Page 1 of 2

text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 3:45 am
by drew
I've decided to learn assembly, so what better way to do that than to make an OS? right? (jk, but that's what I've decided to do...)

anyways, making an operating system is tough work, let alone the bootstrap. I am quickly seeing a need to incorporate ways to protect my hard work.

I guess all you really need on a bootstrap is a copyright notice, which I hear legally states that you acknowledge the software as your own, and that no one has your permission to copy your work, or take pieces from it. then again, I'm no lawyer. and I just think copyright notices are cool, that they add a professional touch.

so I included a nice little copyright message, opened up my new binary file in a hex editor, fooled around with it a bit, and quite easily was able to change that notice.

so I thought about it, and came up with a small simple solution to obfuscate your copyright, which I would like some feedback on.

old code:
  1. PRINT_MSG_TITLE:
  2. MOV SI, MSG_TITLE
  3. PRINT:
  4. MOV AH, 0x0E
  5. PRINT_CONT:
  6. LODSB
  7. OR AL, AL
  8. JZ RETURN
  9. INT 0x10
  10. JMP PRINT_CONT
the old code is called from the main block, as "CALL PRINT_MSG_TITLE", which basically prints the static-easy to change message.

a possible solution could look like like:
  1. MOV AH, 0x0E
  2. MOV AL, 0x49
  3. INT 0x10
  4. MOV AL, 0x50
  5. INT 0x10
  6. MOV AL, 0x51
  7. INT 0x10
  8. MOV AL, 0x52
  9. INT 0x10
  10. MOV AL, 0x53
  11. INT 0x10
which just prints "IPQRS" in order. even this is easy to modify, so I put them in blocks.
  1. PRINT_MSG_C:
  2. MOV AL, 0x43
  3. INT 0x10
  4. RET
  5. PRINT_MSG_D:
  6. MOV AL, 0x44
  7. INT 0x10
  8. RET
  9. PRINT_MSG_E:
  10. MOV AL, 0x45
  11. INT 0x10
  12. RET
  13. PRINT_MSG_F:
  14. MOV AL, 0x46
  15. INT 0x10
  16. RET
  17. PRINT_MSG_G:
  18. MOV AL, 0x47
  19. INT 0x10
  20. RET
  21. PRINT_MSG_H:
  22. MOV AL, 0x48
  23. INT 0x10
  24. RET
  25. PRINT_MSG_I:
  26. MOV AL, 0x49
  27. INT 0x10
  28. RET
  29. MAIN:
  30. MOV AH, 0x0E
  31. CALL PRINT_MSG_C;
  32. CALL PRINT_MSG_D;
  33. CALL PRINT_MSG_E;
  34. CALL PRINT_MSG_F;
  35. CALL PRINT_MSG_G;
  36. CALL PRINT_MSG_H;
  37. CALL PRINT_MSG_I;
EVEN this is easy to modify, but much harder for a novice to produce something that is actually meaningful. I figure, if you have a copyright notice, a lot of letters are going to be used more than once. just changing the letter in the call blocks can produce gibberish. for example, changing "I" to "A" in "PRINT_MSG_I" would turn "COPYRIGHT NOTICE" into "COPYRAGHT NOTACE". so you would need to directly modify the call statements to produce something meaningful.

I'm also anticipating the fact that it may eat up my 510kb real quick, which I don't think will be a problem if I'm extra careful, and remove unnecessary letters.

I just wanted to share what I'm thinking, and I know I'm getting sidetrack... but I think it's good to do that atleast a little so I don't lose interest.

I'm sure as I learn more, I will learn better ways to do this, and I also realize that if all I have is a silly bootstrap, then worrying about obfuscation so soon is also silly.

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 3:55 am
by drew
was thinking about it, and I bet bitshifts would be far better than this, and use a near the same space as the old version, and achieve about the same level of effectiveness..

I think about it some more, and realized this is all probably pretty trivial to most of you, so I guess I look silly either way.

edit:
well hey... when I'm done with my bootstrap, and I have some space left over, or can find ways to optimize it to squeeze enough space out, I figure why not just do both as long as I can? I'm guessing there's not really much you can do to obfuscate a bootstrap, but I might be wrong.

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 3:57 am
by JamesM
Hi,

Security by obscurity doesn't work. If someone wants to change the copyright on your code, they will do.

If you seriously want to protect your work like this, the way I'd recommend is to use steganography to embed a digital signature of your own in it. That way you can identify if anyone has used it and it's not obvious enough to be tampered with.

For example: every ADD instruction can be changed into the equivalent SUB of a signed integer. With ADD=0, SUB=1, you could have a script go through your code and change all ADDs/SUBs so that they spell a message in binary.

Cheers,

James

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 4:05 am
by drew
actually... that sounds cool enough for me to include just for the fun of it. =P~
thanks, I will add this term to my research folder.

