How to make your software tamperproof

Posted by: Lava Kafle

Definition 7.1 (Tampering and Tamperproofing). Let Id (P, E) and Ia (P, E) be predicates over a program P and the environment E in which it executes. P is successfully tamperproofed if, throughout the execution of P, Id (P, E) holds. It is successfully attacked if, at some point during the execution of P, Ia (P, E)∧not Id (P, E), holds and this is not detectable by P

Watermarking and tamperproofing are also related. In fact, if perfect tamperproofing were available, watermarking would be easy: Just watermark with any trivial algorithm, tamperproof, and by definition the attacker will not be able to destroy the mark! It’s precisely because we don’t have perfect tamperproofing that we need to worry about watermarking stealth: We have to assume that an attacker who can find a watermark will also be able to modify the program to destroy the mark.

  1. 1. If you both obfuscate and tamperproof your code, an attacker who, in spite of the tamperproofing, is able to extract the code still has to de-obfuscate it in order to understand it;
  2. 2. Code that you insert to test for tampering or affect a response to tampering must be obfuscated in order to prevent the attacker from easily discovering it.

Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques

Here, we’ve set a breakpoint on the decrypt function such that, whenever we enter it, the cleartext media gets printed and execution continues. Technically, an attacker typically modifies the program with the intent to force it to choose a different execution path than the programmer intended. He can achieve this by:

  1. Removing code from and/or inserting new code into the executable file prior to execution;
  2. Removing code from and/or inserting new code into the running program;
  3. Affecting the runtime behavior of the program through external agents such as emulators, debuggers, or a hostile operating system.

A protected program can try to detect that it’s running under emulation, on a modified operating system, or inside a debugger, but this turns out to be hard to do reliably. For example, how can you detect that a user has turned back the system clock so as not to trigger your “license-expired” check?We will show a few popular techniques, but in practice, tamperproofing algorithms tend to focus on making sure that the program’s static code and data haven’t been changed, even if this certainly isn’t enough to ensure it’s running properly.

How to make your software tamperproof.

How to make your software tamperproof was last modified: February 12th, 2015 by Lava Kafle

Blog Comments

  1. Bill Gates

    Software suppliers are trying to make their software packages more user-friendly… Their best approach, so far, has been to take all the old brochures, and stamp the words, ‘user-friendly’ on the cover
    . Remember when…? A computer was something on TV from a science fiction show. A window was something you hated to clean and RAM was the cousin of a goat… Meg was the name of my girlfriend and gig was your middle finger upright. Now they all mean different things and that really mega bytes. An application was for employment. A program was a TV show. A cursor used profanity. A keyboard was a piano. Memory was something that you lost with age. A CD was a bank account. And if you had a 3 1/2″ floppy you hoped that nobody found out. Compress was something you did to the garbage not something you did to a file. And if you unzipped anything in public you’d be in jail for awhile. Log on was adding wood to the fire. Hard drive was a long trip on the road. A mouse pad was where a mouse lived and a backup happened to your commode. Cut you did with a pocket knife. Paste you did with glue. A web was a spider’s home and a virus was the flu. I guess I’ll stick to my pad and paper and the memory in my head. I hear nobody’s been killed in a computer crash but when it happens they wish they were dead !

  2. techno-quotes

    I do not fear computers. I fear lack of them. Isaac Asimov

    Artificial Intelligence usually beats natural stupidity.Author Unknown

    Physics is the universe’s operating system. Steven R Garman

    I sit looking at this damn computer screen all day long, day in and day out, week after week, and think: Man, if I could just find the ‘on’ switch… Zachary Good.

    Hardware: where the people in your company’s software section will tell you the problem is. Software: where the people in your company’s hardware section will tell you the problem is. Dave Barry

    The question of whether computers can think is like the question of whether submarines can swim. Edsger W. Dijkstra

    The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.Stephen Hawking

    Any fool can use a computer. Many do. Ted Nelson

    Computing is not about computers any more. It is about living. Nicholas Negroponte

    In God we trust, all others we virus scan. Author Unknown

  3. Who is a Hacker?

    There is a common belief(created by media….again),even among geeks that hacker is a person “who breaks into computers and is involved in mischievous and illegal activities related to computers”. Unfortunately, the above explanation in quotes would better suit the word “Cracker”. Then who is a hacker?

