WO1999041651A2 - Procede servant a proteger un code binaire - Google Patents
Procede servant a proteger un code binaire Download PDFInfo
- Publication number
- WO1999041651A2 WO1999041651A2 PCT/SG1998/000010 SG9800010W WO9941651A2 WO 1999041651 A2 WO1999041651 A2 WO 1999041651A2 SG 9800010 W SG9800010 W SG 9800010W WO 9941651 A2 WO9941651 A2 WO 9941651A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- bytecode
- encrypted
- run
- accessing
- decryption key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 235000010254 Jasminum officinale Nutrition 0.000 description 1
- 240000005385 Jasminum sambac Species 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
Definitions
- the present invention relates to a method for protecting compiled software application code, and a code protection system.
- a bytecode obfuscator is a tool that goes through an application and renames all the symbolic information inside, such as the class names, method names and field names. Bytecode obfuscation does not protect the bytecode from being decompiled, but it makes the decompiled code a lot more difficult to understand.
- Some bytecode obfuscators protect further by adding corrupted information into the application files to confuse the bytecode decompilers. This technique is frequently applied at the expense of violating the standard bytecode file format specification, which may render the resulting bytecode incompatible with certain implementations of the run-time system. This technique is also limited, due to the availability of free tools on the Internet that can remove the corrupted information, as described in reference E.
- a method of protecting bytecode including: encrypting bytecode for an application; providing the encrypted bytecode to a user; executing a code loader to load the encrypted bytecode, access a decryption key, decrypt the encrypted bytecode, and pass the decrypted bytecode to a run-time system; and executing said decrypted bytecode with said run-time system.
- the present invention also provides a software tool stored on a computer readable storage medium, including: means for accessing bytecode; means for determining if the bytecode is encrypted; means for accessing a decryption key; means for decrypting encrypted bytecode using the decryption key; and means for passing bytecode to a run-time system.
- the present invention further provides a software protection system, including: means for accessing bytecode; means for determining if the bytecode is encrypted; means for accessing a decryption key; means for decrypting encrypted bytecode using the decryption key; and means for passing bytecode to a run-time system.
- the present invention also provides a method for execution by a computer system, including: accessing bytecode; determining if the bytecode is encrypted; accessing a decryption key; decrypting encrypted bytecode using the decryption key; and passing bytecode to a run-time system.
- Figure 1 is a flow diagram of a process executed by a code loader of the preferred embodiment.
- a software protection system of the preferred embodiment uses a software tool, hereinafter referred to as deCafTM, which includes an encryption module, a code loader and a driver program.
- the system comprises at least one computer having electronic memory used for storing, reading and executing the software tool, and a run-time system for executing bytecode of a software application.
- the system normally comprises a server computer and a user computer, where the tool is stored on the server with application bytecode, and the bytecode when encrypted is transmitted to the user's computer with the code loader and the driver program for storage and execution on the user's computer.
- the code loader and the drive program can be transmitted separately and also can be prestored on a user's computer.
- the encryption module is used to encrypt bytecode, which can then only be decrypted by the code loader.
- the driver program installs the code loader for a run-time system of a user's machine, instructs the code loader to decrypt the encrypted bytecode, and then causes the decrypted code to be executed on the user's machine.
- deCaf TM is able to prevent bytecode decompilers from reading the bytecode. The decompilers are unable to decompile the encrypted bytecode without first decrypting it.
- deCafTM does not require any such modification, as it is able to rely on the code loader which can be applied in any run- time system that supports the installation of a code loader by the software application to be executed.
- deCafTM is able to encrypt Java software applications and then execute them on an unmodified Java run-time system, being the Java Virtual Machine.
- the encryption module when executed, normally by a transmitting server, acts on the compiled bytecode of a software application and applies an encryption algorithm to produce decrypted bytecode. Any secured encryption algorithm can be used, although one which enhances the execution speed of the encryption module is preferred.
- any encryption algorithm there is an encryption key as well as a decryption key.
- the encryption and decryption keys are different. While in a symmetric encryption algorithm, both keys are the same. Regardless of which is used, the decryption key is distributed to the application user so the encrypted bytecode can be decrypted later and executed.
- the decryption key can be hidden within the encrypted bytecode.
- the code loader will know this hidden location, so that the key can be extracted at run-time to decrypt the bytecode.
- the location can be made random by having it dependent on a relatively random data pattern, such as the message digest of the application code.
