Comparison and overview of watermarking, fingerprinting and code obfuscation
lARP64 technology comes as a 64 bit compression program (lARP64Free) and as a 64 bit protection program (lARP64Pro). Following are the distinct properties for both versions.
lARP64Free
|
lARP64Pro
|
||
x64 (64 bit)
|
 |
|
|
LZMA compression
|
|
|
|
code compression
|
|
|
|
data compression
|
|
|
|
res compression
|
|
|
|
study the PE32+
|
|
|
|
executable
|
|
|
|
dynamic link library
|
|
|
|
support
|
|
|
|
obfuscation
|
 |
|
|
anti-dumping
|
|
|
|
anti-disassembling
|
|
|
|
anti-debugging
|
|
|
|
api redirection
|
|
|
|
anti-attach
|
|
|
|
anti-tracing
|
|
|
|
trial limitations
|
|
|
|
license protection
|
|
|
|
anti-memory patching
|
|
|
|
on the fly encryption
|
|
|
|
integrity checks
|
|
|
|
oep stealing
|
|
|
|
code scrambling
|
|
|
|
crack tool detection
|
|
|
|
polymorphic engine
|
|
|
|
virtual machine
|
|
|
The comparison above makes immediately clear that lARP64Free is perfect for those cases where compression-only is necessary, lARP64Pro is the extreme performing tool when security against cracking is required.
Copyright (c) 2006-2010 lARP64Tech Software All rights reserved
SITE
NAVIGATION
HOME
PRODUCTS
TECHNOLOGY
DOWNLOAD
ORDER
SCREENSHOTS
HELP
Watermarking in software security
Anti piracy security measures for software generally consist in providing secure methods for software distribution whilst protecting the rights of the software supplier. This is attempted by methods for license management combined with online license delivery management. It comprises not only providing downloads of the software but also verifying the working of each product in relation to the individual license terms and supplying licenses for a software till controlling the transfer of licenses. Obviously, this is quite a complicated matter.
In digital media, a common way of realising a protection mechanism against piracy is to apply a watermark to the distribution medium such that it becomes very difficult to reproduce that mark in an illicit copy. Verification code then checks - at runtime - if the software is being run from the original distribution medium, or not. If such a mark is corrupted or can not be found, the program's execution is denied. Comparable techniques have also been researched for binaries protection, it is the so-called software protection through watermarking.
Developers watermark a software by implanting unique identifiers to assert ownership to the rightful owner but also to track down the pirate after the illicit act. So, software watermarking itself does not prevent piracy but scares the user from copyright infringement by increasing the possibility of getting caught. It must be mentioned that watermarking is not a simple technique. Most other existing anti piracy techniques are relatively easy to implement though their effectiveness in preventing piracy is often questionable. In addition, nowadays, many applications are distributed in formats that are easy to reverse engineer - see Java bytecode and Microsoft Intermediate Language - so that also in the case of watermarking, the cracker could decompile or study the source code under disassembler and/or debugger to locate and remove all remains of the technique.
Software watermarking and fingerprinting are techniques that have been studied - in academic environment as well as from within lARP64Tech - to prevent the infringement of copyright. The available techniques are similar to those of media watermarking where a unique identifier is embedded in data such as images, audio, or video. In fact, these techniques produce minor errors in the media that are undetectable by the human senses. The difference with software is that software data is far more sensible to changes and the watermark can't be implemented just anywhere. Indeed, irresponsible treatment might crash the software. Instead, applying the embedding of the unique identifier in software must not corrupt the original functionality in any way.
The developer of a software implements a copyright notice to prove original ownership. To illustrate, suppose company A steals a secret program from company B intending to decrease the production time in the own company. If company B can demonstrate that company A's software contains their copyright notice, then company B can prove counterfeiting committed by company A. Still, remark that this type of watermark only proves that company A was using the stolen secret. Indeed, it does not bring proof about who has effectively stolen it. Maybe company A has purchased the stolen code somewhere? This is where the fingerprint comes in play, its unique identifier contains the customer's data which can prove a program - or a piece of a program - is stolen as well as link it to the committing party.
