Introduction.

Educational questions (main part):

1. General information about electronic keys.

2. Diode keys.

3. Transistor keys

Conclusion

Literature:

L.15 Bystrov Yu.A., Mironenko I.V. Electronic circuits and devices, -M: Higher school. 1989 - 287s. With. 138-152,

L.19 Brammer Yu.A., Pashchuk A.V. Pulse and digital devices. - M.: Higher school, 1999, 351 p. With. 68-81

L21. F. Opadchy, O.P. Gludkin, A.I. Gurov "Analog and digital electronics", M. - Hot line - Telecom, 2000 p. 370-414

Educational and material support:

Lecture text Introduction

It is known that to ensure the operation of pulsed devices and obtain pulsed oscillations, it is necessary to switch a nonlinear element (close, open).

Such a mode of operation of a non-linear element is called a key, and the device, which includes this non-linear element, is called an electronic key.

1. General information about electronic keys.

Electronic key called a device that, under the influence of control signals, switches electrical circuits contactless way.

Assignment of electronic keys.

The definition itself contains the purpose of “Turning on - off”, “Closing - opening” of passive and active elements, power supplies, etc.

Classification of electronic keys.

Electronic keys are classified according to the following main features:

By type of switching element:

• transistor;

  trinistor, dinistor;

  electrovacuum;

  gas-filled (thyratron, tigatron);

  optocouplers.

According to the method of switching on the switching element in relation to the load.

serial keys;

Rice. one

parallel keys.

Rice. 2

By way of management.

with an external control signal (external in relation to the switched signal);

without an external control signal (the switched signal itself is the control signal).

By the type of the switched signal.

voltage keys;

current keys.

By the nature of the input and output voltage drops.

repeating;

Rice. 3

inverting.

Rice. four

By the state of the electronic key in the open position.

saturated (electronic key is open until saturation);

unsaturated (electronic key is in open mode).

By the number of inputs.

single input;

Rice. 5

multi-input.

Rice. 6

Device of electronic keys.

The electronic key usually includes the following main elements:

directly non-linear element (switching element);

The principle of operation of the electronic key.

Rice. 7

Let's consider the principle of operation using the example of an ideal key.

On the image:

1. U in - voltage, work manager key;

   R is the resistance in the power circuit;

   E - supply voltage (switched voltage).

In the on state (the SA key is closed), the output voltage U out =0 (the resistance R of a closed ideal key is equal to zero).

In the off state (the key SA is open), the voltage at the output U o = E (the resistance R of an open ideal key is equal to infinity).

Such an ideal switch produces a complete opening and closing of the circuit, so that the voltage drop at the output is equal to E.

However, the real electronic key far from ideal.

Rice. eight

It has a finite resistance in the closed state -R on deputy, and in the open state - R off at once. Those. R on lock >0, R off at once<. Следовательно, в замкнутом состоянии U вых =U ост >0 (the rest of the voltage drops on the key).

In the open state U out

Thus, for the electronic key to work, it is necessary to fulfill the condition R off at once >> R incl. deputy .

Main characteristics of electronic keys.

transfer characteristic.

This is the dependence of the output voltage U out on the input U in: U out \u003d f (U in).

If there is no external control signal, then U o =f(E).

Such characteristics show how close the electronic key is to the ideal one.

The speed of the electronic key - the switching time of the electronic key.

Open resistance R off at once and closed resistance R on vice.

Residual voltage U rest.

Threshold voltage, i.e. voltage when the resistance of the electronic key changes dramatically.

Sensitivity - the minimum signal drop, which results in uninterrupted switching of the electronic key.

Noise immunity - the sensitivity of the electronic key to the effects of interference pulses.

Voltage drop on the electronic key in the open state.

Leakage current in closed state.

Application of electronic keys.

Electronic keys are used:

In the simplest schemes of pulse formation.

To build the main types of logic elements and basic pulse devices.

Thus, electronic keys are devices that carry out switching in a non-contact way.

General information. Electronic key is a device that can be in one of two stable states: closed or open. The transition from one state to another in an ideal electronic key occurs abruptly under the influence of a control voltage or current.

In modern electronic technology, transistor switches are most widely used.

