AppServo™, an advanced security solution for mobile applications, provides a high level of security incomparable with conventional methods. Self-Randomization, a key technology in AppServo™, greatly improves the security of mobile apps in the enterprise.
Self-Randomization is a unique patented technology originally owned by AllthatSoft, which ensures that the same program code has a different form each time it is run.
In detail, it is realized through two core element technologies : code splitting and self-modifying. Code splitting divides the mobile app code into regular code and core code, and stores the core code separately on external devices such as smart watch, smart band, and smart card. Core code is integrated with regular code each time it runs, or it runs remotely and independently. When this core code is executed, a self-modifying technique is applied, which is a technique that replaces the code shown in the static analysis in order to make the dynamic analysis of hackers difficult.
Split your app code into regular code and core code, and install this core code in a separate device or location.
After code splitting, core code can be stored on external devices such as smart watches, smart bands, and smart cards. This core code can be installed as a virtual device inside the smartphone, not an external device, depending on the operating environment and security policy.
When the app is running, the core code is recovered with a different form each time it is invoked. The core code can be integrated with regular code via wireless Bluetooth or NFC, or executed remotely and independently.
Code obfuscation is an essential code protection technology used to make hacker’s reverse engineering analysis difficult. In general, it is a technology of inserting dummy code into an original source or binary code, or encrypting a part of code to transform it into a form different from the original code. AppServo™ provides code obfuscation through identifier renaming, control flow randomization, and code randomization techniques.
Identifier renaming is a technique that makes it harder for an attacker to identify an identifier name, such as class, variable, or method, by changing it to a meaningless name.
Control Flow Randomization
Control flow randomization is a technique that makes it difficult to grasp the control flow by adding dummy code to the code.
API hiding is a technique that makes it difficult to grasp contexts by hiding API calls. While control flow randomization is an outlining method of adding dummy code, API hiding corresponds to an inlining method that hides core functions.
String encryption is a technique that encrypts important strings in the data section of program code and decrypts them when loaded into memory.
Code encryption is a technique that encrypts important classes or functions in a program’s code section and decrypts the code when it is loaded into memory. In general, class encryption is applied with string encryption.
Packing is a traditional technology that protects the original code by rewriting the binary by applying compression and anti-reversing functions to the entire program code. AppServo™ also provides the same functions provided by ordinary packers.
Packing is a technique for compressing program code to hide the entire program logic. If necessary, encryption is applied in addition to compression. It is similar to class encryption in that it encrypts the code, but class encryption encrypts only a portion of the code, while packing applies the entire code.
Anti-analysis is one of the important code protection technologies to block reverse engineering analysis by adding anti-reversing function to program code. AppServo™ provides anti-rooting, anti-emulating, anti-debugging and anti-tampering techniques.
Anti-rooting is a technique that causes a process to terminate itself abnormally if it detects that the program execution environment is being routed.
Anti-debugging is a technology that detects when a reverse engineering analysis tool is being used and terminates the process itself abnormally. In general, it is applied with anti-emulating.
Anti-tampering is a technique that detects when program code is forged and terminates itself so that the process no longer works.