Method for runtime code integrity validation using code block checksums
DCFirst Claim
1. A method for performing runtime checksum validation of a software program, the method comprising the steps of:
- (a) providing a software tool as well as instructions on how to modify the software program to submit to the tool, wherein executable code is generated from the modified software program that includes checksum information for the tool to use when processing the software program;
(b) in response to the executable code being submitted to the tool, the tool calculates at least one checksum, embeds the checksum in the executable code in a location indicated by the checksum information, and strips the checksum information from the executable code; and
(c) delivering the executable code as a protected software program, wherein during execution, the protected software application generates a new checksum and determines that the software application has been modified if the new checksum fails to match the embedded checksum.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for runtime code integrity validation. The method and system include providing a software tool for processing a software program, as well as instructions on how to modify the software program for submission to the tool. The modified software program executable generated for submission to the tool includes checksum information for use by the tool. The tool uses the checksum information to compute checksums on blocks specified by the checksum information, and stores the computed checksums in locations specified by the checksum information. Next, the tool strips the checksum information from the executable. The resulting executable code is delivered as a protected software application that generates a new checksum at runtime and compares it with the computed checksum, and determines that the software program has been modified if the checksums fail to match.
-
Citations
36 Claims
-
1. A method for performing runtime checksum validation of a software program, the method comprising the steps of:
-
(a) providing a software tool as well as instructions on how to modify the software program to submit to the tool, wherein executable code is generated from the modified software program that includes checksum information for the tool to use when processing the software program;
(b) in response to the executable code being submitted to the tool, the tool calculates at least one checksum, embeds the checksum in the executable code in a location indicated by the checksum information, and strips the checksum information from the executable code; and
(c) delivering the executable code as a protected software program, wherein during execution, the protected software application generates a new checksum and determines that the software application has been modified if the new checksum fails to match the embedded checksum. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for runtime code integrity validation of an application program using code block checksums, the method comprising the steps of:
-
(a) detecting a first set of exported symbols in a software application defining a start and end of one or more defined code blocks to be validated;
(b) detecting a second set of exported symbols in the software application defining the location of a checksum data structure for each defined code block where computed checksums are to be stored;
(c) computing a checksum of the defined blocks and storing the computed checksum in the defined data structures;
(d) stripping from the software application the detected sets of exported symbols to obfuscate the defined blocks and data structures; and
(e) storing the software application with the obfuscated code blocks and data structures, such that the application can verify the integrity of the code blocks during runtime by computing a runtime checksum for the code blocks and comparing the runtime checksum with the checksum stored in the data structures. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for runtime code integrity validation of an application program using code block checksums, the method comprising the steps of:
-
(a) detecting an exported symbol in a software application defining the location of a checksum data structure where the computed checksum is to be stored;
(b) computing the checksum of the application program, skipping over the data structure, and storing the results in the data structure;
(c) stripping from the application program the detected exported symbol to obfuscate the location of the data structure; and
(d) generating a software application executable object with the obfuscated data structure such that the application code can verify the integrity of the code during runtime by computing the checksum of the application not including the data structure and comparing the result with the result stored in the data structure. - View Dependent Claims (17, 18, 19)
-
-
20. A method for runtime code integrity validation of an application program using code block checksums, the method comprising the steps of:
-
(a) selecting one or more code blocks of the application program to be validated, and indicating the start and end of the selected code blocks using exported symbols;
(b) defining a checksum data structure for each defined block and indicating its location using exported symbols;
(c) incorporating one or more checksum algorithms within the code for computing checksums at runtime; and
(d) incorporating code to request the computation of the checksum at runtime for each defined block, and to compare the results of the runtime checksum calculation with the value stored in the related checksum data structure;
(e) incorporating code to discourage use of the application program when the checksums do not validate; and
(f) processing the application program code using a tool that performs the functions of;
(i) locating the defined code blocks using the exported symbols, (ii) computing the checksum of each block and storing the results in the data structure for each block located using the exported symbols, and (iii) stripping the exported symbols from the application code to obfuscate the location of the blocks and data structures. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A method for determining if protected software is modified, the method comprising the steps of
(a) instructing a software developer to modify an executable version of the software to be protected by performing the steps of: -
(i) exporting predefined checksum related data, (ii) adding code to compute a new checksum at runtime, (iii) adding code to compare the computed runtime checksum with a checksum stored in the executable, (iv) determining that the protected software has been modified if the checksums do not compare; and
(b) wrapping the executable in a anti-piracy software wrapper, and performing the steps of;
(i) automatically detecting the exported checksum related data, (ii) computing a checksum of the executable, (iii) embedding the checksum in the executable; and
(iv) removing the exported checksum related symbols from the executable. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A computer-readable medium containing program instructions for runtime code integrity validation of an application program using code block checksums, the instructions for:
-
(a) detecting a first set of exported symbols in a software application defining a start of one or more defined code blocks to be validated;
(b) detecting a second set of exported symbols in the software application defining the end of a defined code block and the location of a checksum data structure for each defined code block where computed checksums are to be stored;
(c) computing a checksum of the defined blocks and storing the computed checksum in the defined data structures;
(d) stripping from the software application the detected sets of exported symbols to obfuscate the defined blocks and data structures;
(e) storing the software application with the obfuscated code blocks and data structures, such that the application can verify the integrity of the code blocks during runtime by computing a runtime checksum for the code blocks and comparing the runtime checksum with the checksum stored in the data structures. - View Dependent Claims (33, 34, 35, 36)
-
Specification