Keys on bipolar transistors. The simplest transistor switch circuit (Fig. 5.2, a) is similar to the transistor amplifier circuit, but it differs in the transistor operation mode. When operating in the key mode, the operating point of the transistor can only be in two positions: in cutoff areas(transistor closed) and in saturation regions(transistor open and saturated). Such keys are called rich transistor keys. Sometimes switches are used in which the operating point with the transistor open is in the active region (usually near the saturation region, but does not reach it). Such keys are called unsaturated. Transistor saturated switches are more commonly used, since in their “On” state the output voltage has a lower level and is more stable.

Rice. 5.2. Transistor switch circuits (a) and characteristics (b) illustrating the mode changes when the key switches from the closed state (point A) to the open state (point B)

To ensure the cut-off mode, a negative voltage must be applied to the key input
(or positive for a p-n-p transistor).

For reliable locking of the transistor, the absolute value of the negative voltage
must be at least some value of the threshold voltage
, and the condition for ensuring the cutoff mode has the form

To switch the transistor to saturation mode, it is necessary to apply such a positive voltage to the input of the key , at which a current is created in the base circuit

where
- base current at the border between the active mode and the saturation mode (point B in Fig. 5.2, b).

Collector current in saturation mode

.

In saturation mode, the collector voltage
remains positive with respect to the emitter, but has a very small value (tenths of a volt for germanium transistors and 1 ... 1.5 V for silicon ones). Therefore, the voltage on the collector EAF turns out to be negative:

and it turns on in the forward direction.

The performance of the electronic key depends on the on and off time.

The turn-on time is determined by the delay time due to the inertia of the diffusion motion of minority charge carriers in the base of the BT, and the front formation time (settling time) of the output voltage. The turn-off time is the sum of the time of resorption of the minor charge carriers accumulated in the base and the time of formation of the cutoff of the output voltage.

The increase in the speed of the transistor switch is facilitated by the use of high-frequency transistors, an increase in the unlocking and reverse base currents, as well as a decrease in the base current in saturation mode.

To reduce the base current in saturation mode, unsaturated switches are used, in which a Schottky diode is connected between the base and the collector (Fig. 5.3). The Schottky diode has a trigger voltage of 0.1 ... 0.2 V less than the saturation voltage of the collector junction, so it opens before saturation occurs, and part of the base current passes through the open diode into the collector circuit of the transistor, thereby preventing accumulation in charge base of minority carriers. Unsaturated switches with a Schottky diode are widely used in ICs. This is due to the fact that the manufacture of Schottky diodes based on a transistor structure using integrated technology does not require any additional operations and does not increase the area of ​​the crystal occupied by the switch elements.

Rice. 5.3. Scheme of a key with a Schottky diode

Keys on MIS transistors. In the keys on field-effect transistors (Fig. 5.4) there is no such drawback as the accumulation and resorption of minority carriers, therefore the switching time is determined by the charging and recharging of the interelectrode capacitances. The role of the resistor can perform field effect transistors. This greatly facilitates the production technology of integrated switches based on field-effect transistors.

Rice. 5.4. Schemes of electronic keys on a FET with a p-n-gate (a) and MIS-type (b).

In keys on MIS transistors with an induced channel (Fig. 5.5), the role of the resistor transistors VT1 perform, and the role of the active element is transistors VT2. VT2 transistors have a p-type channel, and VT1 transistors have an n-type channel (Fig. 5.5, a) or n-type (Fig. 5.5, b). Their transfer characteristics are shown in fig. 5.6, a and 5.6, b respectively. Voltage graphs explaining the operation of the keys are shown in fig. 5.7.

Rice. 5.5. Schemes of electronic switches based on MIS transistors with induced channels of the same (a) and opposite (b) types of electrical conductivity

Rice. 5.6. Transfer characteristics of MIS transistors with induced channels of various types of electrical conductivity

Rice. 5.7. Graphs of changes in the input (a) and output (b) voltages of electronic switches on MIS transistors

When a positive voltage is applied to the input transistors VT2, having a p-type channel, are closed. Transistor VT1 of the first key (Fig. 5.5, a) is open due to the negative bias voltage applied to its gate
. Transistor VT1 of the second key, which has an n-type channel (Fig. 5.5, b), also turns out to be open, since its gate is connected to the input, which has a positive voltage
. The resistance of open transistors VT1 is small compared to the resistance of closed transistors VT2, and
.

