Protection Schemes of the Lockdown Module

As a stark contrast to the old "ver" module, the Lockdown module includes a number of active defense mechanisms designed to significantly strengthen the module's resistance to attack (including either analysis or being tricked into providing a "good" response to a challenge to an untrusted process).

The protection schemes in the Lockdown module can be broken up into several categories:

1. Mechanisms to thwart analysis of the Lockdown module itself and the secret algorithm it implements (anti-debugging/anti-reverse-engineering).
2. Mechanisms to thwart the successful use of Lockdown in a hostile process to generate a "good" response to a challenge from Battle.net (anti-emubot, and by extension anti-hack, where "anti-hack" denotes a counter to modifications of an otherwise genuine Blizzard game client).
3. Mechanisms to thwart modifications to an otherwise-genuine Blizzard game client that is attempting to log on to Battle.net (anti-hack).

In addition, the Lockdown module is also responsible for implementing a reasonable facsimile of the original function of the "ver" module; that is, to provide a way to authoritatively validate the version of a genuine Blizzard game client, for means of software version control (e.g. the deployment of the correct software updates/patches to old versions of genuine Blizzard game clients connecting to Battle.net).

In this vein, the following protection schemes are present in the Lockdown module and associated authentication system:

• Clearing the Processor Debug Registers
• Memory Checksum Performed on the Lockdown Module
• Hardcoding of Module Base Addresses
• Video Memory Checksum
• Multiple Flavors of the Lockdown Module
• Authenticity Check Performed on Lockdown Module Caller