In the ever-growing computer software industry, many examples of unauthorized or unlicensed rogue usage by an attacker (e.g., software hacker) of valuable and sensitive software applications exist. Moreover, as new software applications are deployed in the field, the modular, function-based structure of their underlying program code often makes such software applications easy targets for code-lifting and data-lifting attacks.
Current software protection technology typically concentrates on two primary areas of defense including concealment and tamper-resistance. Concealment commonly involves providing a mechanism for hiding sensitive assets and functionalities from the attacker. Tamper-resistance commonly involves providing a mechanism whereby the protected software reacts differently if part of the software is altered by an attacker. However, neither of these techniques adequately address code-lifting and data-lifting attacks.
For example, a dynamic-link library (DLL) may easily be identified and reused in a rogue context, simply by invoking available functions from an attacker's application. Alternatively, functions or code snippets may be lifted from the original program and reused in an attackers program. Furthermore, once the use of data is identified by an attacker, any data may easily be extracted from the sections of an executable file or from a data file to be read and used from a hacker's application, despite the amount of data being used. Still further, even if the designer of the software application is able to obfuscate the mechanics of the program, a determined attacker may lift the assembly code that invokes the functionality and thereafter reimplement the code in his own rogue software application. There are hacker tools (e.g., disassemblers and decompilers) that aid in this process of attacking the software.
Another example of software protection includes known node-locking approaches that bind a program to a specific device whereby a unique identifier (ID) is taken from a piece of hardware and the program made to be dependent on the given ID. This could be the calculation of a device key that is constructed through the use of hardware identifiers like the media access control (MAC) address, hardware disk IDs, and other fingerprint information. The algorithm that uses these identifiers to produce the key may be an elaborate process of function and data. However, in the end, the entire set of code and data is vulnerable to a lifting attack.
It is, therefore, desirable to provide attack resistance that includes improved tamper resistance and concealment properties.