Guardant Armor

Guardant Armor

A software tool to protect applications from hacking, reverse engineering and illegal

use. In a few clicks, it provides automatic layered protection against all threats.

List of solutions, that include the product

-IoT and hardware

-Protection of software from reverse engineering

-Embedded systems protection

Advantages

Code virtualization provides the transformation of sections of the software code into a system of commands of a unique virtual machine, generated during the application protection process

Automatic profiling offers an optimal list of functions of the protected application compiled on the basis of static and dynamic analysis

Protection against memory dumping prevents the analysis of the executable code of the protected program in the process of its execution in RAM

Integrity control provides for the execution of built-in algorithms code checks for modifications

Licensing allows to protect the application from illegal distribution and use thanks to Guardant hardware and software keys

Models

Guardant Armor

Reverse engineering protection

Guardant Protection Studio

Guardant Armor operating scheme

Protection process

Developer chooses which functions of the program to protect. This can be done either manually or automatically. Then the Guardant Armor is applied, which protects these functions from reverse engineering. The output is an application with "cut functions", as well as a special container in the form of a DLL library, which contains functions in a protected form.

Technologies used

Obfuscation is a complex of technologies for obfuscating the code of a protected application. As a result of its application, the program retains its functionality in full, but the program code becomes so complex that it is almost impossible to analyze it.

Code mutation is an obfuscation method in which the original control flow graph is supplemented with trash instructions, branches, loops, and even additional logic. As a result of this confusion, it becomes difficult to determine whether the analyzed section of code is an original program or a dummy.

Code virtualization is an obfuscation method in which the source machine code of an application is translated into the instructions of a unique virtual machine generated during the application protection process. These instructions are interpreted directly at the time of program execution.

The peculiarity of this technology is that when protecting the same application, new instructions with different logic and a set of commands are generated each time. And they can be executed only on the virtual machine for which they were generated.

Virtualization ensures the absence of permanent signatures in the program code, countering deployment attempts, integrity control, etc.

An envelope is the packaging and encryption of sections of a protected file. During the launch of the protected application, a special loader decompresses and decrypts the file before control is transferred to the original entry point. The application is encrypted with a symmetric cryptographic algorithm, the key to which is usually stored in an external security component (hardware or software key).

Profiling

In case of applying obfuscation technologies to each section of the code, the operation of the application can significantly slow down. At the same time, sections that are of absolutely no value to an attacker will be protected. The technology used to maintain the speed of program execution and at the same time protect important parts of the code is profiling technology. The protected application undergoes a thorough static and dynamic analysis, as a result of which the optimal list of protected functions is determined.

Virtualization operation scheme

Code virtualization makes reverse engineering of a protected application difficult and provides a high level of copy protection.

The selected code sections are converted into a system of commands (byte code) of a unique virtual machine, which ensures their execution at the right moment. The resulting byte code is divided into blocks and securely encrypted. During execution, only the block of bytecode necessary for execution is stored in the computer's memory, which thereby protects the application from a dump.

The ability to simultaneously protect multiple executable files allows you to further confuse the logic of application execution. All calls are routed to a single dynamic library that stores the bytecode common to all files and virtual machine. At the same time, each protected file is packaged and encrypted (covered with an envelope).

Characteristics

Supported operating systems

• x86 and x64 versions of MS Windows 11/10/8.1/8/7/Vista/XP;
• GNU/Linux.

Programming language of the protected program

·Any programming language compiled into machine code (C, C++, Pascal, etc.).

Protected files

• Executable files and dynamic libraries of Windows x86/x64 (.exe, .dll, etc., PE format);
• Executable files and dynamic libraries of Linux x86/x86_64 (.so, ELF_EXEC format);
• Windows x86/x64 drivers (.sys, PE format);
• Windows x86/x64 object files (.obj, OMF/COFF format);
• Linux object files (.o, ELF format).

Supported Guardant Keys

• Guardant hardware devices of any models with the exception of Guardant SD. Recommended families: Guardant Sign and Guardant Code;
• Guardant DL software keys.