Shulou(Shulou.com)06/01 Report--

How to understand Linux ARM and its application protection, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Linux ARM application field

Linux ARM is widely used in the field of IoT and AI. It is widely used in industrial control, intelligent life, urban management and other scenarios, and plays an important role in people's work and life.

Industrial control: intelligent AI, machine vision, intelligent equipment, self-driving, etc.

L Smart life: smart home, digital medical treatment, location and navigation, etc.

Urban management: intelligent transportation, environmental monitoring, intelligent security, intelligent building, intelligent logistics, etc.

How to migrate applications to Linux ARM

It is a trend that more and more applications switch to ARM architecture. But at present, most of the applications are still running on the CPU of X86 architecture, and the originator needs to carry out some form of "refactoring" in order to run on the devices of ARM architecture. The main reason is that X86 and ARM use different types of instruction levels, which need to deal with the differences at the instruction level perfectly in order for the application to run normally.

Different types of development languages have different difficulties and workload in the process of migration. The simplest are interpretive languages, such as Python, etc., which can be run directly under the ARM architecture if they do not rely on the common builds of compiled languages such as C and C++. Applications written in C, C++, Go and other compiled languages need to be recompiled with the ARM64 "aarch74" compiler before they can run. Because compiled languages are first "translated" into assembly, and then converted into binary instructions. For a very small number of assembly languages, you need to rewrite it at the ARM instruction level.

Linux ARM application protection

Background

At present, a large number of Linux ARM applications are migrated from Linux X86. Due to the change of instruction set, the application adapts accordingly. The original protection scheme also loses its function with the change of instruction set. Developers need to re-adjust the security scheme.

Scheme

Code virtualization

The execution of the program depends on CPU to parse the code that conforms to the instruction set specification. If the instruction set does not comply with the CPU, it cannot be recognized.

Code virtualization is the transformation of the original instruction through a custom way to generate a new instruction set, which can only be run through a special interpreter that can parse the instruction. this process of running deformed virtual instructions through a special interpreter is code virtualization.

Traditional shell products will have a good effect against static analysis, but the original code will be exposed in memory after running. After the hacker Dump memory, you can use IDA for reading and analysis after necessary repair. But after using code virtualization, the program runtime will not restore the virtual instruction set, even if it is Dump,IDA can not read the virtualized code. Hackers can only try to analyze virtual machines with higher complexity, which greatly improves the difficulty and time of code analysis.

Because of the big difference between ARM instruction set and X86, the original virtualization scheme of Linux X86 can not be applied on Linux ARM platform, so developers need a code virtualization scheme that can support Linux ARM.

Code confusion

Code confusion, also known as flower instruction, is to convert the code of a computer program into a form that is functionally equivalent but difficult to read and understand. Confusion is to reorganize and process the released program, so that the processed code can complete the same function as the pre-processing code, but the confused code is difficult to be decompiled, and even if the decompilation is successful, it is difficult to get the true semantics of the program. Code confusion can effectively improve the difficulty of reverse cracking of the application.

Code obfuscation is of great help in disrupting the original instructions and preventing static analysis and decompilation.

Code encryption

Code encryption is a protection method that uses SMC (Self-Modifying Code) technology to encrypt the original function and decrypt the function and execute it when the function is executed. Code encryption is particularly suitable for the Linux ARM platform because of its high efficiency and almost no performance loss.

As the main product of Digital Shield Security Lab in the direction of code protection, Virbox Protector successfully transplants code virtualization from X86 platform to ARM platform, and specially optimizes it according to the characteristics of ARM instruction set. Combined with mainstream functions such as code confusion and intelligent compression, it has a strong defense capability to prevent dynamic analysis and static analysis.

Virbox Protector is based on binary file operation, and developers do not need to provide source code or call API.

The protection effect is as shown below:

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.