dr. miguel Ángel oros hernÁndez 8. cracking. cracking magnitude of piracy all kinds of digital...
TRANSCRIPT
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ
8. Cracking
Cracking
Magnitude of piracy All kinds of digital content
(music, software, movies) Huge economic
repercussions
Cracking Process of attacking a copy
protection technology One kind of reversing Modification of an
application’s binary to cause or prevent a specific key branch in the program’s execution
Cracking
1. Piratería y protección de copias
2. Tipos de protección
3. Conceptos avanzados de protección
4. Marca de agua
Piratería y protección de copias
Haga clic en el icono para agregar una imagen
Piratería y protección de copias
Piratería y protección de copias
Applying reverse engineering until the software cracker reaches the subroutine that containts the primary method of protecting the software
Elimination of the expiration period from a time-limited trial of an application
Scanning for the use of a commercial copy protection application (CD, DVD) CloneCD Alcohol 120% Game Jackal Daemon Tools
Piratería y protección de copias
The open architecture of today’s personal computers makes impossible to create an uncrackable copy protection technology
Piratería y protección de copiasClass break
Problem in practically every copy protection technology
Takes place when a security technology or product fails in a way that affects every user of that technology or product, and not just the specific system that is under attack
Huge efforts of developers of copy protection technologies
ProblemPublishing the results of defeating the protection mechanism
Piratería y protección de copiascopy protection mechanism
DefinitionA delicate componentInvisible to legitimate
users
Design considerationsResistance to AttackEnd-User
TransparencyFlexibility
Tipos de protección
Haga clic en el icono para agregar una imagen
Tipos de protección
Media-Based Protections The primary copy protection
approach in the 1980s Idea: have a program check
the media with which it is shipped and confirm that it is an original
Floppy disks: creating special “bad” sectors
Programs: CopyWrite
Transcopy
Are they legals?
Serial numbers Idea: the software vendor ships
each copy of the software with a unique serial number printed somewhere on the product package or on the media itself
The installation requires this number
If the program is installed, the user is registered
When the user contact customer support, the software vendor can verify that the user has a valid installation of the product
Tipos de protección
Challenge response and online activationsThe program sends a
challenge response (an protocol used for authenticating specific users or computers in networks)
Idea: the both parties share a secret key that is known only to them
Improvement to the serial number
Challenge responseVendor’s approvalCrackable: create a
keygen program that emulates the server´s challegne mechanism and generate a valid response on demand
Tipos de protecciónkeygen
A license or product key generator (sometimes stylized as keygen) is a computer program that generates a product licensing key, serial number, or some other registration information necessary to activate for use a software application
Tipos de protección
Hardware-based protectionsIdea: add a tamper-
proof, non-software-based component into the mix assists in authenticating the running software
Use of attached chip to the computer like USB
Conceptos avanzados de protección
Haga clic en el icono para agregar una imagen
Conceptos avanzados de protección
Cripto-ProcessorsA well-known software
copy protection approachProposedRobert M. BestIdea: design a
microprocessor that can directly executed encrypted code by decrypting it on the fly
Hard to crack because the decrypted code would never be accessible to attackers
Digital Rights ManagementDRM Models
Encrypting the protect content
Try their best to hide the decryption key and control the path in which content flows after it has been decrypted
Conceptos avanzados de protección
Digital Rights ManagementThe Windows Media
Rights Manager Idea: separate the
media from the licence file (encryption key required to decrypt and playback the media file)
Digital Rights ManagementSecure Audio Path
Attempts to control the flow of copyrighted, unencrypted audio within Windows
Problem: anyone can write a simulated audio device driver that would just steal the decrypted content while the media playback software is sending it to the sound card
Marca de agua
Haga clic en el icono para agregar una imagen
Marca de agua
Watermaking Processing to adding
an additional “channel” of imperceptible data alongside a visible stream of data
Invisble (or inaudible) data stream that is hidden within the file
Properties Difficult to remove It contains as much
information as possible Imperceptible Difficult to detect Encrypted Robust
Marca de aguaaplicaciones
Enabling authors to embed indentifying information in their intellectual property
Identifying the specific owner of an individual copy by using a watermarked fingerprint
Identifying the original,unmodified data through a validation mark
Bibliografía
Reversing: Secrets of Reverse Engineering Eldad Eilam Wiley Publishing, Inc. 2005
Fin