Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: Watermarking application

  1. #16
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Evaluator, back off, you're out of line. It's a perfectly good question to ask for general techniques used by advanced custom watermarking designs like those of IDA Pro and CoreImpact. Especially since the watermarked versions of those products cannot be acquired in "legal ways" in order to have anything to analyze to begin with, but even without that, it is still ok to ask general questions about advanced concepts, in order to get a good "starting point" for your own work.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  2. #17
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,085
    Blog Entries
    5
    Happened upon a couple of articles on the topic

    http://web17.webbpro.de/index.php?page=software-watermarking

    and its reference:

    Software Watermarking Via Assembly Code Transformations, Smita Thaker

    http://www.cs.sjsu.edu/faculty/stamp/students/cs298ReportSmita.pdf

  3. #18
    JoePub
    Guest
    LaBBa, Others can correct me if I am wrong here but I believe what IDA does on top of what others have said is change the linker order of it's various object files during the linking stage.

    For example if the compile process ended up with the following objects

    file1.o, file2.o, file3.o

    You could change the order they are linked together giving and individualised watermark, now imagine doing that with hundreds of object files that IDA is most likely to have you would have loads of combinations you can use.

    And personally I don't think it's an easy task to remove since you would need to move the order of the linked in objects to alter the watermark which means relative addresses within the program would need to be updated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #19
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by JoePub View Post
    And personally I don't think it's an easy task to remove since you would need to move the order of the linked in objects to alter the watermark which means relative addresses within the program would need to be updated.
    Sounds like it should be possible with an IDC script (as long as all code is reached for analysis) though. Does IDA still have silly special cases for not reversing itself btw?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  5. #20
    Quote Originally Posted by dELTA View Post
    Sounds like it should be possible with an IDC script (as long as all code is reached for analysis) though. Does IDA still have silly special cases for not reversing itself btw?
    I don't think IDA has this restriction. If I recall correctly then the author of this book "The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler" writes that he got information about IDA by reversing it in IDA

    We could check the 'watermarking-by-linking-order' idea by a simple toy app and see if it could be conveniently handled by IDC scripts... I'm not familiar with IDC scripts so this may seem like a stupid idea.

  6. #21
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Sounds like a nice mini-project for those interested. It would both help explore this interesting way of watermarking (and ways to break it), and also allow the participants to teach themselves some IDC scripting.

    You want to take the lead niaren? Just start a new thread in the Mini projects forum in that case.

    LaBBa, are you in?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  7. #22
    Hi dELTA, I wouldn't mind at all start a mini-project. I was just waiting for someone to ask

    But I was wondering what would be a good way to start. I could for instance provide a very simple app created by linking two or three object files. Then the goal is to create a new app with a different permutation of the object files.
    Another approach would be to have two exe files each with a different permutation of the object files. That way it may be easier to get started because we have the starting exe and the solution. What would be most fun?
    What do you think?

  8. #23
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Sounds great niaren. My personal guess would be that having two exe files with different permutations of (a low number of) object files would be a very good starting point to develop and test the IDC script from, and that you could then add more single executables (made from completely different code/object files) as secondary levels to test the developed IDC script, don't you agree?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  9. #24
    Quote Originally Posted by dELTA View Post
    Sounds great niaren. My personal guess would be that having two exe files with different permutations of (a low number of) object files would be a very good starting point to develop and test the IDC script from, and that you could then add more single executables (made from completely different code/object files) as secondary levels to test the developed IDC script, don't you agree?
    Agree! Tomorrow is one of those rare days where playing with my computer comes in second row because of some sports game in TV I simply have to see. But I will start the mini project hopefully the day after.
    dELTA, thank you for suggesting using IDC and also for suggesting the mini project in the first place. I don't have the insight at this very moment to say whether it will be easy or interesting but hopefully I/we will find out.

  10. #25
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Interesting it will be for sure, and also quite instructive in regards to IDC scripting for anyone involved. And most likely much more than that too.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. So... what is THIS application now?
    By Aimless in forum Off Topic
    Replies: 2
    Last Post: August 29th, 2011, 09:50
  2. Watermarking by linking order
    By niaren in forum Mini Project Area
    Replies: 25
    Last Post: January 15th, 2011, 22:07
  3. 16 bit dos application
    By zmintu in forum The Newbie Forum
    Replies: 6
    Last Post: March 22nd, 2008, 18:10
  4. Not able to load a VB application
    By yuvarar in forum OllyDbg Support Forums
    Replies: 6
    Last Post: August 31st, 2006, 00:57
  5. Crashes the application
    By Koke in forum Bugs
    Replies: 2
    Last Post: August 25th, 2005, 12:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •