Patent application number | Description | Published |
20080291999 | Method and apparatus for video frame marking - Method and apparatus for marking individual video frames of an H.264/AVC standard compliant or equivalent digital video stream. Each video frame in a H.264/AVC video stream is conventionally divided into NAL units. There are typically a number of NAL units for each video frame. There is specified in the H.264/AVC standard the SEI (Supplemental Enhancement Information) type. This type includes the user data unregistered type, which can contain arbitrary data. In the present method and apparatus, an NAL unit of this type is provided at the beginning of each video frame, preceding the other NAL units associated with that video frame. The data contained in that special SEI unit is typically control information for downstream control of use of the video content. Examples of the type of control information are stream positioning data such as a video frame number; stream bit rate, such as normal, fast forward; decryption data, such as a decryption key or key derivation seed; and validation elements, such as a checksum or hash function value or signature. | 11-27-2008 |
20090235089 | COMPUTER OBJECT CODE OBFUSCATION USING BOOT INSTALLATION - In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software. This boot loader then selects which particular process to use for the code execution at the time of installation in accordance with the value. This results in different versions of the obfuscated code being provided to each recipient installation, which further enhances security of the code against reverse engineering by hackers. | 09-17-2009 |
20090307657 | SYSTEM AND METHOD FOR ARRAY OBFUSCATION - Disclosed herein are systems, methods, and computer readable-media for obfuscating array contents in a first array, the method comprising dividing the first array into a plurality of secondary arrays having a combined total size equal to or greater than the first array, expanding each respective array in the plurality of the secondary arrays by a respective multiple M to generate a plurality of expanded arrays, and arranging data elements within each of the plurality of expanded arrays such that a data element located at an index I in a respective secondary array is located at an index I*M, wherein M is the respective multiple M in an associated expanded array, wherein data in the first array is obfuscated in the plurality of expanded arrays. One aspect further splits one or more of the secondary arrays by dividing individual data elements in a plurality of sub-arrays. The split sub-arrays may contain more data elements than the respective secondary array. The principles herein may be applied to single dimensional or multi-dimensional arrays. The obfuscated array contents may be accessed via an index to the first array which is translated to retrieve data elements stored in the plurality of expanded arrays. | 12-10-2009 |
20100058301 | SYSTEM AND METHOD FOR BRANCH EXTRACTION OBFUSCATION - Disclosed herein are systems, methods, and computer readable-media for obfuscating code. The method includes extracting a conditional statement from a computer program, creating a function equivalent to the conditional statement, creating a pointer that points to the function, storing the pointer in an array of pointers, replacing the conditional statement with a call to the function using the pointer at an index in the array, and during runtime of the computer program, dynamically calculating the index corresponding to the pointer in the array. In one aspect, a subset of instructions is extracted from a path associated with the conditional statement and the subset of instructions is placed in the function to evaluate the conditional statement. In another aspect, the conditional statement is replaced with a call to a select function that (1) calculates the index into the array, (2) retrieves the function pointer from the array using the index, and (3) calls the function using the function pointer. Calls can be routed through a select function before the function pointer is used to call the function evaluating the conditional statement. Each step in the method can be applied to source code of the computer program, an intermediate representation of the computer program, and assembly code of the computer program. | 03-04-2010 |
20100058303 | SYSTEM AND METHOD FOR CONDITIONAL EXPANSION OBFUSCATION - Disclosed herein are systems, methods, and computer readable-media for obfuscating code through conditional expansion obfuscation. The method includes identifying a conditional expression in a computer program, identifying a sequence of conditional expressions that is semantically equivalent to the conditional expression, and replacing the conditional expression with the semantically equivalent sequence of conditional expressions. One option replaces each like conditional expression in the computer program with a diverse set of sequences of semantically equivalent conditional expressions. A second option rearranges computer instructions that are to be processed after the sequence of conditional expression is evaluated so that a portion of the instructions is performed before the entire sequence of conditional expressions is evaluated. A third option performs conditional expansion obfuscation of a conditional statement in combination with branch extraction obfuscation. | 03-04-2010 |
