Protection of binary code against modification
StarForce Crypto is recommended to protect Windows-based applications that can be distributed on optical media, flash cards and via the Internet, including Steam, from analysis, hacking, modification, and reverse engineering.
The StarForce product provides protection against the following threats
- analysis of unique software algorithms;
- leak of secret keys while using standard DRM for digital audio and video content;
- analysis of DRM code running on the end user's side;
- changing the code / adding new features in the software product installed on the customer’s site without the developer’s help.
How StarForce Crypto works
Protection of executable files
During protection, an unprotected executable file is divided into components. Protecting transformations are applied to the components of the executable file. Also auxiliary parts required for protection are added to the file. Then StarForce Cryptocompiles the file again but it is protected now.
StarForce Crypto uses more than a decade of protection technologies to provide reliable protection for your software product. The most protection parameters of these technologies can be set on the client’s side with the help of Protection Studio, a fat client designed by StarForce Technologies. For some protection technologies SDK is required. The full information about StarForce Crypto protection technologies is available in the user’s manual.
The following protection technologies are used in StarForce Crypto
||Can be used for native files
||Can be used for .NET files
|Protecting internal references
|Encrypting string constants
|Protecting from debugging
|Protecting from running applications on virtual machines
|Protecting from running applications through terminal sessions
|Protecting from the executable file modifications on the disk
|Protecting from modifications of the executable file image in the memory
|Other protection techniques
Protection of read-only data
There are two ways to protect the data: to move the data into a container (to hide the data) and to verify the integrity of the files.
Moving the files to the container
Read-only data are protected by placing certain files or the entire directories into a protected container. From the outside, the container looks like a single large file with encrypted contents. The application can read the files from the container in one of the two ways:
- Container as a virtual file system. To implement this method, special driver is automatically installed in the system along with the application. The driver makes working with the files in the container ‘transparent’ for the application – the application ‘sees’ the files inside the container rather than the container.
- Access to the files through API. The driver is not used in this case. The files are accessed through API functions from StarForce SDK rather than through standard OS functions.
Verifying file integrity
Read-only data are stored unprotected on the disk. The check is made by calling an API function. The function compares the digital signature encrypted in the container with the digital signature of the data file. When protection is integrated, the data file should be added to the container with the ‘Use digital signature instead of file’ option enabled. This makes analyzing and modifying data files of the protected application more difficult.
To facilitate the protection of a custom DRM, StarForce Crypto provides a special feature: external binding. It is required in order to ensure the inseparability of license authentication validation from protected application, as well as to protect this functional against analysis and modification.
StarForce Crypto protects code and data that constitute the intellectual value and should be protected from a business perspective. This product provides reliable protection by eliminating the possible ways to understand the logic of application operating.
Securing the standard DRM implementations for digital audio and video
from reverse engineering
The feature of standard DRM for audio or video streams is that there are private keys for each device or software component. Leak of a private key allows the attackers that got the key to save the digital stream to a file that does not have any protection. Such a file can then be distributed freely. The quality of audio or video in the file is almost the same as in the original file (excluding minor losses for re-compression).
To reduce the risks of such scenarios, the developers of standard DRM define the procedure of revoking the compromised keys. It is undesirable for a software or hardware developer to revoke a key because once the key is revoked, the corresponding device or software component stops working. To get a new key, the developer has to pay to the DRM representative a large amount of money. Sometimes, the developer may have to pay a penalty for the leak of a private key, or her/his license may be suspended.
Taking the above-mentioned into account, preventing or reducing the likelihood of a private key leak is an important task for the developer.
StarForce Crypto allows reducing the likelihood of a private key leak by making the analysis of the code that works with the key more complicated. The two simplest approaches to hiding a key are as follows.
Storing the private key in the protected code. The approach is based on the following principles.
The private key of the device is stored not as data, but as a code (for example, as a byte-by-byte array initialization code).
Software modules that work with the private key are protected with StarForce Crypto. We recommend that the code that works with the private key is protected with the help of the ‘Protecting the code of internal functions’ technology that the product provides.
The code that contains the key and the code that works with the key are both obfuscated.
This is the simplest approach; however, in order to change the key, a part of code should be replaced.
Storing the key on the device as encrypted data. The approach is based on the following principles.
