Interlocked Binary Protection Using Whitebox Cryptography
First Claim
1. A method of transforming a binary software application comprising binary application code from an original form to a secured form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
- A) performing a combination of a plurality of binary transmutations to said binary software application during a build time phase by making a series of changes to said binary application code to produce changed binary application code, said changes including implanting new code intertwined with said changed binary application code during build-time; and
B) interlocking said transmutations by generating and placing interdependencies between the transmutations;
C) during execution, applying said combination of transmutations and interlocking to both the binary application code to be protected and the implanted code; and
D) producing a protected application that is semantically equivalent to the original application but which comprises said interlocked transmutations such that the binary protection is no longer separated from the protected application.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for transforming a software application comprising binary code and optionally associated data, from an original form to a more secure form. The method includes performing a combination of binary transmutations to the application, and interlocking the transmutations by generating and placing interdependencies between the transmutations, wherein a transmutation is an irreversible change to the application. Different types of the transmutations are applied at varied granularities of the application. The transmutations are applied to the application code and the implanted code as well. The result is a transformed software application which is semantically equivalent to the original software application but is resistant to static and/or dynamic attacks.
34 Citations
61 Claims
-
1. A method of transforming a binary software application comprising binary application code from an original form to a secured form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
-
A) performing a combination of a plurality of binary transmutations to said binary software application during a build time phase by making a series of changes to said binary application code to produce changed binary application code, said changes including implanting new code intertwined with said changed binary application code during build-time; and B) interlocking said transmutations by generating and placing interdependencies between the transmutations; C) during execution, applying said combination of transmutations and interlocking to both the binary application code to be protected and the implanted code; and D) producing a protected application that is semantically equivalent to the original application but which comprises said interlocked transmutations such that the binary protection is no longer separated from the protected application. - View Dependent Claims (6, 12, 13, 14, 15, 16, 17, 18, 19, 20, 27, 29, 30, 31, 32, 33, 34, 35, 36)
-
- 2. The method of claim 2, wherein said combination of a plurality of binary transmutations comprises at least one inter-layer transmutation applied to successively nested layers of said binary application code.
-
9. The method of 8 wherein said at least one intra-layer transmutation includes an integrity verification (IV) transmutation applied to at least one layer at both build time and run time.
-
28. The method of 27 wherein said RSM is protected by applying one or both of ADD and IV binary transmutations to said RSM.
-
37. A system of protecting a software application comprising binary code and optionally associated data, from an original form to a more secure form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said system comprising:
-
a. providing secure binary libraries for a software application to invoke the designated transmutation execution behaviors at code locations that user want to protect. b. providing options for users to apply different types of the transmutations at varied granularities, such as module, function, block and instruction that comprise said application. c. providing a build-time toolset to perform binary transmutation preparations to the said application, and transform the original execution of the said application to a secured execution by using the toolset. d. producing a protected application that is semantically equivalent to the original application, and comprises said interlocked transmutation executions, which also are interlocked with transmutation preparations, such that the binary protection is no longer separated from the protected application. e. during executing a protected application, the secured execution of the said protected application comprising interlocked transmutation executions protects the execution such that prevents from attacks statically and dynamically and only very small portion of binary code presented in execution memory is in clear form during any time of its execution. - View Dependent Claims (38, 39, 40, 41, 44, 45, 46, 47, 48)
-
-
42. The Method/System of any proceeding claim where said transmutations are applied both to said code and to associated data.
-
43. A computer program product comprising machine readable medium tangibly storing machine readable and executable instructions, which when executed by a processor, cause said processor to implement any of the methods disclosed and/or claimed herein.
-
49. A method of transforming a binary software application comprising binary application code from an original form to a secured form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
-
analyzing said binary application to determine at least one component of said application to which at least one binary transmutation can be applied, said component including component code; performing a series of changes to said component code to produce changed component code, said changes including applying at least one WB transformation to said component code and implanting new code intertwined with said changes to said binary application code; interlocking said changes by generating and placing interdependencies between said changes; and applying said changes and interlocking to both the binary application code to be protected and the implanted code to produce a transmuted application that is semantically equivalent to the original application but which comprises said interlocked transformations such that the binary protection is no longer separated from the protected application.
-
-
50. A method of protecting a software application comprising binary code and optionally associated data, from an original form to a more secure form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
-
c. providing a build-time toolset to perform binary transmutation preparations to said application and transform the original execution of the said application to a secured execution by using the toolset; and d. producing a protected application that is semantically equivalent to the original application, comprising interlocked transmutation executions, which also are interlocked with transmutation preparations, such that the binary protection is no longer separated from the protected application; wherein the secured execution of the said protected application comprises interlocked transmutation executions configured such that only a small portion of binary code is in clear form during any time of its execution. - View Dependent Claims (51, 52, 53, 54)
-
-
55. A method of transforming a binary software application comprising binary application code from an original form to a secured form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
-
A) performing a combination of a plurality of binary transformations to said binary software application during a build time phase by making a series of changes to said binary application code to produce changed binary application code, said changes including implanting new code intertwined with said changed binary application code during build-time; B) interlocking said transformations by generating and placing interdependencies between the transformations; and C) applying said combination of transformations and interlocking to both the binary application code to be protected and the implanted code to produce a transmuted application that is semantically equivalent to the original application but which comprises said interlocked transformations such that the binary protection is no longer separated from the protected application. - View Dependent Claims (56, 57)
-
-
58. A method of transforming a binary software application comprising binary application code from an original form to a secured form that is resistant to static and/or dynamic attacks attempting to tamper with, reverse engineer, or lift all or part of the application, said method comprising:
-
analyzing said binary application to determine components of said application to which binary transmutations can be applied, wherein each binary transmutation comprises; performing changes to said code by apply a transformation to said component code and additionally implanting transmutation execution code intertwined with said transformed component code; interlocking said changes by generating and placing interdependencies between said changes and other aspects of said application code <
which can include the main application, or other components>
; andapplying said changes and interlocking to both the binary application code to be protected and the implanted code to produce a transmuted application that is semantically equivalent to the original application but which comprises said interlocked transformations such that the binary protection is no longer separated from the protected application. - View Dependent Claims (59)
-
-
60. A method as claimed in any one of the proceeding claims, further comprising Dynamic Function loading.
-
61. A method of dynamic function loading as described.
Specification