公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.