Professional Documents
Culture Documents
edu/~collberg/Teaching/mgu/2015/
Introduction
Introduction
Lectures
Lectures
In the first part of this course we will learn how to "crack" programs, i.e. how hackers break into software to extract
secrets, remove license checks, etc. In the second part we will use this knowledge to learn how to defend against such
Exercises and Tests
attacks.
Exercise 1
Exercise 2 Learning about this type of computer security is important because many current systems are vulnerable to cracking
Exercise 3/Final Exam attacks. This includes computer games, the national power grid, military systems, medical systems, etc.
Links To follow this course you need to know C and Unix. Some understanding of assembly code, cryptography, and compilers
Tools is also useful, but not necessary.
Books and Papers
The course will have practical homework exercises where you will crack small programs, and use tools to protect against
Announcements cracking.
Important News
The course will be given in English.
Lectures
Introduction
Attacks
Analysis
Obfuscation I
Obfuscation II
Tamperproofing I
Tamperproofing II
Hardware
Watermarking
Assignment 1
In this assignment you are given a program that has been lightly obfuscated using the Tigress tool.
You are given source code, and your task is to remove the obfuscation from the functions (except main), and give me
the "minimal" (shortest) and most well structured "original" program.
MGU students, download the assignment from here:
MacOs
Linux
Due date: April 6.
TSU students, download the assignment from here:
MacOs
Linux
Your unique assignment is in the folder with your name. Due date: Friday May 1. You should email your solution to
collberg@gmail.com using the subject line TSU, Assignment 1.
SibSAU students, download the assignment from here:
MacOs
Linux
Your unique assignment is in the folder with your name. Due date: Monday June 15. You should email your solution
to collberg@gmail.com using the subject line SibSAU, Assignment 1.
You can see here what the original program typically looks like.
The body of the email should look like this
FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P
TOOLS: what techniques did you use
TECHNIQUES: what tools, if any, did you use
TIME: how long did it take you
https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 1/3
10/10/2018 https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/
DIFFICULTY: was it easy/hard
Software Protection:
CHALLENGES:How
what, to Crack
in particular, did Programs, and Defend
you find particularly Against Cracking
easy or hard
COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it,
comments about the course in general if you wish, etc.
MGU/TSU/SibSAU,
BEGIN-ANSWER Spring 2015, Christian Collberg
Here is where you put the de-obfuscated code of your assignment!
END-ANSWER
Introduction Your de-obfuscated program should have the same input-output behavior as the challenge. The answer should be
idiomatic C, i.e. have a structure that "looks like normal C written by a human". All unnecessary code (i.e. code
Lectures added or transformed by the obfuscator) should be removed. For example, I expect loops in the source program to
Lectures have corresponding loops in the recovered program, flattened or virtualized code will have been returned to its pre-
obfuscated state, and compound data types (arrays, structs, and unions) should be identified as such.
Exercises and Tests
Exercise 1
Exercise 2
Exercise 3/Final Exam
Links Assignment 2
Tools
Books and Papers To try out Tigress, do the following:
1. Download and unzip the latest version of tigress from here.
Announcements 2. Depending on your shell, set the following environment variables:
Important News
> setenv TIGRESS_HOME /PATH_TO/tigress-unstable
> setenv PATH /PATH_TO/tigress-unstable:$PATH
or
make -f makefilee
FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P
https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 2/3
10/10/2018 https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/
PROGRAM: what does your program do?
Software Protection:what
How
ASSET: toareCrack
asset Programs, and Defend Against Cracking
you protecting?
SCRIPT1:
why did you choose the particular sequence of transformations for
script one, how well do you think your asset is protected, and
MGU/TSU/SibSAU, Spring 2015,
what Christian
slowdown Collberg
did you see?
SCRIPT2: same as SCRIPT1, but for the second script
SCRIPT3: same as SCRIPT1, but for the third script
COMMENTS: how hard was this, did you enjoy it, what could have been
done differently, what transformation did you need from
Introduction Tigress that it does not have, what bugs did you find in
Tigress, etc.
Lectures
Lectures You should email your solution to collberg@gmail.com.
MGU students: Due date: April 18, email subject line MGU, Assignment 2.
Exercises and Tests TSU students: Due date: Friday May 8, email subject line TSU, Assignment 2.
Exercise 1 SibSAU students: Due date: Monday June 22, email subject line SibSAU, Assignment 2.
Exercise 2 The submission should be in the form of an attached zip-file named FIRSTNAME_LASTNAME.zip containg a
Exercise 3/Final Exam directory FIRSTNAME_LASTNAME with, at least, these files:
program.c
Links makefile
Tools README.txt
Books and Papers out1.c
out2.c
Announcements out3.c
Important News
FIRSTNAME: Bob
LASTNAME: Jones
EMAILADDRESS: bob@cia.gov
UNDERGRADUATE,MASTERS,PHD (U/M/P): P
TOOLS: what techniques did you use
TECHNIQUES: what tools, if any, did you use
TIME: how long did it take you
DIFFICULTY: was it easy/hard
CHALLENGES: what, in particular, did you find particularly easy or hard
COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it,
comments about the course in general if you wish, etc.
https://www2.cs.arizona.edu/~collberg/Teaching/mgu/2015/ 3/3