WO2012146079A1 - Software protection method - Google Patents

Software protection method Download PDF

Info

Publication number
WO2012146079A1
WO2012146079A1 PCT/CN2012/071520 CN2012071520W WO2012146079A1 WO 2012146079 A1 WO2012146079 A1 WO 2012146079A1 CN 2012071520 W CN2012071520 W CN 2012071520W WO 2012146079 A1 WO2012146079 A1 WO 2012146079A1
Authority
WO
WIPO (PCT)
Prior art keywords
software
code
encryption lock
dongle
api interface
Prior art date
Application number
PCT/CN2012/071520
Other languages
French (fr)
Chinese (zh)
Inventor
孙吉平
韩勇
Original Assignee
北京深思洛克软件技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京深思洛克软件技术股份有限公司 filed Critical 北京深思洛克软件技术股份有限公司
Publication of WO2012146079A1 publication Critical patent/WO2012146079A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code

Definitions

  • the present invention relates to software copyright protection technologies, and in particular, to a software protection method.
  • BACKGROUND OF THE INVENTION Software has been plagued by piracy due to its purely digital characteristics, and the use of encryption locks is a major means of achieving commercial software copyright protection.
  • the dongle is a hardware device connected to the parallel port of the computer or an external interface such as a universal serial bus (USB).
  • USB universal serial bus
  • the encryption lock is difficult to copy, so as to prevent the protected software from being illegally used.
  • FIG. 1 is a schematic diagram of a method of protecting software in the prior art.
  • the prior art encryption lock-based software protection method is: The protected software is connected to the protected software by using an API (Application Programming Interface) during the running process. If the returned lock is correct, the protected software continues to run. If the returned result is incorrect, the protected software terminates the operation.
  • API Application Programming Interface
  • the cracker can track and analyze any part of the software layer running process, so that the boundary with obvious features becomes the most vulnerable location for the attacker.
  • the protected software and the encryption lock API interface are all composed of software code, which cannot be rid of the cracker's monitoring.
  • the cracker can track the code of the protected lock by calling the protected software, including the code of the protected software API of the protected lock. Input data at the time of the call, the result returned by the dongle, and the return to the dongle The resulting processing code eventually runs away from the dongle by tampering or spoofing the protected software.
  • the prior art encryption protection based software protection scheme can only guarantee the security of the hardware part of the encryption lock, and the security of the software part still has serious problems.
  • the present invention provides a software protection method, including: the protected software invokes an encryption lock connected to the computer where the protected software is located through the encryption lock API interface during the running process, and if the returned result is correct, The protected software continues to run. If the returned result is incorrect, the protected software terminates operation.
  • the code used to invoke the dongle in the protected software is the original code used to call the dongle in the software before the software is delivered to the user. The new code generated by the transformation.
  • the code for invoking the dongle in the protected software comprises: a code for preparing input data for invoking the dongle and a code for processing a return result of the dongle.
  • the code of the dongle API interface is a new code generated by transforming the original code of the dongle API interface before the dongle API interface is delivered to the user.
  • the code of the cryptographic lock API interface includes code for the entry of the cryptographic lock API interface.
  • the method of transforming the original code is: deforming the original code or converting the original code into virtual machine code.
  • the rules for transforming the original code for invoking the dongle in the protected software are dynamic, and the new code generated each time the transform is generated is different.
  • the rules for transforming the original code of the dongle API interface are dynamic, and the new code generated each time the transform is generated is different.
  • the present invention has the following beneficial effects:
  • FIG. 1 is a schematic diagram of a method of protecting software in the prior art.
  • FIG. 2 is a schematic diagram of Embodiment 1 of a method for protecting software according to the present invention.
  • FIG. 3 is a schematic diagram of Embodiment 2 of a method for protecting software according to the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the protected software calls the encryption lock through the encryption lock API interface, inputs the plaintext T, and returns the transformation result C1;
  • Protected software compares c and Cl. If they are equal, the protected software continues to run, otherwise the protected software terminates.
  • the software developer compiles the protected software before it is delivered to the user.
  • the original code used to invoke the dongle in the protected software might be:
  • the three lines of the original code are used to calculate the C1 by using the encryption lock of the LIV_Encrypt function of the encryption lock API interface;