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 4:50 am
by bluemoon
drew wrote:I guess all you really need on a bootstrap is a copyright notice, which I hear legally states that you acknowledge the software as your own, and that no one has your permission to copy your work, or take pieces from it. then again, I'm no lawyer. and I just think copyright notices are cool, that they add a professional touch.
Negative. Some professional OS like BSD, Windows, Solaris, Linux, you name it, does not do this, so I conclude it may not sound as profession touch as you might think.
And everything printed by bootstrap onto screen will probably cleared by kernel or vga driver initialization, an nobody will ever be able to see it, unless you intentionally pause and annoy the user to see it every time it boots. (I'm sure you will be the very first person feel annoyed and turn it off)
drew wrote:I just wanted to share what I'm thinking, and I know I'm getting sidetrack... but I think it's good to do that atleast a little so I don't lose interest.
I agree, the most important ingredient of OS development is keep yourself interested and motivated.

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 5:00 am
by rand
I think you are just doing some Beginner Mistakes...
Let me suggest you some Necessary Theory

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 6:32 am
by JamesM
rand wrote:I think you are just doing some Beginner Mistakes...
Let me suggest you some Necessary Theory
Doesn't sound like he needs those links at all. Why do you think he does?

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 6:36 am
by drew
bluemoon wrote:Negative. Some professional OS like BSD, Windows, Solaris, Linux, you name it, does not do this, so I conclude it may not sound as profession touch as you might think.
And everything printed by bootstrap onto screen will probably cleared by kernel or vga driver initialization, an nobody will ever be able to see it, unless you intentionally pause and annoy the user to see it every time it boots. (I'm sure you will be the very first person feel annoyed and turn it off)
I was told that if I don't have it copyright protected via the copyright office, then I must have an actual statement within the document or in this case binary file. so I guess it's pointless at this stage it many ways. 1) it's not near completion, 2) I haven't handed my project out to anyone to use, 3) there's not really anything to protect yet. the thing is that it's not really a matter of displaying the message, it's a matter of having it of file. which if I did have on file, and it changes were made I would technically need to be able to prove it's my work with or without the statement intact. therefore it's all pretty pointless, especially at this stage.

anyways... I was just getting sidetrack, learning assembly, got a little bored, so I was dabbling with the idea and what I would do about this. now I'm realizing if I were going to obfuscate my code, it would be best to obfuscate the entire bootstrap. I just can't imagine how that would work in a bootstrap, being the first thing to be loaded before any other sort of foundation.

well I'm over it. it's just not relevant at this point in time.

(this probably should have been posted in OS Design & Theory)

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 6:47 am
by rand
JamesM wrote:Why do you think he does?
mmm, maybe some feeling, a lot of explanation for a complicated idea for something the user will never see.....

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 6:49 am
by Combuster
drew wrote:I was told that if I don't have it copyright protected via the copyright office, then I must have an actual statement within the document or in this case binary file.
Unless you're from outer space or some other country that should be deemed nonexistant, The Berne Convention applies and copyright is automatically applied.

Similarly, that's why the following is contained on the Licensing page:
wiki wrote:No License Information:
Defaults to "all rights reserved", which usually surprises both authors and users...

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 7:04 am
by Solar
drew wrote:I was told that if I don't have it copyright protected via the copyright office, then I must have an actual statement within the document or in this case binary file.
As there is no such thing as a "Copyright Office" outside the U.S. of A., I assume that this is your nationality.

In this case, be notified that in 1989 the 1976 Copyright Act was amended to conform to most of the provisions of the Berne Convention.

One effect of the amendment was that a copyright notice is optional, as you gain copyright on a work automatically upon creation.
now I'm realizing if I were going to obfuscate my code, it would be best to obfuscate the entire bootstrap.
What is more important, having it obfuscated or easy to debug? I know what my answer to that would be.

;-)

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 11:17 am
by DavidCooper
Maybe you should concentrate on writing something worth protecting first. No one's going to try to rip off your code until you've got something that can threaten the big players, and it doesn't sound as if you're quite there yet.

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 12:40 pm
by Brynet-Inc
DavidCooper wrote:Maybe you should concentrate on writing something worth protecting first. No one's going to try to rip off your code until you've got something that can threaten the big players, and it doesn't sound as if you're quite there yet.
This comes from the person who doesn't even write source code, preferring instead to use cryptic magic numbers that are incomprehensible. :wink:

Re: text obfuscation in bootstrap

Posted: Fri Jun 10, 2011 7:19 pm
by DavidCooper
Brynet-Inc wrote:
DavidCooper wrote:Maybe you should concentrate on writing something worth protecting first. No one's going to try to rip off your code until you've got something that can threaten the big players, and it doesn't sound as if you're quite there yet.
This comes from the person who doesn't even write source code, preferring instead to use cryptic magic numbers that are incomprehensible. :wink:
That isn't to stop people stealing my code - anyone can disassemble it into incomprehensible cryptic magic mnemonics if they want to, or just read the text files which explain how it works (I've nearly finished writing it all up).

Re: text obfuscation in bootstrap

Posted: Sat Jun 11, 2011 12:35 pm
by qw
Solar wrote:What is more important, having it obfuscated or easy to debug? I know what my answer to that would be.
I also know what Microsoft's answer to that is... sadly.