    It is best said in the words of Richard M Stallman. The Misnomer.

    Richard M Stallman has made it clear many times, “A hacker is someone who enjoys playful cleverness—not necessarily with computers. The programmers in the old MIT free software community of the 60s and 70s referred to themselves as hackers. Around 1980, journalists who discovered the hacker community mistakenly took the term to mean “security breaker.”]

  4. The UML Class Diagram

    1. Responsibility of a class: It is the statement defining what the class is expected to provide.
    2. Stereotypes: It is an extension of the existing UML elements; it allows you to define new elements modeled on the existing UML elements. Only one stereotype per element in a system is allowed.
    3. Vocabulary: The scope of a system is defined as its vocabulary.
    4. Analysis class: It is a kind of a stereotype.
    5. Boundary class: This is the first type of an analysis class. In a system consisting of a boundary class, the users interact with the system through the boundary classes.
    6. Control class: This is the second type of an analysis class. A control class typically does not perform any business functions, but only redirects to the appropriate business function class depending on the function requested by the boundary class or the user.
    7. Entity class: This is the third type of an analysis class. An entity class consists of all the business logic and interactions with databases.

  5. parsing html with c# sharp

    ParseHTML parse = new ParseHTML();
    parse.Source = page;
    while( !parse.Eof() )
    {
    char ch = parse.Parse();
    if(ch==0)
    {
    AttributeList tag = parse.GetTag();
    if( tag["href"]!=null )
    System.Console.WriteLine(
    “Found link: ” + tag["href"].Value );
    }
    }

    using System;

    namespace HTML
    {
    ///
    /// Attribute holds one attribute, as is normally stored in an
    /// HTML or XML file. This includes a name, value and delimiter.
    /// This source code may be used freely under the
    /// Limited GNU Public License(LGPL).
    ///
    /// Written by Jeff Heaton (http://www.jeffheaton.com)
    ///
    public class Attribute: ICloneable
    {
    ///
    /// The name of this attribute
    ///
    private string m_name;

    ///
    /// The value of this attribute
    ///
    private string m_value;

    ///
    /// The delimiter for the value of this attribute(i.e. ” or ‘).
    ///
    private char m_delim;

    ///
    /// Construct a new Attribute. The name, delim, and value
    /// properties can be specified here.
    ///
    /// The name of this attribute.
    /// The value of this attribute.
    /// The delimiter character for the value.
    ///
    public Attribute(string name,string value,char delim)
    {
    m_name = name;
    m_value = value;
    m_delim = delim;
    }

    ///
    /// The default constructor. Construct a blank attribute.
    ///
    public Attribute():this(“”,”",(char)0)
    {
    }

    ///
    /// Construct an attribute without a delimiter.
    ///
    /// The name of this attribute.
    /// The value of this attribute.
    public Attribute(String name,String value):this(name,value,
    (char)0)
    {
    }

    ///
    /// The delimiter for this attribute.
    ///
    public char Delim
    {
    get
    {
    return m_delim;
    }

    set
    {
    m_delim = value;
    }
    }

    ///
    /// The name for this attribute.
    ///
    public string Name
    {
    get
    {
    return m_name;
    }

    set
    {
    m_name = value;
    }
    }

    ///
    /// The value for this attribute.
    ///
    public string Value
    {
    get
    {
    return m_value;
    }

    set
    {
    m_value = value;
    }
    }

    #region ICloneable Members
    public virtual object Clone()
    {
    return new Attribute(m_name,m_value,m_delim);
    }
    #endregion
    }
    }