  • the cracker can easily find CALL?
  • the LIV_encrypt? command sets the breakpoint and traces the parameter passing process to obtain the input data and output data of the LIV_ enC rypt function.
  • the simulated LIV_ e ncrypt function directly returns the output C corresponding to the plaintext T to trick the protected software.
  • FIG. 2 is a schematic diagram of Embodiment 1 of a method for protecting software according to the present invention.
  • the software used by the user is software that is modified by the instruction, and the code for calling the encryption lock in the software is before the software is delivered to the user.
  • the new code generated by the original code for invoking the dongle is transformed, and the original code is transformed by: deforming the original code.
  • the new code in the protected software that is used to invoke the dongle may be:
  • the code for preparing the input data for calling the encryption lock and the code for processing the return result of the encryption lock in the protected software are the key points for performing code conversion.
  • the encryption lock API interface is also an encryption lock API interface that is deformed by an instruction, and the code of the encryption lock API interface is used in the encryption lock API interface.
  • the rules for transforming the original code for invoking the dongle and the original code of the dongle API interface in the protected software are dynamic, and each new code generated by the transform is different.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the protected software calls the encryption lock through the encryption lock API interface, inputs the plaintext T, and returns the transformation result C1;
  • Protected software compares C and Cl. If they are equal, the protected software continues to run, otherwise the protected software terminates.
  • the software developer compiles the protected software before it is delivered to the user.
  • the original code used to invoke the dongle in the protected software might be:
  • the three lines of the original code are used to calculate the C1 by using the encryption lock of the LIV_Encrypt function of the encryption lock API interface;
  • the cracker can easily find CALL?
  • the LIV_encrypt? command sets the breakpoint and traces the parameter passing process to obtain the input data and output data of the LIV_ enC rypt function.
  • the simulated LIV_ e ncrypt function directly returns the output C corresponding to the plaintext T to trick the protected software.
  • FIG. 3 is a schematic diagram of Embodiment 2 of a method for protecting software according to the present invention.
  • the software used by the user is software that is transformed by the virtual machine code, and the code for calling the encryption lock in the protected software is delivered to the user in the software.
  • the method of transforming the original code is: transforming the original code into virtual machine code, making analysis of the decompiled code and cracking extremely difficult, and even unable to set a valid breakpoint.
  • the cracker wants to analyze the interaction between the protected software and the encryption lock, the converted code must be fully analyzed before it can be performed, which increases the security of the entire protection scheme.
  • the code for preparing the input data for calling the encryption lock and the code for processing the return result of the encryption lock in the protected software are the key points for performing code conversion.
  • the encryption lock API interface is also an encryption lock API interface that is transformed by a virtual machine code, and the code of the encryption lock API interface is in the encryption lock API.
  • the interface is delivered by the user to convert the original code of the encryption lock API interface to generate new code, especially the code of the entry portion of the encryption lock API interface, by which the boundary between the protected software and the encryption lock API is indistinguishable.
  • the rules for transforming the original code for invoking the dongle and the original code of the encrypted lock API interface in the protected software are dynamic, and the new code generated each time the transform is generated is different.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a software protection method, comprising: software under protection, during operation, invoking a dongle on a computer where the software under protection is located through a dongle API interface; where if a returned result is correct, the operation of the software under protection continues, and if the returned result is incorrect, the operation of the software under protection is terminated, and code for invoking the dongle in the software under protection is a new code generated by transforming an original code for invoking the dongle in the software before the software is delivered to a user. In the software protection method provided in the present invention, the code for invoking the dongle in the software under protection is transformed into a code which is hard for a cracker to analyze, so that the cracker cannot track input data and output data when the software under protection invokes the dongle. In this way, data interaction between the software under protection and the dongle API interface is protected, and the difficulty of analysis for the cracker is increased, thereby enhancing security strength of the software protection method based on the dongle.

Description

一种软件的保护方法  Software protection method
技术领域 本发明涉及软件版权保护技术, 特别涉及一种软件的保护方法。 背景技术 软件由于其纯数字化的特征, 一直遭受盗版的困扰, 而使用加密 锁是实现商业软件版权保护的一种主要手段。 其中, 加密锁是一个连 接在计算机的并口或者通用串行总线(USB)等外部接口上的硬件设备。 加密锁作为一种硬件设备, 复制的难度较大, 从而起到防止受保护软 件被非法使用的作用。  TECHNICAL FIELD The present invention relates to software copyright protection technologies, and in particular, to a software protection method. BACKGROUND OF THE INVENTION Software has been plagued by piracy due to its purely digital characteristics, and the use of encryption locks is a major means of achieving commercial software copyright protection. The dongle is a hardware device connected to the parallel port of the computer or an external interface such as a universal serial bus (USB). As a kind of hardware device, the encryption lock is difficult to copy, so as to prevent the protected software from being illegally used.
图 1为现有技术的软件的保护方法的示意图。 如图 1所示, 现有 技术的基于加密锁的软件保护方法是: 受保护软件在运行过程中通过 力口密锁 API接口 (Application Programming Interface,应用程序编 程接口) 调用连接在该受保护软件所在计算机上的加密锁, 若返回结 果正确, 则受保护软件继续运行, 若返回结果错误, 则受保护软件终 止运行。 根据图 1可以看出, 现有技术的基于加密锁的软件保护方案 中存在两个明显的数据交换的边界: 受保护软件和加密锁 API接口之 间以及加密锁 API接口和加密锁之间。  FIG. 1 is a schematic diagram of a method of protecting software in the prior art. As shown in FIG. 1 , the prior art encryption lock-based software protection method is: The protected software is connected to the protected software by using an API (Application Programming Interface) during the running process. If the returned lock is correct, the protected software continues to run. If the returned result is incorrect, the protected software terminates the operation. As can be seen from Figure 1, there are two distinct boundaries of data exchange in the prior art cryptographic lock based software protection scheme: between the protected software and the cryptographic lock API interface and between the cryptographic lock API interface and the cryptographic lock.
由于现代操作系统的开放性, 破解者可以对软件层运行过程中的 任何一个环节进行跟踪和分析, 这样一来, 特征明显的边界就成为破 解者最容易实施攻击的位置。  Due to the openness of the modern operating system, the cracker can track and analyze any part of the software layer running process, so that the boundary with obvious features becomes the most vulnerable location for the attacker.
对于加密锁 API接口和加密锁之间的交互, 可以通过有加密锁硬 件参与的通信加密等手段实现有效的保护, 由于加密锁硬件的安全性 很高, 因此攻击的难度很高。 而受保护软件和加密锁 API接口则全部 是软件代码构成, 不能摆脱破解者的监控, 破解者可以通过跟踪受保 护软件调用加密锁的相关代码, 包括受保护软件调用加密锁 API接口 的代码、 调用时的输入数据、 加密锁返回的结果、 以及对加密锁返回 结果的处理代码, 最终通过篡改或者欺骗受保护软件来实现脱离加密 锁运行。 For the interaction between the encryption lock API interface and the encryption lock, effective protection can be achieved by means of communication encryption with the participation of the encryption lock hardware. Since the security of the encryption lock hardware is high, the attack is very difficult. The protected software and the encryption lock API interface are all composed of software code, which cannot be rid of the cracker's monitoring. The cracker can track the code of the protected lock by calling the protected software, including the code of the protected software API of the protected lock. Input data at the time of the call, the result returned by the dongle, and the return to the dongle The resulting processing code eventually runs away from the dongle by tampering or spoofing the protected software.
因此, 现有技术的基于加密锁的软件保护方案只能保证加密锁硬 件部分的安全, 软件部分的安全仍然存在比较严重的问题。 发明内容 本发明的目的是提供一种软件的保护方法, 以解决现有技术的基 于加密锁的软件保护方案中软件部分容易被破解者跟踪和分析破解的 问题。  Therefore, the prior art encryption protection based software protection scheme can only guarantee the security of the hardware part of the encryption lock, and the security of the software part still has serious problems. SUMMARY OF THE INVENTION It is an object of the present invention to provide a software protection method for solving the problem that the software portion of the prior art encryption lock based software protection scheme is easily tracked and analyzed by the cracker.
为了实现上述目的, 本发明提供了一种软件的保护方法, 包括: 受保护软件在运行过程中通过加密锁 API接口调用连接在该受保护软 件所在计算机上的加密锁, 若返回结果正确, 则受保护软件继续运行, 若返回结果错误, 则受保护软件终止运行, 所述受保护软件中用于调 用加密锁的代码是在软件被交付用户之前对该软件中用于调用加密锁 的原始代码进行变换生成的新代码。  In order to achieve the above object, the present invention provides a software protection method, including: the protected software invokes an encryption lock connected to the computer where the protected software is located through the encryption lock API interface during the running process, and if the returned result is correct, The protected software continues to run. If the returned result is incorrect, the protected software terminates operation. The code used to invoke the dongle in the protected software is the original code used to call the dongle in the software before the software is delivered to the user. The new code generated by the transformation.