When a negative voltage is received at the input of the keys
transistors VT2 open, and transistors VT1 close. Almost all stress drops on the high resistance of the transistor VT1 channel, and
.

5.4. Basic logic elements on bipolar structures. Depending on the components that are used in the construction of the LE, and the method of connecting the components within one LE, the following types of LE, or types of logics, are distinguished:

diode-transistor logic (DTL);

transistor-transistor logic (TTL);

emitter-coupled logic (ECL);

injection-integrated logic (I 2 L, IIL);

logical elements on MOS-transistors (KMDP).

There are other types of LE. Some of them are obsolete and are not currently used, while others are under development.

Logic elements TTL. Transistor-transistor called such logical elements, in the input circuit of which a multi-emitter transistor (MET) is used. According to the principle of construction and operation, TTL circuits are close to DTL circuits. The emitter junctions of the MET act as input diodes, and the collector junction acts as a biasing diode. TTL elements are more compact than DTL elements, which increases the degree of integration of TTL chips. Integrated circuits based on TTL compared to DTL microcircuits have higher speed, noise immunity and reliability, greater load capacity and lower power consumption.

On fig. 5.8, a shows a 3I - NE LE TTL circuit with a simple inverter. If voltages are applied to all MET inputs
corresponding to level 1, then all the emitter junctions of МЭТВТ1 are reverse-biased, and the collector junctions are forward-biased. The MET collector current flows through the base of the transistor VT2, which opens and goes into saturation mode. A low level voltage is set at the output of the LE
.

If at least one MET input is energized
corresponding to level 0, then the corresponding MET emitter junction is shifted in the forward direction. The emitter current of this transition flows through the resistor R1, as a result of which the collector current of the MET decreases and the transistor VT2 closes. Voltage is set at the LE output high level
.

To increase the speed of the LE, a nonlinear feedback is introduced into it, carried out using a Schottky diode (diode VD in Fig. 5.10, a). A Schottky diode VD with an integrated transistor VT2 makes up a single structure, which is sometimes called a Schottky transistor.

Rice. 5.8. Logic AND - NOT TTL circuits with simple (a) and complex (b) inverters

On fig. 5.8, b shows a diagram of a logic element 2I - NOT TTL with a complex inverter. The operation of such an inverter has been discussed earlier.

A feature of a complex inverter is the inertia of the process of switching transistors VT2, VТЗ and VT4. Therefore, the performance of a complex inverter is worse than a simple one. To increase the speed of a complex inverter, an additional transistor is introduced into it, which is connected in parallel to the VT4 emitter junction.

Currently, several varieties of microcircuit series with TTL elements are being produced: standard (series 133; K155), high-speed (series 130; K131), micropower (series 134), with Schottky diodes (series 530; K531) and micropower with Schottky diodes ( series K555). They have a high percentage of output, low cost, have a wide functional set and are convenient for practical use.

ESL logic elements. The element base of emitter-coupled logic is devices based on current switches.

The simplest current switch circuit is shown in fig. 5.9, a.

Rice. 5.9. A simplified diagram of the current switch (a) and voltage graphs (b) explaining its operation

The total current of the transistors VT1 and VT2 is set by the current generator I included in the emitter circuit of the transistors. If the input (base VT1) receives a low level voltage
(logical 0), then transistor VT1 is closed and all current flows through the transistor VT2, the base of which is supplied with a reference voltage
, exceeding the lower level of the base voltage VT1.

A high-level voltage (logic 1) is generated on the collector of the closed transistor VT1, and a low-level voltage (logic 0) is formed on the collector of the open transistor VT2, as shown in Fig. 5.9, b. If a
, then transistor VT1 will open. Because
, then the transistor VT2 will be closed and all the current will flow through transistor VT1. A low level voltage is formed on the VT1 collector, and a high level is formed on the VT2 collector.

The parameters of the current generator are such that the transistors VT1 and VT2 do not go into saturation mode. This achieves high performance of the ESL elements.

