Security based upon hardware is always the best countermeasure for distinguishing authorized from unauthorized access, simply because the protected information is harder to modify. Based on this fact, many application producers take comfort in the belief that if a hardware strategy via a dongle is implemented to protect the software, then software piracy will be extremely difficult or eliminated. Unfortunately, the reality is found in the old adage, “only as strong as the weakest link“.
Why Hardware-Based Security Isn’t Enough
Software protection is not any different, and by adding hardware via a dongle, another link is added to the overall protection strategy. The weakest link in this chain is the integration layer between hardware and software, yet many developers believe the hardware dongle will solve all of their security concerns. Ultimately, the core protection to authorize the application to run comes from the presence (or not) of the dongle, which is essentially a comparison check. Here is what that comparison check might look like:
If (donglePresent () == SUCCESS)
RunApplication();
If we take the same view of this code in assembly, it will look like:
TEST EAX, EAX ; IS DONGLE PRESENT?
JZ 00618496 ; RUN APPLICATION IF DONGLE IS ATTACHED
And if the weakest link is attacked:
NOP ; DONGLE CHECK BYPASSED?
JNZ 00618496 ; RUN APPLICATION IF DONGLE IS NOT ATTACHED
Revenera Monetization Monitor: 2026 Outlook
501 senior leaders at global technology companies share their thoughts on monetization trends for 2026 and beyond. See the results >>>
Building a Layered Approach to Software Protection
The best strategy for protecting software intellectual property is a varied approach with different systems and techniques. Let’s start with an analogy in the physical security world, like your house. Let’s then say you purchase the best hardware deadbolt lock on the market to protect the valuables in your home. Will that stop thieves? Yes and No: it won’t stop thieves who will break a window to get into the house, yet it will stop a thief who only tries doors. We can increase the overall security of the home via an alarm system, security cameras, and even a guard dog; the same idea applies to software as well.
When it comes to protecting software, it is important to remember these maxims:
- Understanding of the tactics and tools used (i.e. reverse engineering, debuggers and disassemblers)
- Security is best layered (different systems and techniques)
- Security is never stationary
- Go to step #1
The best security takes significant time, resources, and commitment. Hardcore code crackers are typically very determined, motivated, and resourceful, plus they are not concerned with the “time to money” ratio investment. And, ultimately, realize nothing is unbreakable to the determined/knowledgeable.
Learn more about Revenera’s Tamper Resistant Software Licensing Code for software protection.
Common Questions
Does using a hardware dongle make software piracy impossible?
No. While dongles add a layer of security, they are not foolproof. Attackers often target the integration layer between hardware and software, meaning a determined hacker can bypass the dongle check.
What is the most effective way to protect software from piracy?
The best approach is layered security, combining multiple techniques such as tamper-resistant code, encryption, and monitoring. Relying on a single method like hardware protection leaves vulnerabilities that skilled attackers can exploit.
Is it possible to make software completely unbreakable?
Unfortunately, no system is entirely unbreakable. Experienced hackers are resourceful and persistent, so the goal should be to make attacks time-consuming and costly through strong, varied security measures.