作为优选, 所述受保护软件中用于调用加密锁的代码包括: 为调 用所述加密锁准备输入数据的代码和对所述加密锁的返回结果进行处 理的代码。  Advantageously, the code for invoking the dongle in the protected software comprises: a code for preparing input data for invoking the dongle and a code for processing a return result of the dongle.
作为优选, 所述加密锁 API接口的代码是在加密锁 API接口被交 付用户之前对加密锁 API接口的原始代码进行变换生成的新代码。  Advantageously, the code of the dongle API interface is a new code generated by transforming the original code of the dongle API interface before the dongle API interface is delivered to the user.
作为进一歩地优选, 所述加密锁 API接口的代码包括加密锁 API 接口的入口的代码。  As a further preferred, the code of the cryptographic lock API interface includes code for the entry of the cryptographic lock API interface.
作为进一歩地优选, 对所述原始代码进行变换的方法是: 将所述 原始代码进行指令变形或将所述原始代码变换为虚拟机代码。  Further preferably, the method of transforming the original code is: deforming the original code or converting the original code into virtual machine code.
作为进一歩地优选, 对所述受保护软件中用于调用加密锁的原始 代码进行变换的规则是动态的,每次所述变换生成的新代码均不相同。  As a further preferred, the rules for transforming the original code for invoking the dongle in the protected software are dynamic, and the new code generated each time the transform is generated is different.
作为进一歩地优选, 对所述加密锁 API接口的原始代码进行变换 的规则是动态的, 每次所述变换生成的新代码均不相同。  As a further preferred, the rules for transforming the original code of the dongle API interface are dynamic, and the new code generated each time the transform is generated is different.
与现有技术相比, 本发明具有以下有益效果:  Compared with the prior art, the present invention has the following beneficial effects:
本发明提供的软件的保护方法中, 受保护软件中用于调用加密锁 的代码和加密锁 API接口的代码已被转换成破解者难以分析的代码, 使破解者无法跟踪受保护软件调用加密锁时的输入数据和输出数据, 因而使受保护软件和加密锁 API接口之间的数据交互得到了保护, 提 高了破解者分析的难度, 从而提高了基于加密锁的软件保护方案的安 全强度; 此外, 由于对所述受保护软件中用于调用加密锁的原始代码 和加密锁 API接口的原始代码进行变换的规则都是动态的, 所以每次 变换生成的新代码均不一样, 进一歩提高了软件保护的安全性。 附图说明 图 1为现有技术的软件的保护方法的示意图。 In the software protection method provided by the present invention, the code for calling the encryption lock and the code of the encryption lock API interface in the protected software have been converted into codes that are difficult for the cracker to analyze. The cracker cannot track the input data and the output data when the protected software calls the encryption lock, thereby protecting the data interaction between the protected software and the encryption lock API interface, thereby improving the difficulty of the cracker analysis, thereby improving the The security strength of the software protection scheme of the encryption lock; in addition, since the rules for transforming the original code for calling the encryption lock and the original code of the encryption lock API interface in the protected software are dynamic, each transformation is generated The new code is different, and the security of the software protection is improved. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a method of protecting software in the prior art.
图 2为本发明的软件的保护方法的实施例一的示意图。  FIG. 2 is a schematic diagram of Embodiment 1 of a method for protecting software according to the present invention.
图 3为本发明的软件的保护方法的实施例二的示意图。 具体实施方式 下面结合附图对本发明的实施例进行详细说明。  FIG. 3 is a schematic diagram of Embodiment 2 of a method for protecting software according to the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
实施例一:  Embodiment 1:
本实施例提供的软件的保护方法包括如下歩骤:  The software protection method provided in this embodiment includes the following steps:
利用计算机中的软件开发工具计算明文 τ的变换结果 C;  Using the software development tool in the computer to calculate the transformation result of the plaintext τ C;
在受保护软件中存储明文 τ和变换结果 C;  Store plaintext τ and transform result C in protected software;
受保护软件通过加密锁 API接口调用加密锁, 输入明文 T, 返回 变换结果 C1 ;  The protected software calls the encryption lock through the encryption lock API interface, inputs the plaintext T, and returns the transformation result C1;
受保护软件对比 c和 Cl, 若相等, 则受保护软件继续运行, 否则 受保护软件终止运行。  Protected software compares c and Cl. If they are equal, the protected software continues to run, otherwise the protected software terminates.
软件开发商在将受保护软件交付用户之前, 经过编译, 受保护软 件中用于调用加密锁的原始代码可能是:  The software developer compiles the protected software before it is delivered to the user. The original code used to invoke the dongle in the protected software might be:
PUSH offset_Cl_buff  PUSH offset_Cl_buff
