IJCNIS Vol. 4, No. 12, 8 Nov. 2012
Cover page and Table of Contents: PDF (size: 1032KB)
Software security, activation, piracy, reverse engineering, multithreading
Software activation is an anti-piracy technology designed to verify that software products have been legitimately licensed. Activation should be quick and simple while simultaneously being secure and protecting customer privacy. The most common form of software activation is for the user to enter a legitimate product serial number. However, software activation based on serial numbers appears to be weak, since cracks for many programs are readily available on the Internet. Users can employ such cracks to bypass software activation.
Serial number verification logic usually executes sequentially in a single thread. Such an approach is relatively easy to break since attackers can trace the code to understand how the logic works. In this paper, we develop a practical multi-threaded verification design. Our results show that by proper use of multi-threading, the amount of traceable code in a debugger can be reduced to a low percentage of the total and the traceable code in each run can differ as well. This makes it significantly more difficult for an attacker to reverse engineer the code as a means of bypassing a security check. Finally, we attempt to quantify the increased effort needed to break our verification logic.
Jianrui Zhang, Mark Stamp, "Software Activation Using Multithreading", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.12, pp.1-17, 2012. DOI:10.5815/ijcnis.2012.12.01
[1]activatesoft.net, "Product Activation Overview", http://www.activatesoft.net/activation_overview.asp
[2]Chris Davies, "Windows 7 cracked after Lenovo OEM key leaks", http://www.slashgear.com/windows-7-cracked-after-lenovo-oem-key-leaks-2950684/
[3]ORC, "How to Crack", http://www.mindspring.com/~win32ch/howtocrk.zip
[4]Jianrui Zhang & Shengyu Li, "CS265 Project 2 Report", 05/11/2009
[5]MLC Technologies, "Hardware Key Activation", http://www.mcl-collection.com/support/licensing/hardware_key.php
[6]Schlumberger, "Cyberflex Access Cards Programmer's Guide", Jan 2004
[7]Bank of China, "Security Mechanism (Cooperate Service)", http://www.bankofchina.com/en/custserv/bocnet/200812/t20081212_144526.html
[8]Logic Protect, http://www.logicprotect.com/index.asp
[9]Mark Stamp, Information Security: Principles and Practices, Wiley 2006
[10]Mark Stamp, lecture notes on "Software Breaking", Fall 2009
[11]Wikipedia, http://en.wikipedia.org/wiki/Product_activation
[12]Martin Cowley, "Frontend Plush", http://frontend-plus.software.informer.com/
[13]Eric Lafortune, "ProGuard", http://proguard.sourceforge.net/
[14]Christian Collberg, "SandMark", http://sandmark.cs.arizona.edu/
[15]Scott Oaks, "Java Security", Published by O'Reilly, 2001
[16]Borland, JBuilder 2007 Documentation
[17]XenoCode, http://www.xenocode.com/
[18]Wikipedia, http://en.wikipedia.org/wiki/Polymorphic_code
[19]Shameen Akhter & Jason Roberts, "Multi-Core Programming: Increasing Performance through Software Multi-threading"
[20]BestSerials, http://www.bestserials.com/
[21]CrackLoader, http://www.crackloader.com/
[22]Australian Institute of Criminology, http://www.aic.gov.au/
[23]Jedisware, http://www.jedisware.com/
[24]Cyberlink, http://www.cyberlink.com/products/powerdvd/overview_en_US.html
[25]Chinmaan, http://i179.photobucket.com/albums/w306/chinmaan/activation.jpg
[26]RabLab, http://www.rarlab.com/
[27]Avast, http://www.avast.com/free-antivirus-download
[28]IDA Pro, http://www.hex-rays.com/idapro/
[29]OllyDbg, http://www.ollydbg.de/