- the customised code loader will normally be provided together with the encrypted bytecode.
- code loader (known as the ClassLoader in Java) is a small piece of software that is responsible for loading the application code from a disk, a network or any other storage medium.
- DeCafTM exploits this feature by providing it's own code loader to perform code decryption at run-time, hence omitting the need to modify the run-time system.
- the code loader's role is to find and load the correct application bytecode, and then pass it to the run-time system.
- appropriate decryption routines are inserted and executed between the loading of the application code and handing it over to the run-time system. This ensures that the run-time system always receives bytecode it can execute.
- the code loader of deCafTM first receives a request to load a bytecode file, at step 2.
- the code loader looks for the bytecode file, at step 4.
- the bytecode file can reside anywhere in the local disk, or even in a network. In most run-time systems, the list of places to look for the bytecode is given by a predefined variable which the user can change. In Java, this is given by the CLASS PATH environment variable.
- the custom code loader determines whether it is in encrypted form, at step 6.
- deCafTM a predefined constant of OxDECAFO is assigned to all encrypted bytecode.
- the loader determines the existence of this constant in order to decide whether the bytecode is encrypted or not. If the loader determines that the bytecode is encrypted, operation proceeds to step 8, whereas otherwise operation proceeds to step 12.
- the code loader loads the decryption key. Loading the decryption key will depend on how the decryption key is distributed. In a current implementation of deCafTM, the decryption key is encoded in the encrypted bytecode. The loader accesses this information, and loads the decryption key accordingly.
- the custom code loader executes the required decryption algorithm on the encrypted code, at step 10.
- any secure encryption algorithm can be chosen.
- One particular encryption algorithm can be chosen, or the type of encryption algorithm used can be encoded in the encrypted bytecode. In the latter case, the code loader looks up the type of encryption algorithm used, and applies the corresponding decryption algorithm. Once the bytecode has been decrypted, or if it is not encrypted in the first place, it is passed directly to the run-time system, at step 12 by the code loader.
- the driver program of deCaf TM is used to tie the components of the tool together and run the encrypted application.
- the driver program executes the following steps:
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU66453/98A AU6645398A (en) | 1998-02-13 | 1998-02-13 | Method for protecting bytecode |
GB0009367A GB2349250A (en) | 1998-02-13 | 1998-02-13 | Method for protecting bytecode |
PCT/SG1998/000010 WO1999041651A2 (fr) | 1998-02-13 | 1998-02-13 | Procede servant a proteger un code binaire |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG1998/000010 WO1999041651A2 (fr) | 1998-02-13 | 1998-02-13 | Procede servant a proteger un code binaire |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1999041651A2 true WO1999041651A2 (fr) | 1999-08-19 |
WO1999041651A3 WO1999041651A3 (fr) | 2002-06-20 |
Family
ID=20429836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG1998/000010 WO1999041651A2 (fr) | 1998-02-13 | 1998-02-13 | Procede servant a proteger un code binaire |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU6645398A (fr) |
GB (1) | GB2349250A (fr) |
WO (1) | WO1999041651A2 (fr) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002031648A2 (fr) | 2000-10-11 | 2002-04-18 | Sealedmedia Limited | Procedes pour empecher le piratage de codes java |
WO2002071195A1 (fr) * | 2001-02-05 | 2002-09-12 | Hmd-Software Ag | Procede et dispositif de transmission de codes de programme sur internet |
GB2343022B (en) * | 1998-10-19 | 2003-01-08 | Ibm | Encrypting of java methods |
US6681212B1 (en) | 1999-04-23 | 2004-01-20 | Nianning Zeng | Internet-based automated system and a method for software copyright protection and sales |
