EP2401693A1 - Verfahren zum verdecken eines computerprogramms - Google Patents
Verfahren zum verdecken eines computerprogrammsInfo
- Publication number
- EP2401693A1 EP2401693A1 EP10709452A EP10709452A EP2401693A1 EP 2401693 A1 EP2401693 A1 EP 2401693A1 EP 10709452 A EP10709452 A EP 10709452A EP 10709452 A EP10709452 A EP 10709452A EP 2401693 A1 EP2401693 A1 EP 2401693A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- program
- value
- variable
- instruction
- line
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000004590 computer program Methods 0.000 title claims abstract description 14
- 230000006870 function Effects 0.000 description 3
- 230000009466 transformation Effects 0.000 description 2
- 238000000844 transformation Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Definitions
- the invention is in the field of data protection and computer programs and more specifically relates to a method of obscuring a computer program to prevent disassembly thereof, i.e. rebuilding the source code from the executable code, and / or the modification (patch) by unauthorized persons.
- the invention also relates to a computer program recorded on a medium and comprising instruction lines which, when executed by a computer, make it possible to obfuscate said program.
- the invention also relates to a use of the method according to the invention for obscuring a computer program recorded on a medium and intended to perform the functions of a flight simulator when it is run on a computer.
- the obscuration techniques of known computer programs are essentially based on the use of utilities called "packers" whose function is to compress the executable program (.exe, .dll, .ocx, etc.) and to encrypt it simultaneously.
- the packers are made of two parts:
- Packers are more suitable for copy protection than darkening programs.
- the packers introduce transformations on the program to be protected which complicates the execution.
- An object of the invention is to achieve a simple and effective obfuscation of a program without complicating the execution.
- Another object of the invention is to hide the transformations of a program.
- the method according to the invention further comprises a step of assembling the new program line to obtain the opcodes and to use the opcodes obtained as operands of the operation providing the numerical value V.
- the method according to the invention comprises a step of replacing the value of said digital variable V by the result of the operation defined in step b)
- the digital coding of the instruction using the digital value V is replaced by the memory address pointed by the operation whose execution provides said digital value V.
- steps a), b) and c) of the method according to the invention are repeated recursively.
- the invention applies to the obfuscation of a computer program recorded on a medium and intended to perform, when executed by a computer, simulation functions, security data processing, or industrial process management.
- the method according to the invention is applicable to all computer programs comprising a plurality of lines of instructions written in a source language and intended to be translated by a compiler into a target language.
- the source language may be for example a high level programming language of abstraction and the target language is an assembly language or machine language called object code.
- the method according to the invention is used to obscure a computer program representing a flight simulator.
- the attached figure illustrates the essential steps of the method according to the invention.
- a particular line of the source code is selected.
- a line is selected containing an instruction or an essential data item of the program that is to be masked.
- step 4 it is verified that the selected line can be assembled independently of the other lines of the source code. If yes, we perform assembly of the selected line and replace it with these opcodes.
- step 8 a numerical variable V or an instruction with a numerical value V is chosen.
- step 10 an operation is defined whose execution provides said digital value V and at least one line of the program is substituted for hide by a new program line performing said operation.
- step 12 the assembly code representing the operation defined in step 10 is generated.
- step 14 if V is a numerical variable, the initialization of said variable is replaced by the expression that makes it possible to obtain it.
- step 16 if V is a constant numerical value, the assembly code representing the operation defined in step 10 is placed before the instruction chosen in step 8 and the numerical value is replaced. V by the register or the memory address containing the result of the operation defined in step 10.
- the first code shows that the numeric value 0x12 is replaced by a calculation using the "non-numeric" element located at the address 0x2, in this case an instruction opcode 0x89 to which it removes 0x77 to find the value 0x12.
- the original code is: 00000002 89ca mov edx, ecx
- the code modified by the method according to the invention is as follows:
- the original code is: 00000004 3IcO xor eax, eax 00000006 31db xor ebx, ebx
- 00000009 8b3d00200000 edi mov, [0x2000] 0000000f 2b3d04000000 sub edi, [0x4] 00000015 83ffl2 edi cmp, 0x12 00002000 75f353ec global value 0xec53f37.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0951161A FR2942558B1 (fr) | 2009-02-24 | 2009-02-24 | Procede d'obscurcissement d'un programme d'ordinateur. |
PCT/EP2010/052276 WO2010097382A1 (fr) | 2009-02-24 | 2010-02-23 | Procédé d'obscurcissement d'un programme d'ordinateur. |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2401693A1 true EP2401693A1 (de) | 2012-01-04 |
