Chapter 1 What is hidden software 1?
1. 1 overview 1
1.2 attack and defense 5
1.3 program analysis method 6
1.4 code confusion 1 1
The application of 1.4. 1 code obfuscation 13
1.4.2 Overview of obfuscation technology 17
1.4.3 code obfuscation technology used by hackers 2 1
1.5 tamper-proof technology 27
1.5. 1 Application of tamper-proof technology 27
1.5.2 Example of tamper-proof technology 29
1.6 software watermark 30
1.6. 1 Software Watermarking Example 32
1.6.2 Attacking the Watermarking System 34
1.7 software similarity comparison 36
1.7. 1 code plagiarism 36
1.7.2 software author identification 37
1.7.3 software "birthmark" 38
1.7.4 software "birthmark" case 40
. 1.8 Hardware-based protection technology
1.8. 1 selling hardware encryption locks with software 42
1.8.2 binding program with cpu 43
1.8.3 Ensure that the software is executed in a safe environment 43
1.8.4 Encrypt executable file 44
1.8.5 Increase physical protection 45
1.9 Summary 46
1.9. 1 reasons for using software protection technology 46
1.9.2 Reasons for not using software protection technology 47
What about 1.9.3?
1. 10 Some Notes 48
Chapter II Methods of Attack and Defense 49
2. 1 attack strategy 50
2. 1. 1 the prototype of the cracked object 50
2. 1.2 Cracker's motivation 52
2. 1.3 How to crack 54
2. 1.4 Cracking method used by the cracker 55
2. 1.5 What tools does the cracker use?
2. 1.6 What technologies will the cracker use?
2. 1.7 Summary 69
2.2 Defense Methods 70
2.2. 1 a little explanation 7 1
Cover up 73
2.2.3 Replication
2.2.4 Decentralization and consolidation 78
Reordering 80
2.2.6 Mapping 8 1
Guideline 84
2.2.8 Imitation 85
Form 87
Condition-trigger 88
Sports edition 90
2.2. 12 Summary 9 1
2.3 Conclusion 92
2.3. 1 what are the requirements for attack and defense mode 92?
2.3.2 How to use the above model design algorithm 93
The third chapter program analysis method 94
3. 1 static analysis 95
3. 1. 1 control flow analysis 95
3. 1.2 data stream analysis 103
3. 1.3 data dependency analysis 107
3. 1.4 alias analysis 109
3. 1.5 slice 1 15
3. 1.6 abstract analysis 1 16
3.2 Dynamic analysis 1 18
3.2. 1 debugging 1 18
3.2.2 Zoning 129
Tracking 132
Simulator 135
3.3 refactoring source code 137
3.3. 1 disassembly 139
Decompile 146
3.4 Practical Analysis 155
3.4. 1 programming style index 156
3.4.2 Software Complexity Measurement 158
3.4.3 Software Visualization 159
3.5 Summary 162
Chapter 4 code confusion 163
4. 1 confusion transformation of semantic reservation 164
4. 1. 1 algorithm obfcf: diversified transformation 164.
4. 1.2 algorithm obftp: rename the identifier 170.
4. 1.3 confused management 173
4.2 Definition 177
4.2. 1 can be used to confuse the conversion 178.
4.2.2 Expenses caused by confusion 18 1
4.2.3 Concealed 18 1
4.2.4 Other definitions 182
4.3 Complex control flow 183
4.3. 1 opaque expression 183
4.3.2 Algorithm obfwhkd: Squeeze Control Flow 184
4.3.3 Use alias 186
4.3.4 Algorithm obfctjbogus: Insert redundant control flow 19 1.
4.3.5 algorithm obfldk: execute unconditional branch instruction 195 through jump function.
4.3.6 Attack 198
4.4 opaque predicate 20 1
4.4. 1 Algorithm obfctjpointer: Generate opaque predicate 202 from pointer alias.
4.4.2 algorithm obfwhkdopaque: opaque value in array alias analysis 204
4.4.3 algorithm obfctjthread: opaque predicate generated from concurrency 205.
