Slashdot Mirror


New Encryption Method Fights Reverse Engineering

New submitter Dharkfiber sends an article about the Hardened Anti-Reverse Engineering System (HARES), which is an encryption tool for software that doesn't allow the code to be decrypted until the last possible moment before it's executed. The purpose is to make applications as opaque as possible to malicious hackers trying to find vulnerabilities to exploit. It's likely to find work as an anti-piracy tool as well. To keep reverse engineering tools in the dark, HARES uses a hardware trick that’s possible with Intel and AMD chips called a Translation Lookaside Buffer (or TLB) Split. That TLB Split segregates the portion of a computer’s memory where a program stores its data from the portion where it stores its own code’s instructions. HARES keeps everything in that “instructions” portion of memory encrypted such that it can only be decrypted with a key that resides in the computer’s processor. (That means even sophisticated tricks like a “cold boot attack,” which literally freezes the data in a computer’s RAM, can’t pull the key out of memory.) When a common reverse engineering tool like IDA Pro reads the computer’s memory to find the program’s instructions, that TLB split redirects the reverse engineering tool to the section of memory that’s filled with encrypted, unreadable commands.

3 of 215 comments (clear)

  1. Well, that's it...better pack up hackers... by NotDrWho · · Score: 5, Funny

    That's it. They've finally come up with uncrackable software. I guess all the hackers will just have to pack their bags and find another hobby now. It was a good many decades while it lasted. But now it's clearly over. Congrats to Jacob Torrey on doing what no one else has ever been able to do! No way this will ever be cracked. He's beaten us all.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  2. Re:Already sloved by BronsCon · · Score: 5, Funny

    Is that your goto solution for preventing reverse engineering?

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  3. Re:Already sloved by mr_mischief · · Score: 5, Funny

    Hardware by Intel, code by Escher.