Some basic knowledge about Software Encryption and some Encryption Products

This article is a basic article on Software encryption technology. It briefly introduces some basic knowledge about Software Encryption and some encryption products. It is suitable for domestic software developers or individual software developers to share their reference.

　　1. encryption technology Overview

The security of a cryptographic system only lies in the confidentiality of keys, rather than the confidentiality of algorithms.

This is indeed true for encryption of pure data. If you do not want him to see the data (the plaintext of the data), use a reliable encryption algorithm, as long as the hacker does not know the password of the encrypted data, he cannot interpret the data.

However, software encryption is different from Data Encryption. It can only be "hidden ". Whether you are willing or unwilling to let him (a legitimate user, or cracker) See the data (the plaintext of the software), the software will always run on the machine. For the machine, it must be in plain text. Since the machine can "see" the plain text, cracker can also see the plain text through some technologies.

Therefore, theoretically, any software encryption technology can be cracked. Only the difficulty of cracking is different. Some of them have to make the best cracker busy for a few months, and some may be cracked without any effort.

Therefore, the task of anti-piracy (technical anti-piracy, rather than administrative anti-piracy) is to increase the difficulty of cracking cracker. The cost of cracking software is higher than the cost of cracking the software. In this way, cracker cracking becomes meaningless-who will spend more money than genuine software to buy pirated software?

　　2. Introduction to Cryptography

　　2.1 concepts

　　(1) sender and receiver

Suppose the sender wants to send a message to the receiver and send a message safely: She wants to be sure that the eavesdropping cannot read the sent message.

　　(2) messages and Encryption

A message is called plain text. The process of disguising a message to hide its content is called encryption. the encrypted message is called ciphertext, and the process of converting the ciphertext into plain text is called decryption.

Plaintext is expressed in M (Message) or P (plaintext). It may be a bit stream (text file, bitmap, digital voice stream, or digital video image ). For computers involved, P is a simple binary data. Plaintext can be transmitted or stored. In either case, M indicates the message to be encrypted.

The ciphertext is represented by C, which is also binary data. Sometimes it is as big as m, and sometimes a little large. (through the combination of compression and encryption, C may be smaller than P. However, encryption alone usually does not reach this point ). The encryption function E acts on m to obtain the ciphertext C, which is expressed in mathematics:

E (m) = C.

On the contrary, the decryption function D acts on C to generate m

D (c) = M.

Encrypt the message first and then decrypt the message. The original plaintext is restored. The following equation must be true:

D (E (M) = m

　　(3) Identification, Integrity and Anti-Repudiation

In addition to providing confidentiality, cryptography usually has other functions :.

(A) Identification

The recipient of the message should be able to identify the source of the message; intruders cannot pretend to be others.

(B) integrity test

The receiver of the message should be able to verify that the message is not modified during transmission; intruders cannot replace the valid message with a fake message.

(C) Anti-credit

The sender cannot falsely deny the message sent by the sender afterwards.

　　(4) algorithms and keys

A cryptographic algorithm is also called a password. It is a mathematical function used for encryption and decryption. (Normally, there are two related functions: one for encryption and the other for decryption)

If the confidentiality of an algorithm is based on keeping the algorithm secret, this algorithm is called a restricted algorithm. Restricted algorithms have historical significance, but according to the current standards, their confidentiality is far from enough. Large or frequently transformed user organizations cannot use them, because every user leaves the organization, other users must change to another algorithm. If someone has no intention of exposing this secret, everyone must change their algorithms.

Worse, restricted cryptographic algorithms cannot be quality controlled or standardized. Each user organization must have its own unique algorithm. Such organizations cannot use popular hardware or software products. However, eavesdroppers can buy these popular products and learn algorithms, so users have to write and implement the algorithms themselves. If this Organization does not have a good cryptology, then they cannot know whether they have secure algorithms.

Despite these major defects, restricted algorithms are still very popular for low-level applications, and users do not realize or care about the internal problems in their systems.

Modern Cryptography solves this problem with keys, expressed in K. K can be any value in many values. The possible value range of the key K is the key space. Encryption and decryption operations both use this key (that is, the operation depends on the key and uses K as the subscript). In this way, the encryption/Decryption function is now changed:

Ek (m) = C

DK (c) = M.

DK (EK (M) = M.

