Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian - - PowerPoint PPT Presentation

engineering code obfuscation
SMART_READER_LITE
LIVE PREVIEW

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian - - PowerPoint PPT Presentation

Jan 24, 2024 215 likes •350 views

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

slide-1
SLIDE 1

Christian Collberg

Department of Computer Science University of Arizona http://collberg.cs.arizona.edu

ISSISP 2017 - Tamperproofing

Supported by NSF grants 1525820 and 1318955 and by the private foundation that shall not be named

Engineering Code Obfuscation

collberg@gmail.com

slide-2
SLIDE 2

What is Tamperproofing?

slide-3
SLIDE 3

Bob wants to modify the program binary so that it does something different than we want:

  • remove functionality (license check)
  • change data (password, cryptographic key)
  • add functionality (print, save game)

Tamperproofing the code makes it stop working if Bob changes as little as a byte of the binary!

slide-4
SLIDE 4

Tamperproofing has to do two things:

  • 1. detect tampering
  • 2. respond to tampering

Essentially: but this is too unstealthy! if (tampering-detected()) respond-to-tampering()

slide-5
SLIDE 5

int main () { foo(); }

Respond to tampering

crash the program phone home refuse to run run slower make wrong results

Detect tampering

if (foo-has-changed-in-any-way())

int foo() { … … … … }

slide-6
SLIDE 6

int main () { foo(); }

\

Respond to tampering

crash the program phone home refuse to run run slower make wrong results

Detect tampering

if (hash(foo,1000) != 0x4C49F346)

int foo() { … … … … }

int hash (addr_t addr,int words){ int h = *addr; for(int i=1; i<words; i++) { addr++; h ^= *addr; } return h; }

slide-7
SLIDE 7

int foo () { if (today > “Aug 17,2016”){ printf(“License expired!”); abort; } } int foo () { if (false){ printf(“License expired!”); abort; } } int foo () { if (today > “Aug 17,2016”){ printf(“License expired!”); abort; } }

check(){ if (hash(foo)!=42) abort() }

slide-8
SLIDE 8

if (foo-has-changed-in-any-way())

Checker 1

int foo() { … … … … } int foo_copy() { … … … … }

int foo() { … … … … } int foo_copy() { … … … … }

copy Repair foo!!!

slide-9
SLIDE 9

if (foo-has-changed-in-any-way())

Checker 1

int foo() { … … … … } int foo_copy() { … … … … }

copy

Repair Checker 1!

if (foo-checker1-changed())

Checker 2

Checker1_copy

copy

Checker1

slide-10
SLIDE 10

Code block Checker Checker Checker Code block Code block Repair Repair Repair

slide-11
SLIDE 11

uint32 Skypes_hash_function () { addr_t addr =(addr_t)((uint32)addr ^(uint32)addr); addr = (addr_t)((uint32) addr + 0 x688E5C); uint32 hash = 0x320E83 ^ 0x1C4C4 ; int bound = hash + 0 xFFCC5AFD ; do { uint32 data =*((addr_t)((uint32)addr + 0x10)); goto b1; asm volatile (". byte 0x19"); b1: hash = hash ⊕ data ; addr -= 1; bound --; } while (bound !=0); goto b2; asm volatile (".byte 0x73"); b2: goto b3; asm volatile (".word 0xC8528417,…”); b3: hash -= 0x4C49F346; return hash; }

slide-12
SLIDE 12

Questions?