Abstract
Recent years, with the rapid development of the Internet, the technology of software and hardware changes with each passing day. In order to pursue the economic interest, many software systems which contains fatal flaws are always come into use untimely. Although many software developers have involved a tremendous lot of work to make the life cycle of their software systems long enough. However, the law is strong but the outlaws are ten times stronger. In order to be able to illegally use software related charging functions, hackers improve their illegal cracking techniques. in the process of confronting software protection technology As many software developers only focus on the implementation of software system functions, they overlooked the software encryption protection and reverse cracking. Therefore, in the preliminary stage of studying software protection, researchers developed some relatively useful professional software encryption protection program (Shell for short). However, with the development of cracking techniques, even the strong shell ASProtect which uses powerful encryption algorithms such as Twofish, TEA, Blowfish, and the combination of CRC (Cyclic Redundancy Check) and anti-debugging techniques can be removed by using the free OllyDbg dynamic tracking shell after the disassembly code. Using the stack balance principle to find the shell before the program execution entrance, then combining the powerful functions of LoadPE tool to import table, import address table and relocation table. Presently, VMProtect and driver protection technology are two most important ways to protect software. However, VMProtect will need large amount of code in order to build virtual machines which will act as decoders of bytecode - code generated to protect software. For the same reason, efficiency of executing software protected by VMProtect is very low. This article will introduce current state of software protection and give suggestions to limitation found in current application.
Highlights
Before software protection technology, we can only protect software at level ring3 in the system by means of encrypting Import Tables, IATs and Relocatables
Protected data will be fully exposed to hackers as long as those hackers use dynamic debuggers like OllyDbg to keep track of encryption process that happened in the CPU
It is proven that good encryption program like themida is still vulnerable before adding in software protection [1]
Summary
We can only protect software at level ring in the system by means of encrypting Import Tables, IATs and Relocatables. Protected data will be fully exposed to hackers as long as those hackers use dynamic debuggers like OllyDbg to keep track of encryption process that happened in the CPU. We can protect and hide important data of a software when we use driver program to encrypt it. We can use GDTHOOK, IDTKOOK, SSDTHOOK to increase clearance of software and relocate key codes (decryption code for example) to level ring0. Debuggers that running at ring level like OllyDbg won’t work, hackers could only use debuggers at ring0 level to do the hacking job [12]. Ring0 level debuggers require more advanced skill level from hackers, which in turn, increased difficulty of decryption greatly [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
