Software self-defense systems and methods

US 7,430,670 B1
Filed: 07/31/2000
Issued: 09/30/2008
Est. Priority Date: 07/29/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:

obtaining an object code representation of the computer program;

searching the object code representation of the computer program for first and second object code sequences, the first and second object code sequences being similar, at least in part; and

modifying the object code representation of the computer program without materially affecting completion of the one or more specified tasks, the modification comprising;

inserting a third object code sequence into the object code representation of the computer program such that the third object code sequence is executed before the second object code sequence, the third object code sequence comprising one or more instructions, and being operable to pass control to an instruction that logically begins the first object code sequence;

executing instructions in the first object code sequence in place of instructions in the second object code sequence;

inserting a branch at the end of the first object code sequence, the branch being operable to;

pass control, upon detection of a first predefined condition, to an instruction that logically followed the first object code sequence in the unmodified object code representation of the computer program, and topass control, upon detection of a second predefined condition, to an instruction that logically followed the second object code sequence in the unmodified object code representation of the computer program.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program'"'"'s local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program'"'"'s operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program'"'"'s source code, object code, or executable image.

Citations

29 Claims

1. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
- obtaining an object code representation of the computer program;
  
  searching the object code representation of the computer program for first and second object code sequences, the first and second object code sequences being similar, at least in part; and
  
  modifying the object code representation of the computer program without materially affecting completion of the one or more specified tasks, the modification comprising;
  
  inserting a third object code sequence into the object code representation of the computer program such that the third object code sequence is executed before the second object code sequence, the third object code sequence comprising one or more instructions, and being operable to pass control to an instruction that logically begins the first object code sequence;
  
  executing instructions in the first object code sequence in place of instructions in the second object code sequence;
  
  inserting a branch at the end of the first object code sequence, the branch being operable to;
  
  pass control, upon detection of a first predefined condition, to an instruction that logically followed the first object code sequence in the unmodified object code representation of the computer program, and topass control, upon detection of a second predefined condition, to an instruction that logically followed the second object code sequence in the unmodified object code representation of the computer program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as in claim 1, further including:
    - removing some or all instructions contained in the second object code sequence from the object code representation of the computer program.
  - 3. A method as in claim 1, wherein the first and second object code sequences do not correspond directly to an integer number of source code statements in the source code representation of the computer program.
  - 4. A method as in claim 3, in which the first and second object code sequences each include an object code representation of a first sub-part of a source code programming statement, but do not include an object code representation of at least a second sub-part of the source code programming statement.
  - 5. A method as in claim 1, further including:
    - searching the object code representation of the computer program for a fourth object code sequence, the fourth object code sequence being similar, at least in part, to the first and second object code sequences;
      
      inserting a fifth object code sequence into the object code representation of the computer program, such that the fifth object code sequence is executed in place of the fourth object code sequence, the fifth object code sequence comprising one or more instructions, and being operable to pass control to an instruction that logically begins the first object code sequence;
      
      wherein the branch at the end of the first object code sequence is further operable to pass control, upon detection of a third predefined condition, to an instruction that logically followed the fourth object code sequence in the unmodified object code representation of the computer program.
  - 6. A method as in claim 1, in which modifying the object code representation of the computer program further includes:
    - duplicating a basic block in the object code representation of the computer program; and
      
      inserting a branch into the object code representation of the computer program, the branch being operable to pass control to one duplicate of the basic block upon detection of a fourth predefined condition, and to pass control to another duplicate of the basic block upon detection of a fifth predefined condition.
  - 7. A method as in claim 6, further including obfuscating the similarities between duplicates of the basic block.
  - 8. A method as in claim 1, in which the third object code sequence further comprises one or more instructions for overwriting at least a portion of the first object code sequence.
  - 9. A method as in claim 8, in which one or more programming instructions for passing control to the first object code sequence, and the one or more object code instructions for overwriting at least a portion of the first object code sequence, are separated in the object code representation of the computer program by at least one intervening instruction.

10. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
- searching the computer program for first and second code sequences, the first and second code sequences being similar, at least in part;
  
  inserting a third code sequence into the computer program, the third code sequence including one or more instructions for overwriting at least a portion of the second code sequence, and for passing control to an instruction that logically begins the first code sequence;
  
  executing instructions in the first code sequence in place of instructions in the second code sequence;
  
  inserting a branch at the end of the first code sequence, the branch being operable to;
  
  pass control, upon detection of a first predefined condition, to an instruction following the first code sequence, and topass control, upon detection of a second predefined condition, to an instruction following the third code sequence;
  
  whereby the third code sequence is executed at the location in the computer program of the second code sequence without materially affecting completion of the one or more specified tasks.
- View Dependent Claims (11, 12, 13)
- - 11. A method as in claim 10, in which the computer program is written in a high-level language selected from the group of programming languages consisting of:
    - C, C++, Visual Basic, Basic, FORTRAN, Cobol, Java, Modula, Pascal, Perl, and Lisp.
  - 12. A method as in claim 10, in which the first predefined condition comprises a predetermined variable having a first value, and the second predefined condition comprises the predetermined variable having a second value.
  - 13. A method as in claim 10, further including:
    - removing some or all instructions contained in the second code sequence from the computer program.

