There is some traffic on sci.crypt about cloakware, which apparently transforms executables into semantically equivalent but very removed from the human-interface flow, in order to make reverse-engineering and mods more difficult. Does anyone have more insight into this ? sci.crypt: It seems our job posting has generated a bunch of questions. This is an attempt to answer some of them. To start with, I (Stanley Chow) am the VP of Engineering of Cloakware and one of the names in US patent 5748741. I will gather the questions from this thread and try to answer them. Since we were not planning to go public quite so soon, many answers will leave you dangling. Our first public appearance is a 5-minute talk at the IEEE Symposium in Oakland in the middle of May. If anyone wants to get more information, please contact: [EMAIL PROTECTED] (If you let them sense big dollars, then it will be easy to sign the NDA and get to the good stuff; otherwise you might as well just browse our web site and read the whitepapers). The way to get the real low-down is to come join us - a start-up that is doing really exciting stuff, and become fabulously rich while working on really interesting problems. Q: What is Cloakware (the technology) ===================================== Cloakware Technology makes software *effectively* tamper-proof. The protected software still runs. For example, the protected software could be a Java Class files - a boring standard compliant class file that will run on any (correct) JVM. This protected software would be very hard to tamper with. (Yes, there are some fine prints about what "tamper" means). Yes, we know about jamming branches, debuggers, emulators, reverse- engineering tools. No, we are not nuts (at least I don't think so :-) Q: How is Cloakware related to Nortel ===================================== Cloakware Corporation is un-related to Nortel except that we hope to sell to them (as we would hope for any other company). Some of the people happens to have worked for Nortel in the past, and even filed patent(s) in the same area. These patents are not related to the activities at Cloakware. Q: What is the patent status ============================ We, in Cloakware, have also filed a number of patents that cover new ground. These patents are totally owned by Cloakware and not related to Nortel. None of these patents have been granted yet nor have any of them reached the publication date (that I know off), so you are unlikely to find them on the net. Q: How are we different from "shroud", "obfuscator", compiling, ... =================================================================== The shrouds and obfuscators are very superficial. They merely remove debugging information, rename variables, etc. Some commercial products do a little bit more, but by and large, the program semantic is left unchanged. There is no real challenge in fiddling them. Compiling is slightly better. Many people would argue that a good optimizing compiler is pretty good against reverse-engineering and tampering; this is demonstratably not very strong - we have all done patches on binary-only program. At most, one would call them "weakly tamper-resistant" (or in Bruce's scale, good enough to prevent your kid-sister from tampering.) Cloakware Technology acts on a much deeper level and is much stronger. Q: What is our threat model =========================== We are aiming (which is to say we are not there yet, but think we can) at a very severe threat-model: the attackers have all our patents, publications and even internal documentation, they also have our "encoder" (or what some people call the "cloaker") and can experiment with it, they also have unlimited funds to get debuggers/emulators/... as they wish. Even for this threat model, we hope to be able to make it really expensive for the attacker. Q: How are we different from "copy protection" ============================================== The old Apple II and early PC saw lots of fun techniques dedicated to preventing people from making copies. Typically, some trick was used on the disk (half-track, quarter-track, spiral-track, burnt-spot were amongst the most fun) and the code checked for the presence of these tricks. The "crack" usually works by disabling these checks. This led to an escalating war of protecting the S/W. Many techniques were used to protect the S/W - checksums, encryption, multiple layers of them, changing code already in the pre-fetch (to defeat debuggers) and so on. They were all broken within days. They were also often not portable (heck, many ran only on specific versions of some chips). In contrast, Cloakware is totally portable and (we believe) much stronger. Q: Can some tool automatically "de-cloak"? ========================================== We don't think so (but I won't go into the details).
