Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Encryption Method Fights Reverse Engineering

Posted by Soulskill on from the with-many-obfuscations,-all-bugs-are-deep dept.

New submitter Dharkfiber sends an article about the Hardened Anti-Reverse Engineering System (HARES), which is an encryption tool for software that doesn't allow the code to be decrypted until the last possible moment before it's executed. The purpose is to make applications as opaque as possible to malicious hackers trying to find vulnerabilities to exploit. It's likely to find work as an anti-piracy tool as well. To keep reverse engineering tools in the dark, HARES uses a hardware trick that’s possible with Intel and AMD chips called a Translation Lookaside Buffer (or TLB) Split. That TLB Split segregates the portion of a computer’s memory where a program stores its data from the portion where it stores its own code’s instructions. HARES keeps everything in that “instructions” portion of memory encrypted such that it can only be decrypted with a key that resides in the computer’s processor. (That means even sophisticated tricks like a “cold boot attack,” which literally freezes the data in a computer’s RAM, can’t pull the key out of memory.) When a common reverse engineering tool like IDA Pro reads the computer’s memory to find the program’s instructions, that TLB split redirects the reverse engineering tool to the section of memory that’s filled with encrypted, unreadable commands.

43 of 215 comments (clear)

  1. Bring it on, folks! by aaaaaaargh! · · Score: 5, Insightful

    The crackers are going to love breaking this in 1, 2, 3 ...

    1. Re:Bring it on, folks! by halivar · · Score: 4, Funny

      Ah, but count-up's are indefinite. Now they won't find it until they count to a million or something. Should have counted down, but now it's too late...

    2. Re:Bring it on, folks! by Anonymous Coward · · Score: 5, Interesting

      I did a technological solution similar to this where the TLB split was done in ring -1 (VMX/SMM). Ridiculously easy to decrypt and execute on the fly only as a given page is executed. Really fast. Key exchange happens in ring -1 with an external licensing server. The only way to defeat my mechanism is to get into ring -1 before I did which of course is possible to do. No DRM system is perfectly secure. But this was orders of magnitude more difficult than your average system. If you attached a debugger to the protected process, you literally would see the encrypted opcodes. You could single step and execute as normal but the executable code was always encrypted from the user's perspective because data reads would always return the encrypted code whereas instruction reads would always be decrypted.

      The biggest problem I had with this technology actually happened to be the compiler. Some compilers like to mix read-only data into code segments. It wasn't an impossible solution to fix, but it was the biggest headache.

    3. Re:Bring it on, folks! by wierd_w · · Score: 4, Interesting

      Sounds like all you need to analyze this, is a "fake" processor.

      EG, running this inside something like BOCHS, which has a built in x86 debugger, and runs a lot like a hypervisor. This encryption would need to be able to detect living inside a fully emulated system and simply refuse to operate in order to be safe from this kind of analysis. BOCHs will let you step through exactly what instructions the emulated CPU is actually doing, regardless of the data that is stored in the memory allocated to the emulator's process.

      Don't get me wrong-- this makes a nasty bump in the road for career data thieves, but forensic analysis of the encryption is not completely thwarted.

    4. Re:Bring it on, folks! by sexconker · · Score: 4, Funny

      So are count-downs. 3, 2, 1, 0, -1...

      So are count-tos.
      1, 2, 2 and a half, 2 and three quarters...

    5. Re: Bring it on, folks! by Anonymous Coward · · Score: 5, Interesting

      Well that depends a bit. It would be moderately difficult with VMware since there aren't good facilities to get after what you are looking for. It would be easier on Bochs which has integrated VM debugging. Although with good obfuscation it is still difficult. But as I mentioned above in my post, this kind of a system isn't impossible to break, just more difficult.

      Back before DVD drm was generally broken with DeCSS, I had my own mechanism for breaking DVDs It was cumbersome but it worked. I would use a software DVD player to unlock the DVD drive. I had hardware acceleration for the DVD decoding itself. This meant that 90% of the CPU time that was in use was mostly spent doing decryption. So I would attach a debugger, and randomly break in and statistically speaking it wouldn't take me long to catch the decryption function in action. From there it was trivial to find the key and once I had the key I could externally decrypt the DVD.

