The present disclosure relates generally to the field of software security and to techniques for increasing the resistance of a computer program to unauthorized tampering. In particular, the present disclosure relates to program protection techniques which seek to provide a degree of protection from unauthorized modification and/or access to program code.
In releasing a software application for execution on end users' hardware, a program developer is effectively providing a user with complete access to the program code of that application. Unfortunately, it is a fact that some end-users will attempt to compromise a software application in order, for example, to obtain illegal copies, gain unlicensed access to certain features, steal intellectual property from the application, inject malicious code, or cheat in online games. Indeed, in the context of online gaming, which often seeks to support hundreds or thousands of players simultaneously over a network, the occurrence of online cheating can seriously undermine honest players' experience of the game. Free access to executable code by unauthorized users can often result in loss of intellectual property and provides the user with an easy means for probing the application for security vulnerabilities. Also, applications may be reverse engineered and then modified to remove metering or usage control before being recompiled, ultimately resulting in a loss of revenue for the code provider.
Thus, the environment into which publishers release their programs can be considered to be a hostile one. There is therefore a need to protect programs from tampering or misuse, which may involve unauthorized modification and/or copying.
A number of anti-tamper techniques have been previously proposed for deterring would-be hackers or for protecting computer programs from being modified and/or copied. For example, it is known for software programs to utilize copy protection techniques or to have limitations encoded into them which, for example, require password or serial number access, prevent copying or restrict the use of the program in some way.
Techniques for “obfuscating” software code have also been proposed. Obfuscated code, or shrouded code as it is also known, is a type of executable code, which is intentionally made very difficult to read and understand. It is also known to employ a sub-set of obfuscation known as program-folding, e.g. to try to protect firmware in electrical equipment. Program folding involves calling routines from random places in the source-code, essentially causing the program to jump around during execution. Although obfuscated code can deter reverse engineering, there is a still a distinct possibility that the code could be read and understood, and therefore modified. As such, obfuscated code provides only low-level security means, and it is often necessary to use it in conjunction with additional security procedures, e.g. encryption. Additionally, the most common software reverse engineering attacks target copy protection schemes. These schemes generally rely heavily on existing operating system procedure calls, making basic code obfuscation easily bypassed using the same tools used with unobfuscated code. Furthermore, obfuscated code, being difficult to read and understand, is not only a problem for would-be software abusers but also for the software creators themselves, as obfuscated code is inherently very difficult to debug. As a result, it is often necessary to maintain two versions of the code: the unobfuscated code for debugging, and the obfuscated code for distribution. Due to the low level of security provided, this additional effort is often considered to outweigh the benefits of obfuscated code and therefore alternative methods are required.