Protection Techniques

There are two ways of protection based on dongles. These are: automatic protection and protection based on the API functions. In the first case executable software module is protected, while in the second case protection functions are embedded in the software source code.

Software-and-hardware protection allows a noticeable freedom of action. Even the automatic protection allows you to choose from the available options and thereby set the properties of the protected program. While using API functions you can implement any protection model, even a most sophisticated one. Thus, there is no universal or detailed scheme of building protection. However, there are numerous ways to add strength to protection (only some of them are described below).

Combining Automatic Protection with API-Based Protection
As you know, each of these types of protection has certain limitations. However, they complement each other and together form a formidable barrier even for a most experienced hacker. In this case automatic protection presents a kind of a shell, the external barrier of protection, while the API-based protection acts as the core of the system.

Therefore, it is recommended to first embed the API calls in the application source code, and then apply automatic protection for the executable file.

API-Based Protection
Several functions are recommended to be used during API-based protection. Their calls should be distributed throughout the aplication code, and function variables should be mixed with the application variables. In this way, the API-based protection becomes deeply embedded inside the application.

It is manadatory that data conversion algorithms be used. Information encoding makes removal of API functions pointless since in this case data decoding will become impossible.

An effective means of making the protection logic more sophisticated is to delay the application response to the return code of API functions. In this case the application decides upon its further running some time after it has received the return codes. This causes the hacker to trace complicated cause-effect relationships and investigate too large code sections through a debugger.

Automatic Protection
During automatic protection it is advisable to activate the options of protection against debuggers and disassemblers, as well as options of encoding and of checking dongles against time. Also, protection against viruses is useful. In this case, the CRC of the code segments is checked, and therefore the file obtains protection against modification.

Updating the Protection System
After you have implemented the protection system, you should always remember about the timely updating of your software required for working with the dongles. Every new released version ensures elimination of certain errors, provides patches and advanced protection capabilities. It is also neccessary to continously follow the situation in the protection systems market, and, if required, timely replace the protection system with a more advanced and a reliable one.