1

Presented by Seminar GuideChaitanya Anpat Prof. Pritesh Patil TE – IT

Wednesday, May 3, 2023

Copy Protection

Agenda

• Introduction• Brief idea about protection methods• Code confusion• Debuggers• Code confusion techniques• conclusion

Introduction• Copy protection is effort to prevent cracking• Cracking-modification to binary files to

remove protection reverse engineering• Discovering technical principles of

device,object,system,software.• It often involves disassembling exe code to

get machine code and bypass software security.

Piracy

Game Music S/w

• This increases piracy.• Loss due to piracy is about

$60 billion

.

.

Method of protection• hardware based• Hardware device is integrated with software

and used to protect and license an application.• It uses device called USB hardware • Software executes only if devise is actually

present on machine• E.g.-ANSYS(related to ME)

• Serial key generation• enter serial key• Serial key compare• If match installation complete

Encryptions

• Encoding applications in such a way that only

authorized users can use it• It doesn’t prevent hacking• Used to prevent data at rest like files and

data at transits like data transfer via networks

Debug-Blocker

• In Armadillo, we find another feature called Debug- Blocker.

• Armadillo creates 2 processes, referred to them as father ( or parent ) and child. The father process acts as a debugger, trying to protect the child from other debuggers.

Code confusion/obfuscation• Process of confusing• Transforms source code such that it is difficult

for human to grasp and debugger to disassemble accurately

• confused code should be functionally equivalent to users perspective.

• introduce code confusing techniques so as make code difficult to debug and which prevent s/w to be reversed.

Debugger

• Linear sweep - win debugger

• Control flow not followed

• Recursive traversal –Ollydebuger

• control flow followed

Inline assembly `c` code for Hellowith data byte inserted

_asm{jmp L1 ; logic to “skip” data byte_emit 0x00 ; inserted data byte}L1:printf("Hello, World!!!\n");}

WinDBG & OllyDbg

.

Code confusion techniqueLayout

Data

Control

Preventive

Technique

Layout technique

• Layout obfuscations modify the layout structure of the program by two basic methods: renaming identifiers and removing debugging information

• They make the program code less informative to a reverse engineer.

Before

void my_output() { int count; for (count = 0; count<=4; ++count) printf("Hello %d!\n", count); }

• Tools used this technique are SD Obfuscator CXX obfuscator.• They will automatically output confused code whose functionality remains same after obfuscation.

After

#define a int #define b printf #define c for a l47(){a l118;c(l118=0;l118<0x664+196-0x71e;++l118) b("\x48\x65\x6c\x6c\x6f\x20\x25\x64\x21\n",l118);}

Data code confusion technique• It changes the program’s use of data or data

structures.• The storage of data can be obfuscated by

replacing current data definitions with those which do not make sense for their intended use. For example, a loop iteration variable can be replaced with another variable type besides an integer.

Control flow code confusion

• It changes the flow of the program executing code in parallel• insert new functions• mislead the disassembler while executing concurrently

Preventative technique

Conclusion

Prevention*cracking

.