers are capable of developing such a HW solution  

Beside my self I personally know 3, and maybe 10-15 globally. There must be more, of course.

[eny]

Beside my self I personally know 3, and maybe 10-15 globally. There must be more, of course.

Well, I'm one of them, be it that I prefer PIC's 
Nevertheless this does not look like a feasible solution for TS.

[avra]

Nevertheless this does not look like a feasible solution for TS.

I am sorry, I could not figure out what TS is...
http://www.acronymfinder.com/TS.html

[DirkS]

Nevertheless this does not look like a feasible solution for TS.

I am sorry, I could not figure out what TS is...
http://www.acronymfinder.com/TS.html

Topic Starter?

[marcov]

If you are really concerned about protecting your intelectual property then you can combine your PC based software with some external custom made micro controller (MCU like AVR, PIC, 8051...) based hardware key

Also known as a dongle (for example http://www.microcosm.com/dinkey_pro_models.php).

No. Dongles are usually not hard for cracking, since they usually provide some ID that gets linked to features bought by a customer with some internal vendor application, which then generates an unlock key you enter in application. This is bad approach since once cracker has some valid hardware key (although possible to crack with no key at all but much harder), cracker can step through code and see code branches and what gets executed. Then cracker just has  

The usb dinkey dongle is based on a Microchip PIC. So it is actually exactly what you propose. It also features a customer configurable algorithm, several key values, and multiple ways of protection (base encyption of the algorithm, and checks from within the code). There is also flash available (though not as much, iirc 64-128bytes), which is usually used as a settings for what features to unlock. Applications are also tied to specific applications, so that multiple programs from the same vendor don't necessarily work with the same dongle

[avra]

The usb dinkey dongle is based on a Microchip PIC. So it is actually exactly what you propose.

I don't think so. While I propose executing important part of custom code in the dongle it self, dinkey dongles seam to depend on just executing encrypt/decrypt public/private key vendor fixed algorithms in the dongle. If cracker has single original dongle, then he will attack memory after decryption and then try to recreate executable. This is possible since executable holds 100% of application functionality, with just some parts encrypted. It is much better to have critical function(s) executed inside of dongle it self. That will make cracker's job much harder.

[Thaddy]

Forensics mostly involve highly automated cracking.
Foremost are 1) the dictionary attacks (closely related to social science and human behavior) 2) second only are brute force attacks. If you must know, 1) has over 90% success rate in the case of a single password. 2) is only done when it is warranted. It's not all mathematics....in practice...
In the case of program flow it is usually fully automated.