Most challenging problems of today
Software Piracy is one of the most challenging problems of today's technological era. Reverse engineering plays an important role in software piracy, as it helps users to break security schemes implemented by software vendors on software components and distribute it over internet in form of torrents and other peer to peer file sharing networks or through media distribution from different countries. In this paper we will try to review some aspects of software piracy mostly distribution channels and some of Anti Reversing methodologies which we can use to prevent unauthorized distribution of our software.
Software Piracy Facts
According to Business Software Alliance global PC software piracy rate went higher than previous years with lead to loss of $53 billion in 2008. Although they tried to lower the piracy rate in various countries but on global level it still seems growing. In the same study it has been shown that only 44% of software installed on user computer is paid approximately 15% are open source or free to use and remaining 41% are pirated software mostly downloaded from over internet or purchased in form of distribution media such as CD, DVD etc.
Software Piracy and Computer Security
Pirated software acts as one of the main source of malware and spyware distribution . When users try to generate licenses or get pirated serial keys, key generators and patches from these content sharing websites they get their pc infected with various spyware. Some of these websites requires registration before downloading contents which may also lead to identity theft.
Reverse Engineering plays an important role in software piracy industry, although software vendors implement security mechanism but with help of various techniques software crackers are still able to bypass these security checks and crack application code. They can use various tool to further generate Key-Generators and Patches and distribute it to internet.
Reverse or not to Reverse
Technically reverse engineering is a set of techniques to recover information about some product whose information is not available or has been lost. In software we can use these methodologies to prevent information leakage, but this should be properly legalized in software end user license agreement, whether to allow end user to reverse engineer application or not. This thing will legally protect software vender that the legitimate buyer of software will not try to reverse engineer the product and will not publish any finding. Although this thing does not give guarantee that user will not reverse engineer it but still it gives a chance that it will provide legal protection in case he tries to reverse engineer it.
Anti Reversing Methodologies and their limitations
Several Anti reversing tools and techniques are available to prevent reverse engineering attempts. We can use some set of techniques to protect software components from reverse engineer although they do not provide 100% guarantee but still we can use these methodologies in combination to get best results.
Removal of Symbolic Information
As software engineer when we develop software applications, symbolic information with generated binaries of software plays an important role in debugging application and testing it for errors but if these symbols are not removed from the final product they are very dangerous for application security. Although they do not prevent from reversing but they provide enough information to break application.
Obfuscation is a technique in which we try to confuse reverse engineer from getting internal information about our product but renaming internal variable and function names to some long auto generated alphanumeric characters, so the attacker cannot easily guess why this variable or function is used for. Major drawback of this technique it that, it does not prevent attacker from obtaining data flow information. But it can reduce its human readability.
Adding Junk Code
This is another form of obfuscation, in this method instead of renaming we try to add some junk code in binary although this code in not called during execution but still it may confuse reverse engineer from obtaining information
This techniques is also used by malware, executing binary is encrypted and contains information about how to decrypt data from inside. This thing prevents their detection from Antivirus Software. When binary is executed it ejects code on memory and decrypts it and then executes it. We can use this methodology but this technique can be exploited by live analysis of binary while it is executing.
Virtual Machine Detection
This technique is also used in Malware in which executing binary tries to detect whether it has been executed with in a virtual environment such as VMWARE etc. Although this thing has very low impact on software reverse engineering but still we can use this option to prevent reverse engineer from analyzing this binary in a virtual environment. This thing may have a negative impact if your software in going to be used along virtualization.
Structured Exception Handler Tricks
This technique is also used in Malware in which it tries to raise an exception which prevents Debugger from adding any breakpoints in execution. This technique can also be used in software components which may help from debugging binary.
Shifting Decoded Frames
In this technique execution of components is divided into blocks. If execution of some block is required it is decrypted and executed and after execution is decrypted again before execution of next block. This technique is used as PatchGuard in 64 bit version of Microsoft Windows. For the time being this is very hard to defeat.
Break Point Detection
We can use various techniques to transfer data to page files and using hardware registers to detect whether any debugger is currently halting execution of software or not. This technique is also found in malware as prevention against debugger.
We can also use execution time as a prevention, we assume execution of this software will be maximum in some milliseconds if execution is slower than expected value executing binary is most likely to be under some analysis tool , there are several Windows API available and Intel Processor has a register for these type of operations.
Microsoft Windows API can also be used to prevent Anti Reversing, We can use various functions to detect debugger and currently executing applications in memory or hide process. Windows API functions are also used by malware to detect and disable antivirus, but we can use thse APIs to detect debugging and disassembling software from accessing our binaries.
Software Piracy is one of leading problem and cause loss of millions of dollars to economy, it also acts as a source of distribution of malware. Reverse engineering techniques are used to break application security, We can use some of anti reversing techniques to prevent attackers from modifying application.
 May-2009, Sixth Annual BSA-IDC Global Software Piracy Study - [http://global.bsa.org/globalpiracy2008/studies/globalpiracy2008.pdf]
 Software Piracy on the Internet -[http://global.bsa.org/internetreport2009/2009internetpiracyreport.pdf]
 OpenRCE Anti Reverse Engineering Techniques Database - http://www.openrce.org/reference_library/anti_reversing
 MindshaRE: Anti-Reversing Techniques - http://dvlabs.tippingpoint.com/blog/2008/08/07/mindshare-anti-reversing-techniques