PUSH offset_T_buff  PUSH offset_T_buff
CALL ? LIV_encrypt?  CALL? LIV_encrypt?
这三行原始代码用于通过加密锁 API接口的 LIV_Encrypt函数调 用加密锁计算 C1;  The three lines of the original code are used to calculate the C1 by using the encryption lock of the LIV_Encrypt function of the encryption lock API interface;
PUSH offset_Cl_buff  PUSH offset_Cl_buff
PUSH Offset C buff CALL ? MEMCMP? PUSH Offset C buff CALL? MEMCMP?
JNZ ? EXIT?  JNZ? EXIT?
这四行原始代码用于比较 C和 Cl。  These four lines of raw code are used to compare C and Cl.
根据上述代码, 破解者能够很容易地找到 CALL ? LIV_encrypt? 指令并设置断点, 并跟踪参数传递过程获得 LIV_enCrypt函数的输入 数据和输出数据, 最终通过模拟 LIV_encrypt 函数来直接返回明文 T 对应的输出 C, 欺骗受保护软件。 According to the above code, the cracker can easily find CALL? The LIV_encrypt? command sets the breakpoint and traces the parameter passing process to obtain the input data and output data of the LIV_ enC rypt function. Finally, the simulated LIV_ e ncrypt function directly returns the output C corresponding to the plaintext T to trick the protected software.
图 2为本发明的软件的保护方法的实施例一的示意图。 如图 2所 示, 在本实施例提供的软件的保护方法中, 用户使用的软件是经过指 令变形的软件, 所述软件中用于调用加密锁的代码是在软件被交付用 户之前对该软件中用于调用加密锁的原始代码进行变换生成的新代 码, 对所述原始代码进行变换的方法是:对所述原始代码进行指令变 形。 经过变换后, 受保护软件中用于调用加密锁的新代码可能是: FIG. 2 is a schematic diagram of Embodiment 1 of a method for protecting software according to the present invention. As shown in FIG. 2, in the software protection method provided by the embodiment, the software used by the user is software that is modified by the instruction, and the code for calling the encryption lock in the software is before the software is delivered to the user. The new code generated by the original code for invoking the dongle is transformed, and the original code is transformed by: deforming the original code. After transformation, the new code in the protected software that is used to invoke the dongle may be:
PUSH offset_Cl_buff PUSH offset_Cl_buff
PUSH offset_T_buff  PUSH offset_T_buff
PUSH OFFSET_?LIV_encrypt?  PUSH OFFSET_?LIV_encrypt?
RET 显然, 原来特征明显的 CALL指令被 PUSH和 RET组合指令替代, 破解者无法直接搜索到对应的指令, 显然无法直接获得 LIV_encrypt 函数的输入和输出, 软件保护方案的安全性得到了提升。 RET Obviously, the original features significant CALL instruction is replaced by PUSH and RET combined instruction, cracker can not search directly into a corresponding instruction, obviously can not directly input and output LIV_ enc rypt function, security software protection scheme has been improved.
其中, 所述受保护软件中为调用所述加密锁准备输入数据的代码 和对所述加密锁的返回结果进行处理的代码是进行代码变换的重点。  The code for preparing the input data for calling the encryption lock and the code for processing the return result of the encryption lock in the protected software are the key points for performing code conversion.
此外,为了进一歩提高本实施例提供的软件的保护方法的安全性, 所述加密锁 API接口也是经过指令变形的加密锁 API接口, 所述加密 锁 API接口的代码是在加密锁 API接口被交付用户之前对加密锁 API 接口的原始代码进行变换生成的新代码, 尤其是加密锁 API接口的入 口部分的代码, 通过该变换使受保护软件和加密锁 API接口之间的界 限难以区分。 最后, 对所述受保护软件中用于调用加密锁的原始代码和所述加 密锁 API接口的原始代码进行变换的规则是动态的, 每次所述变换生 成的新代码均不相同。 In addition, in order to further improve the security of the protection method of the software provided by the embodiment, the encryption lock API interface is also an encryption lock API interface that is deformed by an instruction, and the code of the encryption lock API interface is used in the encryption lock API interface. The new code generated by the transformation of the original code of the dongle API interface before the user is delivered, especially the code of the entry portion of the dongle API interface, makes the boundaries between the protected software and the dongle API interface indistinguishable. Finally, the rules for transforming the original code for invoking the dongle and the original code of the dongle API interface in the protected software are dynamic, and each new code generated by the transform is different.
实施例二:  Embodiment 2:
本实施例提供的软件的保护方法包括如下歩骤:  The software protection method provided in this embodiment includes the following steps:
利用计算机中的软件开发工具计算明文 T的变换结果 C;  Using the software development tool in the computer to calculate the transformation result C of the plaintext T;
在受保护软件中存储明文 T和变换结果 C;  Store plaintext T and transform result C in protected software;
受保护软件通过加密锁 API接口调用加密锁, 输入明文 T, 返回 变换结果 C1 ;  The protected software calls the encryption lock through the encryption lock API interface, inputs the plaintext T, and returns the transformation result C1;
受保护软件对比 C和 Cl, 若相等, 则受保护软件继续运行, 否则 受保护软件终止运行。  Protected software compares C and Cl. If they are equal, the protected software continues to run, otherwise the protected software terminates.