    Listing 2: The AttributeList Class

    using System;
    using System.Collections;

    namespace HTML
    {
    ///
    /// The AttributeList class is used to store list of
    /// Attribute classes.
    /// This source code may be used freely under the
    /// Limited GNU Public License(LGPL).
    ///
    /// Written by Jeff Heaton (http://www.jeffheaton.com)
    ///
    ///
    public class AttributeList:Attribute
    {
    ///
    /// An internally used Vector. This vector contains
    /// the entire list of attributes.
    ///
    protected ArrayList m_list;
    ///
    /// Make an exact copy of this object using the cloneable
    /// interface.
    ///
    /// A new object that is a clone of the specified
    /// object.
    public override Object Clone()
    {
    AttributeList rtn = new AttributeList();

    for ( int i=0;i<m_list.Count;i++ )
    rtn.Add( (Attribute)this[i].Clone() );

    return rtn;
    }

    ///
    /// Create a new, empty, attribute list.
    ///
    public AttributeList():base(“”,”")
    {
    m_list = new ArrayList();
    }

    ///
    /// Add the specified attribute to the list of attributes.
    ///
    /// An attribute to add to this
    /// AttributeList.</paramv
    public void Add(Attribute a)
    {
    m_list.Add(a);
    }

    ///
    /// Clear all attributes from this AttributeList and return
    /// it to a empty state.
    ///
    public void Clear()
    {
    m_list.Clear();
    }

    ///
    /// Returns true of this AttributeList is empty, with no
    /// attributes.
    ///
    /// True if this AttributeList is empty, false
    /// otherwise.
    public bool IsEmpty()
    {
    return( m_list.Count<=0);
    }

    ///
    /// If there is already an attribute with the specified name,
    /// it will have its value changed to match the specified
    /// value. If there is no Attribute with the specified name,
    /// one will be created. This method is case-insensitive.
    ///
    /// The name of the Attribute to edit or
    /// create. Case-insensitive.
    /// The value to be held in this
    /// attribute.
    public void Set(string name,string value)
    {
    if ( name==null )
    return;
    if ( value==null )
    value=”";

    Attribute a = this[name];

    if ( a==null )

    {
    a = new Attribute(name,value);
    Add(a);
    }

    else
    a.Value = value;
    }

    ///
    /// How many attributes are in this AttributeList?
    ///
    public int Count
    {
    get
    {
    return m_list.Count;
    }
    }

    ///
    /// A list of the attributes in this AttributeList
    ///
    public ArrayList List
    {
    get
    {
    return m_list;
    }
    }

    ///
    /// Access the individual attributes
    ///
    public Attribute this[int index]
    {
    get
    {
    if ( index<m_list.Count )
    return(Attribute)m_list[index];
    else
    return null;
    }
    }

    ///
    /// Access the individual attributes by name.
    ///
    public Attribute this[string index]
    {
    get
    {
    int i=0;

    while ( this[i]!=null )
    {
    if ( this[i].Name.ToLower().Equals( (index.ToLower()) ))
    return this[i];
    i++;
    }

    return null;

    }
    }
    }
    }

    Listing 3: The Parse Class

    using System;

    namespace HTML
    {
    ///
    /// Base class for parsing tag based files, such as HTML,
    /// HTTP headers, or XML.
    ///
    /// This source code may be used freely under the
    /// Limited GNU Public License(LGPL).
    ///
    /// Written by Jeff Heaton (http://www.jeffheaton.com)
    ///
    public class Parse:AttributeList
    {
    ///
    /// The source text that is being parsed.
    ///
    private string m_source;

    ///
    /// The current position inside of the text that
    /// is being parsed.
    ///
    private int m_idx;

    ///
    /// The most recently parsed attribute delimiter.
    ///
    private char m_parseDelim;

    ///
    /// This most recently parsed attribute name.
    ///
    private string m_parseName;

    ///
    /// The most recently parsed attribute value.
    ///
    private string m_parseValue;

    ///
    /// The most recently parsed tag.
    ///
    public string m_tag;

    ///
    /// Determine if the specified character is whitespace or not.
    ///
    /// A character to check
    /// true if the character is whitespace
    public static bool IsWhiteSpace(char ch)
    {
    return( “\t\n\r “.IndexOf(ch) != -1 );
    }

