WO1999041651A2 - Procede servant a proteger un code binaire - Google Patents

Procede servant a proteger un code binaire Download PDF

Info

Publication number
WO1999041651A2
WO1999041651A2 PCT/SG1998/000010 SG9800010W WO9941651A2 WO 1999041651 A2 WO1999041651 A2 WO 1999041651A2 SG 9800010 W SG9800010 W SG 9800010W WO 9941651 A2 WO9941651 A2 WO 9941651A2
Authority
WO
WIPO (PCT)
Prior art keywords
bytecode
encrypted
run
accessing
decryption key
Prior art date
Application number
PCT/SG1998/000010
Other languages
English (en)
Other versions
WO1999041651A3 (fr
Inventor
Kuo Chiang Chiang
Original Assignee
National Computer Board, Acting Through Its R & D Division, The Information Technology Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Board, Acting Through Its R & D Division, The Information Technology Institute filed Critical National Computer Board, Acting Through Its R & D Division, The Information Technology Institute
Priority to AU66453/98A priority Critical patent/AU6645398A/en
Priority to GB0009367A priority patent/GB2349250A/en
Priority to PCT/SG1998/000010 priority patent/WO1999041651A2/fr
Publication of WO1999041651A2 publication Critical patent/WO1999041651A2/fr
Publication of WO1999041651A3 publication Critical patent/WO1999041651A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the present invention relates to a method for protecting compiled software application code, and a code protection system.
  • a bytecode obfuscator is a tool that goes through an application and renames all the symbolic information inside, such as the class names, method names and field names. Bytecode obfuscation does not protect the bytecode from being decompiled, but it makes the decompiled code a lot more difficult to understand.
  • Some bytecode obfuscators protect further by adding corrupted information into the application files to confuse the bytecode decompilers. This technique is frequently applied at the expense of violating the standard bytecode file format specification, which may render the resulting bytecode incompatible with certain implementations of the run-time system. This technique is also limited, due to the availability of free tools on the Internet that can remove the corrupted information, as described in reference E.
  • a method of protecting bytecode including: encrypting bytecode for an application; providing the encrypted bytecode to a user; executing a code loader to load the encrypted bytecode, access a decryption key, decrypt the encrypted bytecode, and pass the decrypted bytecode to a run-time system; and executing said decrypted bytecode with said run-time system.
  • the present invention also provides a software tool stored on a computer readable storage medium, including: means for accessing bytecode; means for determining if the bytecode is encrypted; means for accessing a decryption key; means for decrypting encrypted bytecode using the decryption key; and means for passing bytecode to a run-time system.
  • the present invention further provides a software protection system, including: means for accessing bytecode; means for determining if the bytecode is encrypted; means for accessing a decryption key; means for decrypting encrypted bytecode using the decryption key; and means for passing bytecode to a run-time system.
  • the present invention also provides a method for execution by a computer system, including: accessing bytecode; determining if the bytecode is encrypted; accessing a decryption key; decrypting encrypted bytecode using the decryption key; and passing bytecode to a run-time system.
  • Figure 1 is a flow diagram of a process executed by a code loader of the preferred embodiment.
  • a software protection system of the preferred embodiment uses a software tool, hereinafter referred to as deCafTM, which includes an encryption module, a code loader and a driver program.
  • the system comprises at least one computer having electronic memory used for storing, reading and executing the software tool, and a run-time system for executing bytecode of a software application.
  • the system normally comprises a server computer and a user computer, where the tool is stored on the server with application bytecode, and the bytecode when encrypted is transmitted to the user's computer with the code loader and the driver program for storage and execution on the user's computer.
  • the code loader and the drive program can be transmitted separately and also can be prestored on a user's computer.
  • the encryption module is used to encrypt bytecode, which can then only be decrypted by the code loader.
  • the driver program installs the code loader for a run-time system of a user's machine, instructs the code loader to decrypt the encrypted bytecode, and then causes the decrypted code to be executed on the user's machine.
  • deCaf TM is able to prevent bytecode decompilers from reading the bytecode. The decompilers are unable to decompile the encrypted bytecode without first decrypting it.
  • deCafTM does not require any such modification, as it is able to rely on the code loader which can be applied in any run- time system that supports the installation of a code loader by the software application to be executed.
  • deCafTM is able to encrypt Java software applications and then execute them on an unmodified Java run-time system, being the Java Virtual Machine.
  • the encryption module when executed, normally by a transmitting server, acts on the compiled bytecode of a software application and applies an encryption algorithm to produce decrypted bytecode. Any secured encryption algorithm can be used, although one which enhances the execution speed of the encryption module is preferred.
  • any encryption algorithm there is an encryption key as well as a decryption key.
  • the encryption and decryption keys are different. While in a symmetric encryption algorithm, both keys are the same. Regardless of which is used, the decryption key is distributed to the application user so the encrypted bytecode can be decrypted later and executed.
  • the decryption key can be hidden within the encrypted bytecode.
  • the code loader will know this hidden location, so that the key can be extracted at run-time to decrypt the bytecode.
  • the location can be made random by having it dependent on a relatively random data pattern, such as the message digest of the application code.
  • the customised code loader will normally be provided together with the encrypted bytecode.
  • code loader (known as the ClassLoader in Java) is a small piece of software that is responsible for loading the application code from a disk, a network or any other storage medium.
  • DeCafTM exploits this feature by providing it's own code loader to perform code decryption at run-time, hence omitting the need to modify the run-time system.
  • the code loader's role is to find and load the correct application bytecode, and then pass it to the run-time system.
  • appropriate decryption routines are inserted and executed between the loading of the application code and handing it over to the run-time system. This ensures that the run-time system always receives bytecode it can execute.
  • the code loader of deCafTM first receives a request to load a bytecode file, at step 2.
  • the code loader looks for the bytecode file, at step 4.
  • the bytecode file can reside anywhere in the local disk, or even in a network. In most run-time systems, the list of places to look for the bytecode is given by a predefined variable which the user can change. In Java, this is given by the CLASS PATH environment variable.
  • the custom code loader determines whether it is in encrypted form, at step 6.
  • deCafTM a predefined constant of OxDECAFO is assigned to all encrypted bytecode.
  • the loader determines the existence of this constant in order to decide whether the bytecode is encrypted or not. If the loader determines that the bytecode is encrypted, operation proceeds to step 8, whereas otherwise operation proceeds to step 12.
  • the code loader loads the decryption key. Loading the decryption key will depend on how the decryption key is distributed. In a current implementation of deCafTM, the decryption key is encoded in the encrypted bytecode. The loader accesses this information, and loads the decryption key accordingly.
  • the custom code loader executes the required decryption algorithm on the encrypted code, at step 10.
  • any secure encryption algorithm can be chosen.
  • One particular encryption algorithm can be chosen, or the type of encryption algorithm used can be encoded in the encrypted bytecode. In the latter case, the code loader looks up the type of encryption algorithm used, and applies the corresponding decryption algorithm. Once the bytecode has been decrypted, or if it is not encrypted in the first place, it is passed directly to the run-time system, at step 12 by the code loader.
  • the driver program of deCaf TM is used to tie the components of the tool together and run the encrypted application.
  • the driver program executes the following steps:

