PROJECTS: neoGuard - - virtual CPU system for the software protection

Description

The virtual CPU system allows to execute a part of the protected program code in a non-standard command system, which provides a very high level of protection against disassembling and debugging. Standard means will be of no use, and a hacker needs developing its own disassembler and decompiler. The virtual CPU system will allow to maximally connect the protection and the program code. The script integrity control system will not allow to change individual codes, as any smallest change will entail changes in the decryption system of big code blocks. One should use a virtual CPU system in combination with a network license manager or when writing a protection system using local hardware keys. The protection code is customised for each customer, which guarantees the absence of ready-made hacking tools with a hacker. Basing on the virtual CPU system, one can reliably protect secret program execution algorithms, which spreading would be undesirable.

Main capabilities and features

  • anti-debugging and anti-disassembling code of the virtual CPU system core;
  • anti-debugging, anti-disassembling, hashed, encrypted code of executable scripts;
  • own non-documented command system of an executable script with instruction codes pre-determined for each client;
  • unique system of protection against script code corrections;
  • easiness of interfacing with external procedures;
  • a large set of built-in tools will allow to solve any tasks in the protected mode.

Our company offers several versions of protection against unauthorised copying (UAC) based on the neoGuard virtual processor.

Protection with the use of standard hardware keys (SenseLock, HASP, Sentinel)

At the moment, a hardware key is the most popular and effective tool of protection against UAC. Unfortunately, an unskilled use of hardware key capabilities often leads to a failure of the reliability of protection with their use. Another cause of frequent hacking of programs protected with the use of hardware keys is the use of hardware key emulators.

Our company suggests that a new system of protection against UAC with the use of hardware keys should be developed or the existing system of protection against UAC should be completed. The protection with the use of neoGuard will allow to protect a software product from UAC with a very high level of reliability.

The following solutions have been used in the protection technology based on a hardware key:

  • Protection against emulators will allow to avoid hacking by means of program copying of a hardware key;
  • Memory encoding with the use of an asymmetric encryption algorithm will not enable a trespasser to change the key data and will lead to an unambiguous identification of the user that has provided the hardware key for hacking and exclude its support in the next program versions;
  • neoGuard protection technologies will not allow studying the hardware key operating protocol or make a protection code correction.

Protection with the use of a serial number

The protection with the use of serial number is especially effective for the protection of programs being sold via Internet. The effectiveness of such protection and its resistance to hacking is considerably lower that that of systems using hardware keys, however the use of neoGuard can bring such protection to a qualitatively new level.

As a license binding element, one can use both computer data, such as a hard disk physical number, a BIOS checksum and the user's name or operating system data. In the first case, the identifier is uncopyable whereas in the second case it is copyable. Each of the versions has its own advantages and disadvantages.

We realises the following solutions with a serial number protection:

  • Serial number coding using an open key encryption algorithm will not enable trespassers to create licenses and exclude published licenses, which use the identifier being copied from the next program versions;
  • neoGuard protection technologies will reliably protect the protocol of an uncopyable identifier derivation, which will make protection to be similar to the protection with the use of hardware keys.

Protection with the use of a network license manager

The protection with the use of a network license manager serves in order to be responsible for licensing a large number of workstations connected to a single network as well as authorise individual program modules. The license manager allows to authorise the concurrent operation of a large number of computers not requiring the presence of a protection identifier from the workplaces. The protection identifier is required only on the protection server. As a protection identifier, once can use a hardware key or such computer data as a hard disk physical parameter or a BIOS checksum.

A network license manager implemented with the use of neoGuard has the following capabilities:

  • Usage of an assymmetric encryption algorithm will not enable trespassers to create licenses;
  • Integration of a program code into the protection module and the use of all hardware key capabilities by a license manager will maximally complicate hacking;
  • neoGuard protection mechanisms will not enable trespassers to perform hacking by means of a correction of the license manager code as well as study the protocol of interconnection of the client's part of the program and the license manager.
  • A remote execution of a part of the program code will not allow to carry out hacking of a client's application.

Technical specifications and main features of neoGuard protection system

  • implementation of encryption algorithms and digital signature RSA/DES/AES/RC5/RC6/MD5/SHA-1/GOST;
  • implementation of developer's algorithms in the neoGuard language;
  • possibility of operations with external functions and WinAPI;
  • connection of any Win32 and Unix x86compiler supporting operations with DLL or object files in the COFF / OMF format;
  • joint use with an exclusive neoKey hardware key;
  • operations with any hardware keys manufactured by Aladdin Knowledge Systems, Rainbow Technologies, Marx, Wibu, in particular, HASP HL and Sentinel SuperPRO;
  • use of cryptographic authentication hardware manufactured by Aladdin Knowledge Systems and Rainbow Technologies, in particular, eToken and iKey;
  • operations with any operating system supporting 32-digit addressing;
  • operations with any 32-digit processor of the x86 family; Pentium 100 and higher is recommended;
  • possibility of using in drivers for Windows 95/98/ME/NT/2000/XP/2003.