      You could do a similar thing for this kind of a problem. If you are in ring -1, statistically speaking there is a good chance you are running the decryption algorithm. Once you find that, it isn't too hard to trace back to the decrypt init function and extract the key.

      This is part of the reason I gave up on (making) DRM stuff. No matter how hard you make it, it's always easy to crack with the right know how and tools. ANYTHING drm and be cracked. Wanna play with my netflix downloader?

    6. Re: Bring it on, folks! by tlambert · · Score: 4, Interesting

      Back before DVD drm was generally broken with DeCSS, I had my own mechanism for breaking DVDs It was cumbersome but it worked.

      Me too. I electrically emulated a LVDS flat panel and reconstructed the high resolution image from the LVDS.

      Works great for BluRay encryption, and for projectionist monitor screens in movie theaters, too, since the flat panels themselves are *after* the content decryption.

    7. Re:Bring it on, folks! by linuxrocks123 · · Score: 3, Interesting

      I am the author of Loop-Amnesia, a system similar to TRESOR, but more sophisticated in that it supports multiple encrypted volumes. After looking over the article, it does not appear that this is at all similar. It also does not appear to protect against the cold boot attack as claimed.

      The authors claim a 2% performance reduction. Such a reduction implies that the instructions are not being decrypted literally on-the-fly; the reduction would be much more severe then. They're using a tactic called a "TLB split", which corrupts the cached page table so that reading memory gets you different results from executing it. A page of executable code is likely decrypted with a key stored in the CPU, put in a different physical page, and then the TLB split is performed so that executes go to the other page while reads still go to the encrypted page.

      The cold boot attack dumps physical memory. This tactic corrupts virtual memory to frustrate analysis. The executable code is still stored in RAM somewhere, just not somewhere where you can get to it by reading from a virtual memory address. The cold boot attack would still work fine.

      Finally, TRESOR and Loop-Amnesia are not broken. TRESOR-HUNT only works if you enable DMA on your FireWire bus. You shouldn't be doing that anyway.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    8. Re:Bring it on, folks! by penguinoid · · Score: 2

      The crackers are going to love breaking this in 1, 2, 3 ...

      Odds are the antivirus companies will beat them to it. Else how will they protect against encrypted viruses? Gotta at least maintain the pretense of protection, right?

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    9. Re:Bring it on, folks! by linuxrocks123 · · Score: 2

      I assume you mean PCI Express, since PCI-X is an obsolete standard not used on modern systems, but the answer is the same for PCI, PCI-X, and PCI Express, so no matter.

      The TRESOR-HUNT attack works by having the attacker plug a malicious peripheral into the running computer, then having that peripheral use DMA to write malicious code into the computer's RAM which copies the encryption key out of the CPU.

      Plugging a PCI card into a computer while it is running is likely to fry the motherboard, or at the very least cause an immediate system crash, so this is not a risk.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    10. Re:Bring it on, folks! by linuxrocks123 · · Score: 2

      For all practical purposes, you are incorrect. Desktops and laptops do not typically support PCI Express hot swapping; this is a feature implemented only on high-end server chipsets.

      Additionally, grow up.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
  2. Already sloved by PPH · · Score: 4, Funny

    I keep my code undeadable with a liberal use of goto statements.

    --
    Have gnu, will travel.
    1. Re:Already sloved by halivar · · Score: 4, Funny

      I keep my code undeadable with a liberal use of goto statements.

      You made an infinite loop with goto?

    2. Re:Already sloved by BronsCon · · Score: 5, Funny

      Is that your goto solution for preventing reverse engineering?

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    3. Re:Already sloved by fahrbot-bot · · Score: 3, Funny

      I keep my code undeadable with a liberal use of goto statements.

      I store my undeadable code using a Walking Dead technique, whereby the binary code is reaped from the the return statuses of zombie processes killed at the last possible moment ...

      --
      It must have been something you assimilated. . . .
    4. Re:Already sloved by wonkey_monkey · · Score: 3, Funny

      That's a terrible joke. Goto your room!

