USB dongle

Got a hardware problem? ask for help

USB dongle

Postby alaa » August 14th, 2017, 6:05 am

hi
I want to use the FT232rl chip as a usb dongle based on the unique serial number.
but I found that every body can change this serial number using the FT_Prog tool, so he can copy my SN to a new chip and break the security of my software, are there any solution to this problem?

thanks
alaa
 
Posts: 3
Joined: August 14th, 2017, 5:24 am

Re: USB dongle

Postby bandersnatch » August 15th, 2017, 1:28 am

Hi,

Ah... the good old "hardware copy" problem... ;^)

One commonly used solution is to use a PIC
(or other one-time programmable microcontroller with access protection fuses)
to implement a private key/public key hard encryption algorithm (serpent, blowfish, twofish etc.)
using a private key embedded in the PIC.
This allows the dongle to verify a public key that you send to it
or generate the public key for a randomly chosen data stream.
Embedding a different private key in each dongle will make each dongle truly unique
and very difficult to copy.

Once you blow the HW "read" protection fuses in the PIC it becomes extremely difficult
to reproduce the internal PIC programming.

The usual approaches:
- State machine analysis
- Chip etching and circuit analysis via microscope
are still possible but are difficult and time consuming.

A fundamental problem with this approach in general is that the software using the dongle
must be equally well protected or the dongle is useless regardless of how secure it may be.


STFB
bandersnatch
 
Posts: 150
Joined: September 17th, 2014, 12:06 pm

Re: USB dongle

Postby alaa » August 16th, 2017, 1:12 am

Thank you for this idea.

but I want to build as cheap as possible dongle, using just the ft232rl,
where if you read the data sheet of this chip they mentioned that it has a unique SN and Chip ID.

but using the FT_Prog tool you can change or copy the SN and ID.

my question is: are there any way to prevent repeating this SN and ID.

thanks
alaa
 
Posts: 3
Joined: August 14th, 2017, 5:24 am

Re: USB dongle

Postby bandersnatch » August 16th, 2017, 1:36 am

OK,

Take a look at:

http://www.ftdichip.com/Support/Documen ... _Usage.pdf
http://www.ftdichip.com/Support/Documen ... ChipID.pdf

Page 2 of AN232R-02_FT232RChipID.pdf states:

"The FTDIChip-ID™ is readable over USB, but cannot be altered by the end user."

Not sure what they actually mean by "end user" but they then state that the
device thus offers "a high level of security."
I would guess that this means that the purchaser of these chips cannot change the serial number.

As usual, the best solution is "suck it and see". Buy a chip & try reprogramming it yourself.

Despite this, my previous comments still apply.
If the dongle does not implement encryption then a hacker only needs to
monitor the USB traffic to catch the data stream with the serial number provided
by the dongle. The hacker can then simply implement another USB device that
delivers the same data stream or (even easier) create a virtual USB device
that pretends to be your dongle.

Without encryption, a dongle is trivial to overcome and provides very little protection.

Good luck with your project, whatever you decide...

STFB
bandersnatch
 
Posts: 150
Joined: September 17th, 2014, 12:06 pm

Re: USB dongle

Postby alaa » August 16th, 2017, 4:42 am

Thanks at all

ok I think the best way as you mentioned is to use a microcontroller with the FT device.

because also the FTDIChip-ID can be altered using the FT-Prog tool, so any expert engineer can change the ID to your standard ID.
also even he can use a non-standard ID by modifying the INF files .

best reguards .

Alaa
alaa
 
Posts: 3
Joined: August 14th, 2017, 5:24 am


Return to Help me! Hardware

Who is online

Users browsing this forum: No registered users and 4 guests