The document summarizes various techniques for copy protection and preventing software cracking, including hardware-based protection using USB devices, serial key generation, encryption, debug blocking, and code confusion techniques. Code confusion involves obfuscating source code through renaming identifiers, removing debugging information, modifying data and control flow, and inserting confusing code to make the software difficult for humans and debuggers to understand and reverse engineer. The goal is to prevent piracy and protect against $60 billion in estimated annual losses.

1. Presented by Seminar Guide
Chaitanya Anpat Prof. Pritesh Patil
TE – IT
Monday, October 24, 20161
Copy Protection

2. Agenda
• Introduction
• Brief idea about protection methods
• Code confusion
• Debuggers
• Code confusion techniques
• conclusion

3. Introduction
• Copy protection is effort to prevent cracking
• Cracking-modification to binary files to
remove protection
reverse engineering
• Discovering technical principles of
device,object,system,software.
• It often involves disassembling exe code to
get machine code and bypass software
security.

4. Piracy
Game Music S/w
• This increases piracy.
• Loss due to piracy is about
$60 billion

5. .
.

6. Method of protection
• hardware based
• Hardware device is integrated with software
and used to protect and license an application.
• It uses device called USB hardware
• Software executes only if devise is actually
present on machine
• E.g.-ANSYS(related to ME)

7. • Serial key generation
• enter serial key
• Serial key compare
• If match installation complete

8. Encryptions
• Encoding applications in such a way that only
authorized users can use it
• It doesn’t prevent hacking
• Used to prevent data at rest like files and
data at transits like data transfer via
networks

9. Debug-Blocker
• In Armadillo, we find another feature called
Debug- Blocker.
• Armadillo creates 2 processes, referred to
them as father ( or parent ) and child. The
father process acts as a debugger, trying to
protect the child from other debuggers.

10. Code confusion/obfuscation
• Process of confusing
• Transforms source code such that it is
difficult for human to grasp and debugger to
disassemble accurately
• confused code should be functionally
equivalent to users perspective.
• introduce code confusing techniques so as
make code difficult to debug and which
prevent s/w to be reversed.

11. Debugger
• Linear sweep - win debugger
• Control flow not followed
• Recursive traversal –Ollydebuger
• control flow followed

12. Inline assembly `c` code for Hello
with data byte inserted
_asm
{
jmp L1 ; logic to “skip” data byte
_emit 0x00 ; inserted data byte
}
L1:printf("Hello, World!!!n");
}

13. WinDBG & OllyDbg
.

14. Code confusion technique
Layout Data
Control Preventive
Technique

15. Layout technique
• Layout obfuscations modify the layout
structure of the program by two basic
methods: renaming identifiers and removing
debugging information
• They make the program code less informative
to a reverse engineer.

16. Before
void my_output()
{
int count;
for (count = 0; count<=4; ++count)
printf("Hello %d!n", count);
}

17. • Tools used this technique are SD Obfuscator
CXX obfuscator.
• They will automatically output confused code
whose functionality remains same after
obfuscation.

18. After
#define a int
#define b printf
#define c for
a l47()
{
a l118;
c(l118=0;l118<0x664+196-0x71e;++l118)
b("x48x65x6cx6cx6fx20x25x64x21n",l118);
}

19. Data code confusion technique
• It changes the program’s use of data or data
structures.
• The storage of data can be obfuscated by
replacing current data definitions with those
which do not make sense for their intended
use. For example, a loop iteration variable
can be replaced with another variable type
besides an integer.

21. Control flow code confusion
• It changes the flow of the program
executing code in parallel
• insert new functions
• mislead the disassembler while
executing concurrently

22. Preventative technique

23. Conclusion
Prevention*cracking

24. .