System, method, and service for detecting improper manipulation of an application
First Claim
1. A method for detecting improper manipulation of an application containing a plurality of executable branch instructions, comprising:
- selecting at least some of the branch instructions that are on a deterministic path;
converting the selected branch instructions to control transfer instructions that call upon a fingerprint branch function;
as the application is executing, upon encountering a call to the fingerprint branch function, the fingerprint branch function executes to evolve a fingerprint key; and
wherein upon improper manipulation of the application, the fingerprint branch function evolves a wrong key that prevents a normal execution of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A piracy protection system incorporates tamper detection capabilities into a protected copy of an application by disassembling a statically linked binary of the application, modifying some of the instructions in the application, and then rewriting all of the modified and unmodified instructions to a new executable file, a protected copy. The piracy protection system comprises an offline tamper detection technique in which the software itself detects the tampering and causes the program to fail, therefore protecting itself from malicious attacks. The system further comprises a dynamic software-watermarking process that incorporates code obfuscation to prevent reverse engineering.
133 Citations
20 Claims
-
1. A method for detecting improper manipulation of an application containing a plurality of executable branch instructions, comprising:
-
selecting at least some of the branch instructions that are on a deterministic path;
converting the selected branch instructions to control transfer instructions that call upon a fingerprint branch function;
as the application is executing, upon encountering a call to the fingerprint branch function, the fingerprint branch function executes to evolve a fingerprint key; and
wherein upon improper manipulation of the application, the fingerprint branch function evolves a wrong key that prevents a normal execution of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting improper manipulation of an application containing a plurality of executable branch instructions, comprising:
-
selecting at least some of the branch instructions;
converting the selected branch instructions to control transfer instructions that call upon an integrity check branch function;
as the application is executing, upon encountering a call to the integrity check branch function, the integrity check branch function to generate a wrong value which is used to obtain information from a static structure about the instruction to execute after the integrity check branch function completes; and
wherein generating the wrong value prevents normal execution of the application. - View Dependent Claims (14)
-
-
15. A computer program product with a plurality of executable on a computer-readable medium, for detecting improper manipulation of an application containing a plurality of executable branch instructions, comprising:
-
a first set of instruction codes for selecting at least some of the branch instructions that are on a deterministic path;
a second set of instruction codes for converting the selected branch instructions to control transfer instructions that call upon a fingerprint branch function;
as the application is executing, upon encountering a call to the fingerprint branch function, the fingerprint branch function executes to evolve a fingerprint key; and
wherein upon improper manipulation of the application, the fingerprint branch function evolves a wrong key that prevents a normal execution of the application. - View Dependent Claims (16, 17)
-
-
18. A service for detecting improper manipulation of an application containing a plurality of executable branch instructions, comprising:
-
a watermarking processor for selecting at least some of the branch instructions that are on a deterministic path;
the watermarking processor further converting the selected branch instructions to control transfer instructions that call upon a fingerprint branch function;
as the application is executing, upon encountering a call to the fingerprint branch function, the fingerprint branch function executes to evolve a fingerprint key; and
wherein upon improper manipulation of the application, the fingerprint branch function evolves a wrong key that prevents a normal execution of the application. - View Dependent Claims (19, 20)
-
Specification