      --
      systemd is Roko's Basilisk.
    5. Re:Already sloved by mr_mischief · · Score: 5, Funny

      Hardware by Intel, code by Escher.

  3. More of the same: by Hartree · · Score: 5, Interesting

    Just another step along the road of "We own your computer, not you."

    1. Re:More of the same: by DocSavage64109 · · Score: 5, Insightful

      Assuming this encryption actually works, it probably wreaks major havoc with processor caching and branch prediction algorithms. I'd be interested in seeing benchmarks of this encryption in action vs the non-encrypted version.

    2. Re:More of the same: by Rakarra · · Score: 2

      If it works, it's tradeoff of security for speed seems to be worthwhile. That being said, I doubt it works. Time will tell.

      Given a number of people here have already mentioned how this could be cracked, I'm not sure that you'll get much, if any security. After all, if you're looking for vulnerabilities, all you need is for those few hackers to care to have a VM that can analyze the cache. Meanwhile, the programs will be running slower for everyone. And Moore's Law is pretty much dead, so you can't just assume that faster and faster processors will make the slowdowns disappear.

  4. Really? by jythie · · Score: 4, Insightful

    Does anyone in the industry who actually works with computers believe these kinds of claims? Such technologies are great for getting buy in from marketing, the legal dept, underwriters, and content owners, but outside making the life of developers more difficult I have not heard of them actually stopping reverse engineering.

    The only time these kinds of tools seem to 'work' is when you are producing something which lacks the popularity to be worth the effort, which is not a good sign.

    1. Re:Really? by mlts · · Score: 4, Informative

      We have had many, many technologies that were supposed to stop reverse engineering.

      I remember back in the Apple ][ days, a program called "Lock it Up" by Double Gold Software had anti-reverse-engineering things in it, and was advertised as sending the bad guys packing (one of which was doing "poke 214, 128" which would disable the BASIC prompt). Then we had obfuscators for C++, BASIC, Java, and other languages, same thing.

      This technology looks like it will be broken by running it in a VM, so I'm sure the next generation will have anti-VM stuff in it, and someone will just run a Bochs emulator (dog slow, but emulates everything 100%) to bypass that.

      My take: How about companies spend money on improving their software instead of playing with DRM which will get broken anyway? In the enterprise, the fear of an audit is good enough to keep people in compliance with Oracle licenses. For games, using CD keys is good enough. They can play locally, but can't go multiplayer without a proper key.

      If the code is so sensitive it -has- to be protected, put it in a tamper-resistant appliance, like a HSM.

    2. Re:Really? by davydagger · · Score: 4, Interesting

      Its possible, but entirely unlikely. There is going to be a massive performance hit. What they can do is encrypt RAM with the key directly in the CPU, something modern computer support.(See unmerged TRESSOR patches). They can then decrypt the data with hardware instructions(AES-NI), as they move main memory to the cache, either on die, on the motherboard which cannot be easily removed.(not within the timespan for coldboot attacks). harder to break does not mean unbreakable as well. If the operating system is rooted, it migh be very well easy enough to get the key from the CPU(AES is symetric, and no CPUs have HW implementations of asymetric ciphers.). If the key is burned when the CPU is made, it would be an industry-wide key. All it would take is one leak, one time, and everyone can now decrypt memory.

  5. Well, that's it...better pack up hackers... by NotDrWho · · Score: 5, Funny

    That's it. They've finally come up with uncrackable software. I guess all the hackers will just have to pack their bags and find another hobby now. It was a good many decades while it lasted. But now it's clearly over. Congrats to Jacob Torrey on doing what no one else has ever been able to do! No way this will ever be cracked. He's beaten us all.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  6. In 3...2...1... by PvtVoid · · Score: 4, Insightful

    ... somebody exploits this to write malware that's truly a bitch to reverse-engineer.

    1. Re:In 3...2...1... by suutar · · Score: 4, Insightful

      and viruses/trojans that are immune to signature-based scanning. Better get serious about process privilege and running stuff in revertable VMs.