The schematic diagram of the basic logical element of the ESL is shown in fig. 5.10. This LE simultaneously performs two logical operations: OR - NOT on output 1 and OR on output 2.

Rice. 5.10. Diagram of the basic logic element of the ESL

On transistors VT1, VT2 and VTZ, a current switch is made that provides the logical functions OR - NOT (on the VT2 collector) and OR (on the VТЗ collector). A high-resistance resistor R5 is used as a current generator, which is included in the combined emitter circuit of transistors VT1, VT2 and VТЗ. The reference voltage source is made on the transistor VT4 and diodes VD1 and VD2. The reference voltage, the level of which is approximately in the middle between the levels corresponding to 0 and 1, is applied to the base of the VТЗ transistor, so the VТЗ transistor will be closed if a higher level voltage (logic 1) is applied to at least one of the inputs and open if all the inputs have a low level voltage (logic 0). Logical information from collectors VT2 and VТЗ is supplied to the bases of output emitter followers made on transistors VT5 and VT6. Emitter followers serve to increase the load capacity of the LE and shift the output voltage levels for compatibility of the LE of this series in terms of input and output.

Representatives of LE ESL are integrated circuits of the 500th series.

The advantage of LE ESL is a well-established technology for their production, which provides a fairly high percentage of the yield of suitable microcircuits and their relatively low cost. ESL elements have a higher speed compared to LE TTL. Because of this, they are widely used in high-speed and high-performance computing. Differential cascades of LE ESL provide high noise immunity, stability of dynamic parameters with changes in temperature and voltage of power sources, constant current consumption independent of switching frequency.

The disadvantage of LE ESL is the high power consumption.

Logic elements AND 2 L. LE AND 2 L are made in the form of a chain of injection-powered transistors. A distinctive feature of such transistors in comparison with BT is the presence of an additional electrode - an injector. In this structure, two transistors can be distinguished: horizontal current supply and vertical switching connected as shown in Fig. 5.11, b. The role of the electronic key S is usually performed by the structure of the BT, connected with the OE and operating in the key mode.

Rice. 5.11. Schematic diagram of an injection-powered inverter

The displacement of the injector junction in the forward direction is achieved by applying a positive voltage equal to 1 ... If the key is open (in this case, the input voltage is high), then almost all of the generator current enters the base of the transistor VT2. The transistor is open and saturated, and its output voltage is units or tens of millivolts (assuming a load is connected to the collector). With the key S closed, almost the entire current of the current generator flows through the key and only a small part of it enters the base of the transistor VT2. The transistor is in active mode near the cutoff region. The collector voltage of the transistor in this mode corresponds to a high level - approximately 0.8 V.

Thus, an injection-powered transistor can be considered as an inverter or LE that performs a NOT operation.

On fig. 5.12 shows the circuit LE OR - NOT for two inputs. When logical zeros arrive at both inputs, transistors VT1 and VT2 are closed and a logical 1 is formed at the output. If at least one of the inputs receives a logical 1, then the corresponding transistor is open and saturated and the output, which is the union of all collectors, is set to logical 0.

Rice. 5.12. Simplified diagram of LE 2OR - NOT injection logic

The advantages of LE and 2 L are high degree integration, high speed, ability to operate at very low currents (units of nanoamperes) and low supply voltages.

5.5. Basic logical elements on MIS and CMIS structures. The basic element of logical ICs on MIS transistors is an inverter (NOT element). On fig. 5.13 shows inverter circuits on MIS transistors with a p-type channel with one (a) and two (b) power supplies.

Rice. 5.13. Schemes of inverters on MIS transistors (a, b) and graphs of input and output voltages (c)

Transistors VT1 of both circuits have narrower and longer channels compared to transistors VT2. Therefore, if both transistors VT1 and VT2 are open, then
. If a
, i.e.
, then the transistors VT2 are open. Since at the same time
, then the output voltage is close to zero (Fig. 5.13, c).

If a
, i.e.
, then the transistors VT2 are closed, and the transistors VT1 are on the verge of blocking. Wherein
and the output is set to a low negative level corresponding to logic 1.

Inclusion in the gate circuit of the transistor VT1 additional voltage source
increases the noise immunity of the LE.

