An obfuscation system that contains several parts.
We have some source code developed for this purpose in the past. We have a UI design in details.
This tool should be used by software publishers to:
? Create and manage Power Vest projects
? Add files to projects and have them displayed by their type
? Define output folder, main executable and files of the project
? Define Entire Application General Settings
? Define Entire Application Security Settings
? Define Code Signing
? Define WatchDog settings
? Define Whitelisted and Blacklisted processes
? Define attachment of fake DEBUG process to wrapped application
? Define Entire Application Win32/64 Settings
? Define Win32/64 Per File Settings
? Define Win32/64 Per Segment Settings
? Define extra strength per segment
? Define Entire Application .NET Settings
? Define .NET Per File Settings
? Define .NET Per Class / Assembly Settings
? Define extra strength per class
? Define Data Files Settings
? Test efficiency of PowerVest options
? Update protected application
Look at <[url removed, login to view]> for our expectations.
Also look at:
<[url removed, login to view]>
These are mockups and this is how the product should look like and work.
[url removed, login to view] - another part of this project we wish to develop later on. This DLL will allow enforcing licensing and copy protection on Windows application.
WatchDog - a driver we would like you to develop, which will detect debuggers, reverse engineering attempts, attempts to break and hack.
Back Office - we will need after these parts are completed to develop an interactive web based system that will allow updating software, licenses but also it will work both ways - it will display usage of installed software (how many runs, etc.)
**About the source code attached:**
[url removed, login to view] is a skeleton for the GUI which needs some work.
[url removed, login to view] is previous work done by programmers who worked for us and started implementing the [url removed, login to view] and this part (PowerVest).
Please note that BoxedApp is mentioned in the document but we now think it may be easier for you to create a similar system without the problems BoxedApp has.
Among the source code you will see a driver for storing small portions of information at the sector level, to be used to store licensing data. This driver store the data in a special way that most likely survive full disk format! (The driver project is referred to as "HiddenFilesSystem")
**Wizdome Power Vest** is planned to be an external tool which allows software vendors to add an _additional and optional_ layer of copy protection, by wrapping their software along with any associated files (binary and data), into a single executable, whilst adding extra-strength protection against tampering, hacking, cracking or reverse engineering.
The protected executable should allow the protected (and wrapped) application, along with its files to run in a secured and protected isolated environment, using a virtual envelope, which resides only during runtime, and vanishes after termination of the application.
During this time of which the protected application is running, all files and registry values created temporarily are protected, and cannot be accessed by any other application from outside. Additional Anti-Debug measures are taken to prevent hackers form tampering the protected application.
Power Vest is developed using Visual Studio 2010 C++ and should be compatible with Microsoft Windows applications versions XP, Vista, Windows 7 and Windows 8, including 32 and 64 bit versions. It should base on the SGGUI graphical user interface library ([url removed, login to view]) and Win32 API.
**Future compatibility and planned enhancements**
Wizdome Power Vest should also have the infrastructure to wrap one or more files of other types (such as PDF, documents and images), allowing them to be opened by the built in loader, in order to allow adding DRM for such files to our next versions. In such case, there will be no need to include an executable (main application) but instead, the wrapping mechanism will generate a loader that will be used while unwrapping the file/s as the initial executable that is ran when the wrapped file is double clicked.
**The concepts behind Power Vest**
Power Vest will combine several concepts and capabilities described in this document.
? Generate and read Power Vest project files, which should be a propriety protected file for the projects involved.
? Base on the GUI as outlined in this document and uses the SGGUI framework, as a result, it should have the look and feel of the branded and designed UI .
? Have the ability to analyze .NET assemblies from a .NET executable even if the .NET framework is not installed on the machine that runs Power Vest.
? Have a secured and efficient wrapping mechanism that should preserve space and add a very little, if any, additional size to the wrapped application, that due to the use of strong compression.
? Have a secured and efficient unwrapping mechanism, which should result a short and unnoticeable time to unwrap.
? Have Anti Hack measures, including anti breakpoints, anti-debug, anti-disassembling, etc.
? Use strong Encryption and Compression. Should use symmetric encryption where the key is generated logically during runtime and therefore doesn't require licensing. The encryption should be used for integrity assurance of the tool rather than for licensing. Note: of course licensing can be added to the Power Vest application the same way any protected application can use the [url removed, login to view] for that purpose.
? Operate a Virtual Environment that will reside during the entire run of the protected application. The base for this environment is the source code of Boxed App and Boxed App Packer.
? Use the unique WatchDog mechanism, which will reside as a Kernel driver, which will take care of the various tasks assigned to the WatchDog. In addition, a debugger like process will be initiated by the envelope to occupy the space and by doing so, to prevent other debuggers processes to be attached to the protected application. The WatchDoc mechanism will be available also to protected applications that use the [url removed, login to view] only, without the Power Vest application.
**Types of applications and files need to be supported**
Power Vest should support the following types of files as part of an Envelope (a wrapped application). Some of the types listed herein, can be used as a Main Application, and some, can be only accompany other files provided that at least one of the other files within the envelope is qualified to be a Main Application.