WO2004098121A2 (fr) * | 2003-05-02 | 2004-11-11 | Bitarts Limited | Livraison d'un contenu logiciel |
WO2006063876A1 (fr) * | 2004-12-17 | 2006-06-22 | Siemens Aktiengesellschaft | Procede et dispositif pour coder et executer une bibliotheque logicielle |
CN101957903A (zh) * | 2010-09-13 | 2011-01-26 | 中兴通讯股份有限公司 | 一种保护类文件的方法和装置 |
EP3188063A1 (fr) * | 2015-12-29 | 2017-07-05 | GuardSquare NV | Système de construction |
CN111131281A (zh) * | 2019-12-30 | 2020-05-08 | 北京永新视博数字电视技术有限公司 | 消息传输方法、装置、系统及其保护代码更新方法、装置 |
US11550883B2 (en) | 2020-09-08 | 2023-01-10 | Assured Information Security, Inc. | Code protection |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2385951A (en) * | 2001-09-21 | 2003-09-03 | Sun Microsystems Inc | Data encryption and decryption |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0115395A2 (fr) * | 1983-01-26 | 1984-08-08 | International Computers Limited | Système de traitement avec protection de programmes |
US4562305A (en) * | 1982-12-22 | 1985-12-31 | International Business Machines Corporation | Software cryptographic apparatus and method |
US4740890A (en) * | 1983-12-22 | 1988-04-26 | Software Concepts, Inc. | Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media |
EP0359220A2 (fr) * | 1988-09-16 | 1990-03-21 | Wayne W. Chou | Méthode et dispositif pour protéger un logiciel d'ordinateur utilisant un réseau de filtres codés en conjontion avec un dispositif matériel codé activement |
EP0515739A1 (fr) * | 1991-05-31 | 1992-12-02 | International Business Machines Corporation | Générateur de code de programme |
EP0555715A1 (fr) * | 1992-02-12 | 1993-08-18 | International Business Machines Corporation | Service de cryptographie avec fonction définie par l'utilisateur |
US5259029A (en) * | 1990-05-16 | 1993-11-02 | Duncan Jr F Jeff | Decoding device for computer software protection |
US5522073A (en) * | 1993-11-22 | 1996-05-28 | Hewlett-Packard Company | Method and apparatus for automating and controlling execution of software tools and tool sets via when/then relationships |
US5544244A (en) * | 1993-10-28 | 1996-08-06 | Nec Corporation | Method for protecting an enciphered computer object code against cryptanalysis |
EP0740250A2 (fr) * | 1995-04-24 | 1996-10-30 | Motorola, Inc. | Dispositif de lecture/écriture dynamique d'une pluralité de formats de code objet en employant des lecteurs/scripteurs de code objet |
US5604803A (en) * | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
-
1998
- 1998-02-13 GB GB0009367A patent/GB2349250A/en not_active Withdrawn
- 1998-02-13 WO PCT/SG1998/000010 patent/WO1999041651A2/fr active Application Filing
- 1998-02-13 AU AU66453/98A patent/AU6645398A/en not_active Abandoned
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4562305A (en) * | 1982-12-22 | 1985-12-31 | International Business Machines Corporation | Software cryptographic apparatus and method |
EP0115395A2 (fr) * | 1983-01-26 | 1984-08-08 | International Computers Limited | Système de traitement avec protection de programmes |
US4740890A (en) * | 1983-12-22 | 1988-04-26 | Software Concepts, Inc. | Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media |
EP0359220A2 (fr) * | 1988-09-16 | 1990-03-21 | Wayne W. Chou | Méthode et dispositif pour protéger un logiciel d'ordinateur utilisant un réseau de filtres codés en conjontion avec un dispositif matériel codé activement |
US5259029A (en) * | 1990-05-16 | 1993-11-02 | Duncan Jr F Jeff | Decoding device for computer software protection |
EP0515739A1 (fr) * | 1991-05-31 | 1992-12-02 | International Business Machines Corporation | Générateur de code de programme |
EP0555715A1 (fr) * | 1992-02-12 | 1993-08-18 | International Business Machines Corporation | Service de cryptographie avec fonction définie par l'utilisateur |
US5544244A (en) * | 1993-10-28 | 1996-08-06 | Nec Corporation | Method for protecting an enciphered computer object code against cryptanalysis |
US5522073A (en) * | 1993-11-22 | 1996-05-28 | Hewlett-Packard Company | Method and apparatus for automating and controlling execution of software tools and tool sets via when/then relationships |
US5604803A (en) * | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
