Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,830 --> 00:00:05,800
Hello and welcome to a new section on intro to Software Protection.
2
00:00:06,230 --> 00:00:08,750
We are going to look at what is software protection.
3
00:00:09,380 --> 00:00:16,970
Yes, faking purpose, how to defeat software protection while he's unpacking how to detect Charvet
4
00:00:16,970 --> 00:00:17,510
protection.
5
00:00:18,490 --> 00:00:27,790
I think it is he program, he said that process of unpacking and EIC and some entity backing plug ins,
6
00:00:28,000 --> 00:00:34,750
civil protection, his protection of Saffet against piracy or use and reverse engineering.
7
00:00:35,530 --> 00:00:43,060
And the two main ways to protect software is using entity Puggy, which is to prevent debuggers from
8
00:00:43,100 --> 00:00:51,730
attaching or analyzing or the second way is by packing, which is to compress the software whilst retaining
9
00:00:51,730 --> 00:00:54,590
his ability to execute Issie.
10
00:00:54,610 --> 00:01:04,210
Packy is rarely executable, is compressed to a smaller size, and ECAC protecting using anti debugging
11
00:01:04,210 --> 00:01:12,970
techniques to prevent reversing and reversing will go back and protect is commonly referred as Peca.
12
00:01:13,870 --> 00:01:15,860
Examples are backing up.
13
00:01:16,570 --> 00:01:21,220
Yes, protect, armadillo, then protect, etc..
14
00:01:21,220 --> 00:01:29,080
The purpose of backing is is to prevent reverse engineering, to extract the correct sense of security
15
00:01:29,080 --> 00:01:35,210
and to defeat the static assembly or to dynamically modify the packing.
16
00:01:35,230 --> 00:01:38,380
Yes, you also reduce the executable file size.
17
00:01:40,780 --> 00:01:43,890
How to defeat self-protection first.
18
00:01:43,940 --> 00:01:51,640
Not that easy to use, and backing and backing is where you let the program uncompress itself into memory
19
00:01:52,150 --> 00:02:00,370
and then the original EIC from memory and jumping into a New York fire, then to create a patch for
20
00:02:00,370 --> 00:02:01,110
the new reality.
21
00:02:02,930 --> 00:02:04,130
Another way is to use.
22
00:02:05,390 --> 00:02:13,300
This is also known as runtime betting here, you processing memory instead of putting a file we used
23
00:02:13,310 --> 00:02:21,440
in order to start the program and wait for it to Uncompress itself into memory, the we the process
24
00:02:21,710 --> 00:02:24,050
while is still running in memory.
25
00:02:26,170 --> 00:02:33,400
What is unpacking and packing is very, extremely harsh and binary from the pack of five automatic on
26
00:02:33,400 --> 00:02:41,880
package sizes for popular package by mean of different versions and not also available for complex packages.
27
00:02:41,890 --> 00:02:50,230
And this also involves life debugging by defeating entity bugging techniques, detection of PACA, the
28
00:02:50,230 --> 00:02:58,630
aperture detectors, PIV and the IED detectors can detect popular packages and also show the version
29
00:02:58,630 --> 00:03:06,910
of the packet and also believe you were to be added to and give you two examples of screenshots of package
30
00:03:06,910 --> 00:03:10,800
detected detected in the net and by on the right.
31
00:03:11,740 --> 00:03:14,470
It is a structure, the people.
32
00:03:15,540 --> 00:03:22,230
This is stretching before, Becky, we have to always an entry point and program is still running here.
33
00:03:23,550 --> 00:03:24,990
After he has been back.
34
00:03:26,260 --> 00:03:26,740
The.
35
00:03:27,640 --> 00:03:36,070
Always an entry point, and all the instructions here are compressed in the entry point now is inside
36
00:03:36,070 --> 00:03:40,390
you, the package will put a new entry point.
37
00:03:40,420 --> 00:03:46,450
So when your program run, it will jump to the and technical possible stop.
38
00:03:47,270 --> 00:03:56,480
And again, Uncompress, a backed original file into memory so that he becomes like this, only then
39
00:03:56,590 --> 00:03:57,380
he execute.
40
00:03:58,320 --> 00:04:04,590
So there is a way we have difficulty getting the backfire because the profile is in a compressed it
41
00:04:05,010 --> 00:04:09,190
and several types of peckers, that one is the simplest pick up.
42
00:04:09,190 --> 00:04:14,010
For an example, you type to contest multiple backing.
43
00:04:14,010 --> 00:04:17,190
The three is similar to type two.
44
00:04:17,820 --> 00:04:26,340
But he was more complex structures like loops and also different codes like integrity checks and debugging
45
00:04:26,340 --> 00:04:26,820
and so on.
46
00:04:27,480 --> 00:04:33,060
Example will be Beacom back year by year protection aspect and so on.