On fig. 5.14, a shows a diagram of a two-input LE OR - NOT, made on complementary MIS transistors. Transistors VТЗ and VT4 connected in parallel with an n-type channel are control transistors, and transistors VT1 and VT2 with a p-type channel are load transistors. The control transistors form the lower, and the load transistors form the upper arm of the divider, from which the output voltage is removed.

Rice. 5.14. Schemes of logical elements OR - NOT (a) and AND - NOT (b) on KMDP transistors

If the inputs and low level voltage:
, then the transistors VТЗ and VT4 are closed. The source of the transistor VT1 with a p-type channel is connected to the plus of the source , so its gate voltage
and exceeds the threshold voltage in absolute value. Transistor VT1 is open, the resistance of its channel is small and the source voltage of transistor VT2 is close to the voltage
. Consequently, the transistor VT2 is also open, and the resistance of the upper arm is much less than the resistance of the lower arm. The output is set to a high level voltage close to the power supply voltage.

If at least one input or a high-level voltage is supplied, then the corresponding transistor of the lower arm opens, and the upper arm closes. The output produces a low level voltage close to zero.

In the logic elements AND - NOT KMDP-TL (Fig. 5.14, b), the control MOS transistors with an n-type channel VTZ and VT4 are connected in series, and the load ones with p-type channels are connected in parallel. The resistance of the lower arm will be small if both transistors VТЗ and VT4 are open, i.e. when at the entrances and voltages corresponding to logical units act. Wherein
and corresponds to logical zero. If there is a low voltage at one of the inputs, then one of the transistors VT1 or VT2 is open, and one of the transistors VT3 or VT4 is closed. In this case, the resistance of the upper arm is much less than the resistance of the lower arm, and the output voltage level corresponds to a logical unit.

KMDP-TL logic elements are characterized by low power consumption (tens of nanowatts), sufficiently high speed (up to 10 MHz or more), high noise immunity and power supply voltage utilization factor (
). Their disadvantage is the greater complexity of manufacturing compared to LE MDP-TL.

Purchase software in the boxed version, as a rule, requires the user to visit the store or, at a minimum, meet with the courier. The convenience of acquiring electronic licenses lies primarily in the fact that you do not need to go anywhere. You can buy a license in the distributor's online store, and after a while on email everyone will come necessary instructions and the key itself. The advantages of this method of distributing software products are obvious: a purchase can be made at any time of the day or night, and the order is placed in exactly the same way as when buying any other product in an online store.

The difference between boxed versions and electronic

When buying a program in a box, the user receives a physical medium with the product distribution kit (usually a CD or ) and activation keys - printed either on paper or on a special sticker. In the case of purchasing an electronic key, the user receives by mail a key generated by the manufacturer; it can be either a file with special permission or simple code. In this case, the product distribution package can simply be downloaded from the Internet: either from the vendor's website or from the digital distributor's server. Usually the seller sends a download link in the same email as the key itself. It goes without saying that programs installed from a boxed distribution or downloaded from the Internet are no different at all.

License and renewal

Purchasing an anti-virus electronic key or purchasing a boxed version of the program means that the product's anti-virus databases can be updated during the entire license term. It is very easy to make sure that the purchased one is genuine: if the antivirus, the distribution kit of which was downloaded from the manufacturer's website, accepts the key, everything is in order.

As a rule, antivirus licenses are for one year, after which the user will be prompted to purchase a license renewal. The purchase process is practically the same as the initial purchase. Some vendors, however, may ask you to provide a previous license key for the product. It is also often possible to purchase an electronic license renewal key even if the software was originally purchased "in a box".

Price

This is perhaps the most significant difference between the electronic key and the boxed version. Due to the fact that the boxed version contains a physical media with a distribution kit and, often, additional materials (instructions, etc.), its price can be noticeably higher than when buying an electronic key. This is not surprising: the manufacturer does not have to spend money on printing boxes, disks and printed materials, does not need to rent a warehouse, does not need to deliver goods to Retail Stores. It is quite logical that for getting rid of all these worries, he is ready to provide a significant discount.

(Software) and data from copying, illegal use and unauthorized distribution.