    ///
    /// Advance the index until past any whitespace.
    ///
    public void EatWhiteSpace()
    {
    while ( !Eof() )
    {
    if ( !IsWhiteSpace(GetCurrentChar()) )
    return;
    m_idx++;
    }
    }

    ///
    /// Determine if the end of the source text has been reached.
    ///
    /// True if the end of the source text has been
    /// reached.
    public bool Eof()
    {
    return(m_idx>=m_source.Length );
    }

    ///
    /// Parse the attribute name.
    ///
    public void ParseAttributeName()
    {
    EatWhiteSpace();
    // get attribute name
    while ( !Eof() )
    {
    if ( IsWhiteSpace(GetCurrentChar()) ||
    (GetCurrentChar()==’=') ||
    (GetCurrentChar()==’>’) )
    break;
    m_parseName+=GetCurrentChar();
    m_idx++;
    }

    EatWhiteSpace();
    }

    ///
    /// Parse the attribute value
    ///
    public void ParseAttributeValue()
    {
    if ( m_parseDelim!=0 )
    return;

    if ( GetCurrentChar()==’=’ )
    {
    m_idx++;
    EatWhiteSpace();
    if ( (GetCurrentChar()==’\”) ||
    (GetCurrentChar()==’\”‘) )
    {
    m_parseDelim = GetCurrentChar();
    m_idx++;
    while ( GetCurrentChar()!=m_parseDelim )
    {
    m_parseValue+=GetCurrentChar();
    m_idx++;
    }
    m_idx++;
    }
    else
    {
    while ( !Eof() &&
    !IsWhiteSpace(GetCurrentChar()) &&
    (GetCurrentChar()!=’>’) )

    {
    m_parseValue+=GetCurrentChar();
    m_idx++;
    }
    }
    EatWhiteSpace();
    }
    }

    ///
    /// Add a parsed attribute to the collection.
    ///
    public void AddAttribute()
    {
    Attribute a = new Attribute(m_parseName,
    m_parseValue,m_parseDelim);
    Add(a);
    }

    ///
    /// Get the current character that is being parsed.
    ///
    ///
    public char GetCurrentChar()

    {

    return GetCurrentChar(0);

    }

    ///
    /// Get a few characters ahead of the current character.
    ///
    /// How many characters to peek ahead
    /// for.
    /// The character that was retrieved.
    public char GetCurrentChar(int peek)

    {
    if( (m_idx+peek)<m_source.Length )
    return m_source[m_idx+peek];
    else
    return (char)0;
    }

    ///
    /// Obtain the next character and advance the index by one.
    ///
    /// The next character
    public char AdvanceCurrentChar()

    {
    return m_source[m_idx++];
    }

    ///
    /// Move the index forward by one.
    ///
    public void Advance()
    {
    m_idx++;
    }

    ///
    /// The last attribute name that was encountered.
    ///
    public string ParseName
    {
    get
    {
    return m_parseName;
    }

    set
    {
    m_parseName = value;
    }
    }

    ///
    /// The last attribute value that was encountered.
    ///
    public string ParseValue
    {
    get
    {
    return m_parseValue;
    }

    set
    {
    m_parseValue = value;
    }
    }

    ///
    /// The last attribute delimeter that was encountered.
    ///
    public char ParseDelim
    {
    get
    {
    return m_parseDelim;
    }

    set
    {
    m_parseDelim = value;
    }
    }

    ///
    /// The text that is to be parsed.
    ///
    public string Source
    {
    get
    {
    return m_source;
    }

    set
    {
    m_source = value;
    }
    }
    }
    }

    Listing 4: The ParseHTML Class

    using System;

    namespace HTML
    {
    ///
    /// Summary description for ParseHTML.
    ///

    public class ParseHTML:Parse
    {
    public AttributeList GetTag()
    {
    AttributeList tag = new AttributeList();
    tag.Name = m_tag;

    foreach(Attribute x in List)
    {
    tag.Add((Attribute)x.Clone());
    }

    return tag;
    }

    public String BuildTag()
    {
    String buffer=”";
    return buffer;
    }

    protected void ParseTag()
    {
    m_tag=”";
    Clear();

