Manualshelf

User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB SMART KEY
41424344454647484950
46
Example
Let's suppose that you have identified three important points of the execution, where you wish to control presence of
SmartKey: start of program, the saving function and the print function. Moreover, you want control to be performed on
a monthly basis, to obtain 12 different time inputs. Lastly, you want 100 different random controls.
Therefore, this table is necessary: 3 x 12 x 100 = 3600 couples.
10.1.3 Hiding Label and Password
The Label and Password strings should not be stored as a simple text in your program. Otherwise, a simple analysis of
the resulting binaries could reveal these information items.
The following could be a good approach: generate a random string and calculate the XOR of the original information
and its random value. This original information cold be re-built during execution using another XOR with the original
random string and the previous result.
These information items can be stored in many points of your program and can be compared during its execution.
Example
With these pre-calculation steps:
LABEL = “SMARTKEY”
RANDOM = “01234567”
CRYPT = LABEL XOR RANDOM
You can do the following in your source:
CRYPT = “????????” (previously computed)
RANDOM = “01234567”
LABEL = CRYPT XOR RANDOM
SmartKeyCheckWithLabel(LABEL)
10.1.4 Use the .OBJ version of the drivers
If available, it is always better to prefer the .OBJ version of the driver instead of the DLL version.
The .DLL driver exposes a simple, known inputting point. With this input point, monitoring and filtering all driver calls
executed by your program becomes a simple matter.
That is why it is very important to use the Scrambling operation correctly to check if a real token is present.
10.1.5 CheckSum of your Executable files and of the DLLs
The CRC/CheckSum of your program and the DLLs can be calculated and controlled. This is a very important phase if
you wish to use one of SmartKey's .DLL drivers. In this way, you will be certain that your program is using the original
DLL and not a false version.
You should avoid using a too well known CRC algorithm. For example, the CRC32 of a file can be modified with an
arbitrary value, changing only 3/4 of the file's bytes. A 'home-made' algorithm or a strong HASH encrypting function
such as MD5 is certainly better.
10.1.6 Do not stop execution immediately if the dongle is not found
If SmartKey's behavior is negative, correct behavior is not to stop program execution suddenly, but to delay its end on
another region of your code. This will avoid exposing the dongle control point.
Example
This example uses the KeyPresent variable to store the result of the SmartKey control. Important: the variable is
accessible only when dongle presence is detected. This partly prevents use of the debugging option that is able to
control any access to a variable.
variable KeyPresent = False;
DoSomething();
if (SmartKeyPresent())
KeyPresent = True;
DoSomethingOther();
If (KeyPresent == False)