Software self-defense systems and methods
First Claim
1. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
- obtaining an object code representation of the computer program;
searching the object code representation of the computer program for first and second object code sequences, the first and second object code sequences being similar, at least in part; and
modifying the object code representation of the computer program without materially affecting completion of the one or more specified tasks, the modification comprising;
inserting a third object code sequence into the object code representation of the computer program such that the third object code sequence is executed before the second object code sequence, the third object code sequence comprising one or more instructions, and being operable to pass control to an instruction that logically begins the first object code sequence;
executing instructions in the first object code sequence in place of instructions in the second object code sequence;
inserting a branch at the end of the first object code sequence, the branch being operable to;
pass control, upon detection of a first predefined condition, to an instruction that logically followed the first object code sequence in the unmodified object code representation of the computer program, and topass control, upon detection of a second predefined condition, to an instruction that logically followed the second object code sequence in the unmodified object code representation of the computer program.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program'"'"'s local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program'"'"'s operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program'"'"'s source code, object code, or executable image.
-
Citations
29 Claims
-
1. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
-
obtaining an object code representation of the computer program; searching the object code representation of the computer program for first and second object code sequences, the first and second object code sequences being similar, at least in part; and modifying the object code representation of the computer program without materially affecting completion of the one or more specified tasks, the modification comprising; inserting a third object code sequence into the object code representation of the computer program such that the third object code sequence is executed before the second object code sequence, the third object code sequence comprising one or more instructions, and being operable to pass control to an instruction that logically begins the first object code sequence; executing instructions in the first object code sequence in place of instructions in the second object code sequence; inserting a branch at the end of the first object code sequence, the branch being operable to; pass control, upon detection of a first predefined condition, to an instruction that logically followed the first object code sequence in the unmodified object code representation of the computer program, and to pass control, upon detection of a second predefined condition, to an instruction that logically followed the second object code sequence in the unmodified object code representation of the computer program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for obfuscating a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
-
searching the computer program for first and second code sequences, the first and second code sequences being similar, at least in part; inserting a third code sequence into the computer program, the third code sequence including one or more instructions for overwriting at least a portion of the second code sequence, and for passing control to an instruction that logically begins the first code sequence; executing instructions in the first code sequence in place of instructions in the second code sequence; inserting a branch at the end of the first code sequence, the branch being operable to; pass control, upon detection of a first predefined condition, to an instruction following the first code sequence, and to pass control, upon detection of a second predefined condition, to an instruction following the third code sequence; whereby the third code sequence is executed at the location in the computer program of the second code sequence without materially affecting completion of the one or more specified tasks. - View Dependent Claims (11, 12, 13)
-
-
14. A method for obfuscating a computer program, the method including:
-
selecting a sequence of programming statements, the sequence of programming statements having a predefined order; incorporating at least a first concurrent process and a second concurrent process into the computer program; incorporating at least a first programming statement from the sequence into the first concurrent process; incorporating at least a second programming statement from the sequence into the second concurrent process; introducing a plurality of guard variables to control the execution of the at least first concurrent process and the second concurrent process; controlling execution of the first concurrent process and the second concurrent process using one or more conditional statements containing one or more of the plurality of guard variables, and one or more conditional statements containing obfuscation guard variables such that the sequence of programming statements is executed in the predefined order as a function, at least in part, of two or more of the plurality of guard variables; and assigning an error value to at least one of the plurality of guard variables without causing incorrect execution of the sequence of programming statements. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification