Method and system for protecting software applications against static and dynamic software piracy techniques

US 20030018906A1
Filed: 07/16/2002
Published: 01/23/2003
Est. Priority Date: 07/17/2001
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a software application module, comprising:

rewriting the application module by overwriting executable code at identified authorization points with control transfers to a managed challenge system such that a rewritten application module results;

constructing the managed challenge system to include the overwritten executable code, the managed challenge system performing an authorization check upon acquiring control from an authorization point; and

linking the managed challenge system to the rewritten application module.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application module is rewritten by overwriting executable code at identified authorization points with control transfers to a managed challenge system such that a rewritten application module results. The managed challenge system is constructed to include the overwritten executable code, and performs an authorization check upon acquiring control from an authorization point. The managed challenge system is linked to the rewritten application module.

89 Citations

View as Search Results

86 Claims

1. A method for protecting a software application module, comprising:
- rewriting the application module by overwriting executable code at identified authorization points with control transfers to a managed challenge system such that a rewritten application module results;
  
  constructing the managed challenge system to include the overwritten executable code, the managed challenge system performing an authorization check upon acquiring control from an authorization point; and
  
  linking the managed challenge system to the rewritten application module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The method of claim 1, further comprising:
    - identifying the authorization points in the software application module.
  - 3. The method of claim 2, wherein identifying authorization points comprises:
    - determining special pragmas used for code/data protection and associated with source code of the application module at the authorization points.
  - 4. The method of claim 3, further comprising:
    - modifying a compiler to recognize the special pragmas, the compiler performing the steps of rewriting, constructing and linking.
  - 5. The method of claim 3, wherein each special pragma comprises authorization check data for its authorization point.
  - 6. The method of claim 2, wherein identifying authorization points comprises:
    - producing a set of associations between authorization points and authorization check data, the step of rewriting being based on the set of associations.
  - 7. The method of claim 2, wherein identifying authorization points comprises:
    - constructing a control flow graph for the application module; and
      
      analyzing the control flow graph to identify authorization points.
  - 8. The method of claim 7, wherein the control flow graph is incomplete.
  - 9. The method of claim 8, further comprising:
    - increasing coverage of the control flow graph by tracing execution of the application module under different input data sets.
  - 10. The method of claim 1, further comprising:
    - associating a particular authorization check with an identified authorization point.
  - 11. The method of claim 1, wherein a control transfer is implemented with an instruction sequence comprising at least one instruction.
  - 12. The method of claim 11, wherein the instruction sequence causes a runtime exception.
  - 13. The method of claim 12, wherein an address of the instruction sequence uniquely identifies the control transfer.
  - 14. The method of claim 12, wherein an instruction of the instruction sequence is any of:
    - i) an interrupt instruction, and ii) a debug breakpoint instruction.
  - 15. The method of claim 1, wherein each control transfer is uniquely identified.
  - 16. The method of claim 1, wherein a control transfer is implemented with a call to the managed challenge system.
  - 17. The method of claim 16, wherein the call includes a return address that uniquely identifies the control transfer.
  - 18. The method of claim 1, further comprising:
    - hiding, in the rewritten application module, the control transfers to the managed challenge system.
  - 19. The method of claim 18, wherein hiding a control transfer at a particular identified authorization point comprises:
    - selecting and removing, for the particular identified authorization point, a set of control transfers whose removal would effectively make finding the authorization point using static analysis impossible.
  - 20. The method of claim 19, wherein selecting and removing a set of control transfers comprises:
    - removing control transfers until possibility of reaching authorization point is minimized.
  - 21. The method of claim 20, further comprising:
    - using a control flow graph to select control transfers for removal.
  - 22. The method of claim 19, wherein the set is selected such that runtime overhead is minimized.
  - 23. The method of claim 19, where removing one of the set of control transfers comprises:
    - further rewriting the application module by overwriting the control transfer with a control transfer instruction sequence, the instruction sequence comprising at least one instruction and transferring control, upon its execution, to the managed challenge system; and
      
      including in the managed challenge system the overwritten transfer control.
  - 24. The method of claim 1, further comprising:
    - for a byte sequence in the application module which matches one of said control transfers and which does not correspond with an identified authorization point, including dummy code in the managed challenge system; and
      
      associating said dummy code with said byte sequence.
  - 25. The method of claim 24, further comprising:
    - disabling, if said byte sequence is a valid instruction, any of execution of said dummy code, and inclusion of said dummy code.
  - 26. The method of claim 24, further comprising:
    - determining whether said byte sequence is part of another valid instruction; and
      
      including and associating said dummy code responsive to said determination.
  - 27. The method of claim 1, further comprising:
    - upon failure of the authorization check, performing a specified action.
  - 28. The method of claim 27, wherein the specified action is any of:
    - i) terminating execution of the application module; and
      
      ii) requesting authorization information from a user.
  - 29. The method of claim 1, further comprising, upon success of the authorization check:
    - executing the included overwritten executable code; and
      