Some algorithms use different encryption keys and decryption keys, that is, the encryption key K1 is different from the corresponding decryption key K2. In this case:

Ek1 (m) = C

Dk2 (c) = m

Dk2 (Ek1 (M) = m

The security of all these algorithms is based on the security of keys, rather than the security of algorithm details. This means that algorithms can be made public or analyzed. algorithms can be produced in large quantities, even if eavesdroppers know your algorithms; if he does not know the specific key you are using, he cannot read your message.

The cryptographic system consists of algorithms and all possible plaintext, ciphertext, and keys.

There are two types of key-based algorithms: symmetric algorithms and public key algorithms. The following sections describe:

　　2.2 symmetric cryptographic algorithm

Symmetric algorithms are sometimes called traditional cryptographic algorithms, that is, encryption keys can be derived from decryption keys. In most symmetric algorithms, encryption/decryption keys are the same. These algorithms are also called secret key algorithms or single-key algorithms. They require the sender and receiver to agree on a key before secure communication. The security of symmetric algorithms depends on keys. Leaking keys means that anyone can encrypt/decrypt messages. As long as the communication needs to be kept confidential, the key must be kept confidential.

The encryption and decryption parameters of symmetric algorithms are as follows:

Ek (m) = C

DK (c) = m

Symmetric algorithms can be divided into two types. A Sequence Algorithm or sequence password is an algorithm that only computes a single bit (sometimes byte) in plaintext at a time. Another type of algorithms is a set of bitadb operations for plaintext. These bitgroups are called groups, and the corresponding algorithms are called grouping algorithms or group passwords. The typical grouping length of modern computer cryptographic algorithms is 64 bits-this length is large enough to prevent analysis and deciphering, but small enough to facilitate use (before a computer appears, generally, the algorithm only performs one character operation on the plain text at a time, which can be considered as the operation of the sequence password on the Character Sequence ).

　　2.3 Public password algorithm

Public Key Algorithms (also called asymmetric algorithms) are designed as follows: keys used for encryption are different from keys used for decryption, in addition, the decryption key cannot be calculated based on the encryption key (at least for a reasonable long time ). The Public Key algorithm is called because the encryption key can be made public, that is, the stranger can encrypt information with the encryption key, but only the corresponding decryption key can decrypt the information. In these systems, encryption keys are called public keys (public keys) and decryption keys are called private keys (private keys ). A private key is also called a secret key. To avoid confusion with symmetric algorithms, the secret key name is not used here.

Expressed

Ek (m) = C.

Although the public key and private key are different, decryption with the corresponding private key can be expressed:

DK (c) = m

Sometimes messages are encrypted with private keys and decrypted with public keys, which are used for digital signatures (which will be described later). Although obfuscation may occur, these operations can be expressed:

Ek (m) = C

DK (c) = m

The speed of the current public password algorithm is much slower than that of the symmetric password algorithm, which limits the application of the public password algorithm in the encryption of large data volumes.

　　2.4 unidirectional Hash Functions

The one-way hash function H (m) acts on a message m of any length. It returns a fixed-length hash value H, where the length of H is M.

There are many types of functions whose input is of any length and the output is of a fixed length. However, the unidirectional hash function also has other features that make it one-way:

(1) given m, it is easy to calculate h;

(2) given h, it is difficult to calculate M based on H (m) = h;

(3) given m, it is difficult to find another m' message and satisfy h (m) = H (m.

In many applications, it is not enough to have only one direction. It also needs to be called the "anti-collision" condition:

To find two random messages m and M', it is difficult to satisfy h (m) = H (m.

Due to these features of hash functions, the calculation speed of public cryptographic algorithms is often very slow. In some cryptographic protocols, it can be used as the digest of a message m, instead of the original message m, set the sender to H (m) signature rather than m signature.

For example, the Sha hashing algorithm is used in the Digital Signature Protocol DSA.

　　2.5 Digital Signature

When it comes to digital signatures, the public password system and Hash technology are indispensable.

There are several public key algorithms that can be used as digital signatures. In some algorithms, such as RSA, public key, or private key can be used as encryption. You can use your private key to encrypt a file, so that you have a secure digital signature. In other cases, such as DSA, the algorithms are separated ?? The digital signature algorithm cannot be used for encryption. This idea was first proposed by Diffie and Hellman.

The basic protocol is simple:

(1) A uses her private key to encrypt the file and sign the file.

