Software, hardware, and content industries lose millions every year because of piracy, intellectual property theft, cracked copyright mechanisms, tampered software, malware, and so on. The basic problem lies in the openness of the underlying architecture of today’s computing systems. With the right expertise and tools, anyone can gain control over software running on their devices. There will always be users who will attempt to analyze and break software protection mechanisms, out of personal gain or pure curiosity. Therefore, a robust and efficient software protection scheme is an absolute must for all modern software applications in virtually all business areas. It is a fundamental factor in ensuring long-term profitability in today’s distributed software markets.
The war zone between software applications and adversaries who want to crack them is very broad and diverse. An application can be attacked at various layers, on different hardware, and with very different goals in mind, creating a very complex problem for companies who want to protect their intellectual property. Here are nineteen ways that our integrated software protection solution, Cryptanium, protects the entire application code and all the sensitive data processed by that code:
1. Integrity protection. Hundreds of embedded overlapping checksums ensure that the binary code of the application is not modified.
2. Code obfuscation. Source-level protection that transforms the original code so that it is very hard to understand and reverse engineer.
3. Anti-debug protection. Platform-specific anti-debug code enables effective protection against main-stream debuggers, thus preventing analysis of the code.
4. iOS jailbreak detection. Code Protection provides efficient security mechanisms that will defend the application if a jailbroken device is detected.
5. Method swizzling detection. Code Protection provides efficient security mechanisms that will defend the application if a jailbroken device is detected.
6. Android rooting detection. Code Protection provides efficient security mechanisms that will defend the application if a rooted device is detected.
7. Mach-O binary signature verification. Code Protection provides a security feature specifically aimed at the Mach-O file format (used by iOS and OS X apps) that prevents unwarranted re-signing and distribution of the protected app.
8. Google Play licensing protection. The anti-piracy feature relies on an alternative implementation of the Google Play license verification library written in native code, which is very hard to reverse engineer and modify.
9. Integrity protection of Android APK packages. Set of source code and run-time features that allow you to protect APK packages against any kind of tampering, including re-signing with a different key.
10. Verification of function caller modules. Code Protection prevents manipulation of function calls by enabling the application to verify function caller modules and defend itself if modules are unauthorized.
11. Cross-checking of shared libraries. You can select specific shared library files from your application, and Code Protection will calculate cryptographic signatures of their binary code and embed these signatures in the main application. Then, at arbitrary places in the application code you can invoke a special function that checks if the signature of a particular shared library loaded in the memory matches the previously recorded signature.
12. Binary packing. Executable code is stored in encrypted form, and is decrypted only at run time.
13. Inlining of static void functions. Obfuscation level of the protected application is greatly increased by merging certain simpler functions into other functions.
14. Objective-C message call obfuscation. Code Protection can obfuscate message calls in the binary code so that they do not appear in plain text.
15. Objective-C metadata obfuscation. Code Protection can encrypt the metadata of Objective-C executables to hide valuable information from potential attackers.
16. String literal obfuscation. Code Protection can encrypt a large portion of string literals in the code. They are decrypted only before they are actually used. This feature provides strong protection against static analysis.
17. Customizable defense action. You can write a custom callback function to be invoked when the protected application detects a threat.
18. Software diversification. The footprint of the generated protection and its data is different for every protected application, making it even harder for hackers to develop a universal cracking scheme.
19. White-box cryptography. Standard cryptographic algorithms are implemented in a way that completely hides the internal keys and prevents them from being modified.
Recent data breaches underscore the need for comprehensive application security, and Cryptanium delivers!
Photo by Craig Moe.