      returning control to the application module.
  - 30. The method of claim 1, further comprising:
    - modifying the included overwritten executable code to account for its displacement.
  - 31. The method of claim 1, further comprising:
    - combining the included overwritten executable code with code for the authorization check into a single instruction sequence.
  - 32. The method of claim 31, wherein combining comprises:
    - merging the included overwritten executable code with the authorization check code by interspersing their respective instructions into the single instruction sequence.
  - 33. The method of claim 1, further comprising:
    - obfuscating executable code within the managed challenge system.
  - 34. The method of claim 1, further comprising:
    - storing, in a table in the managed challenge system, any combination of i) merged code sequences corresponding to authorization points in the application module, ii) hidden code sequences corresponding to removed control transfers in the application module, and iii) dummy code sequences corresponding to non-authorization point code sequences, wherein the table is indexed by a unique identifier associated with each control transfer in the application module.
  - 35. The method of claim 34, further comprising:
    - encrypting the merged, hidden and dummy code sequences.
  - 36. The method of claim 34, further comprising:
    - upon transfer of control to the managed challenge system, dynamically generating an executable code sequence from an entry in said table corresponding to an identifier associated with the control transfer from which control was transferred to the managed challenge system.
  - 37. The method of claim 36, further comprising:
    - maintaining the generated executable code sequences in a code cache of the managed challenge system.
  - 38. The method of claim 37, wherein the code cache is sized such that it is not large enough to simultaneously contain all dynamically created code sequences.
  - 39. The method of claim 36, further comprising:
    - tracking overhead of dynamically generating an executable code sequence;
      
      based on said tracking overhead, determining whether to undo the step of rewriting.
  - 40. The method of claim 1, wherein the steps of rewriting, constructing and linking are performed by a compiler, the compiler creating a shared object that includes the managed challenge system and that is linked with the rewritten application module.
  - 41. The method of claim 1, wherein the step of rewriting further comprises, without access to source code, instrumenting the application module'"'"'s executable code.
  - 42. The method of claim 1, wherein the application module is a content protection module.
  - 43. The method of claim 1, wherein different byte sequences are used to transfer control to the managed challenge system from different authorization points in the application module.

44. A system for protecting a software application module, comprising:
- a coupling tool which rewrites the application module to form a modified application module by overwriting executable code at identified authorization points with control transfers to a managed challenge system, creates the managed challenge system which comprises;
  
  the overwritten executable code, executable code from a challenge system, a runtime task table associating the identified authorization points with authorization check data and with the overwritten code, the authorization check data describing an authorization check from the challenge system to be performed upon control reaching the associated authorization point, and a coupling agent specialized from a coupling agent template, the coupling agent managing the managed challenge system, and links the managed challenge system to the rewritten application module; and
  
  said coupling agent template.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
- - 45. The system of claim 44, wherein authorization points are identified by special pragmas used for code/data protection that have been associated with source code of the application module at the authorization points.
  - 46. The system of claim 45, wherein a compiler is modified to recognize the special pragmas, the compiler rewriting the application module, constructing the managed challenge system and linking the application module with the managed challenge system.
  - 47. The system of claim 45, wherein each special pragma comprises authorization check data for its authorization point.
  - 48. The system of claim 44, authorization points being identified with a set of associations between authorization points and authorization check data, the application module being rewritten based on the set of associations.
  - 49. The system of claim 44, further comprising:
    - an analysis tool which identifies authorization points by constructing a control flow graph for the application module, and analyzes the control flow graph to identify authorization points.
  - 50. The system of claim 49, wherein the control flow graph is incomplete.
  - 51. The system of claim 50, wherein the analysis tool increases coverage of the control flow graph by tracing execution of the application module under different input data sets.
  - 52. The system of claim 44, wherein a control transfer is implemented with an instruction sequence comprising at least one instruction.
  - 53. The system of claim 52, wherein the instruction sequence causes a runtime exception.
  - 54. The system of claim 53, wherein an address of the instruction sequence uniquely identifies the control transfer.
  - 55. The system of claim 53, wherein an instruction of the instruction sequence is any of:
    - i) an interrupt instruction, and ii) a debug breakpoint instruction.
  - 56. The system of claim 44, wherein each control transfer is uniquely identified.
  - 57. The system of claim 44, wherein a control transfer is implemented with a call to the managed challenge system.
  - 58. The system of claim 57, wherein the call includes a return address that uniquely identifies the control transfer.
  - 59. The system of claim 44, the coupling tool further hiding, in the modified application module, the control transfers to the managed challenge system.
  - 60. The system of claim 59, wherein the coupling tool hides a control transfer at a particular identified authorization point by selecting and removing, for the particular identified authorization point, a set of control transfers whose removal would effectively make finding the authorization point using static analysis impossible.
  - 61. The system of claim 60, wherein the coupling tool selects and removes a set of control transfers by removing control transfers until possibility of reaching the authorization point is minimized.
  - 62. The system of claim 61, further comprising:
    - an analysis tool that uses a control flow graph to select control transfers for removal.
  - 63. The system of claim 60, wherein the set is selected such that runtime overhead is minimized.
  - 64. The system of claim 60, wherein one of the set of control transfers is removed by further overwriting the control transfer with a control transfer instruction sequence, and by including in the managed challenge system the overwritten control transfer, wherein the instruction sequence comprises at least one instruction and transfers control, upon its execution, to the managed challenge system.
  - 65. The system of claim 44, wherein the coupling tool includes, for a byte sequence in the application module which matches one of said control transfers and which does not correspond with an identified authorization point, dummy code in the managed challenge system, and associates said dummy code with said byte sequence.
  - 66. The system of claim 65, wherein, if said byte sequence is a valid instruction, then any of the following is disabled:
    - execution of said dummy code, and inclusion of said dummy code.
  - 67. The system of claim 65, wherein the coupling tool includes and associates said dummy code based on a determination as to whether said byte sequence is part of another valid instruction.
  - 68. The system of claim 44, wherein the managed challenge system, upon failure of the authorization check, performs a specified action.
  - 69. The system of claim 68, wherein the specified action is any of:
    - i) terminating execution of the application module; and
      
