EP2401693A1 - Verfahren zum verdecken eines computerprogramms - Google Patents

Verfahren zum verdecken eines computerprogramms

Info

Publication number
EP2401693A1
EP2401693A1 EP10709452A EP10709452A EP2401693A1 EP 2401693 A1 EP2401693 A1 EP 2401693A1 EP 10709452 A EP10709452 A EP 10709452A EP 10709452 A EP10709452 A EP 10709452A EP 2401693 A1 EP2401693 A1 EP 2401693A1
Authority
EP
European Patent Office
Prior art keywords
program
value
variable
instruction
line
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10709452A
Other languages
English (en)
French (fr)
Inventor
Fabrice Desclaux
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Airbus Group SAS
Original Assignee
European Aeronautic Defence and Space Company EADS France
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by European Aeronautic Defence and Space Company EADS France filed Critical European Aeronautic Defence and Space Company EADS France
Publication of EP2401693A1 publication Critical patent/EP2401693A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Definitions

  • the invention is in the field of data protection and computer programs and more specifically relates to a method of obscuring a computer program to prevent disassembly thereof, i.e. rebuilding the source code from the executable code, and / or the modification (patch) by unauthorized persons.
  • the invention also relates to a computer program recorded on a medium and comprising instruction lines which, when executed by a computer, make it possible to obfuscate said program.
  • the invention also relates to a use of the method according to the invention for obscuring a computer program recorded on a medium and intended to perform the functions of a flight simulator when it is run on a computer.
  • the obscuration techniques of known computer programs are essentially based on the use of utilities called "packers" whose function is to compress the executable program (.exe, .dll, .ocx, etc.) and to encrypt it simultaneously.
  • the packers are made of two parts:
  • Packers are more suitable for copy protection than darkening programs.
  • the packers introduce transformations on the program to be protected which complicates the execution.
  • An object of the invention is to achieve a simple and effective obfuscation of a program without complicating the execution.
  • Another object of the invention is to hide the transformations of a program.
  • the method according to the invention further comprises a step of assembling the new program line to obtain the opcodes and to use the opcodes obtained as operands of the operation providing the numerical value V.
  • the method according to the invention comprises a step of replacing the value of said digital variable V by the result of the operation defined in step b)
  • the digital coding of the instruction using the digital value V is replaced by the memory address pointed by the operation whose execution provides said digital value V.
  • steps a), b) and c) of the method according to the invention are repeated recursively.
  • the invention applies to the obfuscation of a computer program recorded on a medium and intended to perform, when executed by a computer, simulation functions, security data processing, or industrial process management.
  • the method according to the invention is applicable to all computer programs comprising a plurality of lines of instructions written in a source language and intended to be translated by a compiler into a target language.
  • the source language may be for example a high level programming language of abstraction and the target language is an assembly language or machine language called object code.
  • the method according to the invention is used to obscure a computer program representing a flight simulator.
  • the attached figure illustrates the essential steps of the method according to the invention.
  • a particular line of the source code is selected.
  • a line is selected containing an instruction or an essential data item of the program that is to be masked.
  • step 4 it is verified that the selected line can be assembled independently of the other lines of the source code. If yes, we perform assembly of the selected line and replace it with these opcodes.
  • step 8 a numerical variable V or an instruction with a numerical value V is chosen.
  • step 10 an operation is defined whose execution provides said digital value V and at least one line of the program is substituted for hide by a new program line performing said operation.
  • step 12 the assembly code representing the operation defined in step 10 is generated.
  • step 14 if V is a numerical variable, the initialization of said variable is replaced by the expression that makes it possible to obtain it.
  • step 16 if V is a constant numerical value, the assembly code representing the operation defined in step 10 is placed before the instruction chosen in step 8 and the numerical value is replaced. V by the register or the memory address containing the result of the operation defined in step 10.
  • the first code shows that the numeric value 0x12 is replaced by a calculation using the "non-numeric" element located at the address 0x2, in this case an instruction opcode 0x89 to which it removes 0x77 to find the value 0x12.
  • the original code is: 00000002 89ca mov edx, ecx
  • the code modified by the method according to the invention is as follows:
  • the original code is: 00000004 3IcO xor eax, eax 00000006 31db xor ebx, ebx
  • 00000009 8b3d00200000 edi mov, [0x2000] 0000000f 2b3d04000000 sub edi, [0x4] 00000015 83ffl2 edi cmp, 0x12 00002000 75f353ec global value 0xec53f37.
EP10709452A 2009-02-24 2010-02-23 Verfahren zum verdecken eines computerprogramms Withdrawn EP2401693A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0951161A FR2942558B1 (fr) 2009-02-24 2009-02-24 Procede d'obscurcissement d'un programme d'ordinateur.
PCT/EP2010/052276 WO2010097382A1 (fr) 2009-02-24 2010-02-23 Procédé d'obscurcissement d'un programme d'ordinateur.