Modern electronic keys

The principle of operation of electronic keys. The key is attached to a specific computer interface. Further, the protected program sends information to it through a special driver, which is processed in accordance with the specified algorithm and returned back. If the answer of the key is correct, then the program continues its work. Otherwise, it can perform developer-defined actions, such as switching to demo mode, blocking access to certain functions.

There are special keys capable of licensing (limiting the number of copies of the program running on the network) a protected application over the network. In this case, one key is enough for the entire local network. The key is installed on any workstation or network server. Protected applications access the key by local network. The advantage is that in order to work with the application within the local network, they do not need to carry a dongle with them.

On the Russian market The following product lines are best known (in alphabetical order): CodeMeter from WIBU-SYSTEMS, Guardant from Aktiv, HASP from Aladdin, LOCK from Astroma Ltd., Rockey from Feitian, SenseLock from Seculab, etc.

Story

Protecting software from unlicensed use increases the developer's profit. To date, there are several approaches to solving this problem. The vast majority of software developers use various software modules, which control user access using activation keys, serial numbers, etc. Such protection is a cheap solution and cannot claim to be reliable. The Internet is replete with programs that allow you to illegally generate an activation key (key generators) or block a request for a serial number / activation key (patches, cracks). In addition, do not neglect the fact that the legal user himself can make public his serial number.

These obvious shortcomings led to the creation of hardware software protection in the form of an electronic key. It is known that the first electronic keys (that is, hardware devices for protecting software from illegal copying) appeared in the early 1980s, however, for obvious reasons, it is very difficult to establish primacy in the idea and direct creation of the device.

Software protection with an electronic key

Software Development Kit

Dongles are classified as hardware-based software protection methods, but modern dongles are often defined as multiplatform hardware-software tool systems for software protection. The fact is that in addition to the key itself, companies that issue electronic keys provide an SDK (Software Developer Kit - a software development kit). The SDK includes everything you need to start using the presented technology in your own software products- development tools, complete technical documentation, support for various operating systems, detailed examples, code snippets, automatic protection tools. The SDK may also include demo keys for building test projects.

Protection Technology

The technology of protection against unauthorized use of software is based on the implementation of requests from an executable file or a dynamic library to a key with subsequent receipt and, if necessary, analysis of the response. Here are some typical queries:

• checking the presence of a key connection;
• reading from the key the data necessary for the program as a launch parameter (used mainly only when searching for a suitable key, but not for protection);
• a request for decryption of data or executable code necessary for the operation of the program, encrypted during program protection (allows for "comparison with the standard"; in the case of code encryption, execution of undecrypted code leads to an error);
• a request to decrypt data previously encrypted by the program itself (allows you to send different requests to the key each time and, thus, protect yourself from emulation of the API libraries / the key itself)
• verification of the integrity of the executable code by comparing its current checksum with the original checksum read from the key (for example, by executing the digital signature of the code or other transmitted data by the key algorithm and checking this digital signature within the application; since the digital signature is always different - a feature of the cryptographic algorithm - this also helps to protect against API/key emulation);
• a request to the real-time clock built into the dongle (if any; can be performed automatically when the operating time of the hardware algorithms of the dongle is limited by its internal timer);
• etc.

It is worth noting that some modern keys (Guardant Code from Aktiv Company, LOCK from Astroma Ltd., Rockey6 Smart from Feitian, Senselock from Seculab) allow the developer to store their own algorithms or even separate parts of the application code (for example, developer-specific algorithms that receive input a large number of parameters) and perform them in the key on his own microprocessor. In addition to protecting software from illegal use, this approach allows you to protect the algorithm used in the program from being studied, cloned and used in its applications by competitors. However, for a simple algorithm (and developers often make the mistake of choosing an insufficiently complex algorithm to load), cryptanalysis can be performed using the "black box" analysis method.

As follows from the above, the "heart" of the electronic key is the conversion algorithm (cryptographic or other). In modern dongles, it is implemented in hardware - this practically excludes the creation of a full key emulator, since the encryption key is never transmitted to the dongle output, which excludes the possibility of its interception.