(2) A transmits the signed file to B.

(3) B uses the public key of a to decrypt the file and verify the signature.

In this protocol, you only need to prove that a's public key is indeed her. If B cannot complete step (3), he knows that the signature is invalid.

This Protocol also meets the following features:

(1) The signature is trustworthy. When B verifies information with the public key of a, he knows that A is signed by.

(2) signatures cannot be forged. Only a knows her private key.

(3) signatures cannot be reused. A signature is a file function and cannot be converted to another file.

(4) The signed file cannot be changed. If the file changes, the file cannot be verified using the public key.

(5) The signature is non-repudiation. B can verify the signature of a without the help of.

In practical application, because the public password algorithm is too slow, the signer often uses hash signatures for messages instead of signatures for the messages themselves. This does not reduce the credibility of the signature.

　　3. Some popular software protection technologies

3.1 serial number Protection

Mathematical algorithms are the core of cryptographic encryption, but in general software encryption, it does not seem very concerned, because most of the time Software Encryption itself is implemented as a programming technique. However, with the popularity of serial number encryption programs in recent years, the proportion of mathematical algorithms in Software Encryption seems to be growing.

Let's take a look at the working principle of serial number encryption on the network. After a user downloads a software-sharing software from the network, there are generally restrictions on the time of use, you must register with the software company before continuing to use the software. Generally, a user tells the software company his/her personal information (generally the name) along with a credit card number. The software company calculates a serial number based on the user's information, after the user obtains the serial code, enter the registration information and the registration code in the software according to the steps required for registration. After the validity of the registration information is verified by the software, the software will remove its own restrictions. This encryption is relatively simple and requires no additional cost, and users can purchase it conveniently, software 80% on the internet is protected in this way.

The process of verifying the validity of the serial number is actually the process of verifying whether the Conversion Relationship between the user name and the serial number is correct. There are two basic types of verification: one is to generate a registration code based on the name entered by the user, and then compare it with the registration code entered by the user, the formula is as follows:

Serial number = f (user name)

However, this method is equivalent to recreating the registration code generation process of the software company in the user software, which is actually very insecure, no matter how complicated the conversion process is, the decrypted can compile a general registration program by extracting your conversion process from the program.

Another method is to verify the correctness of the user name through the registration code. The formula is as follows:

User name = f inverse (serial number) (such as ACDSee)

This is actually an inverse algorithm of the software company's registration code calculation process. If the forward and reverse algorithms are not symmetric algorithms, it is indeed difficult for the decrypted, but this algorithm is not well designed.

So some people consider the following algorithms:

F1 (User Name) = F2 (serial number)

F1 and F2 are two completely different algorithms, but the Feature Word calculated by the user name using the F1 algorithm is equivalent to the Feature Word calculated by the serial number using the F2 algorithm. This algorithm is relatively simple in design, the confidentiality is much better than the above two algorithms. If you can design the F1 and F2 algorithms as irreversible algorithms, the confidentiality is quite good. Once the decrypted finds one of the anti-algorithms, this algorithm is not safe. The design of the one-dimensional algorithm seems to be hard to make too many breakthroughs. What about dual elements?

Specific value = f (user name, serial number)

This algorithm looks pretty good. The relationship between user names and serial numbers is not so clear, but the one-to-one correspondence between user names and serial numbers is also lost, software developers must maintain the uniqueness between user names and serial numbers on their own, but this does not seem to be difficult to do. Just create a database. Of course, you can also divide user names and serial numbers into several parts to construct a multivariate algorithm.

Specific value = f (username 1, username 2,... serial number 1, serial number 2 ...)

Most of the existing serial number encryption algorithms are self-designed by software developers, and most of them are quite simple. In addition, although some algorithm authors have made great efforts, they often cannot get the expected results.

3.2 Time Limit

The trial version of some programs has a time limit. For example, if you stop running for 10 minutes or 20 minutes, you must re-run the program to work properly. These programs naturally have a timer to measure the running time.

This method is rarely used.

3.3 key file protection

Key File (registration file) is a protection method that uses files to register software. Key File is generally a small file, which can be a plain text file or a binary file containing non-printable characters. Its content is encrypted or unencrypted data, there may be user name, registration code, and other information. The file format is defined by the software author. The trial software does not have a registration file. After you register with the author, you will receive a registration file sent by the author, which may contain the user's personal information. You only need to put the file in the specified directory to make the software an official version. This file is usually stored in the software installation directory or system directory. Each time the software starts, it reads data from the file and uses an algorithm to process it. Based on the processing result, it determines whether the file is correctly registered. If it is correct, it runs in registration mode.