EP0740250A2 (fr) * | 1995-04-24 | 1996-10-30 | Motorola, Inc. | Dispositif de lecture/écriture dynamique d'une pluralité de formats de code objet en employant des lecteurs/scripteurs de code objet |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2343022B (en) * | 1998-10-19 | 2003-01-08 | Ibm | Encrypting of java methods |
US6681212B1 (en) | 1999-04-23 | 2004-01-20 | Nianning Zeng | Internet-based automated system and a method for software copyright protection and sales |
EP2362324A3 (fr) * | 2000-10-11 | 2011-10-05 | Sealedmedia Limited | Procédés pour empecher le piratage de code java |
WO2002031648A2 (fr) | 2000-10-11 | 2002-04-18 | Sealedmedia Limited | Procedes pour empecher le piratage de codes java |
EP1325411B1 (fr) * | 2000-10-11 | 2018-03-07 | Oracle Corporation UK Limited | Procedes pour empecher le piratage de codes java |
WO2002071195A1 (fr) * | 2001-02-05 | 2002-09-12 | Hmd-Software Ag | Procede et dispositif de transmission de codes de programme sur internet |
WO2004098121A2 (fr) * | 2003-05-02 | 2004-11-11 | Bitarts Limited | Livraison d'un contenu logiciel |
WO2004098121A3 (fr) * | 2003-05-02 | 2004-12-29 | Bitarts Ltd | Livraison d'un contenu logiciel |
WO2006063876A1 (fr) * | 2004-12-17 | 2006-06-22 | Siemens Aktiengesellschaft | Procede et dispositif pour coder et executer une bibliotheque logicielle |
CN101957903A (zh) * | 2010-09-13 | 2011-01-26 | 中兴通讯股份有限公司 | 一种保护类文件的方法和装置 |
EP3188063A1 (fr) * | 2015-12-29 | 2017-07-05 | GuardSquare NV | Système de construction |
WO2017114931A1 (fr) * | 2015-12-29 | 2017-07-06 | Guardsquare Nv | Système de construction avec plugiciels pour chiffrement de composants d'application |
US10713339B2 (en) | 2015-12-29 | 2020-07-14 | Guardsquare Nv | Build system with plugins for encryption of application components |
CN111131281A (zh) * | 2019-12-30 | 2020-05-08 | 北京永新视博数字电视技术有限公司 | 消息传输方法、装置、系统及其保护代码更新方法、装置 |
US11550883B2 (en) | 2020-09-08 | 2023-01-10 | Assured Information Security, Inc. | Code protection |
Also Published As
Publication number | Publication date |
---|---|
WO1999041651A3 (fr) | 2002-06-20 |
GB0009367D0 (en) | 2000-05-31 |
AU6645398A (en) | 1999-08-30 |
GB2349250A (en) | 2000-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2362324B1 (fr) | Procédés pour empecher le piratage de code java | |
JP4702957B2 (ja) | 耐タンパ・トラステッド仮想マシン | |
US7181603B2 (en) | Method of secure function loading | |
US7650493B2 (en) | System and method for integrating secure and non-secure software objects | |
AU717615B2 (en) | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources | |
US7313824B1 (en) | Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent | |
US7725614B2 (en) | Portable mass storage device with virtual machine activation | |
EP1220079A2 (fr) | Procédé de partage d'une région des données cryptées entre des processus dans un processeur inviolable | |
US20110167259A1 (en) | Software license enforcement | |
US20030194094A1 (en) | System and method for secure storage data using a key | |
US8843766B2 (en) | Method and system for protecting against access to a machine code of a device | |
JP2004502233A (ja) | 共有名を用いてコンポーネントにセキュリティを提供するシステムおよび方法 | |
US20080126705A1 (en) | Methods Used In A Portable Mass Storage Device With Virtual Machine Activation | |
US8284942B2 (en) | Persisting private/public key pairs in password-encrypted files for transportation to local cryptographic store | |
CN103971034A (zh) | 一种保护Java软件的方法及装置 | |
WO1999041651A2 (fr) | Procede servant a proteger un code binaire | |
KR20090048581A (ko) | 가상 머신 활성화를 갖는 휴대용 대량 저장장치 | |
KR101405915B1 (ko) | 데이터의 암호화 저장 방법 및 암호화된 데이터의 판독방법 | |
US20240129110A1 (en) | System and method of application resource binding | |
JP2005227981A (ja) | ソフトウェア配信装置、端末装置、およびインストールプログラム | |
KR20020051612A (ko) | 설치키 관리 서버를 이용한 소프트웨어 불법 사용 방지 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AU CA CN GB IL JP KR NZ SG US |
|
ENP | Entry into the national phase in: |
Ref country code: GB Ref document number: 200009367 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09582724 Country of ref document: US |
|
NENP | Non-entry into the national phase in: |
Ref country code: KR |
|
NENP | Non-entry into the national phase in: |
Ref country code: CA |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AU CA CN GB IL JP KR NZ SG US |