CHAPTER 13Advanced Defensive Techniques
The previous chapter presented some basic techniques for protecting an application against reverse engineering and cracking. This chapter demonstrates some more advanced techniques that are more difficult to defeat, including tamper-proofing, packing, virtualization, and the use of cryptors.
Tamper-Proofing
One of the powerful cracking techniques we've covered is patching, both for long-term cracking but also in the aid of reverse engineering. Tamper-proofing is a series of techniques geared toward making software more difficult for an attacker to modify. Some common approaches include the following:
- Hashing
- Signature
- Watermark
- Software guards
All of the following techniques have ways of being defeated, but (and I can't stress this enough) just because they have ways of being defeated doesn't mean they are not worth doing. Each of them provides a layer of defense in depth, and even if the method for defeating them fits into a few sentences, this doesn't mean it's easy in practice.
Hashing
An application can use hash functions to implement tamper-proofing via the following steps:
- Compute a hash of the software.
- Embed the hash in the software.
- Have the software check its own hash before executing.
- Any modifications to the software modify the hash.
The defense relies on the fact that changes to the application will cause the hash check to fail. To defeat this, an attacker will need to make their changes and then recompute the hash ...
Get x86 Software Reverse-Engineering, Cracking, and Counter-Measures now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