    2. Re:In 3...2...1... by Megol · · Score: 2

      Nothing new: Proper polymorphic computer viruses have existed for a long time (>20 years), partially polymorphic viruses for longer...
      http://en.wikipedia.org/wiki/P...

  7. No JTAG access? by Migraineman · · Score: 5, Interesting

    Are the TLB registers not accessible via JTAG?

  8. Sigh. by ledow · · Score: 4, Insightful

    Another way to crack HARESâ(TM) encryption, says Torrey, would be to take advantage of a debugging feature in some chips... But taking advantage of that feature requires a five-figure-priced JTAG debugger, not a device most reverse engineers tend to have lying around."

    Or running the code in a VM.

    Really? This sounds just the same as someone saying that DEP would stop this kind of reverse engineering (the concept seems incredibly similar to me, maybe I'm wrong). If someone wants to reverse engineer software, they will have the tools to do so and, in this modern world, any software thats run on physical hardware but not in a VM must have a limited lifespan.

    If all else fails, emulate the machine. Slow, yes, but reverse-engineering and debugging tools need to be incredibly slow anyway.

    Sorry, but this is a slashvertisement for something with precisely zero deployments in real-life software that people might want to reverse-engineer.

    And, as said, all you've done is make it easier to create malware that's difficult to remove. So, in effect, such facilities in processors will end up being beefed up to take account of this and rendering the technique obsolete.

    In all of recorded computing history, every technique for preventing reverse-engineering or debugging has turned out not to work, or to be so onerous on users that nobody ever actually enables it.

  9. Intel Already Does This by Anonymous Coward · · Score: 4, Informative

    Recent Intel processors have the ability to use encrypted RAM and only decrypt it in the CPU's caches. They do it with the SGX instructions.

    1. Re:Intel Already Does This by Anonymous Coward · · Score: 2, Insightful

      not released until skylake. can't believe this is +4 informative. should be -1 no research.
      https://software.intel.com/en-us/intel-isa-extensions

  10. Does it matter? by aepervius · · Score: 5, Insightful

    As long as you can hide to the software you are debugging it, you can step by step through it until it is decrypted. So for all the money, all the added complexity, all you won is only a slight bit more time. The only real copy protection is when part of the code is not run locally but on a different remote machine. For example if you have something on a server which needs to be queried and allow you to continue with the software, like some of the online authorization.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:Does it matter? by ledow · · Score: 2

      Weren't there online MMO games that tried that? And someone just made a tool that cached all the content etc. that the local computer received and offered it from a fake local server instead. Not perfect, but surely good enough to defeat even these tactics if you have enough interest in reverse-engineering something.

      If the code you want to protect is running on general-purpose processors under the control of a third-party (the user who might want to reverse-engineer), there's nothing you can do to stop them, only make their lives harder.

      If you're running services entirely on your end on behalf of the customer, then maybe you can stop things happening. But the second they have an opportunity to "change the mind" of the local software they're running to accept or not accept something, they have the power to fake acceptance. Hell, a lot of reverse-engineering is done by tweaking programs to contain their own "trojan horse" code that will then go through and happily output all the "decrypted/deobfuscated" code that it was trying to hide.

      Reverse engineering is possible on any processor I physically control. That's the end of it. If you want to move your product entirely to the cloud under your own control, feel free. But then you have the burden of all those computing resources, it's difficult to integrate (or trust with) my data, and you get into the OnLive situation all over again. Sure, zero "piracy" of games that could have been released exclusively on OnLive, At the expense of cost, performance, latency, network dependency, etc.

    2. Re:Does it matter? by BronsCon · · Score: 2

      That was remote content, not remote execution. Think of it more like taking calculateBulletTrajectory() and offloading it's task to the game server. Sure, you can tap the FIRE button without being connected to the server, but your game will likely crash, since it won't know which way the bullet is heading. I'd have suggested something a little less lag-sensitive than calculating the trajectory of the fast-moving object you just carefully aimed and set into motion, but you and I both know that gaming companies would want to offload the most critical part of their game, so it had to be just right in order to not destroy gameplay.

