3. Introduction
• Copy protection is effort to prevent cracking
• Cracking-modification to binary files to
remove protection
reverse engineering
• Discovering technical principles of
device,object,system,software.
• It often involves disassembling exe code to
get machine code and bypass software
security.
6. Method of protection
• hardware based
• Hardware device is integrated with software
and used to protect and license an application.
• It uses device called USB hardware
• Software executes only if devise is actually
present on machine
• E.g.-ANSYS(related to ME)
7. • Serial key generation
• enter serial key
• Serial key compare
• If match installation complete
8. Encryptions
• Encoding applications in such a way that only
authorized users can use it
• It doesn’t prevent hacking
• Used to prevent data at rest like files and
data at transits like data transfer via
networks
9. Debug-Blocker
• In Armadillo, we find another feature called
Debug- Blocker.
• Armadillo creates 2 processes, referred to
them as father ( or parent ) and child. The
father process acts as a debugger, trying to
protect the child from other debuggers.
10. Code confusion/obfuscation
• Process of confusing
• Transforms source code such that it is
difficult for human to grasp and debugger to
disassemble accurately
• confused code should be functionally
equivalent to users perspective.
• introduce code confusing techniques so as
make code difficult to debug and which
prevent s/w to be reversed.
11. Debugger
• Linear sweep - win debugger
• Control flow not followed
• Recursive traversal –Ollydebuger
• control flow followed
12. Inline assembly `c` code for Hello
with data byte inserted
_asm
{
jmp L1 ; logic to “skip” data byte
_emit 0x00 ; inserted data byte
}
L1:printf("Hello, World!!!n");
}
15. Layout technique
• Layout obfuscations modify the layout
structure of the program by two basic
methods: renaming identifiers and removing
debugging information
• They make the program code less informative
to a reverse engineer.
17. • Tools used this technique are SD Obfuscator
CXX obfuscator.
• They will automatically output confused code
whose functionality remains same after
obfuscation.
18. After
#define a int
#define b printf
#define c for
a l47()
{
a l118;
c(l118=0;l118<0x664+196-0x71e;++l118)
b("x48x65x6cx6cx6fx20x25x64x21n",l118);
}
19. Data code confusion technique
• It changes the program’s use of data or data
structures.
• The storage of data can be obfuscated by
replacing current data definitions with those
which do not make sense for their intended
use. For example, a loop iteration variable
can be replaced with another variable type
besides an integer.
20.
21. Control flow code confusion
• It changes the flow of the program
executing code in parallel
• insert new functions
• mislead the disassembler while
executing concurrently