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Procédé, outil logiciel et système servant à protéger un code binaire et consistant à chiffrer ce code binaire pour une application, à transmettre ce code binaire chiffré à un utilisateur, à mettre en application un chargeur de code afin de charger le code binaire chiffré, à accéder à une clé de déchiffrement, à déchiffrer le code binaire chiffré et à introduire ce code binaire déchiffré dans un système d"exécution, puis à mettre en application le code binaire déchiffré avec le système d"exécution.
PCT/SG1998/000010 1998-02-13 1998-02-13 Procede servant a proteger un code binaire WO1999041651A2 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU66453/98A AU6645398A (en) 1998-02-13 1998-02-13 Method for protecting bytecode
GB0009367A GB2349250A (en) 1998-02-13 1998-02-13 Method for protecting bytecode
PCT/SG1998/000010 WO1999041651A2 (fr) 1998-02-13 1998-02-13 Procede servant a proteger un code binaire

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG1998/000010 WO1999041651A2 (fr) 1998-02-13 1998-02-13 Procede servant a proteger un code binaire

Publications (2)

Publication Number Publication Date
WO1999041651A2 true WO1999041651A2 (fr) 1999-08-19
WO1999041651A3 WO1999041651A3 (fr) 2002-06-20

Family

ID=20429836

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG1998/000010 WO1999041651A2 (fr) 1998-02-13 1998-02-13 Procede servant a proteger un code binaire

Country Status (3)