      ii) requesting authorization information from a user.
  - 70. The system of claim 44, wherein the managed challenge system, upon success of the authorization check, executes the included overwritten executable code, and returns control to the application module.
  - 71. The system of claim 44, wherein the included overwritten executable code is modified to account for its displacement.
  - 72. The system of claim 44, wherein the coupling tool combines the included overwritten executable code with code for the authorization check into a single instruction sequence.
  - 73. The system of claim 72, wherein the coupling tool combines the included overwritten executable code with the authorization check code by merging the included overwritten executable code with the authorization check code by interspersing their respective instructions into the single instruction sequence.
  - 74. The system of claim 44, wherein the coupling tool obfuscates executable code within the managed challenge system.
  - 75. The system of claim 44, further comprising:
    - a protected code store, in which the coupling tool stores any combination of;
      
      i) merged code sequences corresponding to authorization points in the application module, ii) hidden code sequences corresponding to removed control transfers in the application module, and iii) dummy code sequences corresponding to non-authorization point code sequences.
  - 76. The system of claim 75, wherein the merged, hidden and dummy code sequences are encrypted.
  - 77. The system of claim 75, wherein the coupling agent comprises:
    - a dynamic code generator which generates an executable code sequence on demand at run time from a stored code sequence corresponding to an identifier associated with a control transfer from which control was transferred to the managed challenge system.
  - 78. The system of claim 77, wherein the coupling agent further comprises:
    - a code cache for storing generated code sequences; and
      
      a cache management module which manages the code cache.
  - 79. The system of claim 78, wherein the code cache is sized such that it is not large enough to simultaneously contain all dynamically created code sequences.
  - 80. The system of claim 77, wherein the coupling agent tracks overhead of dynamically generating an executable code sequence, and based on said tracking, determines whether to undo the rewriting of the application module.
  - 81. The system of claim 44, wherein the coupling tool is integrated with a compiler which creates a shared object that includes the managed challenge system and that is linked with the rewritten application module.
  - 82. The system of claim 44, wherein the coupling tool rewrites the application module without access to source code, by instrumenting the application module'"'"'s executable code.
  - 83. The system of claim 44, wherein the application module is a content protection module.
  - 84. The system of claim 44, wherein different byte sequences are used to transfer control to the managed challenge system from different authorization points in the application module.

85. A system for protecting a software application module, comprising:
- means for rewriting the application module by overwriting executable code at identified authorization points with control transfers to a managed challenge system;
  
  means for constructing the managed challenge system to include the overwritten executable code, the managed challenge system performing an authorization check upon acquiring control from an authorization point; and
  
  means for linking the managed challenge system to the rewritten application module.

86. A computer program product for protecting a software application module, the computer program product comprising a computer usable medium having computer readable code thereon, including program code which:
- rewrites the application module by overwriting executable code at identified authorization points with control transfers to a managed challenge system;
  
  constructs the managed challenge system to include the overwritten executable code, the managed challenge system performing an authorization check upon acquiring control from an authorization point; and
  
  links the managed challenge system to the rewritten application module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liquid Machines, Inc. (Check Point Software Technologies Limited)
Original Assignee
Liquid Machines, Inc. (Check Point Software Technologies Limited)
Inventors
Bala, Vasanth, Smith, Michael D.

Granted Patent

US 7,111,285 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/125 by manipulating the program...

G06F 2221/2103 Challenge-response

Method and system for protecting software applications against static and dynamic software piracy techniques

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

86 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting software applications against static and dynamic software piracy techniques

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

86 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links