14. A method for obfuscating a computer program, the method including:
- selecting a sequence of programming statements, the sequence of programming statements having a predefined order;
  
  incorporating at least a first concurrent process and a second concurrent process into the computer program;
  
  incorporating at least a first programming statement from the sequence into the first concurrent process;
  
  incorporating at least a second programming statement from the sequence into the second concurrent process;
  
  introducing a plurality of guard variables to control the execution of the at least first concurrent process and the second concurrent process;
  
  controlling execution of the first concurrent process and the second concurrent process using one or more conditional statements containing one or more of the plurality of guard variables, and one or more conditional statements containing obfuscation guard variables such that the sequence of programming statements is executed in the predefined order as a function, at least in part, of two or more of the plurality of guard variables; and
  
  assigning an error value to at least one of the plurality of guard variables without causing incorrect execution of the sequence of programming statements.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 15. A method as in claim 14, in which execution of the first programming statement depends on a first predefined condition, and in which execution of the second programming statement depends on a second predefined condition.
  - 16. A method as in claim 15, in which the first concurrent process includes one or more programming statements that are operable to cause the second predefined condition to be satisfied following execution of the first programming statement.
  - 17. A method as in claim 14, in which the first and second concurrent processes comprise first and second sequences of statements in a loop, respectively, and in which execution of the first sequence of statements is dependent on a first predefined condition, and in which execution of the second sequence of statements is dependent on a second predefined condition.
  - 18. A method as in claim 14, in which the first and second concurrent processes comprise first and second threads.
  - 19. A method as in claim 15, in which the first predefined condition comprises a predetermined variable having a first value, and the second predefined condition comprises the predetermined variable having a second value.
  - 20. A method as in claim 19, in which the first value is any one of a first range of predefined values, and the second value is any one of a second range of predefined values.
  - 21. A method as in claim 16, further comprising:
    - incorporating at least a third concurrent process into the computer program;
      
      incorporating at least a third programming statement from the sequence into the third concurrent process, wherein execution of the third programming statement depends on a third predefined condition;
      
      incorporating one or more programming statements into the second concurrent process, the one or more programming statements being operable to cause the third predefined condition to be satisfied following execution of the second programming statement;
      
      whereby execution of the first, second, and third concurrent processes is controlled by one or more variables such that the sequence of programming statements is executed in the predefined order.
  - 22. A method as in claim 19, in which the predetermined variable is an obfuscation variable.
  - 23. A method as in claim 19, in which the predetermined variable is a genuine program variable that has been determined to be available.
  - 24. A method as in claim 14, further comprising:
    - incorporating a plurality of obfuscation statements and obfuscation variables into the first and second concurrent processes.
  - 25. A method as in claim 14, further comprising:
    - incorporating a third concurrent process into the computer program;
      
      incorporating a plurality of obfuscation statements and obfuscation variables into the third concurrent process.
  - 26. A method as in claim 15, in which the first predefined condition comprises a first variable having a first value, and in which the second predefined condition comprises a second variable having a second value.
  - 27. A method as in claim 26, in which the first concurrent process includes one or more programming statements that are operable to detect the first predefined condition, and, if the first predefined condition is detected, to:
    - (a) assign a third value to the first variable,(b) execute the first programming statement, and(c) assign the second value to the second variable.
  - 28. A method as in claim 15, in which the first predefined condition comprises a set of one or more variables having values that satisfy a first predefined relationship, and the second predefined condition comprises the set of one or more variables having values that satisfy a second predefined relationship.
  - 29. A method as in claim 21, in which (a) the first predefined condition comprises a set of one or more variables having values that satisfy a first predefined relationship, (b) the second predefined condition comprises the set of one or more variables having values that satisfy a second predefined relationship, (c) the third predefined condition comprises the set of one or more variables having values that satisfy a third predefined relationship.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Matheson, Lesley R., Maheshwari, Umesh, Horning, James J., Sibert, W. Olin, Wright, Andrew K., Tarjan, Robert E., Horne, William G., Owicki, Susan K.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Kim; Jung

Application Number

US09/629,546
Time in Patent Office

2,983 Days
Field of Search

713/190, 713/194
US Class Current

713/190
CPC Class Codes

G06F 11/3612   by runtime analysis perform...

G06F 11/362   Software debugging

G06F 21/10   Protecting distributed prog...

G06F 21/125   by manipulating the program...

G06F 21/14   against software analysis o...

Software self-defense systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Software self-defense systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links