公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

公开(公告)号：US09128722B2

公开(公告)日：2015-09-08

申请号：US13851581

申请日：2013-03-27

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Mathieu Ciet ,  Augustin J. Farrugia

IPC: G06F9/44 ,  G06F9/45 ,  G06F21/14

CPC classification number: G06F8/33 ,  G06F8/423 ,  G06F21/14

Abstract: Disclosed herein are systems, computer-implemented methods, and non-transitory computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are non-transitory computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code.

Abstract translation: 这里公开的是系统，计算机实现的方法和用于模糊代码的非暂时计算机可读存储介质，诸如指令和数据结构。 还公开了包含混淆代码的非暂时性计算机可读介质。 在一个方面，预处理工具（即，在编译之前）在源程序代码中标识用于替换的例程。 该工具可以是在计算机或嵌入式设备上运行的软件程序。 然后，该工具从一个函数库中选择一个等同于识别的例程的功能来替换识别的例程。 然后，编译器可以使用所选择的功能代替所识别的例程来编译基于源程序代码的计算机指令。 另一方面，该工具用受精数据结构取代数据结构。 这些方法可以基于各种因素应用于源程序代码的各个部分。 软件开发人员可以灵活地配置如何以及在何处施肥源代码。

公开(公告)号：US09047448B2

公开(公告)日：2015-06-02

申请号：US13741227

申请日：2013-01-14

Applicant: Apple Inc.

Inventor： Cedric Tessier ,  Daniel Reynaud ,  Jean-Baptiste Aviat ,  Jonathan Gregory McLachlan ,  Julien Lerouge ,  Pierre Betouin

IPC: G06F7/38 ,  G06F9/00 ,  G06F9/44 ,  H04L9/32 ,  G06F11/30 ,  G06F12/14 ,  G06F21/14 ,  G06F21/51

CPC classification number: G06F21/14 ,  G06F8/41 ,  G06F9/45545 ,  G06F21/51 ,  G06F2221/2107

Abstract: A branch auditing system can be automatically injected into a computer program, in one embodiment, in response to a programming call provided in source code by a programmer who has selected a particular branch, in a set of possible branches, for auditing. The branch auditing system can record, in an obfuscated data structure, a path taken at the particular branch and the parameters associated with the branch and later an auditor can determine whether the path taken was valid, and if the path taken was invalid, operations can be performed to protect the program, system and/or user.

Abstract translation: 在一个实施例中，分支审计系统可以自动地注入到计算机程序中，以响应于在一组可能的分支中选择了特定分支以用于审计的程序员在源代码中提供的编程调用。 分支审计系统可以在模糊数据结构中记录在特定分支处采取的路径和与分支相关联的参数，随后审核员可以确定所采用的路径是否有效，并且如果所采用的路径无效，则操作可以 执行以保护程序，系统和/或用户。

公开(公告)号：US20140201720A1

公开(公告)日：2014-07-17

申请号：US13741227

申请日：2013-01-14

Applicant: APPLE, INC.

Inventor： Cedric Tessier ,  Daniel Reynaud ,  Jean-Baptise Aviat ,  Jonathan Gregory McLachlan ,  Julien Lerouge ,  Pierre Betouin

IPC: G06F9/44

CPC classification number: G06F21/14 ,  G06F8/41 ,  G06F9/45545 ,  G06F21/51 ,  G06F2221/2107

Abstract: A branch auditing system can be automatically injected into a computer program, in one embodiment, in response to a programming call provided in source code by a programmer who has selected a particular branch, in a set of possible branches, for auditing. The branch auditing system can record, in an obfuscated data structure, a path taken at the particular branch and the parameters associated with the branch and later an auditor can determine whether the path taken was valid, and if the path taken was invalid, operations can be performed to protect the program, system and/or user.

Abstract translation: 在一个实施例中，分支审计系统可以自动地注入到计算机程序中，以响应于在一组可能的分支中选择了特定分支以用于审计的程序员在源代码中提供的编程调用。 分支审计系统可以在模糊数据结构中记录在特定分支处采取的路径和与分支相关联的参数，随后审核员可以确定所采用的路径是否有效，并且如果所采用的路径无效，则操作可以 执行以保护程序，系统和/或用户。

公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US20130232468A1

公开(公告)日：2013-09-05

申请号：US13851581

申请日：2013-03-27

Applicant: APPLE INC.

Inventor： Pierre Betouin ,  Mathieu Ciet ,  Augustin J. Farrugia

IPC: G06F9/44

CPC classification number: G06F8/33 ,  G06F8/423 ,  G06F21/14

Abstract: Disclosed herein are systems, computer-implemented methods, and non-transitory computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are non-transitory computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code.

Abstract translation: 这里公开的是系统，计算机实现的方法和用于模糊代码的非暂时计算机可读存储介质，诸如指令和数据结构。 还公开了包含混淆代码的非暂时性计算机可读介质。 在一个方面，预处理工具（即，在编译之前）在源程序代码中标识用于替换的例程。 该工具可以是在计算机或嵌入式设备上运行的软件程序。 然后，该工具从一个函数库中选择一个等同于识别的例程的功能来替换识别的例程。 然后，编译器可以使用所选择的功能代替所识别的例程来编译基于源程序代码的计算机指令。 另一方面，该工具用受精数据结构取代数据结构。 这些方法可以基于各种因素应用于源程序代码的各个部分。 软件开发人员可以灵活地配置如何以及在何处施肥源代码。