软件开发商在将受保护软件交付用户之前, 经过编译, 受保护软 件中用于调用加密锁的原始代码可能是:  The software developer compiles the protected software before it is delivered to the user. The original code used to invoke the dongle in the protected software might be:
PUSH offset_Cl_buff  PUSH offset_Cl_buff
PUSH offset_T_buff  PUSH offset_T_buff
CALL ? LIV_encrypt?  CALL? LIV_encrypt?
这三行原始代码用于通过加密锁 API接口的 LIV_Encrypt函数调 用加密锁计算 C1;  The three lines of the original code are used to calculate the C1 by using the encryption lock of the LIV_Encrypt function of the encryption lock API interface;
PUSH offset_Cl_buff  PUSH offset_Cl_buff
PUSH Offset_C_buff  PUSH Offset_C_buff
CALL ? MEMCMP?  CALL? MEMCMP?
JNZ ? EXIT?  JNZ? EXIT?
这四行原始代码用于比较 C和 Cl。  These four lines of raw code are used to compare C and Cl.
根据上述代码, 破解者能够很容易地找到 CALL ? LIV_encrypt? 指令并设置断点, 并跟踪参数传递过程获得 LIV_enCrypt函数的输入 数据和输出数据, 最终通过模拟 LIV_encrypt 函数来直接返回明文 T 对应的输出 C, 欺骗受保护软件。 According to the above code, the cracker can easily find CALL? The LIV_encrypt? command sets the breakpoint and traces the parameter passing process to obtain the input data and output data of the LIV_ enC rypt function. Finally, the simulated LIV_ e ncrypt function directly returns the output C corresponding to the plaintext T to trick the protected software.
图 3为本发明的软件的保护方法的实施例二的示意图。 如图 3所 示, 在本实施例提供的软件的保护方法中, 用户使用的软件是经过虚 拟机代码变换的软件, 所述受保护软件中用于调用加密锁的代码是在 软件被交付用户之前对该软件中用于调用加密锁的原始代码进行变换 生成的新代码, 对所述原始代码进行变换的方法是: 将所述原始代码 变换为虚拟机代码, 使分析反编译后的代码和破解变得极为困难, 甚 至无法设置有效的断点。 FIG. 3 is a schematic diagram of Embodiment 2 of a method for protecting software according to the present invention. As shown in FIG. 3, in the software protection method provided in this embodiment, the software used by the user is software that is transformed by the virtual machine code, and the code for calling the encryption lock in the protected software is delivered to the user in the software. Previously transforming the original code used to call the dongle in the software The generated new code, the method of transforming the original code is: transforming the original code into virtual machine code, making analysis of the decompiled code and cracking extremely difficult, and even unable to set a valid breakpoint.
经过这样的处理之后, 破解者想要分析受保护软件和加密锁之间 的交互关系, 则必须要先将转换后的代码完全分析出来才能进行, 这 就就增加了整个保护方案的安全性。  After such processing, if the cracker wants to analyze the interaction between the protected software and the encryption lock, the converted code must be fully analyzed before it can be performed, which increases the security of the entire protection scheme.
其中, 所述受保护软件中为调用所述加密锁准备输入数据的代码 和对所述加密锁的返回结果进行处理的代码是进行代码变换的重点。  The code for preparing the input data for calling the encryption lock and the code for processing the return result of the encryption lock in the protected software are the key points for performing code conversion.
此外,为了进一歩提高本实施例提供的软件的保护方法的安全性, 所述加密锁 API接口也是经过虚拟机代码变换的加密锁 API接口, 所 述加密锁 API接口的代码是在加密锁 API接口被交付用户之前对加密 锁 API接口的原始代码进行变换生成的新代码, 尤其是加密锁 API接 口的入口部分的代码, 通过该变换使受保护软件和加密锁 API之间的 界限难以区分。  In addition, in order to further improve the security of the protection method of the software provided by the embodiment, the encryption lock API interface is also an encryption lock API interface that is transformed by a virtual machine code, and the code of the encryption lock API interface is in the encryption lock API. The interface is delivered by the user to convert the original code of the encryption lock API interface to generate new code, especially the code of the entry portion of the encryption lock API interface, by which the boundary between the protected software and the encryption lock API is indistinguishable.
最后, 对所述受保护软件中用于调用加密锁的原始代码和所述加 密锁 API接口的原始代码进行变换的规则是动态的, 每次所述变换生 成的新代码均不相同。  Finally, the rules for transforming the original code for invoking the dongle and the original code of the encrypted lock API interface in the protected software are dynamic, and the new code generated each time the transform is generated is different.
以上实施例仅为本发明的示例性实施例, 不用于限制本发明, 本 发明的保护范围由权利要求书限定。 本领域技术人员可以在本发明的 实质和保护范围内, 对本发明做出各种修改或等同替换, 这种修改或 等同替换也应视为落在本发明的保护范围内。  The above embodiments are merely exemplary embodiments of the invention, and are not intended to limit the invention, and the scope of the invention is defined by the claims. A person skilled in the art can make various modifications or equivalents to the invention within the spirit and scope of the invention, and such modifications or equivalents are also considered to be within the scope of the invention.

