DIGITAL RIGHTS
MANAGEMENT
1
Lam
Trieu
Hoang Viet
Tran Quoc
OUTLINE
1.
2.
3.
4.
Introduction
Software reverse engineering
Software tamper resistance
Digital rights management
2
3
SOFTWARE REVERSE
ENGINEERING
Reverse engineering is the process of analyzing a
subject system to identify the system's
components and their interrelationships, and to
create representations of the system in another
form at higher levels of abstraction(Chikofsky
and Cross1990)
SRE can be used for good or not so good
purposes.
4
SOFTWARE REVERSE
ENGINEERING(CONT)
The essential tools for SRE include a disassembler, a
debugger and a hex editor.
A disassembler converts an executable into assembly
code(IDA Pro, Hackman).
A debugger is used to set break points, which allows
Trudy to step through the code as it executes(SoftICE,
OllyDbg).
5
SOFTWARE REVERSE
ENGINEERING(CONT)
A hex editor is also a necessary SRE tool.The hex
editor is the tool Trudy will use to directly
modify, or patch, the exe file(UltraEdit, HIEW).
Other tools that might sometimes prove useful
include( Regmonmonitors all accesses of the Windows
registry; Filemonmonitors all accesses of files)
VMWarewhich allows a user to set up virtual
machines
6
SOFTWARE REVERSE
ENGINEERING(CONT)
Why do we need a disassembler and a debugger?
For SRE work, boundless patience and optimism are
also needed since SRE is extremely tedious and labor
intensive. SRE is essentially a manual process
The necessary technical skills for SRE include a working
knowledge of the target assembly language and
experience with the necessary tools
7
SOFTWARE REVERSE
ENGINEERING(CONT)
For our SRE example, we’ll consider code that
requires a serial number.
8
SOFTWARE REVERSE
ENGINEERING(CONT)
Trudy disassembled serial.exe using IDA Pro tool
9
SOFTWARE REVERSE
ENGINEERING(CONT)
10
SOFTWARE REVERSE
ENGINEERING(CONT)
11
SOFTWARE REVERSE
ENGINEERING(CONT)
The instruction test eax,eax computes a binary AND of
register eax with itself. This causes the
flag bit—which is tested in the jump instruction at
address 0x401032—to be zero only if the eax register
contains 0
Replace instruction “test eax,eax” at address 0x401030
with “xor eax,eax” then the flag bit that is tested in line
0x401032 will always be zero
12
SOFTWARE REVERSE
ENGINEERING(CONT)
Trudy examines the bits at address 0x401030
0x33C0
13
14
ANTIDISASSEMBLY TECHNIQUES
Encrypt executable file and when the exe file is
in encrypted form, it can’t be disassembled
correctly.
False disassembly
15
ANTIDISASSEMBLY
TECHNIQUES(CONT)
Another sophisticated antidisassembly trick that
has been used is selfmodifying code.
Selfmodifying code modifies its own executable
in real time.
This is an effective way to confuse a
disassembler, but it may also confuse the
developers, since it’s difficult to implement and is
error prone
16
ANTIDEBUGGING TECHNIQUES
Since a debugger uses certain debug registers, a
program can monitor the use of these registers
and stop (or crash) if these registers are in use.
A program can also monitor for inserted
breakpoints, which is another telltale sign of a
debugger
17
ANTIDEBUGGING
TECHNIQUES(CONT)
A simple antidebugging technique
18
SOFTWARE TAMPER RESISTANCE
Guards:
It’s possible to have the code hash sections of
itself as it executes and compare the computed
hash values with the known hash values of the
original code.
If tampering occurs, a hash check will fail and
the program can take evasive action.
19
SOFTWARE TAMPER
RESISTANCE(CONT)
Obfuscation:
• Another popular form of tamper resistance is code
obfuscation. Here, the goal is to make the code
difficult to understand
• “Spaghetti code”
• “Opaque predicate”
20
SOFTWARE TAMPER
RESISTANCE(CONT)
Code obfuscation has sometimes been promoted as a
powerful security technique.In fact, Diffie and Hellman’s
original conception of public key cryptography suggested
obfuscation as a likelyway to develop a such a
cryptosystem.
Recently it has been argued that obfuscation cannot
possibly provide strong security in, say, the same sense
as cryptography
21
METAMORPHISM REVISITED
The usual practice in software development is to
distribute identical copies, or clones, of a
particular piece of software to each customer
Break once, break everywhere or BOBE
Suppose we distribute metamorphic copies. That
is, each copy of our software differs internally,
but all copies are functionally identical.
22
METAMORPHISM REVISITED(CONT)
Thanks to open platforms and SRE, we cannot
prevent attacks on software. Arguably,
the best we can hope for is increased BOBE
resistance.
Metamorphism is one possible
way to achieve a reasonable level of BOBE
resistance.
23
DIGITAL RIGHTS MANAGEMENT
•What is DRM?
•Describe an actual DRM system designed to
protect PDF documents.
•DRM system designed to protect streaming
media
•Particular peertopeer application
•Use DRM to protect documents distributed
24
within an enterprise
WHAT IS DRM?
Trudy wants to sell her new book in digital form
on the internet.
Alice buys Trudy’s digital book and then
redistributes it for free online => What happens?
Persistent protection is the buzzword for the
required level of DRM protection. Examples of
the kinds of persistent protection on a digital
book: No copying, read once, do not open until
Christmas, …
25