10/10/2018 https://www2.cs.arizona.

edu/~collberg/Teaching/mgu/2015/

Software Protection: How to Crack Programs, and Defend Against Cracking

MGU/TSU/SibSAU, Spring 2015, Christian Collberg

Introduction
Introduction
Lectures
Lectures
In the first part of this course we will learn how to "crack" programs, i.e. how hackers break into software to extract
secrets, remove license checks, etc. In the second part we will use this knowledge to learn how to defend against such
Exercises and Tests
attacks.
Exercise 1
Exercise 2 Learning about this type of computer security is important because many current systems are vulnerable to cracking
Exercise 3/Final Exam attacks. This includes computer games, the national power grid, military systems, medical systems, etc.
Links To follow this course you need to know C and Unix. Some understanding of assembly code, cryptography, and compilers
Tools is also useful, but not necessary.
Books and Papers
The course will have practical homework exercises where you will crack small programs, and use tools to protect against
Announcements cracking.
Important News
The course will be given in English.

Lectures
Introduction
Attacks
Analysis
Obfuscation I
Obfuscation II
Tamperproofing I
Tamperproofing II
Hardware
Watermarking

Assignment 1
In this assignment you are given a program that has been lightly obfuscated using the Tigress tool.
You are given source code, and your task is to remove the obfuscation from the functions (except main), and give me
the "minimal" (shortest) and most well structured "original" program.
MGU students, download the assignment from here:
MacOs
Linux
Due date: April 6.
TSU students, download the assignment from here:
MacOs
Linux
Your unique assignment is in the folder with your name. Due date: Friday May 1. You should email your solution to
collberg@gmail.com using the subject line TSU, Assignment 1.
SibSAU students, download the assignment from here:
MacOs
Linux
Your unique assignment is in the folder with your name. Due date: Monday June 15. You should email your solution
to collberg@gmail.com using the subject line SibSAU, Assignment 1.
You can see here what the original program typically looks like.
The body of the email should look like this

FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P
TOOLS: what techniques did you use
TECHNIQUES: what tools, if any, did you use
TIME: how long did it take you

https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 1/3
10/10/2018 https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/
DIFFICULTY: was it easy/hard
Software Protection:
CHALLENGES:How
what, to Crack
in particular, did Programs, and Defend
you find particularly Against Cracking
easy or hard
COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it,
comments about the course in general if you wish, etc.
MGU/TSU/SibSAU,
BEGIN-ANSWER Spring 2015, Christian Collberg
Here is where you put the de-obfuscated code of your assignment!
END-ANSWER

Introduction Your de-obfuscated program should have the same input-output behavior as the challenge. The answer should be
idiomatic C, i.e. have a structure that "looks like normal C written by a human". All unnecessary code (i.e. code
Lectures added or transformed by the obfuscator) should be removed. For example, I expect loops in the source program to
Lectures have corresponding loops in the recovered program, flattened or virtualized code will have been returned to its pre-
obfuscated state, and compound data types (arrays, structs, and unions) should be identified as such.
Exercises and Tests
Exercise 1
Exercise 2
Exercise 3/Final Exam

Links Assignment 2
Tools
Books and Papers To try out Tigress, do the following:
1. Download and unzip the latest version of tigress from here.
Announcements 2. Depending on your shell, set the following environment variables:
Important News
> setenv TIGRESS_HOME /PATH_TO/tigress-unstable
> setenv PATH /PATH_TO/tigress-unstable:$PATH

or

> export TIGRESS_HOME=/PATH_TO/tigress-unstable

> export PATH=$PATH:/PATH_TO/tigress-unstable

3. Try out Tigress:

tigress --Transform=Virtualize --Functions=main --out=result.c test2.c

This should construct a trivial interpreter from test2.c in result.c.

4. Some useful commands:

*) tigress --help : Show how to use tigress

*) tigress --options : Show complete list of options to tigress
*) tigress --license : Display the tigress license
*) tigress --bibtex : See how to cite us
*) tigress --apple : See how to get past some Darwin issues

5. Read all the documentation of Tigress, here.

Now do the following:
1. Write a short (around 50 lines of code) C program (called program.c) that has some sort of ``asset'' that you
would like to protect/hide, such as a license check, an algorithm, or a piece of data.
2. Use Tigress to protect your program. I want you to experiment with writing scripts (commands that call tigress
with different sequences of transformations) to get different levels of protection, at different slowdowns.
3. Construct at least three different scripts and a makefile (called makefile-C) that generates the differently
protected versions of your program. The makefile should look something like this:

all: out1.c out2.c out3.c

out1.c : program.c
tigress transformations --out=out1.c program.c
out2.c : program.c
tigress transformations --out=out2.c program.c
out3.c : program.c
tigress transformations --out=out3.c program.c

In other words, I will only type

make -f makefilee

to generat your protected programs.

4. Construct a file README.txt that describes what you did:

FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P

https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 2/3
10/10/2018 https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/
PROGRAM: what does your program do?
Software Protection:what
How
ASSET: toareCrack
asset Programs, and Defend Against Cracking
you protecting?
SCRIPT1:
why did you choose the particular sequence of transformations for
script one, how well do you think your asset is protected, and
MGU/TSU/SibSAU, Spring 2015,
what Christian
slowdown Collberg
did you see?
SCRIPT2: same as SCRIPT1, but for the second script
SCRIPT3: same as SCRIPT1, but for the third script
COMMENTS: how hard was this, did you enjoy it, what could have been
done differently, what transformation did you need from
Introduction Tigress that it does not have, what bugs did you find in
Tigress, etc.
Lectures
Lectures You should email your solution to collberg@gmail.com.
MGU students: Due date: April 18, email subject line MGU, Assignment 2.
Exercises and Tests TSU students: Due date: Friday May 8, email subject line TSU, Assignment 2.
Exercise 1 SibSAU students: Due date: Monday June 22, email subject line SibSAU, Assignment 2.
Exercise 2 The submission should be in the form of an attached zip-file named FIRSTNAME_LASTNAME.zip containg a
Exercise 3/Final Exam directory FIRSTNAME_LASTNAME with, at least, these files:
program.c
Links makefile
Tools README.txt
Books and Papers out1.c
out2.c
Announcements out3.c
Important News

Assignment 3/Final Exam

The program given to you crashes with a segmentation fault due to an expired time check. Your task is to edit the
binary code in a way such that the program runs as normal (takes an integer as input, and produces an integer as
output, as in the previous assignments).
MGU students, download the assignment from here:
MacOs
Linux
TSU students, download the assignment from here:
MacOs
Linux
Construct a file README.txt that describes what you did:

FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P
TOOLS: what techniques did you use
TECHNIQUES: what tools, if any, did you use
TIME: how long did it take you
DIFFICULTY: was it easy/hard
CHALLENGES: what, in particular, did you find particularly easy or hard
COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it,
comments about the course in general if you wish, etc.

Due date: Monday June 15.

You should email your solution to collberg@gmail.com using the subject line MGU, Assignment 3 or TSU,
Assignment 3.
The submission should be in the form of an attached zip-file named FIRSTNAME_LASTNAME.zip containg a
directory FIRSTNAME_LASTNAME with, at least,
the hacked challenge file
README.txt

https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 3/3