Country Link
AU (1) AU6645398A (fr)
GB (1) GB2349250A (fr)
WO (1) WO1999041651A2 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002031648A2 (fr) 2000-10-11 2002-04-18 Sealedmedia Limited Procedes pour empecher le piratage de codes java
WO2002071195A1 (fr) * 2001-02-05 2002-09-12 Hmd-Software Ag Procede et dispositif de transmission de codes de programme sur internet
GB2343022B (en) * 1998-10-19 2003-01-08 Ibm Encrypting of java methods
US6681212B1 (en) 1999-04-23 2004-01-20 Nianning Zeng Internet-based automated system and a method for software copyright protection and sales
WO2004098121A2 (fr) * 2003-05-02 2004-11-11 Bitarts Limited Livraison d'un contenu logiciel
WO2006063876A1 (fr) * 2004-12-17 2006-06-22 Siemens Aktiengesellschaft Procede et dispositif pour coder et executer une bibliotheque logicielle
CN101957903A (zh) * 2010-09-13 2011-01-26 中兴通讯股份有限公司 一种保护类文件的方法和装置
EP3188063A1 (fr) * 2015-12-29 2017-07-05 GuardSquare NV Système de construction
CN111131281A (zh) * 2019-12-30 2020-05-08 北京永新视博数字电视技术有限公司 消息传输方法、装置、系统及其保护代码更新方法、装置
US11550883B2 (en) 2020-09-08 2023-01-10 Assured Information Security, Inc. Code protection

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2385951A (en) * 2001-09-21 2003-09-03 Sun Microsystems Inc Data encryption and decryption

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0115395A2 (fr) * 1983-01-26 1984-08-08 International Computers Limited Système de traitement avec protection de programmes
US4562305A (en) * 1982-12-22 1985-12-31 International Business Machines Corporation Software cryptographic apparatus and method
US4740890A (en) * 1983-12-22 1988-04-26 Software Concepts, Inc. Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media
EP0359220A2 (fr) * 1988-09-16 1990-03-21 Wayne W. Chou Méthode et dispositif pour protéger un logiciel d'ordinateur utilisant un réseau de filtres codés en conjontion avec un dispositif matériel codé activement
EP0515739A1 (fr) * 1991-05-31 1992-12-02 International Business Machines Corporation Générateur de code de programme
EP0555715A1 (fr) * 1992-02-12 1993-08-18 International Business Machines Corporation Service de cryptographie avec fonction définie par l'utilisateur
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection
US5522073A (en) * 1993-11-22 1996-05-28 Hewlett-Packard Company Method and apparatus for automating and controlling execution of software tools and tool sets via when/then relationships
US5544244A (en) * 1993-10-28 1996-08-06 Nec Corporation Method for protecting an enciphered computer object code against cryptanalysis
EP0740250A2 (fr) * 1995-04-24 1996-10-30 Motorola, Inc. Dispositif de lecture/écriture dynamique d'une pluralité de formats de code objet en employant des lecteurs/scripteurs de code objet
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4562305A (en) * 1982-12-22 1985-12-31 International Business Machines Corporation Software cryptographic apparatus and method
EP0115395A2 (fr) * 1983-01-26 1984-08-08 International Computers Limited Système de traitement avec protection de programmes
US4740890A (en) * 1983-12-22 1988-04-26 Software Concepts, Inc. Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media
EP0359220A2 (fr) * 1988-09-16 1990-03-21 Wayne W. Chou Méthode et dispositif pour protéger un logiciel d'ordinateur utilisant un réseau de filtres codés en conjontion avec un dispositif matériel codé activement
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection
EP0515739A1 (fr) * 1991-05-31 1992-12-02 International Business Machines Corporation Générateur de code de programme
EP0555715A1 (fr) * 1992-02-12 1993-08-18 International Business Machines Corporation Service de cryptographie avec fonction définie par l'utilisateur
US5544244A (en) * 1993-10-28 1996-08-06 Nec Corporation Method for protecting an enciphered computer object code against cryptanalysis
US5522073A (en) * 1993-11-22 1996-05-28 Hewlett-Packard Company Method and apparatus for automating and controlling execution of software tools and tool sets via when/then relationships
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
EP0740250A2 (fr) * 1995-04-24 1996-10-30 Motorola, Inc. Dispositif de lecture/écriture dynamique d'une pluralité de formats de code objet en employant des lecteurs/scripteurs de code objet

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2343022B (en) * 1998-10-19 2003-01-08 Ibm Encrypting of java methods
US6681212B1 (en) 1999-04-23 2004-01-20 Nianning Zeng Internet-based automated system and a method for software copyright protection and sales
EP2362324A3 (fr) * 2000-10-11 2011-10-05 Sealedmedia Limited Procédés pour empecher le piratage de code java
WO2002031648A2 (fr) 2000-10-11 2002-04-18 Sealedmedia Limited Procedes pour empecher le piratage de codes java
EP1325411B1 (fr) * 2000-10-11 2018-03-07 Oracle Corporation UK Limited Procedes pour empecher le piratage de codes java
WO2002071195A1 (fr) * 2001-02-05 2002-09-12 Hmd-Software Ag Procede et dispositif de transmission de codes de programme sur internet
WO2004098121A2 (fr) * 2003-05-02 2004-11-11 Bitarts Limited Livraison d'un contenu logiciel
WO2004098121A3 (fr) * 2003-05-02 2004-12-29 Bitarts Ltd Livraison d'un contenu logiciel
WO2006063876A1 (fr) * 2004-12-17 2006-06-22 Siemens Aktiengesellschaft Procede et dispositif pour coder et executer une bibliotheque logicielle
CN101957903A (zh) * 2010-09-13 2011-01-26 中兴通讯股份有限公司 一种保护类文件的方法和装置
EP3188063A1 (fr) * 2015-12-29 2017-07-05 GuardSquare NV Système de construction
WO2017114931A1 (fr) * 2015-12-29 2017-07-06 Guardsquare Nv Système de construction avec plugiciels pour chiffrement de composants d'application
US10713339B2 (en) 2015-12-29 2020-07-14 Guardsquare Nv Build system with plugins for encryption of application components
CN111131281A (zh) * 2019-12-30 2020-05-08 北京永新视博数字电视技术有限公司 消息传输方法、装置、系统及其保护代码更新方法、装置
US11550883B2 (en) 2020-09-08 2023-01-10 Assured Information Security, Inc. Code protection

Also Published As

Publication number Publication date
WO1999041651A3 (fr) 2002-06-20
GB0009367D0 (en) 2000-05-31
AU6645398A (en) 1999-08-30
GB2349250A (en) 2000-10-25

Similar Documents

Publication Publication Date Title
EP2362324B1 (fr) Procédés pour empecher le piratage de code java
JP4702957B2 (ja) 耐タンパ・トラステッド仮想マシン
US7181603B2 (en) Method of secure function loading
US7650493B2 (en) System and method for integrating secure and non-secure software objects
AU717615B2 (en) System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
US7313824B1 (en) Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent
US7725614B2 (en) Portable mass storage device with virtual machine activation
EP1220079A2 (fr) Procédé de partage d'une région des données cryptées entre des processus dans un processeur inviolable
US20110167259A1 (en) Software license enforcement
US20030194094A1 (en) System and method for secure storage data using a key
US8843766B2 (en) Method and system for protecting against access to a machine code of a device
JP2004502233A (ja) 共有名を用いてコンポーネントにセキュリティを提供するシステムおよび方法
US20080126705A1 (en) Methods Used In A Portable Mass Storage Device With Virtual Machine Activation
US8284942B2 (en) Persisting private/public key pairs in password-encrypted files for transportation to local cryptographic store
CN103971034A (zh) 一种保护Java软件的方法及装置
WO1999041651A2 (fr) Procede servant a proteger un code binaire
KR20090048581A (ko) 가상 머신 활성화를 갖는 휴대용 대량 저장장치
KR101405915B1 (ko) 데이터의 암호화 저장 방법 및 암호화된 데이터의 판독방법
US20240129110A1 (en) System and method of application resource binding
JP2005227981A (ja) ソフトウェア配信装置、端末装置、およびインストールプログラム
KR20020051612A (ko) 설치키 관리 서버를 이용한 소프트웨어 불법 사용 방지 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AU CA CN GB IL JP KR NZ SG US

ENP Entry into the national phase in:

Ref country code: GB

Ref document number: 200009367

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 09582724

Country of ref document: US

NENP Non-entry into the national phase in:

Ref country code: KR

NENP Non-entry into the national phase in:

Ref country code: CA

AK Designated states

Kind code of ref document: A3

Designated state(s): AU CA CN GB IL JP KR NZ SG US