There are two general categories of watermarking algorithms, static and dynamic. A dynamic algorithm relies on information gathered during execution of the program to implement or extract the watermark. Static algorithms only analyse the code and data of the program on disk. A variety of software watermarking techniques was inquired but there are few publications describing the implementation and evaluation of these algorithms. Remark there are fewer dynamic watermarking algorithms than static because it is easier to obliterate in binary source code on disk than at runtime.
A watermark must be easily retrievable by the original developer of the software. Yet, it is not uncommon to state software watermarking techniques provide a stealthy form of protection against piracy because the watermark remains often unnoticed during cracking attempts. A cracker may unwittingly leave the watermark alone in the stolen software. Watermarking is also quite flexible and often survives illegal attempts of removal. Dynamic watermarking techniques are more stealthy and more resilient than static watermarks. Yet, studies show that they offer no noticeable advantage in fighting off the experienced cracker.
LARP64Tech applies software watermarking in LARP64Pro. Obviously, this also guards LARP64'ed applications. Still, you may also want to watermark or fingerprint your application prior to protecting it with LARP64Pro.
Code obfuscation - generalities
To reach his goal, a malicious software attacker uses program analysis and reverse engineering tools. Technology helps an attacker in his search for exploitable vulnerabilities in software and to make unauthorized modifications and to steal intellectual property.
One way to address this problem is to maintain the software using software cryption or specialized hardware. Such approaches have the disadvantages of high performance overhead and/or loss of flexibility. To avoid these disadvantages, the alternative approach is code obfuscation. It enhances software security by deterring most attackers through raising the effort needed to successfully reverse engineer programs.
On a sidenote, legitimate reverse engineering of software exists too. It is performed to retrieve lost source code of a program, to study the behaviour of a program, to improve the performance or to debug a program. And then of course, reverse engineering is very important in countering malware. To enable these legal operations, reverse engineering tools such as debuggers, disassemblers and disassemblers are generally available to software engineers.
Aside from encryption, a powerful protection against reverse engineering is code obfuscation. An obfuscated code is much harder (but not impossible) to read and understand than the original. Programmers and malware coders often intentionally obfuscate their product to delay reverse engineering. Obviously, the malware programmer also wants to confuse antivirus software from identifying malicious behavior. The action of obfuscating code aims at transforming the program such that the resulting code is much more difficult to understand for humans, not for the computer!
Altogether, code obfuscation wants to make reverse engineering very expensive in terms of resources and/or time. It does not provide absolute security but is portable and does not require specialised hardware. However, it usually entices a time-space execution penalty.
There is a higher threat of cracking in computing environments such as Java Bytecode and Microsoft dotnet. Their just-in-time compilation leaves the code on disk as intermediate code which is easy to decompile back into the original source code, thus significantly increasing the risks. Obfuscated source code is extremely difficult to comprehend. Variable names no longer make sense and the structure of the code is modified beyond recognition.
Obfuscating binary code is more difficult than encrypting object or function names like done in source code obfuscation. In this case, the code is altered by using a variety of transformations, for instance self modifying code, stack operations or even by injecting loads of disguising bytes and/or instructions between the actual instructions. In fact, binary code obfuscation alters the original code structure at machine code level whilst maintaining the original functionality.
On the other hand, code obfuscation is a double-edged sword and it is often used to obscure the true purpose of all kinds of malware. Also, spammers obfuscate their scripts to hide the destination of links because they have long understood obfuscating code is great in hiding redirecting, scripting attacks and browser exploits. Malignous "software" is usually written in assembler to obtain maximum control. So, security analysts must study a program at assembler and binary code level. It is quite a job to struggle against and through such obfuscated code.
New and renovating binary code obfuscation techniques are intensively used in lARP64Pro and are a part of the lARP64 Technology. It is most certainly one of the strong defensive features utilised by our protector to secure your -as well as the own- code from prying eyes.
See more on LARP64Tech Technology.