47
00:04:33,450 --> 00:04:34,770
That fall by the wayside.
48
00:04:34,790 --> 00:04:42,090
A single Mardele, a package in which a portion of the package could not responsible for handbagging
49
00:04:42,510 --> 00:04:45,780
is intended for the execution on the original program.
50
00:04:45,780 --> 00:04:47,010
Example is E.S.P.
51
00:04:47,010 --> 00:04:54,180
Protect that five package is an entirely PACULA million taking to live with the original program.
52
00:04:54,450 --> 00:05:03,900
Example is Veria Taxi Spica most complex where the attacker and fragments of the code at any given time
53
00:05:04,170 --> 00:05:07,410
during the execution example is Armadillo.
54
00:05:08,970 --> 00:05:16,050
That's seven Paca is very visualisations is being used on a Russian translation to avoid the obvious
55
00:05:16,620 --> 00:05:23,300
from the ice post in memory, Hasan, Boza, Timyra and PVM predict the assassination of a bank program.
56
00:05:23,670 --> 00:05:25,600
It's like this assassination.
57
00:05:25,620 --> 00:05:34,020
We start from the new OEP, which is the OEP of this company, Ambedkar, and then you push the SBP
58
00:05:34,020 --> 00:05:38,840
and some of the registers to this technician on the taxations are unpegging memory.
59
00:05:38,850 --> 00:05:44,280
Then you rizza a progressive ideas on how executable file.
60
00:05:45,700 --> 00:05:52,310
It is the use of time in libraries which is being used by the program.
61
00:05:53,840 --> 00:06:03,440
He will restore her status using U.S. pump Russian, and then finally you would jump to the OEP to begin
62
00:06:03,440 --> 00:06:10,490
the actual execution, a single push against Russia is equivalent to only squishes the most important
63
00:06:10,580 --> 00:06:18,280
CVP, a single Russian is equivalent to how these instructions and the most importantly, AVP.
64
00:06:19,980 --> 00:06:26,620
Probably BP is a way we can when Wendy Packer is about to return to the instructor.
65
00:06:27,900 --> 00:06:34,540
Now, this is what it looks like when the PACULA is about to return instruction to the backfire.
66
00:06:34,560 --> 00:06:41,750
When the program first starts, you will start with the instruction for the better before the battle
67
00:06:41,760 --> 00:06:42,360
starts.
68
00:06:42,390 --> 00:06:46,860
You push SBB to the side so that he can return to it.
69
00:06:47,130 --> 00:06:55,080
Once you strike that the original file and then just before he goes to the instructor, fail to execute
70
00:06:55,080 --> 00:06:56,960
it, he will pop up.
71
00:06:57,060 --> 00:07:02,400
So this is how you can make use of this characteristic to track.
72
00:07:02,400 --> 00:07:10,420
When the linebacker has finished unpacking and is about to return to the instructor, he has to execute.
73
00:07:11,580 --> 00:07:15,060
You can put every point on SBP now.
74
00:07:15,090 --> 00:07:21,240
The standard process of unpegging AICTE like this, he would not be easy to find a real or OEP.
75
00:07:22,350 --> 00:07:28,280
And then once he found you, you dumb the and program to disk.
76
00:07:29,580 --> 00:07:38,940
Then you fix the part-timer anniversary of Sleepyhead now unpacking, using excessive force.
77
00:07:39,370 --> 00:07:42,030
Look into for the big.
78
00:07:43,050 --> 00:07:49,290
Then he starts racing until you encounter a pushy 80 or pushy instruction.
79
00:07:50,470 --> 00:07:57,190
Then you could have a big point on TV address in the stack next to you press F nine to continue the
80
00:07:57,190 --> 00:08:02,470
execution, you would break on the obstruction, which is immediately after the head.
81
00:08:03,440 --> 00:08:12,580
On instruction, then you press F seven to start raising as soon you encounter a jam a jam session,
82
00:08:12,790 --> 00:08:21,490
which will jump to the entry point any way, once you have found and you already have done the whole
83
00:08:21,490 --> 00:08:25,120
program using C for the biggest skill applied in.
84
00:08:26,230 --> 00:08:33,610
So dumping is a process of extracting the easy fire and setting into a separate fire.
85
00:08:35,070 --> 00:08:40,470
After you've done that, you need to fix the ingestible, said the new SFR.
86
00:08:40,710 --> 00:08:44,310
We know where to look for the DNA library study needs.
87
00:08:47,070 --> 00:08:56,370
Now, indeed, developing plugins and debugging is where the software itself detects that Bagley's attention
88
00:08:56,670 --> 00:08:58,420
and their therefore refuse to execute.
89
00:08:59,220 --> 00:09:03,520
And two very popular bloggers we can defeat is.
90
00:09:06,380 --> 00:09:12,620
Dessau, thank you for your lesson in a nice lesson to stand our practicals, Houdin.
9449
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.