? C++ Exe (32 bit / 64 bit) **Can be used as the Main Application**
? C++ DLL (32 bit / 64 bit)
? .Net C# Exe (32 bit / 64 bit) **Can be used as the Main Application**
? .Net C# DLL (32 bit / 64 bit)
? Mixed code (interop) assemblies C++ managed (CLI), 32 bit / 64 bit
? Binary data files (PDF, JPG, BMP, .etc)
? Textual files
? XML files
## The Protection Mechanism
The Protection mechanism involved gathering the selected files and the Main Application and to create a protected, compressed and encrypted executable. During this process, the following steps should be taken:
1. **Project Type Detection**
The type of the project will be detected by the type of the main application and the type of the other files. Power Vest will handle Native (C++) projects, .NET projects and Mixed Code projects in a separate process.
1. **X86 vs x64 Detection**
Power Vest will also detect between x86 (Win32) and x64 (Win64) types of files.
1. **Treating already wrapped applications**
Power Vest will not pack an application if it is already packed and protected. A packed application, if added to a project, will be unpacked first and then all files it contains will be added to the files within the project.
1. **Separate Obfuscation**
Based on the selected settings, a separate obfuscation and protection process will be performed on one or more building blocks. These blocks can be:
1. Entire application
2. Single (or _in the future_, several selected files, which must be of the same type, as described in bullets 1 and 2 in this section). **Note: we currently would like to require the software vendor to select a single file, and perform "per file" and "per segment" / "per class" actions on it.**
3. Single or several selected Segments (applicable for Win32 projects) within a single file.
4. Single or several selected Classes (applicable for .NET and mixed code project) within a single assembly.
1. **Handling .NET and Mixed Code Applications**
.NET and mixed code applications will involve compilation and insertion of a JIT loader.
1. ** Handling Data and Code parts**
Data and Code parts will be encrypted, obfuscated, compressed, scrambled and protected separately.
1. ** Handling Extra Strength Segments**
Extra strength segments / classes will be encrypted one more time, using a different encryption method on top of the current one.
1. **String Encryption**
Strings will be encrypted separately and decrypted during runtime.
1. **Resource Encryption**
Resources will be encrypted separately and decrypted during runtime.
1. **Migration of data to the Hidden Files area**
Selected parts of code / data will be migrated to the Hidden Files area and replaced with garbage data.
1. **Entry Point Protection**
Wrapped application's entry point protection will take place.
1. **Embedded Protection**
Protected application will contain an embedded mechanism (
_in addition_ to the ongoing Watch Dog process), against the following threats using 3 separate methods:
a. Hardcoded measures against a list of known threats
b. User (Vendor) generated black list and white list (see Power Vest GUI and FRD documents), which is implemented by blocking / allowing certain processes based on their name.
c. Heuristic methods, which are supposed to be useful against new and unknown threats.
_The types of threats / risks are:_
1. Entry point modification
2. API calls monitoring
5. Reverse Engineering
8. Memory patching
9. Memory Dump
10. Debugger hiders
1. **Random Data Insertion**
Random data will be inserted between real instructions in order to make it harder to distinguee between the fake instructions and the real ones.
1. **Resource Migration**
All resources will be migrated to the new executable, causing it to look the same as the original main application.
1. **CRC techniques**
CRC techniques will be applied to verify that critical parts were not modified.
1. **Code Signing**
Code signing will be used both by verifying the code signing certificate of files provided and also by forcing a wrapped application to have a code signing certificate signed by the software vendor's certificate programmatically by Power Vest.
## The Test Mechanism
The "test" mechanism will be used to help the publisher evaluate the combination of settings suitable for their needs, based on the trade-off of speed, size and strength of encryption. This feature will be developed in several stages, for the coming versions. The first version will have a more limited mechanism based on estimating these factors based on the selected settings, giving each setting a grade and calculating a final grade for speed, size and strength based on the settings selected. The first version will also take into consideration the number of extra strength markers created and the number of marked functions and global variables.
How to build the source code in "src" folder:
1. Close Visual Studio
2. Install Windows Driver Kit 7.1
3. Set system environment variables BASEDIR and WDKPATH to WDK root (for example C:\WinDDK\7600.16385.1)
4. Unzip [url removed, login to view] I placed to src folder ([Dropbox] ? [SG Licensing - ApriorIt] ? src). Details: Alexander uses regular expression library from the boost for his source processing tool (<[url removed, login to view]>). To not install the entire library I prepare for you the archive with minimum library set.
5. Set system environment variable BOOST\_DIR to installed boost root ( e.g. E:\boost\_1_47\ ).
6. Restart Windows
7. Unzip sources ([Dropbox] ? [SG Licensing - ApriorIt] ? src)
8. Path to the sources shouldn't contain spaces (WDK limitation)
9. Open **src\LicensingApp\boxed apps source code\[url removed, login to view]**
10. Select **Release, win32 platform** configuration. Build it. (you have to compile the Release configuration first, this is the requirement)
11. Select **Debug, win32 platform** configuration. Build it.
12. Open [url removed, login to view]
13. Select Win32 platform and build entire solution (Win32)