This protection method is rarely used.

3.4 CD-Check

That is, the CD protection technology. When the program starts, it determines whether a specific file exists on the CD-Rom of the optical drive. If the file does not exist, it considers that the user does not have a genuine CD-Rom and rejects the operation. During the process of running the program, the existence of the CD is generally not checked. In Windows, the specific implementation is generally as follows: First Use getlogicaldrivestrings () or getlogicaldrives () to obtain a list of all the drivers installed in the system, and then use getdrivetype () to check each drive, if the drive is an optical drive, use functions such as createfilea () or findfirstfilea () to check whether a specific file exists or not, and further check the attributes, size, and content of the file.

3.5 software dogs

Software dog is an intelligent encryption tool. It is a hardware circuit installed on interfaces such as the parallel port and serial port. It also has a set of interface software and tool software used in various languages. When a dog-protected software runs, the program sends a query command to the software dog on the computer. The software dog quickly calculates the query and gives a response. The correct response ensures that the software continues to run. If there is no software dog, the program will not run, and complicated software and hardware technologies are combined to prevent software piracy. Software dogs are generally used to protect really valuable software.

Common dogs usually include "foreign dogs" and "local dogs ). Here, the "Foreign Dog" mainly refers to the rainbow of the United States and the hasp of Israel. The "Earth dog" mainly includes the golden world (now a joint venture with the rainbow of the United States, called the "Rainbow world"), deep thinking, and sharp stone. In general, "foreign dogs" are not as good as "local dogs" in terms of software interfaces, shelling, anti-tracking, and other "soft" aspects, but they are very difficult to crack in hardware; the "dog" is doing very well in terms of software, but it is not as good as the "dog" in hardware. People with a little single-chip power can copy it.

3.6 floppy disk encryption

By formatting some non-standard channels on a floppy disk, write some data on these channels, such as the decryption key of the software. This type of floppy disk becomes a "key disk ". When the software is running, the user inserts a floppy disk and the software reads the data in the track to determine whether the "key disk" is valid ".

There are other technologies such as weak bit encryption.

With the decline of floppy disks in recent years, this method has basically left the stage of history.

3.7 integrate software and machine hardware information

After a user obtains the software (bought or downloaded from the Internet), the software obtains some hardware information (such as the hard disk serial number and Bois serial number) from the user's machine during installation ), then, the information is calculated based on the user's serial number and user name, so that the software and hardware are bound to a certain extent. The user needs to send the serial number to the software provider or developer by email, phone or mail. The software developer can use the registration machine (software) to generate the registration number of the software and send it to the user. Although Software Encryption is weaker than hardware encryption, Software Encryption has the advantages of low cost and convenient use. It is very suitable for the encryption solution that uses cd rom and other methods to issue software.

Advantages of this encryption algorithm

· Different machine registration codes are different. A user obtains a password and can only register the software on one machine. Unlike the registration method currently used by most software, registration can be installed on any machine as long as you know the registration code.

· No hardware or floppy disk is required

· You can choose to control the machine where the software runs, how long the software runs, and how many times.

· The function of the software before it is not registered is a demo software, and can only run for a period of time or part of the function. After registration, the software will become formal immediately.

· Using special technologies, it is difficult for decrypted persons to find the rules for generating registered numbers

· When using the registration number to generate software (registration machine), you can use the password, key disk, and the total number of times.

· Easy to use and low price.

This encryption has the following features:

1. register the encryption software and install and use it on only one machine. Copying software to other machines cannot run.

2. If you want to install and run the software on another machine, you must send the serial number of the software running on this machine to the software publisher in exchange for the registration password. Of course, you should pay another copy of the software fee.

3. This encryption method is especially applicable to software released on the Internet and software released on CDs.

Note:

1. For the "encryption technology overview" section, refer to the "Cryptography basics" of university textbooks ".

2. For the "some popular software protection technologies" section, refer to the article "encryption and decryption-Software Protection Technology and complete solutions.

Original article reprinted, please note: Reprinted from the moonlight blog [http://www.williamlong.info/]