Publications (1)

Publication Number Publication Date
EP2401693A1 true EP2401693A1 (de) 2012-01-04

Family

ID=40852490

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10709452A Withdrawn EP2401693A1 (de) 2009-02-24 2010-02-23 Verfahren zum verdecken eines computerprogramms

Country Status (5)

Country Link
US (1) US9239913B2 (de)
EP (1) EP2401693A1 (de)
CA (1) CA2752339C (de)
FR (1) FR2942558B1 (de)
WO (1) WO2010097382A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10068070B2 (en) * 2015-05-05 2018-09-04 Nxp B.V. White-box elliptic curve point multiplication
US20160328539A1 (en) * 2015-05-05 2016-11-10 Nxp B.V. Obscuring Software Code With Split Variables

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050069131A1 (en) * 2003-09-25 2005-03-31 Sun Microsystems, Inc., A Delaware Corporation Rendering and encryption engine for application program obfuscation

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0988591A1 (de) * 1997-06-09 2000-03-29 Intertrust, Incorporated Verfinsterungstechniken zur verbesserung der softwaresicherheit
US7770016B2 (en) * 1999-07-29 2010-08-03 Intertrust Technologies Corporation Systems and methods for watermarking software and other media
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
US7757097B2 (en) * 1999-09-03 2010-07-13 Purdue Research Foundation Method and system for tamperproofing software
US7287166B1 (en) * 1999-09-03 2007-10-23 Purdue Research Foundation Guards for application in software tamperproofing
GB2405958A (en) * 2003-08-20 2005-03-16 Macrovision Europ Ltd Code obfuscation and controlling a processor by emulation
WO2006115219A1 (ja) * 2005-04-21 2006-11-02 Matsushita Electric Industrial Co., Ltd. プログラム難読化装置及び難読化方法
WO2007091558A1 (ja) * 2006-02-06 2007-08-16 Matsushita Electric Industrial Co., Ltd. プログラム難読化装置
EP2022207B1 (de) * 2006-05-31 2018-10-10 Orange Kryptografisches verfahren mit integrierter verschlüsselung und aufhebung, system, verfahren und programme zur implementierung dieses verfahrens
WO2008010508A1 (fr) * 2006-07-18 2008-01-24 Panasonic Corporation dispositif de génération de commande
US8321666B2 (en) * 2006-08-15 2012-11-27 Sap Ag Implementations of secure computation protocols
EP1947584B1 (de) * 2006-12-21 2009-05-27 Telefonaktiebolaget LM Ericsson (publ) Verschleierung von Computerprogrammcodes
JP4905480B2 (ja) * 2009-02-20 2012-03-28 富士ゼロックス株式会社 プログラム難読化プログラム及びプログラム難読化装置

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050069131A1 (en) * 2003-09-25 2005-03-31 Sun Microsystems, Inc., A Delaware Corporation Rendering and encryption engine for application program obfuscation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2010097382A1 *

Also Published As

Publication number Publication date
FR2942558A1 (fr) 2010-08-27
WO2010097382A1 (fr) 2010-09-02
CA2752339A1 (fr) 2010-09-02
US20120110349A1 (en) 2012-05-03
US9239913B2 (en) 2016-01-19
CA2752339C (fr) 2018-01-02
FR2942558B1 (fr) 2014-05-30

Similar Documents

Publication Publication Date Title
US9032526B2 (en) Emulating mixed-code programs using a virtual machine instance
US20090235089A1 (en) Computer object code obfuscation using boot installation
Papadogiannakis et al. ASIST: architectural support for instruction set randomization
CA2752259C (fr) Procede de protection du code source d'un programme d'ordinateur
US20080022405A1 (en) Signature-free buffer overflow attack blocker
KR102433011B1 (ko) Apk 파일 보호 방법, 이를 수행하는 apk 파일 보호 시스템, 및 이를 저장하는 기록매체
US20120030758A1 (en) Automated Diversity Using Return Oriented Programming
CN107273723B (zh) 一种基于so文件加壳的Android平台应用软件保护方法
Zhang et al. Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations
CN104951674A (zh) 用于应用程序的信息隐藏方法
Cheng et al. DynOpVm: VM-based software obfuscation with dynamic opcode mapping
CA2752339C (fr) Procede d'obscurcissement d'un programme d'ordinateur
US20130283396A1 (en) System and method for limiting execution of software to authorized users
KR102459774B1 (ko) Dll 파일 암호화 방법, 이를 수행하는 dll 파일 암호화 시스템, 및 이를 저장하는 기록매체
Schrittwieser et al. Covert Computation—Hiding code in code through compile-time obfuscation
Joshi et al. Impact of software obfuscation on susceptibility to return-oriented programming attacks
Xue et al. Exploiting code diversity to enhance code virtualization protection
FR3069935A1 (fr) Dispositifs et procedes de protection de propriete intellectuelle de logiciel pour des plates-formes integrees
Bhojani Malware analysis
WO2016126206A1 (en) Method for obfuscation of code using return oriented programming
FR2977342A1 (fr) Verification d'integrite d'un programme execute par un circuit electronique
Vidyarthi et al. Identifying ransomware-specific properties using static analysis of executables
FR3056787A1 (fr) Methode de protection d’un programme logiciel par offuscation par virtualisation
Tsai et al. Physical forensic acquisition and pattern unlock on Android smart phones
Lim et al. Mal-Xtract: hidden code extraction using memory analysis

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110829

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20171205

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20180312