20110041183 | SYSTEM AND METHOD FOR CALL REPLACEMENT - Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating a function call. The method receives a computer program having an annotated function and determines prolog instructions for setting up a stack frame of the annotated function and epilog instructions for tearing down the stack frame. The method places a first portion of the prolog instructions in the computer program preceding a jump to the annotated function and a second portion of the prolog instructions at a beginning of the annotated function. The method places a first portion of the epilog instructions at an end of the annotated function and a second portion of the epilog instructions in the computer program after the jump. Executing the first and second portions of the prolog instructions together sets up the stack frame. Executing the first and the second portions of the epilog instructions together tears down the stack frame. | 02-17-2011 |
20110047622 | SYSTEM AND METHOD FOR CALL PATH ENFORCEMENT - Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters. | 02-24-2011 |
20110055638 | SYSTEM AND METHOD FOR ANNOTATION DRIVEN INTEGRITY VERIFICATION - Disclosed herein are methods, systems, and computer-readable storage media for annotation driven integrity program verification. The method includes distributing verification calls configured to verify a function across call paths leading to the function in source code, generating a binary from the source code having placeholders associated with the verification calls, and filling each placeholder in the binary with verification data or reference checksums. Alternatively, the method includes receiving source code having a verification call, replacing the verification call with one or more equivalent verification calls distributed over a call path, replacing each verification call with a checksum function generating placeholders while compiling, generating a binary based on the placeholders, and filling each placeholder in the binary with reference checksums. The system includes a processor and a module controlling the processor to perform the methods. The computer-readable storage medium includes instructions for controlling a computer to perform the methods. | 03-03-2011 |
20110167407 | SYSTEM AND METHOD FOR SOFTWARE DATA REFERENCE OBFUSCATION - Disclosed herein are systems, methods, and computer-readable storage media for obfuscating software data references. The obfuscation process locates pointers to data within source code and loads the pointers into an ordered set of pools. The process further shuffles the pointers in the ordered set of pools and adds a function within the source code that when executed uses the ordered set of pools to retrieve the data. The obfuscation process utilizes pool entry shuffling, pool chaining shuffling and cross-pointer shuffling. | 07-07-2011 |
20110167414 | SYSTEM AND METHOD FOR OBFUSCATION BY COMMON FUNCTION AND COMMON FUNCTION PROTOTYPE - Disclosed herein are systems, methods, and computer-readable storage media for obfuscating by a common function. A system configured to practice the method identifies a set of functions in source code, generates a transformed set of functions by transforming each function of the set of functions to accept a uniform set of arguments and return a uniform type, and merges the transformed set of functions into a single recursive function. The single recursive function can allocate memory in the heap. The stack can contain a pointer to the allocated memory in the heap. The single recursive function can include instructions for creating and explicitly managing a virtual stack in the heap. The virtual stack can emulate what would happen to the real stack if one of the set of functions was called. The system can further compile the source code including the single recursive function. | 07-07-2011 |
20110179403 | SYSTEM AND METHOD FOR ANNOTATION-DRIVEN FUNCTION INLINING - Disclosed herein are systems, methods, and computer-readable storage media for obfuscating using inlined functions. A system configured to practice the method receives a program listing including annotated functions for obfuscation, identifies an annotated function called more than once in the program listing, and creates an inline control flow structure in the program listing for the identified annotated function, the control flow structure being computationally equivalent to inlining the identified annotated function into the program listing for each occurrence of the identified annotated function. The program listing can include tiers of annotated functions. The system can identify annotated functions called more than once based on an optionally generated callgraph. The system can create inline control flow structures in the program listing in order of annotation importance. The system can identify how many times each annotated function is called in the program listing. | 07-21-2011 |
20110307873 | SYSTEM AND METHOD FOR ENTROPY POOL VERIFICATION - Disclosed are systems, methods, and non-transitory computer-readable storage media for detecting changes in a source of entropy. A system configured to practice the method generates a cyclic graph based at least in part on the values in the entropy pool. Using the cyclic graph and one or more starting points, the system establishes one or more baseline properties for the cyclic graph. These properties can include the number of steps required to identify a cycle in the graph or the number of steps required to traverse the graph from one or more starting points to a selected end point. The computed properties are then stored for later use. As execution progresses, the system monitors the entropy pool to detect a change by regenerating the cyclic graph and using the stored properties. | 12-15-2011 |