      On the other hand, if they did that... Imaging the funky paths people could make their bullets take by writing their own game servers. The local game not having the code to calculate the trajectory means the local game can no longer validate the input it's getting for where a bullet should be. That could actually be fun and I encourage the studios to try it, but only once.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  11. Re:So now what? by Bengie · · Score: 2

    L2 cache has mechanisms to be read from outside, but L1 does not. L1 is internal to the CPU, and unless they add back doors, it'll be extremely hard to dissect a CPU and use an electron scanning microscope to read the data from the L1 cache. The other issue is cache uses SRAM, which does not use capacitance capacitance to store data like DRAM. Once power is lost, the data goes with it nearly instantly instead of slowly draining.

  12. Fuzzing by g0bshiTe · · Score: 2

    How will this hinder current fuzzing techniques to search for vulnerabilities?

    --
    I am Bennett Haselton! I am Bennett Haselton!
  13. Classic DRM flaw ... by janoc · · Score: 2

    As this, by definition, requires that the encryption key is present in the clear on the machine where the decryption is happening in order to make it possible to decrypt the instructions (CPU cannot execute encrypted code), then it can be trivially circumvented. Finding where the key is stashed is going to be only a matter of time and then the encrypted code can be conveniently decrypted off-line, repackaged without the stupid performance-impeding encryption (caching will suffer badly with it) and released on a torrent somewhere, as always ...

    Fundamentally this is not different from doing ROT13 on your code - code obfuscation.

  14. Reverse engineer in a VM by Shadow+IT+Ninja · · Score: 2

    In the article, they mention a JTAG hardware debugger as a possible tool to defeat HARES. Suppose, however, that your reverse engineering environment is a virtual machine, possibly with CPU emulation as well. Couldn't you then do the equivalent debugging in software? What if you write the the VM software specifically to help you out, possibly even just give you the key which the authentic CPU would keep secret?

  15. QEMU processor emulation? by Dlin · · Score: 2

    Can't you just emulate the processor with QEMU and run the app in a sandboxed environment ?

    https://github.com/hackndev/qe...

    ------

    https://stackoverflow.com/ques...

  16. Re:Hardware ICE - JTAG by tippen · · Score: 2

    JTAG debuggers are a major problem when you really need to protect your IP. It's enough of a hole that I got NetLogic to add an e-fuse to their XLP network processors (+ later generations) that could disable EJTAG.

    Blow the e-fuse during ICT on production hardware and you can cut down on RE capabilities a fair bit.

    Doesn't really help for general purpose computers, but a very nice for hardening embedded systems.

  17. What's new? by Megol · · Score: 2

    I honestly don't see how this is anything innovative, this is a known artifact of x86 microarchitecture (it isn't an architectural thing though - and it will not work on all x86 processors*). That it could be used for a copy protection scheme is also obvious to anyone with that level of knowledge.

    This, together with things like disabling primed data caches (x86 processors will still allow accesses to caches even when disabled under some circumstances) is a trick that is relatively fragile. And it really doesn't buy much extra security given the existence of a good low level emulator.

    (* there are x86 processors with a shared I/D TLB, not commonly in use nowadays though, exercise for the reader ;P)

  18. There is a much simpler way to do this. by 140Mandak262Jamuna · · Score: 4, Funny
    Hire a few Indian H1-Bs supplied by Wipro or Infosys or Cogniscent. The code they write is impossible for anyone to decode even if you discolose the the source code and the design specs.

    Venkat!!! Why on God's good name are you passing the reference to a pointer to a function as a construction argument?!?!?! aarggghhhh!

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  19. Duplicate the TLB code entries! by Terje+Mathisen · · Score: 2

    To me it looks like this trick has a similar, very simple trick to defeat it:

    Assuming you can run some code at kernel (or even SMM) mode, you should be able to scan through all code segments that are marked execute only, and which have a data segment which aliases it? I.e. same virtual address - different physical addresses.

    When you find such blocks, you just create new readonly or readwrite mappings which points to the same physical addresses as the decrypted/execute-only memory.

    At that point you can dump/debug to your heart's content.

    Terje

    --
    "almost all programming can be viewed as an exercise in caching"