1 / 18

Digital Rights Management: Shareware

Digital Rights Management: Shareware. Yue Wang 24 Nov 2004. Agenda. Introduction Laboratory Setup Implementation / Analysis Conclusion Reference. Introduction. Digital Rights Management is more and more important because: More and more resources are crossing the network

machiko-rin
Download Presentation

Digital Rights Management: Shareware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Rights Management: Shareware Yue Wang 24 Nov 2004

  2. Agenda • Introduction • Laboratory Setup • Implementation / Analysis • Conclusion • Reference

  3. Introduction • Digital Rights Management is more and more important because: • More and more resources are crossing the network • Digital resources are easier to replicate than analogue resources

  4. Introduction (Cont’d) • In order to improve Digital Rights Management • Understand what is current • Nobody is telling • Analyze what is on market

  5. Laboratory Setup • Laptop: 2.6GHz processor, 512MB RAM, 40GB hard drive • VirtualPC • Host: Windows XP • Virtual: Windows NT 4.0 (2 identical systems are used)

  6. Laboratory Setup (Cont’d) • 2 sharewares with licenses • Disassembler and debugger • IDA Pro • OllyDbg • Other Tools • BinText • diff on cygwin • HHD Hex Editor

  7. Implementation / Analysis • Install 2 sharewares on both guest virtual systems, register both sharewares on one guest system • Observe files and folders, not files were modified on the registered system

  8. Analysis (Cont’d) • Compare folders copied from both guest systems with “diff” on cygwin, no difference found

  9. Analysis (Cont’d) • Windows registry is modified under \HKEY_LOCAL_MACHINE\SOFTWARE\ • Both sharewares add their registration information into Windows registry, either by adding keys or adding fields

  10. Registry for unregistered sharewares

  11. Registry for registered sharewares

  12. Registry for registered sharewares

  13. Analysis (Cont’d) • Result from BinText

  14. Analysis (Cont’d) • Set breakpoint and debug

  15. Analysis (Cont’d) • The registry key is accessed by ADVAPI32.dll, which is located under C:\Windows\System32 • Try different breakpoints • The program starts at location 004DB302 instead of 00400000

  16. Analysis (Cont’d) Notes: • To add breakpoint in IDA Pro, put cursor on the line you want to select, click Debugger -> Add Breakpoint • To add breakpoint in OllyDbg, put cursor on the line you want to select, press F2

  17. Reference • BinText: http://www.foundstone.com/resources/proddesc/bintext.htm • cygwin: http://www.cygwin.com/ • HHD Hex Editor: http://www.hhdsoftware.com/hexeditor.html • IDA Pro: http://www.datarescue.com/idabase/ • OllyDbg: http://home.t-online.de/home/Ollydbg/ • VirtualPC: http://www.microsoft.com/windows/virtualpc/default.mspx

  18. Questions ???

More Related