摘要:
A user terminal includes a pairing circuit, a communication circuit, and a control circuit. The pairing circuit receives a normal code of an application from an application providing server in a process of downloading and installing the application from the application providing server, and performs a pairing operation with a peripheral device that stores a core code of the application received from the application providing server. The communication circuit, in a process of executing the application, transmits distinct information of the user terminal to the peripheral device to make the peripheral device encrypt the core code and decrypt the encrypted core code. The control circuit transmits an execution request message to the peripheral device, and receives an execution result of the core code from the peripheral device.
摘要:
A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.
摘要:
A user terminal includes a communication circuit, an encryption-decryption circuit, and an execution circuit. The communication circuit receives a core code file of an application from a peripheral device, which stores the core code file of the application, when certifying a core code of the application. The encryption-decryption circuit encrypts the core code file and transmits the encrypted core code file to the peripheral device, and, when executing the application, receives the encrypted core code file from the peripheral device and decrypts the encrypted core code file. The execution circuit executes the application using the decrypted core code file and a normal code file of the application stored in the user terminal. Since the normal code file is stored in the user terminal and the core code file is stored in the peripheral device, the core code of the application is protected from reverse engineering attacks.
摘要:
A mobile device and a method of operating a mobile device are disclosed. The mobile device includes a main processor executing a normal code of a mobile application program, a co-processor executing a core code of the mobile application program, and a co-processor driver enabling the main processor and the co-processor to communicate with each other. The normal code includes commands executable by the main processor, and the core code includes commands executable by the co-processor. Since the core code is separated from the mobile application program on a level lower than an operating system level when the mobile application program is installed on the mobile device and the core code is stored in a core code storage to which the main processor is not allowed to access directly, the core code is not exposed to an attacker, such that resistance to a reverse engineering attack is increased.
摘要:
The integrity verification system includes a client and an RCE server. The client requests an RCE service to the RCE server using a pointer of a return function as a parameter of a service call function and transmits a memory code of the return function to the RCE server when Reverse-RCE for obtaining the memory code of the return function is requested from the RCE server. The RCE server generates a first hash key of the transmitted memory code, compares the first hash key to a stored second hash key of the memory code of an original return function, generates a return value according to a compared result between the first hash key and the second hash key and transmits the generated return value to the client using the generated return value as a parameter of the service call function. The client executes the return function using the return value as a parameter of the return function.
摘要:
An application code obfuscating apparatus includes a secret code divider, a secret code caller, a code converter and an obfuscating part. The secret code divider is configured to divide an application code having a first type into a secret code and a normal code. The secret code caller generating part is configured to generate a secret code caller to call the secret code. The code converter is configured to convert the secret code having the first type to a second type. The obfuscating part is configured to generate a first table and a second table. The first table includes an obfuscated signature of the secret code and a first random vector. The second table includes an offset of the secret code which corresponds to the obfuscated signature of the secret code and a second random vector which is liked with the first random vector.
摘要:
A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.
摘要:
A code obfuscation device and a method of obfuscating a code of an application program file are disclosed. The code obfuscation device includes an extraction circuit uncompressing an application program file to extract a Dalvik executable file, a code analysis circuit analyzing a bytecode of the Dalvik executable file, a control circuit determining an obfuscation character and a number and a location of the obfuscation character to be inserted in the bytecode, and an identifier conversion circuit inserting the obfuscation character in the bytecode to convert an identifier of the bytecode. Since the identifier of the bytecode is converted using an obfuscation character, which corresponds to a character that is invisible on a screen or has a different Unicode from another character displayed on the screen as a same shape as the character, the application program file has an increased resistance to a reverse engineering attack.
摘要:
A user terminal for detecting forgery of an application program based on a hash value and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a communication circuit, a hash value generation circuit and a forgery determination circuit. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on a platform level to receive an original hash value of the application program from the authentication server, or to receive the original hash value from a peripheral device paired with the user terminal. The hash value generation circuit generates the hash value of the application program on the platform level. The forgery determination circuit compares the original hash value received from the authentication server or the peripheral device with the generated hash value on the platform level to determine whether the application program is tampered. Accordingly, the user terminal may be protected from a tampered application program. In addition, since forgery of the application program is detected on the platform level, it may overcome limitations of tamper detection technologies on an application program level that can be evaded by an attacker.