Digital Rights Management: SharewareAgendaIntroductionIntroduction (Cont’d)Laboratory SetupLaboratory Setup (Cont’d)Implementation / AnalysisAnalysis (Cont’d)Slide 9PowerPoint PresentationSlide 11Slide 12Slide 13Slide 14Slide 15Slide 16ReferenceQuestionsDigital Rights Management: Shareware Yue Wang24 Nov 2004AgendaIntroductionLaboratory SetupImplementation / AnalysisConclusionReferenceIntroductionDigital Rights Management is more and more important because:–More and more resources are crossing the network–Digital resources are easier to replicate than analogue resourcesIntroduction (Cont’d)In order to improve Digital Rights Management–Understand what is current•Nobody is telling–Analyze what is on marketLaboratory SetupLaptop: 2.6GHz processor, 512MB RAM, 40GB hard driveVirtualPC–Host: Windows XP–Virtual: Windows NT 4.0 (2 identical systems are used)Laboratory Setup (Cont’d)2 sharewares with licensesDisassembler and debugger–IDA Pro–OllyDbgOther Tools–BinText–diff on cygwin–HHD Hex EditorImplementation / AnalysisInstall 2 sharewares on both guest virtual systems, register both sharewares on one guest systemObserve files and folders, not files were modified on the registered systemAnalysis (Cont’d)Compare folders copied from both guest systems with “diff” on cygwin, no difference foundAnalysis (Cont’d)Windows registry is modified under \HKEY_LOCAL_MACHINE\SOFTWARE\Both sharewares add their registration information into Windows registry, either by adding keys or adding fieldsRegistry for unregistered sharewaresRegistry for registered sharewaresRegistry for registered sharewaresAnalysis (Cont’d)Result from BinTextAnalysis (Cont’d)Set breakpoint and debugAnalysis (Cont’d)The registry key is accessed by ADVAPI32.dll, which is located under C:\Windows\System32Try different breakpointsThe program starts at location 004DB302 instead of 00400000Analysis (Cont’d)Notes:–To add breakpoint in IDA Pro, put cursor on the line you want to select, click Debugger -> Add Breakpoint–To add breakpoint in OllyDbg, put cursor on the line you want to select, press F2ReferenceBinText: http://www.foundstone.com/resources/proddesc/bintext.htmcygwin: http://www.cygwin.com/HHD Hex Editor: http://www.hhdsoftware.com/hexeditor.htmlIDA Pro: http://www.datarescue.com/idabase/OllyDbg: http://home.t-online.de/home/Ollydbg/VirtualPC:
View Full Document
Unlocking...