Claims

权 利 要 求 书 Claim
1、 一种软件的保护方法, 包括: 受保护软件在运行过程中通过加 密锁 API接口调用连接在该受保护软件所在计算机上的加密锁, 若返 回结果正确, 则受保护软件继续运行, 若返回结果错误, 则受保护软 件终止运行, 其特征在于, 所述受保护软件中用于调用加密锁的代码 是在软件被交付用户之前对该软件中用于调用加密锁的原始代码进行 变换生成的新代码。  1. A software protection method, comprising: the protected software in the running process calls an encryption lock connected to the computer where the protected software is located through an encryption lock API interface, and if the returned result is correct, the protected software continues to run, if If the result of the error is returned, the protected software terminates the operation, and the code for calling the encryption lock in the protected software is to transform the original code for calling the encryption lock in the software before the software is delivered to the user. New code.
2、 根据权利要求 1所述的软件的保护方法, 其特征在于, 所述受 保护软件中用于调用加密锁的代码包括: 为调用所述加密锁准备输入 数据的代码和对所述加密锁的返回结果进行处理的代码。  2. The software protection method according to claim 1, wherein the code for invoking the encryption lock in the protected software comprises: preparing a code for inputting data for calling the encryption lock and locking the encryption lock The code that returns the result to be processed.
3、 根据权利要求 1所述的软件的保护方法, 其特征在于, 所述加 密锁 API接口的代码是在加密锁 API接口被交付用户之前对加密锁 API 接口的原始代码进行变换生成的新代码。  3. The software protection method according to claim 1, wherein the code of the encryption lock API interface is a new code generated by transforming the original code of the encryption lock API interface before the encryption lock API interface is delivered to the user. .
4、 根据权利要求 3所述的软件的保护方法, 其特征在于, 所述加 密锁 API接口的代码包括加密锁 API接口的入口的代码。  4. The software protection method according to claim 3, wherein the code of the encryption lock API interface comprises a code of an entry of the encryption lock API interface.
5、 根据权利要求 1或 3所述的软件的保护方法, 其特征在于, 对 所述原始代码进行变换的方法是: 将所述原始代码进行指令变形或将 所述原始代码变换为虚拟机代码。  The method for protecting software according to claim 1 or 3, wherein the method of transforming the original code is: deforming the original code or converting the original code into a virtual machine code .
6、根据权利要求 1至 4中任一项所述的软件的保护方法, 其特征 在于, 对所述受保护软件中用于调用加密锁的原始代码进行变换的规 则是动态的, 每次所述变换生成的新代码均不相同。  The software protection method according to any one of claims 1 to 4, characterized in that the rule for transforming the original code for calling the encryption lock in the protected software is dynamic, each time The new code generated by the transformation is different.
7、 根据权利要求 3或 4所述的软件的保护方法, 其特征在于, 对 所述加密锁 API接口的原始代码进行变换的规则是动态的, 每次所述 变换生成的新代码均不相同。  The software protection method according to claim 3 or 4, wherein the rule for transforming the original code of the encryption lock API interface is dynamic, and each new code generated by the transformation is different. .
PCT/CN2012/071520 2011-04-29 2012-02-23 Software protection method WO2012146079A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110110148.7 2011-04-29
CN2011101101487A CN102136052A (en) 2011-04-29 2011-04-29 Software protecting method

Publications (1)

Publication Number Publication Date
WO2012146079A1 true WO2012146079A1 (en) 2012-11-01

Family

ID=44295836

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071520 WO2012146079A1 (en) 2011-04-29 2012-02-23 Software protection method

Country Status (2)

