Program Protection

Program protection is a means of making the internal workings of a program hander to understand. From a user's perspective, program protection is transparent in that it does not affect how the program executes. It's aim is to purely hamper the reverse engineering process.

The reason for applying program protection is usually to hide a secret that the program contains, such as a password or an algorithm.

Program protection will not make a program safer. If a program contains a programming error such as an exploitable buffer overflow, applying program protection will not remove the error. The most it can do is to make it harder for an attacker to detect the error.

Program protection is not encryption. Encrypted data is only useful to those that possess the decryption key. A program that has been protected is potentially useful to anyone that possesses a copy of it. Knowledge of the protection method used is not necessary to execute the program.

It should be noted that program protection can only make programming understanding more difficult. It can not make it impossible. If the program can be executed, then it can be reversed.

There are multiple approaches to program protection each varying in their effectiveness. What follows is a discussion on several of these approaches. The discussion should be relevant to both those implementing protection schemes, and to those attempting to break them.

File permission problems -- Execute but no Read permission
Compromising analysis tools -- Pitfalls with ldd
Static Linking
Using the strip command