    // Is it a comment?
    if ( (GetCurrentChar()==’!') &&
    (GetCurrentChar(1)==’-')&&
    (GetCurrentChar(2)==’-') )
    {
    while ( !Eof() )
    {
    if ( (GetCurrentChar()==’-') &&
    (GetCurrentChar(1)==’-')&&
    (GetCurrentChar(2)==’>’) )
    break;
    if ( GetCurrentChar()!=’\r’ )
    m_tag+=GetCurrentChar();
    Advance();
    }
    m_tag+=”–”;
    Advance();
    Advance();
    Advance();
    ParseDelim = (char)0;
    return;
    }

    // Find the tag name
    while ( !Eof() )
    {
    if ( IsWhiteSpace(GetCurrentChar()) ||
    (GetCurrentChar()==’>’) )
    break;
    m_tag+=GetCurrentChar();
    Advance();
    }

    EatWhiteSpace();

    // Get the attributes
    while ( GetCurrentChar()!=’>’ )
    {
    ParseName = “”;
    ParseValue = “”;
    ParseDelim = (char)0;

    ParseAttributeName();

    if ( GetCurrentChar()==’>’ )

    {
    AddAttribute();
    break;
    }

    // Get the value(if any)
    ParseAttributeValue();
    AddAttribute();
    }
    Advance();
    }

    public char Parse()
    {
    if( GetCurrentChar()==’='A’) && (ch<=’Z') || (ch==’!') || (ch==’/') )
    {
    ParseTag();
    return (char)0;
    }

    else return(AdvanceCurrentChar());
    }
    else return(AdvanceCurrentChar());
    }
    }
    }

    Listing 5: The FindLinks Class

    using System;
    using System.Net;
    using System.IO;

    namespace HTML
    {
    ///
    /// FindLinks is a class that will test the HTML parser.
    /// This short example will prompt for a URL and then
    /// scan that URL for links.
    /// This source code may be used freely under the
    /// Limited GNU Public License(LGPL).
    ///
    /// Written by Jeff Heaton (http://www.jeffheaton.com)
    ///
    //class FindLinks
    //{
    ///
    /// The main entry point for the application.
    ///
    [STAThread]
    static void Main(string[] args)
    {
    System.Console.Write(“Enter a URL address:”);
    string url = System.Console.ReadLine();
    System.Console.WriteLine(“Scanning hyperlinks at: ” + url );
    string page = GetPage(url);
    if(page==null)
    {
    System.Console.WriteLine(“Can’t process that type of file,”
    +
    “please specify an HTML file URL.”
    );
    return;
    }

    ParseHTML parse = new ParseHTML();
    parse.Source = page;
    while( !parse.Eof() )
    {
    char ch = parse.Parse();
    if(ch==0)
    {
    AttributeList tag = parse.GetTag();
    if( tag["href"]!=null )
    System.Console.WriteLine( “Found link: ” +
    tag["href"].Value );
    }
    }
    }

    public static string GetPage(string url)
    {
    WebResponse response = null;
    Stream stream = null;
    StreamReader
    reader = null;

    try
    {
    HttpWebRequest request =
    (HttpWebRequest)WebRequest.Create(url);

    response = request.GetResponse();
    stream = response.GetResponseStream();

    if( !response.ContentType.ToLower().StartsWith(“text/”) )
    return null;

    string buffer = “”,line;

    reader = new StreamReader(stream);

    while( (line = reader.ReadLine())!=null )
    {
    buffer+=line+”\r\n”;
    }

    return buffer;
    }
    catch(WebException e)
    {
    System.Console.WriteLine(“Can’t download:” + e);
    return null;
    }
    catch(IOException e)
    {
    System.Console.WriteLine(“Can’t download:” + e);
    return null;
    }
    finally
    {
    if( reader!=null )
    reader.Close();

    if( stream!=null )
    stream.Close();

    if( response!=null )
    response.Close();
    }
    }
    }
    }

Post Your Comments:

Your email address will not be published. Required fields are marked *