PDA

View Full Version : guardit 4 linux


Shub-nigurrath
March 16th, 2012, 06:05
Hi,
anyone has ever approached this protector?

http://www.arxan.com/software-protection-products/embedded-linux-GuardIt/index.php

sounds interesting and more recent than shiva..

According to the whitepaper here http://www.arxan.com/ds-pdf/GuardIT-for-Linux-datasheet.pdf

it seems to use the code-guards technique I also described few years ago: http://www.woodmann.com/forum/showthread.php?7120-Protecting-software-code-by-Guards

Interesting, also because I completely forgot about it..

Another interesting thing is that arxan was believed to be almost dead and instead they released an interesting protection suite for mobile terminals..

Maximus
March 16th, 2012, 12:59
I've searched alot about it - they work for a very limited (yet where much money stays) customership and you usually do not have access to software protected by it. Hence, their very unverified claims, mainly based off the fact they avoid real tests...
After digging alot, I've finally discovered more about it. In essence, it's all matter of finding an hidden key in it. It can work fine on closed boxes (i.e. TV). On PC, I doubt.
The 'software guards' is not very different from self-CRC with Solomon ECC's alike fixes...

Sab
March 26th, 2012, 16:24
see some research and proof of concept code done by the university (slides + pdf).
http://www.cs.purdue.edu/people/faculty/mja/

He wrote a few papers which are published that describe it. At its core its crc macros on predetermined ranges within the compiler using sdk, trivially solved.

FrankRizzo
June 14th, 2012, 20:18
I used to work for an Arxan competitor, and I know that we were stealing account after account from them. They appear to be mostly living on short term government R&D contracts currently. I assume this mobile suite was either an offshoot from one of those, or something one of the grad students did, and they wanted to try to make some money off of it.

Shub-nigurrath
June 15th, 2012, 07:09
I read several papers about this. Placing guards and repairing agents (for self healing) in the code is a stuff which is very well known (even skype is protected like so), the main result they did was to find a method to place these agents automatically into a petri network over compiled code. Which is a remarkable result afterall.

The interesting stuff is that they also extended this product to other platforms like android and java (that's almost the same), but it's real that indeed I still never saw a protected product. Moreover reading better their available documents and crossing that info w the web it seems like the protector for java cannot use the guard/checker method..

FrankRizzo
June 15th, 2012, 20:16
They're great at writing papers. What we heard from the customers that we took from them was that it required too much developer interaction, and things would break, and be difficult to pinpoint the causes. All the things that you DON'T want in a protection!

FrankRizzo
August 11th, 2012, 10:47
Quote:
[Originally Posted by enjoylife2012;93059]All the things that you DON'T want in a protection!


Yes! Especially one that you paid a million dollars for, and that's going on a billion plus dollar "defense department device".

Maximus
August 14th, 2012, 14:25
Quote:
[Originally Posted by FrankRizzo;93060]a million dollars for

WHAT???????????????????????????????

You mean that a shitty cloakware license/arxan license cost that much and it is breakable by any half-assed reverser with a basic knowledge of RCE+encryption?????

I thought it wouls cost say 50k$ to a company... a million?????????????????????????????????????????????

omg if this's true I wont be able to... o my god

ok, i need self-control

omg i cant please tell me youre kidding me

HAHAHA no I cant believe it...
OMG how will i be serious....

FrankRizzo
August 14th, 2012, 21:19
Quote:
[Originally Posted by Maximus;93084]WHAT???????????????????????????????

You mean that a shitty cloakware license/arxan license cost that much and it is breakable by any half-assed reverser with a basic knowledge of RCE+encryption?????

I thought it wouls cost say 50k$ to a company... a million?????????????????????????????????????????????

omg if this's true I wont be able to... o my god

ok, i need self-control

omg i cant please tell me youre kidding me

HAHAHA no I cant believe it...
OMG how will i be serious....


Well, honestly, I've never seen their "industrial strength" version. BUT! I've heard the same complaints about it that you hear here about the watered down commercial version. The company that I worked for was stealing their lunch CONSTANTLY because our shit worked, unlike theirs.