4.4.4 Attacking opaque predicates 207
4.5 data coding 2 1 1
4.5. 1 coded integer 2 13
4.5.2 Confusing Boolean Variables 2 17
4.5.3 Confusion constant data 220
4.5.4 Chaos Array 222
4.6 Structural confusion 226
4.6. 1 Algorithm obfwcsig: Merge function signature 226
4.6.2 Algorithm obfctjclass Class: Decomposition and Merge Class 229
4.6.3 Algorithm obfdmrvsl: Destroy High-level Structure 232
4.6.4 Algorithm obfajv: Modify the instruction encoding mode 239
4.7 Overview 243
The fifth chapter confusion theory 245
5. 1 definition 248
5.2 Puzzlement that can be proved to be safe: Can we do it 249
Turing shutdown problem 250
5.2.2 Algorithm reaa: Anti-aliasing Program 252
5.3 Confusion that can be proved to be safe: sometimes we can do 254.
5.3. 1 algorithm obflbs: confusion point function 254
5.3.2 Algorithm obfns: Confusion Database 26 1
5.3.3 algorithm obfpp: homomorphic encryption 263
5.3.4 algorithm obfcejo: white box des encryption 267
5.4 Confusion that can be proved to be safe: (Sometimes) Mission Impossible 272
5.4. 1 universal obfuscator 273
5.4.2 Confuse the simplest procedure276
5.4.3 Proof that it is impossible to confuse all procedures 277
5.4.4 Summary 278
5.5 Perplexity that can be proved to be safe: Can this game still be used? 279
5.5. 1 Jump out of the impossible haze 280
5.5.2 Re-check the definition: construct interactive confusion method 28 1
5.5.3 Re-examine the definition: What if confusion does not retain semantics? 283
5.6 Summary 286
Chapter VI Dynamic Chaos 288
6. 1 Definition 290
6.2 Code Migration 292
6.2. 1 algorithm obfkmnm: replace instruction 293
6.2.2 Algorithm obfagswap: Self-modifying State Machine 296
6.2.3 algorithm obfmamdsb: dynamic code merging 307
6.3 encryption technology 3 1 1
6.3. 1 algorithm obfcksp: code as the key to generate source 3 12.
6.3.2 Algorithm obfagcrypt: Combining self-modifying code and encryption 3 18.
6.4 Summary 324
Chapter 7 Software tamper proofing 325
7. 1 definition 327
7. 1. 1 tamper monitoring 328
7. 1.2 response tampering 33 1
7. 1.3 system design 332
7.2 Self-monitoring 333
7.2. 1 algorithm tpca: protection code network 335
7.2.2 Generate Hash Function 338
7.2.3 Algorithm tphmst: Hide Hash Value 342
7.2.4 Software protection technology used in Skype 349
7.2.5 Algorithm Recombination: Attacking Self-Hash Algorithm 352
7.2.6 Comments 356
7.3 Algorithm retcj: Response Mechanism 357
7.4 National Self-inspection 360
7.4. 1 algorithm tpcvcpsj: Hash function 362 is easily ignored.
7.4.2 Algorithm tpjjv: Overlapping Instruction 365
7.5 Remote tamper proofing 368
Distributed monitoring and response mechanism 368
Solution 369
7.5.3 Algorithm tpzg: Partition Function 369
7.5.4 Algorithm tpslspdk: Prevent tampering by ensuring the hardware configuration of the remote machine 372
7. 5. 5 TPC ns algorithm: make continuous changes to code 375.
7.6 Summary 376
Chapter 8 Software Watermarking 378
8. 1 history and application 378
8. 1. 1 application 379
8. 1.2 Embedding Watermark 382 in Audio
8. 1.3 Embedding watermark 383 in the picture
8. 1.4 Embedding Watermark in Natural Language Text384
8.2 Software Watermarking 387
8.3 Definition 388
8.3. 1 Reliability of watermark 389
8.3.2 Attack 39 1
8.3.3 Watermarks and fingerprints 392
8.4 Embedding Watermark 392 by Reordering Method
8.4. 1 Algorithm wmdm: Reorder Basic Blocks 394
8.4.2 Resource redistribution
8.4.3 Algorithm wmqp: Improving Reliability 397
8.5 Tamper-resistant Watermark 400
8.6 Improve the anti-interference ability of watermark 403
8.7 Improve concealment 408
8.7. 1 algorithm wmmimit: replace instruction 409
8.7.2 Algorithm wmvvs: Embedding Watermark 409 in Control Flow Graph
8.7.3 Algorithm wmcc: Abstract Parsing 4 16
8.8 Watermark for Steganography 42 1
8.9 Divide the watermark value into several segments 425
8.9. 1 Break a large watermark into several small segments 426.