The encryption algorithm can be secret or public. Secret algorithms are developed by the manufacturer of protective equipment, including individually for each customer. The main disadvantage of using such algorithms is the impossibility of assessing cryptographic strength. It was only possible to say with certainty how reliable the algorithm was after the fact: whether it was hacked or not. A public algorithm, or “open source”, has incomparably greater cryptographic strength. Such algorithms are not tested by random people, but by a number of experts who specialize in the analysis of cryptography. Examples of such algorithms are the widely used GOST 28147-89, AES, RSA, Elgamal, etc.

Protection with automatic means

For most families of hardware dongles, automatic tools (included in the SDK) have been developed that allow you to protect the program "with a few mouse clicks". In this case, the application file is "wrapped" in the developer's own code. The functionality implemented by this code varies depending on the manufacturer, but most often the code checks for the presence of a key, controls the license policy (set by the software vendor), implements a mechanism to protect the executable file from debugging and decompilation (for example, compressing the executable file), etc.

The important thing is that you do not need access to the application's source code to use the automatic protection tool. For example, when localizing foreign products (when there is no possibility of interfering with the source code of the software), such a protection mechanism is indispensable, but it does not allow realize and use the full potential of electronic keys and implement flexible and individual protection.

Implementing Security with API Functions

In addition to using automatic protection, the software developer is given the opportunity to independently develop protection by integrating the protection system into the application at the source code level. To do this, the SDK includes libraries for various programming languages ​​that contain a description of the API functionality for this key. The API is a set of functions designed to exchange data between the application, the system driver (and the server in the case of network dongles), and the dongle itself. API functions provide execution various operations with a key: search, read and write memory, encrypt and decrypt data using hardware algorithms, network software licensing, etc.

Skillful application of this method provides a high level of application security. It is rather difficult to neutralize the protection built into the application due to its uniqueness and “fuzziness” in the body of the program. In itself, the need to study and modify the executable code of a protected application in order to bypass protection is a serious obstacle to breaking it. Therefore, the task of the security developer, first of all, is to protect against possible automated hacking methods by implementing their own protection using the key management API.

Security Bypass

There was no information about the full emulation of modern Guardant dongles. Existing table emulators are only implemented for specific applications. The possibility of their creation was due to non-use (or illiterate use) of the main functionality of electronic keys by protection developers.

There is also no information about full or at least partial emulation of LOCK keys, or about any other ways to bypass this protection.

Hacking a software module

An attacker examines the logic of the program itself in order to, after analyzing the entire application code, isolate the protection block and deactivate it. Breaking programs is done by debugging (or stepping), decompiling, and dumping main memory. These methods of analyzing the executable code of a program are most often used by attackers in combination.

Debugging is carried out using a special program - a debugger, which allows you to execute any application step by step, emulating the operating environment for it. An important function of the debugger is the ability to set stopping points (or conditions) code execution. Using them, it is easier for an attacker to track the places in the code where accesses to the key are implemented (for example, execution stops on a message like "Key is missing! Check for the presence of the key in the USB interface").

Disassembly- a way to convert the code of executable modules into a human-readable programming language - Assembler. In this case, the attacker gets a printout (listing) of what the application is doing.

Decompilation- converting the executable module of the application into a program code in a high-level language and obtaining a representation of the application that is close to the source code. It can only be done for some programming languages ​​(in particular, for .NET applications created in C# and distributed in bytecode, a relatively high-level interpreted language).

The essence of the attack memory dump is to read the contents of RAM at the moment when the application started to execute normally. As a result, the attacker receives the working code (or the part of interest to him) in "pure form" (if, for example, the application code was encrypted and is only partially decrypted during the execution of one or another section). The main thing for an attacker is to choose the right moment.

Note that there are many ways to counteract debugging, and security developers use them: non-linear code, (multithreading), non-deterministic execution sequence, code “littering” (useless functions that perform complex operations in order to confuse an attacker), using the imperfections of the debuggers themselves, and others

In pulse devices, transistor keys can often be found. Transistor switches are present in flip-flops, switches, multivibrators, blocking oscillators and other electronic circuits. In each circuit, the transistor key performs its function, and depending on the operating mode of the transistor, the key circuit as a whole may change, however, the main circuit diagram of the transistor key is as follows:

There are several main modes of operation of the transistor switch: normal active mode, saturation mode, cutoff mode and active inverse mode. Although the transistor switch circuit is in principle a common-emitter transistor amplifier circuit, this circuit differs in function and modes from a typical amplifier stage.

