Controlling pirates via RFID chips.

[RyJae]

Say Microsoft talked major computer manufactures into installing RFID readers into computers. Then it comes out with Age Of Empires IV, with the normal activation key, as well as the RFID chip ingrained in the CD/DVD needed to operate. Is that possible with todays tech?

[awldune]

This sort of thing only inconveniences lawful customers. The pirated release would have a hacked executable that bypasses the RFID check routine. Meanwhile, you have to jump through hoops to get your legal copy to work after a computer upgrade.

[Revtim]

There certainly are RFID chips small enough to embed in a CD: http://www.pinktentacle.com/2007/02/...s-rfid-powder/

[Sage Rat]

Quote:

Originally Posted by awldune

This sort of thing only inconveniences lawful customers. The pirated release would have a hacked executable that bypasses the RFID check routine. Meanwhile, you have to jump through hoops to get your legal copy to work after a computer upgrade.

Not necessarily. If you required that the RFID be accessible the whole time the application is running, you could put some of the application code into the RFID chip, so that periodically a function on the chip would be called and the result used like a normal function. Since RFID chips have an actual CPU(ish type thing), they can do processing for you, unlike a CD which can only store data and which data is easily read.

The chips I worked with also had all of their communications encrypted, so easedropping isn't that easy either.

By which I'm not saying that it couldn't be hacked (it almost definitely would be), but designed right it would be fairly difficult to do.

[RyJae]

Quote:

Originally Posted by Revtim

There certainly are RFID chips small enough to embed in a CD: http://www.pinktentacle.com/2007/02/...s-rfid-powder/

That's smaller than I thought they where. So they are small enough, how long do they last?

[Mindfield]

The problem with RFID-style protection is the same as any other type of protection: "cracking" the software simply involves locating the portion of code that does the protection check and changing that piece of code to pass a "true" (valid, protection present, etc.) result to part of the program that looks at the results of the protection check. It doesn't matter what sort of protection you use -- RFID, hardware dongle, verification server, etc. -- that one bit of protection checking code is all that needs to be effectively bypassed to make any kind of protection useless.

[Revtim]

Quote:

Originally Posted by RyJae

That's smaller than I thought they where. So they are small enough, how long do they last?

No idea.

[CalMeacham]

Arrrr!

Get that thing out o' me eyepatch!

[Sunspace]

Not to mention that embedding an RFID chip in the distribution disc (CD/DVD/BD/HD-DVD/whatever) and having it constantly-accessible would quite possibly require a new disc drive that incorporated an RFID reader.

It has been my experience that RFID signals are easily blocked by metal shelding; certainly the signals to the RFID tag that lets me through the door at work are often blocked by the coins around it in my change/keyring pouch.

The kind of RFID tag that could be embedded in a disc is passive: in response to a query signal that passes across it, it echoes a stream of digits back, using energy gathered from the passing query signal as power.

This is ideal for echoing serial numbers, but I am unsure of whether such chips could have larger computer power built in. They might have to be irradiated for a time to build up sufficient energy for their computation. On the other hand, the shielded environment of a drive would seem to be the perfect environment for this.

So... users would have to pay to replace their disc reader... or just get the crack and install the pirate version. Honestly, a USB dongle would be so much simpler.

[friedo]

Quote:

Originally Posted by Sage Rat

Not necessarily. If you required that the RFID be accessible the whole time the application is running, you could put some of the application code into the RFID chip, so that periodically a function on the chip would be called and the result used like a normal function. Since RFID chips have an actual CPU(ish type thing), they can do processing for you, unlike a CD which can only store data and which data is easily read.

And what's to stop me, a clever programmer, from altering the code in memory to call my dummy function instead which always returns true?

[Chronos]

Well, you could make it a bit more sophisticated than a simple true/false test. You could encrypt key parts of the program code, with the decryption key stored inaccessably on the dongle (whether it's USB, RFID, or whatever). Then, whenever you need access to those parts of the code, you send the encrypted data to the dongle, and get the clear data back.

Of course, there are ways around this, too. But with enough security, eventually it gets to the point where it would be easier to just re-write the program from scratch than to crack the existing program.

[Sage Rat]

Quote:

Originally Posted by friedo

And what's to stop me, a clever programmer, from altering the code in memory to call my dummy function instead which always returns true?

Like Chronos said, you put actual functions of your application to run off the chip, not just a "ok" function. For instance, it might have a function that calculates the product of two matrixes. Once you've figured out that the function on the chip is calculating the product of the matrix data that's being beamed over, then you can spoof it, of course, but that requires a lot more effort to figure out.