8.9.2 Redundant Watermark Fragments 427
8.9.3 Use sparse coding to improve the reliability of watermark 432.
8. 10 graphic encoder/decoder 432
8. 10. 1 parent pointer guide tree 433
8. 10.2 radix 433
8. 10.3 Sorting Chart 434
8. 10.4 planar trident tree enumeration coding with root extension 434
8. 10.5 reducible ranking diagram 435
8. 1 1 Comment 436
8. 1 1. 1 embedding technology4337
8. 1 1.2 attack mode 438
Chapter 9 Dynamic Watermarking 439
9. 1 algorithm wmct: use alias 443.
A simple example 443
Problems existing in 9. 1.2 watermark identification50000.00010000106
9. 1.3 Improve data embedding rate 447
9. 1.4 improves the anti-jamming performance against the attack59909.99999998995
9. 1.5 Add hidden 455.
9. 1.6 comments 458
9.2 Algorithm wmnt: Using Concurrency 459
9.2. 1 Basic components of embedding watermark 462
9.2.2 Embedding Example 467
Identification 469
9.2.4 Avoiding Pattern Matching Attacks 470
9.2.5 Anti-tampering treatment of components 47 1
9.2.6 Comments on 473
9.3 Algorithm wmccdkhlspaths: Extended Execution Path 474
9.3. 1 Watermark Representation and Embedding 474
Identification 479
9.3.3 Comments on 480
9.4 algorithm wmccdkhlsbf: tamper-proof execution path 48 1
9.4. 1 embedded481
Identification 484
9.4.3 Anti-tampering and Reinforcement of Jump Function 484
9.4.4 Comments on 485
9.5 Summary 486
Chapter 10 software similarity analysis 489
10. 1 application 490
10. 1. 1 duplicate code screening 490
10. 1.2 Software Author ID 492
10. 1.3 Plagiarism detection 495
10. 1.4 birthmark detection 496
10.2 definition 497
10.3 analysis based on k line 50 1
10.3. 1 algorithm ssswawinnow: record k-gram hash 50 1 selectively.
10.3.2 algorithm ssswamoss: software plagiarism detection 504
10.3.3 algorithm ssmckgram: k-gram "birthmark" of Java bytecode 507
10.4 analysis based on api 509
10.4. 1 algorithm sstnmm: object-oriented "birthmark" 5 10
10.4.2 algorithm sstonmm: dynamic function call "birthmark" 5 12
10.4.3 algorithm sssdl: dynamic k-gram api "birthmark" 5 13.
10.5 tree-based analysis
10.6 graph-based analysis 5 18
10.6. 1 algorithm sskh: duplicate code screening based on pdg 5 18.
10.6.2 algorithm sslchy: plagiarism detection based on pdg 52 1
10.6.3 algorithm ssmcwpp: the dynamic "birthmark" of the whole program1
10.7 Analysis method based on software metrics 525
10.7. 1 algorithm sskk: duplicate code screening based on software metrics 525
10.7.2 algorithm sslm: software author identification based on metric 527
10.8 Summary 532
Chapter 1 1 Hardware protection software 534
1 1. 1 Anti-piracy with distributed physical equipment 535
Protect the distribution panel 3856 by11.1.1.
1 1. 1.2 dongle and dongle 54 1
1 1.2 completes the authentication startup through the trusted platform module 545.
1 1.2. 1 trusted startup 546
1 1.2.2 Generate evaluation results 548
1 1.2.3 tpm 550
1 1.2.4 Inquiry verification process 55 1
1 1.2.5 Social reputation and privacy issues 553
1 1.2.6 Application and controversy 555
1 1.3 encrypted executable file 556
1 1.3. 1 xom architecture 557
1 1.3.2 Stop replay attack 560
1 1.3.3 patching vulnerable address bus 56 1
1 1.3.4 Repairing vulnerable data bus506661
1 1.3.5 comments 565
1 1.4 Attacking tamper-proof devices 565
1 1.4. 1 monitoring bus-cracking Microsoft xbox 566
1 1.4.2 guess instructions to crack ds5002fp microprocessor 567 of Dallas Semiconductor Company.
1 1.4.3 Cracking Smart Card 570
1 1.4.4 non-invasive attack 573
1 1.4.5 motherboard level protection 574
1 1.5 Summary 576
Reference 578