f[i] (p)
fw[i] (p)
Trap
f[i,1] (p[1])
p,i
j
(p[2])
f[i,2] (p[3])
Trap
f[i,3] (p[3])
...
k=i
f[i,n] (p[n])
Calculation of variant selection in the dongle
during each cycle is minimized, governed by
the chosen wrapper parameters.
Modifying the Variants
One trivial means of bypassing the variants
would be to tamper with the wrapper function
fw[i], so that only a single variant is executed
in every case. To close this door against
attacks, Blurry Box technology modifies the
variants for a function block to only work
with the correct range of parameters. An
attacker without inside knowledge will not
be able to recover other unknown variants or
the original function block simply from single
(or even several) variants.
These trapdoors are encrypted variants that
would flag the license in question as invalid
when they are encrypted by the dongle. For
the trapdoors to work not only for statistical
attacks, but also for attackers who try to
analyze the source code in question, the
source code includes links leading directly to
the booby-trapped blocks. These would never
be accessed during regular operations, since
they would only be accessed in variants that
are not expected to be executed when the
application is run normally.
Computing the Choice of Variants on
the Dongle
Every single variant is fully encrypted, with
the encryption key stored securely on the
dongle, which also holds an API function
to load the encrypted data and decrypt it
inside the dongle. The decrypted code is
returned by the dongle API and executed
as a code variant. Without the dongle with
the correct key, no variant can be decrypted.
The encryption uses the Advanced Encryption
Standard (AES) and includes a random value
in the computation to represent blocks with
similar contents in different cipher texts.
Code moving (executing the program code
on the dongle) is usually not a feasible
option, as it slows down the protected
application too much. Selecting only a
sensible portion of code to be executed on
the dongle is, in turn, too complex to be
implemented meaningfully. The code for
computing the selection of variants, however,
is a very good choice for code moving. It is a
short, but essential piece of the puzzle. The
selection and implementation works without
involvement of the software’s original
developer and is fully automated. For this
purpose, the index of the wrapper function (i)
and the relevant parameter pIn[i] are moved
to the dongle, where the index of the variants
to be accessed is computed and returned
(j). This makes it impossible for attackers
to predict which variants (or trapdoors) are
chosen or not chosen, even if they know the
valid parameter range, unless the code is run
with the right parameters.
Built-in Traps
Security of the Blurry Box
Technology
Hackers are experts for different attack
methods, bu