Apriorit Adapts Nanomites for Linux: Modern Antidebug Protection

Share Article

Software R&D company Apriorit has released the new code protection technology for Linux applications to prevent illegal debug, dumping, and reverse engineering.

Apriorit Linux Code Protection SDK is an antireversing tool made by professional reversers

This month, Apriorit company releases the new technology of Linux application protection from illegal debug, dumping, and reversing based on the so-called nanomites. Modern and efficient, the nanomite technology is successfully used in the commercial protectors for Windows systems. Apriorit Linux Code Protection SDK is the first product to provide an improved nanomite protection for Linux applications.

Being a software R&D company, Apriorit frequently faces the questions of reliable code protection for both Windows and Linux applications. Experienced also in software research and legal reverse engineering, Apriorit chose the most efficient antidebug technology so far – nanomites.

Till the moment, only Windows nanomite solutions have been present on the market. Apriorit introduces the first nanomite solutions for Linux applications, having additionally improved the initial algorithm.

“Apriorit Linux Code Protection SDK is an antireversing tool made by professional reversers,” Dennis Turpitka, Apriorit CEO & Founder, admits. “Our Reverse Engineering Group led the solution development. Having a number of various R&D projects, we deal a lot with code protection for Windows and Linux. At some point, we realized that Linux applications were not that protected – and we could fix it. I hope our SDK will help other software vendors to resist piracy and illegal code copying.”

Nanomite technology is based on parent process protection combined with some code segment extraction for packing with their subsequent obfuscation at unpacking. Marked code segments (nanomites) are cut out from the source code and replaced by jumps on them in a specific manner, using the table of conditional and unconditional jumps and obfuscation. Parent process protection (known as Debug Blocker in Windows protectors) starts protected program as a child process and attaches to it for debug. Thus, for a third party, it is possible to debug only parent process, not the program itself.

“There are always some ways to fight any protection,” Anton Kotik, Software Designer of Apriorit and Reverse Engineering Group member, says. “But with nanomites, it’s really hard and extremely time-consuming. You can detach parent process only after restoring all nanomites – so while restoring, you have to work with the parent process only. As there are no jumps in the software – they are all replaced – the application is a solid piece of code in disassemblers.”

Apriorit is already accepting requests on their website, providing visitors with more information about the technology.

About

Apriorit is a software research and development company focused on security, virtualization, and system management solutions. Its specialties are kernel level and driver development, enhanced software research including reverse engineering, network technologies, work with different OS and mobile platforms. The company has more than 10 years of market experience and several development offices in Ukraine.

Contact
Alexandra Zhyltsova, Marketing Director
xis(at)apriorit(dot)com
http://www.apriorit.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Alex Zhiltsova

+380-50-340-1747
Email >
Visit website