The key used with the older Tecan's are the typical old-school "parallel port security dongle" which has a serial number or something similar, which matches the hardware. In the simplest cases the dongle internally is just a set of jumpers which hardwires the parallel port IO's to a fixed value (tied to vcc or gnd). Or it could be an EPROM. A hacker here emailed me the dump and instructions for the Tecan dongle a while back and reportedly got a clone working. These parallel hardware-dongle keys used to be pretty common for different types of server software. Nowadays companies use USB dongles for software-license-control, these are a bit more involved crypto-wise yet still pretty simple and I'm sure there are cloners out there. (Cloners or crackers are not appropriate for a commercial installation though.)
The security functionality of most products is usually a last-minute engineering effort for most products, which is why it often looks too simple (borderline silly) from the outside. Like: read dongle's serial number, read robot's serial number, XOR the two, do a parity sum, result be even. No mathematically complex keys. The dongle serves a legal purpose simply by being present or not present and having a simple check for it's existence, which is enough for regulating and restricting use in a business environment. (Especially if the business is ISO-anything.)
When the dongle is installed, Tecan windows software allows 3rd party software to pass commands through a windows shared pipe (filename \\.\\pipe or similar) -- this is in my source code. If the dongle is not installed, this windows pipe doesn't exist, so the user is stuck -- unless customized (but not difficult) hardware is used to pass the serial commands directly to the hardware, without Tecan in the middle. For example, the typical Bio guy writes MS Visual Basic (yuck!) which writes commands through Tecan's command pipe, to the robot.
So, the dongle is required if using Tecan software in an out-of-the-box configuration with 3rd party software like mine, where Tecan windows software requires being the "man in the middle" for all the robot commands.
The better method is to send the commands directly to the robot with a USB-to-serial device. For my Perl Robotics::Tecan software to work with such a setup, it would be a straightforward change to write to the correct device and prepend the comm byte header. (Or similar.) This isn't implemented right now though since I always used a PC with the dongle, and most labs do too.
## Jonathan Cline
## jcline@ieee.org
## Mobile: +1-805-617-0223
########################
On Friday, April 26, 2013 7:54:52 PM UTC-7, Bryan Bishop wrote:
On Fri, Apr 26, 2013 at 9:50 PM, Jonathan Cline wrote:--
> [*Note 2] - it is possible to hack a bypass to the authentication key by
> cloning or etc. It's a simple key exchange, after all, and there are
> grey-market imposter keys which can mimic the real Tecan keys.
I don't understand what's going on here. What sort of key is this? Are
they just verifying that it has some format? Are they running it
against a list of known good keys? or were they serious enough to use
public/private key signing?
Also how much does this matter? When you "send commands directly",
like in ::Tecan, do you still require a key?
- Bryan
http://heybryan.org/
1 512 203 0507
-- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diybio@googlegroups.com. To unsubscribe from this group, send email to diybio+unsubscribe@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
Learn more at www.diybio.org
---
You received this message because you are subscribed to the Google Groups "DIYbio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to diybio+unsubscribe@googlegroups.com.
To post to this group, send email to diybio@googlegroups.com.
Visit this group at http://groups.google.com/group/diybio?hl=en.
To view this discussion on the web visit https://groups.google.com/d/msg/diybio/-/raCtbdZLfocJ.
For more options, visit https://groups.google.com/groups/opt_out.
0 comments:
Post a Comment