Date post: | 15-Apr-2017 |
Category: |
Technology |
Upload: | chaitanya-anpat |
View: | 60 times |
Download: | 0 times |
1
Presented by Seminar GuideChaitanya Anpat Prof. Pritesh Patil TE – IT
Wednesday, May 3, 2023
Copy Protection
Agenda
• Introduction• Brief idea about protection methods• Code confusion• Debuggers• Code confusion techniques• conclusion
Introduction• Copy protection is effort to prevent cracking• Cracking-modification to binary files to
remove protection reverse engineering• Discovering technical principles of
device,object,system,software.• It often involves disassembling exe code to
get machine code and bypass software security.
Piracy
Game Music S/w
• This increases piracy.• Loss due to piracy is about
$60 billion
.
.
Method of protection• hardware based• Hardware device is integrated with software
and used to protect and license an application.• It uses device called USB hardware • Software executes only if devise is actually
present on machine• E.g.-ANSYS(related to ME)
• Serial key generation• enter serial key• Serial key compare• If match installation complete
Encryptions
• Encoding applications in such a way that only
authorized users can use it• It doesn’t prevent hacking• Used to prevent data at rest like files and
data at transits like data transfer via networks
Debug-Blocker
• In Armadillo, we find another feature called Debug- Blocker.
• Armadillo creates 2 processes, referred to them as father ( or parent ) and child. The father process acts as a debugger, trying to protect the child from other debuggers.
Code confusion/obfuscation• Process of confusing• Transforms source code such that it is difficult
for human to grasp and debugger to disassemble accurately
• confused code should be functionally equivalent to users perspective.
• introduce code confusing techniques so as make code difficult to debug and which prevent s/w to be reversed.
Debugger
• Linear sweep - win debugger
• Control flow not followed
• Recursive traversal –Ollydebuger
• control flow followed
Inline assembly `c` code for Hellowith data byte inserted
_asm{jmp L1 ; logic to “skip” data byte_emit 0x00 ; inserted data byte}L1:printf("Hello, World!!!\n");}
WinDBG & OllyDbg
.
Code confusion techniqueLayout
Data
Control
Preventive
Technique
Layout technique
• Layout obfuscations modify the layout structure of the program by two basic methods: renaming identifiers and removing debugging information
• They make the program code less informative to a reverse engineer.
Before
void my_output() { int count; for (count = 0; count<=4; ++count) printf("Hello %d!\n", count); }
• Tools used this technique are SD Obfuscator CXX obfuscator.• They will automatically output confused code whose functionality remains same after obfuscation.
After
#define a int #define b printf #define c for a l47(){a l118;c(l118=0;l118<0x664+196-0x71e;++l118) b("\x48\x65\x6c\x6c\x6f\x20\x25\x64\x21\n",l118);}
Data code confusion technique• It changes the program’s use of data or data
structures.• The storage of data can be obfuscated by
replacing current data definitions with those which do not make sense for their intended use. For example, a loop iteration variable can be replaced with another variable type besides an integer.
Control flow code confusion
• It changes the flow of the program executing code in parallel• insert new functions• mislead the disassembler while executing concurrently
Preventative technique
Conclusion
Prevention*cracking
.