PDA

View Full Version : Watermarking application


LaBBa
November 12th, 2010, 07:39
Hi,
I wanted to know what is the best way to implement Watermarking on application
Like many SW i.e.: IDA, CoreImpact etc..

I wanted to know why is it so hard to remove those watermarking even if i have a copy of the same applications that have 2 diffrent watermarking..

Aimless
November 13th, 2010, 18:15
Unlike ASSEMBLY LINE software (that is MASS produced), IDA gets COMPILED for EACH USER. And it has CODE fragments, without which it cannot function, that are related to EACH USER.

The moment a cracked release of IDA appears on the scene, its very easy for Ilfak to determine the source of the leakage.

This would, perhaps, be the BEST way to implement watermarking.

And I'm sorry, I haven't really understood your second question.

Have Phun

evaluator
November 14th, 2010, 02:59
well, against such watermarking: you need 2 or more copies of product to compare between; then you can use protection (like VM) or re-manage code in founded differences.

LaBBa
November 15th, 2010, 01:41
Quote:
[Originally Posted by Aimless;88196]Unlike ASSEMBLY LINE software (that is MASS produced), IDA gets COMPILED for EACH USER. And it has CODE fragments, without which it cannot function, that are related to EACH USER.

The moment a cracked release of IDA appears on the scene, its very easy for Ilfak to determine the source of the leakage.

This would, perhaps, be the BEST way to implement watermarking.

And I'm sorry, I haven't really understood your second question.

Have Phun


Can you elaborate on the "CODE fragments" ?
if i have an application i want to know why each time i'm compiling it i will have a diffrent
"CODE fregment" ? how does this works exactly ?


Thanks,
LaBBa.

evaluator
November 15th, 2010, 02:01
too easy question LaBBa.
each time you will compile different source, so code will diff..

LaBBa
November 17th, 2010, 11:32
i know... but i'm sure you know when you have a product you are allways compiling the same features and the same code..
how one make a code that he can change each time and still have the same functionality.

how one impliment such a design in his code?
if you have a reference for me to read about this topic it would be nice.

Thanks,
Labba.

disavowed
November 17th, 2010, 23:48
Let's say I have the following program:

Code:

void PrintWorld()
{
printf(" World";
}

void PrintHello()
{
printf("Hello";
}

int main(int argc, char** argv)
{
PrintHello();
PrintWorld();
}


These functions could be arranged in the compiled object in 6 different permutations:


PrintWorld
PrintHello
main
PrintWorld
main
PrintHello
PrintHello
PrintWorld
main
main
PrintHello
PrintWorld
main
PrintWorld
PrintHello
PrintHello
main
PrintWorld


Now I could compile in order #3 and give it to you, and I could compile in order #5 and give it to evaluator. They're both functionally equivalent, but the code fragments are in unique orders.

evaluator
November 18th, 2010, 02:08
then i will disaVOWassembe that & reassemble in BIASed way..

disavowed
November 18th, 2010, 11:06
I never said it was foolproof

LaBBa
November 25th, 2010, 16:18
Quote:
[Originally Posted by evaluator;88272]then i will disaVOWassembe that & reassemble in BIASed way..


so you have a better way to do it ? (the watermarking)

evaluator
November 26th, 2010, 03:13
best way is make it FREEWARE! YEY!
less best - buy protector which will do that
good way, already given to you>
do recompile each time, putting some changed/shuffled code//constants.

PS. letz clear, we aren't going to help you :P
(if you have such hidden hope)

LaBBa
November 27th, 2010, 15:23
i'm just trying to understand the watermarking methods since i have 2 copies of an app
that is watermarked (diffrent license vendors)...
didn't found any good artical about that yet...
so here was my natural place to ask such a question (i'm a member here over 8 years.)

dELTA
November 27th, 2010, 20:47
A watermark can be absolutely anything that will preserve identical functionality of the application (to a satisfying degree anyway) while still embedding uniquely extractable information in it. If it it a good watermark, it is designed in a way so that its removal will interfere with the functioning of the application, but this is absolutely not necessary, and neither always the case.

After this definition, it's just up to your imagination. You say you have two copies with different watermarks? Well then, what are you waiting for, analyze where the differences are in the two copies, to see what clever (or not so clever) solutions to this problem that the software vendor in question has come up with!

If you need help with that analysis, you will most likely get it here as long as you show enough own effort and share enough relevant details.

evaluator
November 28th, 2010, 04:07
Quote:
(i'm a member here over 8 years.)