Country Link
CN (1) CN102136052A (en)
WO (1) WO2012146079A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103646205A (en) * 2013-12-24 2014-03-19 飞天诚信科技股份有限公司 Method for controlling operation of encryption lock
CN105635082A (en) * 2014-11-12 2016-06-01 北大方正集团有限公司 Dynamic authorization method and system, authorization center, and authorization client

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102136052A (en) * 2011-04-29 2011-07-27 北京深思洛克软件技术股份有限公司 Software protecting method
CN102855422B (en) * 2012-08-21 2015-03-04 飞天诚信科技股份有限公司 Method and device for identifying pirated encryption lock
US9207914B2 (en) * 2013-12-20 2015-12-08 Microsoft Technology Licensing, Llc Execution guards in dynamic programming
CN106850819A (en) * 2017-02-17 2017-06-13 深圳市中博睿存信息技术有限公司 A kind of method and system for improving object storage security
CN107423582A (en) * 2017-03-31 2017-12-01 合肥民众亿兴软件开发有限公司 A kind of method for safeguarding software
CN112559981B (en) * 2020-12-11 2021-09-17 北京深思数盾科技股份有限公司 Software protection method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN101404056A (en) * 2008-10-29 2009-04-08 金蝶软件(中国)有限公司 Software protection method, apparatus and equipment
CN101782948A (en) * 2009-01-15 2010-07-21 欧阳鹏 Switching method of protection mode and protection system
CN102136052A (en) * 2011-04-29 2011-07-27 北京深思洛克软件技术股份有限公司 Software protecting method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2405958A (en) * 2003-08-20 2005-03-16 Macrovision Europ Ltd Code obfuscation and controlling a processor by emulation
CN100452070C (en) * 2006-03-14 2009-01-14 北京深思洛克数据保护中心 Software protection method
CN101216873B (en) * 2007-12-29 2012-12-19 北京深思洛克软件技术股份有限公司 A software copyright protection method and system based on encryption lock, and encryption lock
CN101216775A (en) * 2008-01-03 2008-07-09 北京深思洛克数据保护中心 Software program protection method, device and system
CN101673328A (en) * 2009-09-25 2010-03-17 北京中企开源信息技术有限公司 Certification method for digital film making system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN101404056A (en) * 2008-10-29 2009-04-08 金蝶软件(中国)有限公司 Software protection method, apparatus and equipment
CN101782948A (en) * 2009-01-15 2010-07-21 欧阳鹏 Switching method of protection mode and protection system
CN102136052A (en) * 2011-04-29 2011-07-27 北京深思洛克软件技术股份有限公司 Software protecting method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103646205A (en) * 2013-12-24 2014-03-19 飞天诚信科技股份有限公司 Method for controlling operation of encryption lock
CN103646205B (en) * 2013-12-24 2016-04-06 飞天诚信科技股份有限公司 A kind of method controlling operation of encryption lock
CN105635082A (en) * 2014-11-12 2016-06-01 北大方正集团有限公司 Dynamic authorization method and system, authorization center, and authorization client

Also Published As

Publication number Publication date
CN102136052A (en) 2011-07-27

Similar Documents

Publication Publication Date Title
WO2012146079A1 (en) Software protection method
CN109101822B (en) Method for solving data privacy disclosure problem in multi-party computing
CN101005361B (en) Server and software protection method and system
CN102567685B (en) Software copyright protection method based on asymmetric public key password system
CN101494541B (en) System and method for implementing security protection of PIN code
CN1740940A (en) Method for realizing computer software intruder preventing edition based on confidence computation module chip
CN1747382B (en) Random encryption and identity authentication
CN106663163A (en) Securing audio communications
Stumpf et al. Improving the scalability of platform attestation
WO2014026462A1 (en) Digital rights management method
WO2005052768A1 (en) Secret information processing system and lsi
JP2010536202A (en) Security method and apparatus for input data
CN107085676A (en) The Software Intellectual Property Rights guard method of the various dimensions of software and hardware combining
CN101730886B (en) Secure storage system and method of use
CN102236761A (en) Method for generating registration code in software pirate prevention
CN110750791A (en) Method and system for guaranteeing physical attack resistance of trusted execution environment based on memory encryption
CN108959962B (en) API (application programming interface) secure calling method of dynamic library
CN1877595A (en) Software copyright protection method
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN1199110C (en) Software protection method
WO2023019964A1 (en) Data security processing method and apparatus
CN101286987A (en) Method for transferring authority license of software
CN103825740B (en) A kind of mobile terminal payment password Transmission system and method
CN112332973B (en) Fine-grained Internet of things equipment control flow protection method
CN104504312A (en) Software anti-debug protecting method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12777554

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12777554

Country of ref document: EP

Kind code of ref document: A1