A private key is stored encrypted on a disk.
The encryption key for the device key encryption algorithm is embedded into the algorithm code (for example, as a byte-by-byte array initialization code) and is not stored explicitly.
The device private key encryption functions are protected with the help of the ‘Protecting the code of internal functions’ technology StarForce Crypto provides.
The software modules that work with the private key are protected with StarForce Crypto. We recommend that the code that works with the private key is protected with the help of the ‘Protecting the code of internal functions’ technology that the product provides.
To provide better protection, the developers should use more complicated approaches; however, the above-mentioned approaches can be used as a basis for the development.
Securing the implementation of custom DRM
from reverse engineering
The development of custom DRM requires a lot of time and resources. In this case, in addition to the basic functionality that is the key exchange, the developer needs to provide the protection of DRM code that works on the end user’s side.
StarForce Crypto allows to save time on development of the DRM protection system from analysis and modification. StarForce Crypto also has a special functionality (external binding), which minimizes the effort required to develop the custom DRM.
DRM modules that work on the end-user side usually have functionality of the following types.
Feature that verifies the license and binds the application being protected to the license carrier (to a physical object that is on the end-user side and is difficult to falsify, or to a server).
Feature that ensures that the feature described above cannot be separated from the application being protected.
Feature that protects both the above-mentioned features from reverse engineering and modifications.
StarForce Crypto implements the second and the third types of functionality. The clients can implement the first type of functionality themselves.
A developer estimates the level of efficiency on the basis of the analysis of product testing results and decides to purchase StarForce Crypto or not.
Securing author’s unique algorithms
from reverse engineering
Some software products contain unique algorithms. If the competitors learn how these algorithms work they will be able to reproduce them in their software, and the developer’s competitive advantage will be lost.
StarForce Crypto allows securing the application source code from reverse engineering. To secure highly important code pieces from reverse engineering, we recommend that the developer uses the ‘Protecting the code of internal functions’ technology StarForce Crypto provides.
Securing the code of B2B software
from modifications without the developer’s help
A company that has ordered and deployed an enterprise data processing system could have an idea to stop ordering high-cost services for the system customization and support. This is most likely when the required modifications are minor. A skilled developer who has experience in reverse engineering is able to learn how the system works and make minor updates herself/himself, even if the source code is unavailable. Even if such a scenario is explicitly prohibited by the agreement, it is very difficult to make sure this clause is not breached.
StarForce Crypto allows the software company to protect its products from being modified without their assistance. If the protected product is modified, it ceases to operate. This makes it impossible to modify the product without the company’s help, i.e. without recompiling the product from the source code.
Protection via StarForce Cloud
- Download and install StarForce Protection Studio (supplied for free).
- Using StarForce Protection Studio, select software functions and files that will be protected.
- Set the parameters of protection.
- Customize the elements of the GUI.
- Create the distributive.
- Test the protected product.
- Start distribution.
You can protect your software any time you like.
Protection by StarForce staff
StarForce offers the following chargeable services:
Protection is performed by StarForce employees and may include:
- Protection with functions selection;
- Protection without functions selection;
- Protection with functions to be selected by the customer.
Analysis of the protection performed by the customer.
StarForce Crypto protects Windows-based applications against reverse engineering and modification:
- applications compiled into a PE-file containing executable machine code (native code) of x8632 and x8664 processors (file extension - EXE, DLL).
- applications compiled into an executable .NET-file (managed code). Extension of these files usually is EXE and DLL.
- immutable data files of any format. In the process of data files protection the customer can use the following protection methods: checking a file’s integrity (protection against spoofing) and transferring a file to a container (hiding of files).
Please contact us if you need a consultation from our specialist.
Supported operating systems
- Windows Vista 32/64-bit;
- Windows 7 32/64-bit;
- Windows 8 32/64-bit.
- Windows 10 32/64-bit.
- Windows Server 2003 32/64-bit;
- Windows Server 2008;
- Windows Server 2012.
Besides, the StarForce system provides protection against running protected applications under the following virtual machines.
- Virtual Box;
- VMware Workstation;
- Virtual PC;
- Windows Virtual;
- Microsoft Hyper-V Server 2008, Server 2008 R2, Server 2012.