EXACTLY bcos of this!!
after such time you are asking simplest questions..
so if you not found good article, then instead of do analyze, you are asking good article?
maybe, you have not talent for reversing..

LaBBa
November 28th, 2010, 11:33
well.. as far as i can remember your 9+ years still havn't taught you any manners

i'm not a guru in the RE world, just my hobby..
and since i never go realy in depth into RE world, from time to time i need help..
like anyone else.. (ok, maybe not you.. )

dELTA
November 28th, 2010, 12:01
Evaluator, back off, you're out of line. It's a perfectly good question to ask for general techniques used by advanced custom watermarking designs like those of IDA Pro and CoreImpact. Especially since the watermarked versions of those products cannot be acquired in "legal ways" in order to have anything to analyze to begin with, but even without that, it is still ok to ask general questions about advanced concepts, in order to get a good "starting point" for your own work.

Kayaker
November 30th, 2010, 17:32
Happened upon a couple of articles on the topic

http://web17.webbpro.de/index.php?page=software-watermarking

and its reference:

Software Watermarking Via Assembly Code Transformations, Smita Thaker

http://www.cs.sjsu.edu/faculty/stamp/students/cs298ReportSmita.pdf

JoePub
December 5th, 2010, 04:37
LaBBa, Others can correct me if I am wrong here but I believe what IDA does on top of what others have said is change the linker order of it's various object files during the linking stage.

For example if the compile process ended up with the following objects

file1.o, file2.o, file3.o

You could change the order they are linked together giving and individualised watermark, now imagine doing that with hundreds of object files that IDA is most likely to have you would have loads of combinations you can use.

And personally I don't think it's an easy task to remove since you would need to move the order of the linked in objects to alter the watermark which means relative addresses within the program would need to be updated.

dELTA
December 6th, 2010, 08:39
Quote:
[Originally Posted by JoePub;88508]And personally I don't think it's an easy task to remove since you would need to move the order of the linked in objects to alter the watermark which means relative addresses within the program would need to be updated.
Sounds like it should be possible with an IDC script (as long as all code is reached for analysis) though. Does IDA still have silly special cases for not reversing itself btw?

niaren
December 6th, 2010, 09:21
Quote:
[Originally Posted by dELTA;88515]Sounds like it should be possible with an IDC script (as long as all code is reached for analysis) though. Does IDA still have silly special cases for not reversing itself btw?


I don't think IDA has this restriction. If I recall correctly then the author of this book "The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler" writes that he got information about IDA by reversing it in IDA

We could check the 'watermarking-by-linking-order' idea by a simple toy app and see if it could be conveniently handled by IDC scripts... I'm not familiar with IDC scripts so this may seem like a stupid idea.

dELTA
December 6th, 2010, 09:44
Sounds like a nice mini-project for those interested. It would both help explore this interesting way of watermarking (and ways to break it), and also allow the participants to teach themselves some IDC scripting.

You want to take the lead niaren? Just start a new thread in the Mini projects forum in that case.

LaBBa, are you in?

niaren
December 6th, 2010, 14:48
Hi dELTA, I wouldn't mind at all start a mini-project. I was just waiting for someone to ask

But I was wondering what would be a good way to start. I could for instance provide a very simple app created by linking two or three object files. Then the goal is to create a new app with a different permutation of the object files.
Another approach would be to have two exe files each with a different permutation of the object files. That way it may be easier to get started because we have the starting exe and the solution. What would be most fun?
What do you think?

dELTA
December 6th, 2010, 16:39
Sounds great niaren. My personal guess would be that having two exe files with different permutations of (a low number of) object files would be a very good starting point to develop and test the IDC script from, and that you could then add more single executables (made from completely different code/object files) as secondary levels to test the developed IDC script, don't you agree?

niaren
December 6th, 2010, 17:26
Quote:
[Originally Posted by dELTA;88527]Sounds great niaren. My personal guess would be that having two exe files with different permutations of (a low number of) object files would be a very good starting point to develop and test the IDC script from, and that you could then add more single executables (made from completely different code/object files) as secondary levels to test the developed IDC script, don't you agree?


Agree! Tomorrow is one of those rare days where playing with my computer comes in second row because of some sports game in TV I simply have to see. But I will start the mini project hopefully the day after.
dELTA, thank you for suggesting using IDC and also for suggesting the mini project in the first place. I don't have the insight at this very moment to say whether it will be easy or interesting but hopefully I/we will find out.

dELTA
December 6th, 2010, 18:38
Interesting it will be for sure, and also quite instructive in regards to IDC scripting for anyone involved. And most likely much more than that too.