March 21, 2007

Software protection introduction

Filed under: Hacking,Security,Software protection — Nate Lawson @ 2:39 pm

This article is first in a series about the fundamentals and tricky techniques of implementing and attacking software protection.

Software protection is a surprisingly unformalized area of computer security, despite being around for a more than 20 years. Generally, it refers to using various programming techniques to ensure an application executes correctly and without interference. It first appeared on 8-bit computers, Commodore/Apple/Atari. Its younger brother, content protection, has been around since HBO satellite broadcasts were first scrambled in the mid-80’s.

Copy protection is a more specific form of software protection. Its goal is to prevent software from being used without the presence of the original distribution media (floppy, CD) or an embodiment of a valid license (hardware dongle, license file).

Content protection is slightly different in that the goal is to provide users access to some protected content in a controlled manner. The controls make sure the content has been processed and displayed to the user in its least valuable form without extraction of its more valuable form. For example, high-def DVDs contain compressed video and audio that is encrypted with a key that can only be derived by licensed software, which is trusted to decode the data and output it only to a display. Preventing access to the content when it is in its most valuable, reusable form while making sure it is as available as possible in less reusable forms is the main goal of content protection.

Software protection is usually used to implement copy and content protection, especially when the software is targeted to a general-purpose PC. It is also used to prevent modifying games to cheat (more lives, better aiming). Often, software protection is the only means available when hardware protection is too expensive.

Hardware protection is often used when more value is at stake and the vendor can afford the increased per-user cost. For example, smart cards provide a tamper-resistant execution platform for various software applications. Passports, digital cash, credit, transit passes, satellite TV, and pre-paid phones all use a combination of hardware and software protection to ensure that the transaction is honest.

Both software and hardware protection can be circumvented in various ways. The attacker usually follows these steps:

  1. Obtain a working copy of the software
  2. Inspect the protection methods
  3. Build various steps to compromise the protection once
  4. Develop a simpler method of packaging the attack
  5. Test the attack method, repeating the previous step if it fails
  6. Distribute the unprotected software or packaged attack

To slow down or stop attackers, software protection employs mechanisms targeted at each step in the above chain.

  1. Media binding or content encryption
  2. Obfuscation, code encryption
  3. Anti-debugging, anti-tampering
  4. Revocation, forensic marking

In addition to these technical measures, a smart vendor also uses ethical, social, legal, and marketing efforts. If no one feels confident pirating your software (e.g., because pirated copies can be traced back to the original purchaser), the technical protection scheme is secondary. However, some vendors often overly depend on non-technical means when a technical approach is more appropriate.

Next, we’ll examine media binding techniques both old and new.

Blog at WordPress.com.