In a key application, the transistor serves as a high-speed switch, and the main static states are two: the transistor is closed and the transistor is open. Latched state - the open state when the transistor is in cutoff mode. Closed state - the state of saturation of the transistor, or a state close to saturation, in this state the transistor is open. When the transistor switches from one state to another, this is the active mode, in which the processes in the cascade proceed non-linearly.

Static states are described according to the static characteristics of the transistor. There are two characteristics: the output family - the dependence of the collector current on the collector-emitter voltage and the input family - the dependence of the base current on the base-emitter voltage.

The cutoff mode is characterized by a shift of both p-n junctions transistor in the opposite direction, and there is a deep cutoff and a shallow cutoff. Deep cutoff is when the voltage applied to the junctions is 3-5 times higher than the threshold voltage and has the reverse polarity of the working one. In this state, the transistor is open, and the currents of its electrodes are extremely small.

With a shallow cutoff, the voltage applied to one of the electrodes is lower, and the electrode currents are greater than with a deep cutoff, as a result, the currents already depend on the applied voltage in accordance with the lower curve from the output characteristic family, this curve is called the “cutoff characteristic” .

For example, we will carry out a simplified calculation for the key mode of a transistor that will operate on a resistive load. The transistor will be in only one of two main states for a long time: fully open (saturation) or fully closed (cutoff).

Let the transistor load be the winding of the SRD-12VDC-SL-C relay, the coil resistance of which at a nominal 12 V will be 400 ohms. Let's neglect the inductive nature of the relay winding, let the developers provide a snubber to protect against transient surges, but we will calculate based on the fact that the relay will be turned on once and for a very long time. We find the collector current by the formula:

Ik \u003d (Upit-Ukenas) / Rн.

Where: Ik - DC collector current; Upit - supply voltage (12 volts); Ukenas - saturation voltage of the bipolar transistor (0.5 volts); Rн - load resistance (400 Ohm).

We get Ik \u003d (12-0.5) / 400 \u003d 0.02875 A \u003d 28.7 mA.

To be sure, let's take a transistor with a margin for the limiting current and for ultimate stress. Suitable BD139 in SOT-32 package. This transistor has the parameters Ikmax = 1.5 A, Ukemax = 80 V. There will be a good margin.

To provide a collector current of 28.7 mA, it is necessary to provide an appropriate base current. The base current is determined by the formula: Ib = Ik / h21e, where h21e is the static current transfer coefficient.

Modern multimeters allow you to measure this parameter, and in our case it was 50. So Ib \u003d 0.0287 / 50 \u003d 574 μA. If the value of the coefficient h21e is unknown, for reliability, you can take the minimum from the documentation for this transistor.

To determine the required value of the base resistor. The base-emitter saturation voltage is 1 volt. So, if the control is carried out by a signal from the output of a logic microcircuit, the voltage of which is 5 V, then to provide the required base current of 574 μA, with a drop at the transition of 1 V, we get:

R1 \u003d (Uin-Ubenas) / Ib \u003d (5-1) / 0.000574 \u003d 6968 Ohm

Let's choose a smaller one (so that there is exactly enough current) from the standard series of a 6.8 kOhm resistor.

BUT, in order for the transistor to switch faster and for the operation to be reliable, we will use an additional resistor R2 between the base and the emitter, and some power will drop on it, which means it is necessary to lower the resistance of the resistor R1. Let's take R2 = 6.8 kOhm and adjust the value of R1:

R1 = (Uin-Ubenas) / (Ib + I (through resistor R2) = (Uin-Ubenas) / (Ib + Ubenas / R2)

R1 \u003d (5-1) / (0.000574 + 1/6800) \u003d 5547 ohms.

Let it be R1 = 5.1 kOhm, and R2 = 6.8 kOhm.

Let's calculate the losses on the key: P \u003d Ik * Ukenas \u003d 0.0287 * 0.5 \u003d 0.014 W. The transistor does not need a heatsink.