Obfuscating computer program code

US 8,286,251 B2
Filed: 12/19/2007
Issued: 10/09/2012
Est. Priority Date: 12/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of tamper-protecting a computer program, the method comprising:

processing, by a computer, an input representation of the computer program to identify a function call for causing a data processing system to continue execution of the computer program at a predetermined entry point memory address of a function when the execution has reached a calling site, and upon termination of the function to return to the calling site and to continue execution of the computer program from the calling site onwards, when the computer program is executed by a data processing system;

replacing, by the computer, the identified function call with a modified function call, wherein the modified function call includes an algebraic expression for causing the data processing system to compute the entry point memory address when the computer program is executed by the data processing system, and the algebraic expression represents a decoding function for computing the entry point memory address from a set of parameters;

determining a respective parameter value of each of the set of parameters from an encoding function corresponding to the decoding function; and

generating an executable representation of the computer program from the input representation, wherein the executable representation includes one or more computer-executable instructions for causing the data processing system to assign the determined parameter values to respective ones of the set of parameters.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method of tamper-protecting a computer program, the method comprising: processing an input representation of the computer program to identify a function call for causing a data processing system to continue execution of the computer program at a predetermined entry point memory address when said computer program is executed by a data processing system; replacing the identified function call with a modified function call, wherein the modified function call includes an algebraic expression for causing the data processing system to compute the entry point memory address when said computer program is executed by the data processing system.

260 Citations

16 Claims

1. A computer-implemented method of tamper-protecting a computer program, the method comprising:
- processing, by a computer, an input representation of the computer program to identify a function call for causing a data processing system to continue execution of the computer program at a predetermined entry point memory address of a function when the execution has reached a calling site, and upon termination of the function to return to the calling site and to continue execution of the computer program from the calling site onwards, when the computer program is executed by a data processing system;
  
  replacing, by the computer, the identified function call with a modified function call, wherein the modified function call includes an algebraic expression for causing the data processing system to compute the entry point memory address when the computer program is executed by the data processing system, and the algebraic expression represents a decoding function for computing the entry point memory address from a set of parameters;
  
  determining a respective parameter value of each of the set of parameters from an encoding function corresponding to the decoding function; and
  
  generating an executable representation of the computer program from the input representation, wherein the executable representation includes one or more computer-executable instructions for causing the data processing system to assign the determined parameter values to respective ones of the set of parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein generating the executable representation comprises:
    - transforming the input representation into a preliminary executable representation; and
      
      modifying the preliminary executable representation to include the one or more computer-executable instructions for causing the data processing system to assign the determined parameter values to respective ones of the set of parameters.
  - 3. The method of claim 2, wherein replacing the identified function call with a modified function call includes inserting one or more program statements into the input representation for assigning a respective preliminary value to each of the set parameters;
    - and modifying the preliminary executable representation includes modifying one or more computer-executable instructions corresponding to the inserted one or more program statements to cause the data processing system to assign the determined parameter values to respective ones of the set of parameters.
  - 4. The method of claim 1, further comprising identifying a plurality of function calls and replacing the function calls by respective modified function calls, wherein each modified function call corresponds to a different decoding function.
  - 5. The method of claim 1, further comprising:
    - providing an extended encoding function representing a many-to-one relation between a memory address and the set of parameters, wherein a plurality of sets of parameter values of the set of parameters encode the memory address; and
      
      inserting one or more additional program statements adapted to cause the data processing system to change a current set of parameter values of the set of parameters from a first one of the plurality of sets of parameter values to a second one of the plurality of sets of parameter values when the program code is executed by the data processing system.
  - 6. The method of claim 5, wherein the one or more additional program statements include one or more parameter pointers to respective memory addresses for storing the set of parameter values.
  - 7. The method of claim 1, further comprising inserting one or more auxiliary program statements adapted to cause the data processing system to assign a set of temporary parameter values to the set of parameters, wherein the set of temporary parameter values results in a value of the decoding function different from the entry point memory address.
  - 8. The method of claim 7, wherein the one or more auxiliary program statements are adapted to cause the data processing system to assign the set of temporary parameter values to the set of parameters as a set of initial values.
  - 9. The method of claim 1, further comprising parsing the input representation to identify the function call.
  - 10. The method of claim 1, wherein the input representation of the computer program includes at least one input source code module.
  - 11. The method of claim 1, further comprising:
    - identifying a dispatch table including one or more references to respective entry point addresses;
      
      inserting respective one or more executable statements into the input representation for calculating the entry point addresses; and
      
      replacing the one or more references with pointers to corresponding ones of the inserted executable statements.
  - 12. The method of claim 1, further comprising obfuscating the function call by at least one of a function pointer and a dispatch table.
  - 13. The method of claim 1, wherein the identified function call includes a reference to a function name, and replacing the identified function call comprises replacing the reference by executable code for computing the corresponding entry point address word.
  - 14. A computer configured to perform the steps of the method of claim 1.
  - 15. A non-transitory computer-readable medium encoded with instructions that, when executed by the computer, cause the computer to perform the method of tamper-protecting a computer program of claim 1.
  - 16. The non-transitory medium of claim 15, wherein the instructions further comprise:
    - a transformation module for identifying a function call in an input representation of an input computer program and for replacing the identified function call with a modified function call including an decoding function; and
      
      a postprocessing module for modifying an executable representation of the input computer program to include one or more computer executable instructions representing an encoding function corresponding to the decoding function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Eker, Johan, Johansson, Björn, Von Platen, Carl
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Tran, Phuoc

Application Number

US12/515,621
Publication Number

US 20100251378A1
Time in Patent Office

1,756 Days
Field of Search

713/190, 713/189, 726/26
US Class Current

726/26
CPC Class Codes

G06F 21/14 against software analysis o...

Obfuscating computer program code

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

260 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Obfuscating computer program code

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links