Apriorit Adapts Nanomites for Linux: Modern Antidebug Protection
This month, Apriorit company releases the new technology of Linux application protection from illegal debug, dumping, and reversing based on the so-called nanomites. Modern and efficient, the nanomite technology is successfully used in the commercial protectors for Windows systems. Apriorit Linux Code Protection SDK is the first product to provide an improved nanomite protection for Linux applications.
Till this moment, only Windows nanomite solutions have been present on the market. Apriorit introduces the first nanomite solutions for Linux applications, having additionally improved the initial algorithm.
“Apriorit Linux Code Protection SDK is an antireversing tool made by professional reversers,” Dennis Turpitka, Apriorit CEO & Founder, admits. “Our Reverse Engineering Group led the solution development. Having a number of various R&D projects, we deal a lot with code protection for Windows and Linux. At some point, we realized that Linux applications were not that protected – and we could fix it. I hope our SDK will help other software vendors to resist piracy and illegal code copying.”
Nanomite technology is based on parent process protection combined with some code segment extraction for packing with their subsequent obfuscation at unpacking. Marked code segments (nanomites) are cut out from the source code and replaced by jumps on them in a specific manner, using the table of conditional and unconditional jumps and obfuscation. Parent process protection (known as Debug Blocker in Windows protectors) starts protected program as a child process and attaches to it for debug. Thus, for a third party, it is possible to debug only parent process, not the program itself.
“There are always some ways to fight any protection,” Anton Kotik, Software Designer of Apriorit and Reverse Engineering Group member, says. “But with nanomites, it’s really hard and extremely time-consuming. You can detach parent process only after restoring all nanomites – so while restoring, you have to work with the parent process only. As there are no jumps in the software – they are all replaced – the application is a solid piece of code in disassemblers.”
Apriorit is already accepting requests on their website, providing visitors with more information about the technology of Linux application code protection.
Apriorit is a software research and development company focused on security, virtualization, and system management solutions. Its specialties are kernel level and driver development, enhanced software research including reverse engineering, network technologies, work with different OS and mobile platforms. The company has more than 10 years of market experience and several development offices in Ukraine.