Protector of My Digital Contents

Protector of My Digital Contents

So Cool(PL) 19th Kang, Sung won

19th Park, Jong min19th Park Gui mong

Agenda1. Project Motive 2. Goal3. Architecture4. Detail5. Development Environment6. Division of Work7. Project Schedule8. Q & A

Protector of My Digital Contents Busan Samsung Software Membership

Project Motive


Project Motive

X?

User


Goal

Protector

Prevent Illegal Copy & Use

Unlimited

File Format

(Limited Period)

JPG

JPG

Regular Players


Entire Architecture

LicensePolicy

Contents

ProviderApplicatio

n

+

Web Server

WindowsDriver

ActiveX

LicensePolicy

LicensePolicy

Contents

User

WindowsDriver

WebServer Address

Connect(Using WebBrower)

Using ActiveX ( Automatically install Driver &

License )

Contents Transmit


Provider Architecture

ProviderApplicatio

nAdd File

Save String[]

License Setup to File

CAB File Auto Make

Add to Web Server& Running


DownLoader ArchitectureProvider User

Add File

ProviderApplicatio

n

WebServer DownFile

List

INCLUDE

Setup

RUN

WebServer DownFile

List

READ

DownlaoderFile Down


System Architecture (File System Filter Driver)

Application

I/O Manager

File System Filter

File System

Stack

User Level

Kernel Level

FilterManage

r

System Mini Filter Driver

NetworkMini FilterDriver


Detail (SSDT Hooking)

System Service Dispatch Table

XX

Keeper (Self Defender)

SystemService

DispatherSystemService

XX


Detail (Process Hide)

Keeper Driver (Self De-fender)

SystemInformationClass

SystemInformation

….

ReturnLength

SystemInformation-Length

NewZwQuerySystemInforma-tion Process information

DCBA


Detail (File Hide)

Keeper Driver (Self De-fender)

hFile

hEvent

….

IoApcContext

FileInfoClass

NewZwQueryDirectoryFile Hide File & Folder inform

DCBA


Detail (Active X)


Detail (Active X)

.inf File Make

.CAB File Make


Detail (Active X)


Detail (Anti-Reversing)

Anti-Reversing Techniques Anti-Analysis

BreakPoint Detection

Garbage Code Anti-Disassembly



Anti-Disassembly Example Code



Anti-Disassembly Apply



Anti-Disassembly Result



BreakPoint Detection Apply



BreakPoint Detection Result

Will jump to the wrong memory address.



Garbage Code Apply



Garbage Code Result

Complex code


Detail (Anti-Capture)

Anti-Capture Empty clipboard

Native Api Hooking

Dll Injection Ctrl + C, PrintScreen Key to prevent use

BitBlt() Hooking

NtGdiBitBlt() Hooking User

Anti-Capture


Detail (Anti-Capture)

Anti-Capture Native Api Hooking

NtGdiBitBlt Funtion Hooking

Win32k.sys SystemServiceDescriptorShadowTable Hook-ing


Detail (Device Driver Loader)

Device Driver Loader Service Control Manager (SCM)

InstallHinfSection

Program Install

Registry Protection

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 Driver.inf


Development Environment

Development Environment

OS : Windows Window XP SP3 IDE : Microsoft Visual Studio 2008 / 6.0 Windows Device Kit 7600.16385.0

Debug Tool : OllyDBG, WinDbg, DbgView

Virtual Machine : VMWare Workstation 6.0

Language : C#, C, C++, Assambly


Division of Work

Kang,Sung won

(PL)

Provider Application (Protector) - Digital Contents File Management - License Policy - WebSever & WebPage - ActiveX (Automatically install Driver & License)

Anti-Reversing - Garbage Code - Anti-Disassembly - Breakpoint Detection Anti Capture

Park,Jong min

Park,Gui mong

Keeper (Windows Driver) Mini Filter Driver - System Filter Driver - Network Filter Driver Driver Loader


Project Schedule

TASK 08 09 10

1 2 3 4 5 6 7 8 9 10 11 12

Protector

GUIContents File Manage-

mentLicense Policy

Web Server & PageActiveX (Auto Install)

AntiRevers-

ing

Garbage CodeAnti-Disassembly

Breakpoint Detection

Keeper

Anti CaptureSystem Filter DriverNetwork Filter Driver

Driver Connection Process

Driver LoaderKeeper Driver

Anti-SSDTHooking

Unify Test & Debugging Kang, Sung won

Park, Jong min

Park, Gui mong

Question & Answer

Thank you

Protector of My Digital Contents

Documents