Family
ID=40852490
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10709452A Withdrawn EP2401693A1 (de) | 2009-02-24 | 2010-02-23 | Verfahren zum verdecken eines computerprogramms |
Country Status (5)
Country | Link |
---|---|
US (1) | US9239913B2 (de) |
EP (1) | EP2401693A1 (de) |
CA (1) | CA2752339C (de) |
FR (1) | FR2942558B1 (de) |
WO (1) | WO2010097382A1 (de) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10068070B2 (en) * | 2015-05-05 | 2018-09-04 | Nxp B.V. | White-box elliptic curve point multiplication |
US20160328539A1 (en) * | 2015-05-05 | 2016-11-10 | Nxp B.V. | Obscuring Software Code With Split Variables |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050069131A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Rendering and encryption engine for application program obfuscation |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0988591A1 (de) * | 1997-06-09 | 2000-03-29 | Intertrust, Incorporated | Verfinsterungstechniken zur verbesserung der softwaresicherheit |
US7770016B2 (en) * | 1999-07-29 | 2010-08-03 | Intertrust Technologies Corporation | Systems and methods for watermarking software and other media |
US7430670B1 (en) * | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
US7757097B2 (en) * | 1999-09-03 | 2010-07-13 | Purdue Research Foundation | Method and system for tamperproofing software |
US7287166B1 (en) * | 1999-09-03 | 2007-10-23 | Purdue Research Foundation | Guards for application in software tamperproofing |
GB2405958A (en) * | 2003-08-20 | 2005-03-16 | Macrovision Europ Ltd | Code obfuscation and controlling a processor by emulation |
WO2006115219A1 (ja) * | 2005-04-21 | 2006-11-02 | Matsushita Electric Industrial Co., Ltd. | プログラム難読化装置及び難読化方法 |
WO2007091558A1 (ja) * | 2006-02-06 | 2007-08-16 | Matsushita Electric Industrial Co., Ltd. | プログラム難読化装置 |
EP2022207B1 (de) * | 2006-05-31 | 2018-10-10 | Orange | Kryptografisches verfahren mit integrierter verschlüsselung und aufhebung, system, verfahren und programme zur implementierung dieses verfahrens |
WO2008010508A1 (fr) * | 2006-07-18 | 2008-01-24 | Panasonic Corporation | dispositif de génération de commande |
US8321666B2 (en) * | 2006-08-15 | 2012-11-27 | Sap Ag | Implementations of secure computation protocols |
EP1947584B1 (de) * | 2006-12-21 | 2009-05-27 | Telefonaktiebolaget LM Ericsson (publ) | Verschleierung von Computerprogrammcodes |
JP4905480B2 (ja) * | 2009-02-20 | 2012-03-28 | 富士ゼロックス株式会社 | プログラム難読化プログラム及びプログラム難読化装置 |
-
2009
- 2009-02-24 FR FR0951161A patent/FR2942558B1/fr not_active Expired - Fee Related
-
2010
- 2010-02-23 CA CA2752339A patent/CA2752339C/fr not_active Expired - Fee Related
- 2010-02-23 US US13/201,503 patent/US9239913B2/en not_active Expired - Fee Related
- 2010-02-23 EP EP10709452A patent/EP2401693A1/de not_active Withdrawn
- 2010-02-23 WO PCT/EP2010/052276 patent/WO2010097382A1/fr active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050069131A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Rendering and encryption engine for application program obfuscation |
Non-Patent Citations (1)
Title |
---|
See also references of WO2010097382A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR2942558A1 (fr) | 2010-08-27 |
WO2010097382A1 (fr) | 2010-09-02 |
CA2752339A1 (fr) | 2010-09-02 |
US20120110349A1 (en) | 2012-05-03 |
US9239913B2 (en) | 2016-01-19 |
CA2752339C (fr) | 2018-01-02 |
FR2942558B1 (fr) | 2014-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9032526B2 (en) | Emulating mixed-code programs using a virtual machine instance | |
US20090235089A1 (en) | Computer object code obfuscation using boot installation | |
Papadogiannakis et al. | ASIST: architectural support for instruction set randomization | |
CA2752259C (fr) | Procede de protection du code source d'un programme d'ordinateur | |
US20080022405A1 (en) | Signature-free buffer overflow attack blocker | |
KR102433011B1 (ko) | Apk 파일 보호 방법, 이를 수행하는 apk 파일 보호 시스템, 및 이를 저장하는 기록매체 | |
US20120030758A1 (en) | Automated Diversity Using Return Oriented Programming | |
CN107273723B (zh) | 一种基于so文件加壳的Android平台应用软件保护方法 | |
Zhang et al. | Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations | |
CN104951674A (zh) | 用于应用程序的信息隐藏方法 | |
Cheng et al. | DynOpVm: VM-based software obfuscation with dynamic opcode mapping | |
CA2752339C (fr) | Procede d'obscurcissement d'un programme d'ordinateur | |
US20130283396A1 (en) | System and method for limiting execution of software to authorized users | |
KR102459774B1 (ko) | Dll 파일 암호화 방법, 이를 수행하는 dll 파일 암호화 시스템, 및 이를 저장하는 기록매체 | |
Schrittwieser et al. | Covert Computation—Hiding code in code through compile-time obfuscation | |
Joshi et al. | Impact of software obfuscation on susceptibility to return-oriented programming attacks | |
Xue et al. | Exploiting code diversity to enhance code virtualization protection | |
FR3069935A1 (fr) | Dispositifs et procedes de protection de propriete intellectuelle de logiciel pour des plates-formes integrees | |
Bhojani | Malware analysis | |
WO2016126206A1 (en) | Method for obfuscation of code using return oriented programming | |
FR2977342A1 (fr) | Verification d'integrite d'un programme execute par un circuit electronique | |
Vidyarthi et al. | Identifying ransomware-specific properties using static analysis of executables | |
FR3056787A1 (fr) | Methode de protection d’un programme logiciel par offuscation par virtualisation | |
Tsai et al. | Physical forensic acquisition and pattern unlock on Android smart phones | |
Lim et al. | Mal-Xtract: hidden code extraction using memory analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20110829 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20171205 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20180312 |