1 / 30

Protector of My Digital Contents

Protector of My Digital Contents. So Cool (PL) 19 th Kang, Sung won 19 th Park, Jong min 19 th Park Gui mong. 1. Project Motive 2 . Goal 3. Architecture 4. Detail 5. Development Environment 6. Division of Work 7. Project Schedule 8. Q & A. Agenda. Project Motive.

gittel
Download Presentation

Protector of My Digital Contents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protector of My Digital Contents So Cool (PL) 19thKang, Sung won 19thPark, Jong min 19thPark Guimong

  2. 1. Project Motive 2. Goal 3. Architecture 4. Detail 5. Development Environment 6. Division of Work 7. Project Schedule 8. Q & A Agenda

  3. Project Motive

  4. Project Motive X ? User

  5. Goal Unlimited File Format JPG Protector PreventIllegal Copy & Use (Limited Period) JPG Regular Players

  6. Entire Architecture Provider Application User + License Policy Contents WebServer Address Windows Driver Web Server Connect(Using WebBrower) License Policy ActiveX Using ActiveX ( Automatically install Driver & License ) Windows Driver License Policy Contents Transmit Contents

  7. Provider Architecture Provider Application Add File Save String[] Add to Web Server & Running License Setup to File • CAB File Auto Make

  8. DownLoader Architecture Provider User RUN Add File Setup Provider Application READ WebServerDownFile List INCLUDE Downlaoder File Down WebServerDownFile List

  9. System Architecture (File System Filter Driver) Application User Level Kernel Level I/O Manager System Mini Filter Driver Filter Manager File System Filter Network Mini Filter Driver Stack File System

  10. Detail (SSDT Hooking) Keeper (Self Defender) System Service Dispather XX System Service XX System Service Dispatch Table

  11. Detail (Process Hide) Keeper Driver (Self Defender) NewZwQuerySystemInformation Process information SystemInformationClass A B C D SystemInformation SystemInformationLength ReturnLength ….

  12. Detail (File Hide) Keeper Driver (Self Defender) NewZwQueryDirectoryFile Hide File & Folder inform hFile A B C D hEvent FileInfoClass IoApcContext ….

  13. Detail (Active X)

  14. Detail (Active X) .inf File Make .CAB File Make

  15. Detail (Active X)

  16. Detail (Anti-Reversing) Anti-Reversing Techniques Anti-Analysis Garbage Code Anti-Disassembly BreakPoint Detection

  17. Detail (Anti-Reversing) Anti-Disassembly Example Code

  18. Detail (Anti-Reversing) Anti-Disassembly Apply

  19. Detail (Anti-Reversing) Anti-Disassembly Result

  20. Detail (Anti-Reversing) BreakPoint Detection Apply

  21. Detail (Anti-Reversing) BreakPoint Detection Result Will jump to the wrong memory address.

  22. Detail (Anti-Reversing) Garbage Code Apply

  23. Detail (Anti-Reversing) Garbage Code Result Complex code

  24. Detail (Anti-Capture) Anti-Capture Empty clipboard Anti-Capture • Ctrl + C, PrintScreen Key to prevent use • Dll Injection • BitBlt() Hooking • Native Api Hooking • NtGdiBitBlt() Hooking User

  25. Detail (Anti-Capture) Anti-Capture Native Api Hooking NtGdiBitBltFuntion Hooking Win32k.sys SystemServiceDescriptorShadowTable Hooking

  26. Detail (Device Driver Loader) Device Driver Loader Service Control Manager (SCM) InstallHinfSection Program Install Registry Protection • RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSectionDefaultInstall 132 Driver.inf

  27. Development Environment Development Environment OS : Windows Window XP SP3 IDE : Microsoft Visual Studio 2008 / 6.0 Windows Device Kit 7600.16385.0 Debug Tool : OllyDBG, WinDbg, DbgView Virtual Machine : VMWare Workstation 6.0 Language : C#, C, C++, Assambly

  28. Division of Work Kang, Sung won (PL) • Provider Application (Protector) • - Digital Contents File Management • - License Policy • - WebSever & WebPage • - ActiveX (Automatically install Driver & License) Park, Jong min • Anti-Reversing • - Garbage Code • - Anti-Disassembly • - Breakpoint Detection • Anti Capture Park, Guimong • Keeper (Windows Driver) • Mini Filter Driver - System Filter Driver • - Network Filter Driver • Driver Loader

  29. Project Schedule Park, Jong min Park, Guimong Kang, Sung won

  30. Question & Answer Thank you

More Related