20120179898 | SYSTEM AND METHOD FOR ENFORCING SOFTWARE SECURITY THROUGH CPU STATISTICS GATHERED USING HARDWARE FEATURES - This disclosure is directed to measuring hardware-based statistics, such as the number of instructions executed in a specific section of a program during execution, for enforcing software security. The counting can be accomplished through a specific set of instructions, which can either be implemented in hardware or included in the instruction set of a virtual machine. For example, the set of instructions can include atomic instructions of reset, start, stop, get instruction count, and get CPU cycle count. To obtain information on a specific section of code, a software developer can insert start and stop instructions around the desired code section. For each instruction in the identified code block, when the instruction is executed, a counter is incremented. The counter can be stored in a dedicated register. The gathered statistics can be used for a variety of purposes, such as detecting unauthorized code modifications or measuring code performance. | 07-12-2012 |
20120221864 | METHOD AND APPARATUS FOR COMPUTER CODE OBFUSCATION AND DEOBFUSCATION USING BOOT INSTALLATION - In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software. | 08-30-2012 |
20120260102 | SYSTEM AND METHOD FOR EXECUTING AN ENCRYPTED BINARY FROM A MEMORY POOL - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time. | 10-11-2012 |
20120260106 | SYSTEM AND METHOD FOR BINARY LAYOUT RANDOMIZATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for binary layout randomization. A system performs binary layout randomization by loading computer code into memory and identifying a section of the computer code to randomize. A loader remaps the section of computer code to a different location in memory utilizing a remapping algorithm. The loader can shuffle sections of code in place or move sections of code elsewhere. The loader patches relative addresses to point to the updated locations in memory. After the system patches the addresses, the system executes the computer code from memory. In one embodiment, the system encrypts the computer code prior to loading the computer code into memory. The loader decrypts the encrypted computer code prior to remapping the section of computer code to a different location in memory. Optionally, the loader can decrypt the encrypted computer code after patching relative addresses. | 10-11-2012 |
20120281828 | PROTECTION OF AUDIO OR VIDEO DATA IN A PLAYBACK DEVICE - Method and apparatus to prevent hacking of encrypted audio or video content during playback. Hackers, using a debugging attachment or other tools, can illicitly access encrypted data in memory in a playback device when the data is decrypted during playback and momentarily stored in digital form. This hacking is defeated here by methodically “poisoning” the encrypted data so that it is no longer playable by a standard decoder. The poisoning involves deliberate alteration of certain bit values. On playback, the player invokes a special secure routine that provides correction of the poisoned bit values, for successful playback. | 11-08-2012 |
20120284688 | SYSTEM AND METHOD FOR BLURRING INSTRUCTIONS AND DATA VIA BINARY OBFUSCATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating a computer program. A system configured to practice the method identifies a set of executable instructions at a first location in an instruction section of the computer program and identifies a second location in a data section of the computer program. Then the system moves the set of executable instructions to the second location and patches references in the computer program to the set of executable instructions to point to the second location. The instruction section of the computer program can be labeled as _TEXT,_text and the data section of the computer program is labeled as _DATA,_data. The set of executable instructions can include one or more non-branching instructions optionally followed by a branching instruction. The placement of the first and second locations can be based on features of a target computing architecture, such as cache size. | 11-08-2012 |
20130036473 | SYSTEM AND METHOD FOR BRANCH FUNCTION BASED OBFUSCATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating branches in computer code. A compiler or a post-compilation tool can obfuscate branches by receiving source code, and compiling the source code to yield computer-executable code. The compiler identifies branches in the computer-executable code, and determines a return address and a destination value for each branch. Then, based on the return address and the destination value for each branch, the compiler constructs a binary tree with nodes and leaf nodes, each node storing a balanced value, and each leaf node storing a destination value. The non-leaf nodes are arranged such that searching the binary tree by return address leads to a corresponding destination value. Then the compiler inserts the binary tree in the computer-executable code and replaces each branch with instructions in the computer-executable code for performing a branching operation based on the binary tree. | 02-07-2013 |
20130104239 | SYSTEM AND METHOD FOR OBFUSCATING DATA USING INSTRUCTIONS AS A SOURCE OF PSEUDORANDOM VALUES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating data using instructions as a source of pseudorandom values. Obfuscation is performed by receiving instructions and data and compiling the instructions and the data into an executable file having a text section and a data section. The text section can include instructions and the data section can include data segments. The system obfuscates the data section iteratively by generating a hash of an address for a respective data segment, and based on the hash, identifying a corresponding address in the text section that includes at least one instruction. The system retrieves a mask key from the corresponding address and applies the mask key to the respective data segment, yielding a masked data segment. In one embodiment, integrity verification of obfuscated data is performed without exposing the data in an unprotected state by utilizing multiple mask keys. | 04-25-2013 |