Jim L Sesma

US Patent:

20060053307, Mar 9, 2006

Filed:

Oct 31, 2005

Appl. No.:

11/264713

Inventors:

Bin Xu - Sunnyvale CA, US
Jim Sesma - White City OR, US
Robert Freeman - Orange County CA, US
Weijun Li - Sunnyvale CA, US

Assignee:

Aladdin Knowledge Systems, Ltd. - Tel Aviv

International Classification:

G06F 12/14

US Classification:

713190000

Abstract:

A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose. A preferred embodiment works with a popular Microsoft “ASM” assembler language and “DASM” disassembler. The instructions used to achieve the obfuscation include “INT” instructions. Using this approach up to 17 bytes of obfuscation can be achieved with five instructions. Each instruction remains obfuscated until executed and returns to an obfuscated state afterwards.

US Patent:

7065652, Jun 20, 2006

Filed:

Jun 21, 2000

Appl. No.:

09/603575

Inventors:

Bin Xu - Sunnyvale CA, US
Jim Sesma - White City OR, US
Robert Freeman - Orange County CA, US
Weijun Li - Sunnyvale CA, US

Assignee:

Aladdin Knowledge Systems, Ltd. - Tel Aviv

International Classification:

H01L 9/32

US Classification:

713190, 726 33

Abstract:

A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose. A preferred embodiment works with a popular Microsoft “ASM” assembler language and “DASM” disassembler.