Protect your customer data and your reputation with our state-of-the-art security
Secure valuable gaming revenue streams & maintain user trust with our Unity integration
Secure your e-commerce revenue & safeguard data by layering mobile app protection
Binary code patching is a common and effective way attackers alter a specific part of a program’s code while keeping the rest of the code’s functionality intact. The program can be manipulated in place without requiring source code.
Common targets for binary patching include:
Attackers may use well-known disassemblers or hooking tools to understand the code and implement binary patching. However, they can also use other non-standard techniques to implement binary patches, which may not be easily detectable.
Binary patching is a rather overarching term and refers to altering compiled code. Its execution is broad and can be used in multiple contexts.
Hooking, on the other hand, is manipulating existing indirections to alter control flow in an application code. It is possible that a lot of hooks are executed through binary patching, depending on the indirection that is being abused in the code.
Only ensuring control flow integrity and preventing abuse of indirections is not enough. Developers need to verify the actual semantic integrity of pieces of code. Hence, the need for a technique that will enable you to detect if critical parts of your application code have been modified and enable the application to take appropriate action at runtime.
Code checksumming is a technique similar to application signing but can be used to detect changes made to the code at runtime, and it can be localized to specific sections of the software. It is based on calculating a hash of the code section you would like to protect and monitor. A simple explanation of how code checksumming works is:
Thus, at runtime, this allows you to detect whether the part of the code in question was changed since it was compiled.
Code checksumming is an essential capability for mobile app protection. As attackers are becoming more adept at understanding and modifying the code, even at runtime, code checksumming is critical in deploying a robust, multi-layer mobile application protection strategy.
A multi-layer approach consists of many different protections and checks executed in multiple places, so it’s harder for an attacker to work around all of them. Each of these different layers of protection reinforces each other. For example, a code checksumming verification is backed by hooking checks, tamper checks, and additional static protections. Code obfuscation makes it difficult for attackers to detect the checksumming checks and bypass them. This layered approach to security has proven to be most effective in protecting mobile apps against threats.
Guardsquare provides a comprehensive collection of products for protecting, testing, and monitoring mobile apps without significantly adding to a development team's work. The constant insights from our in-house security research team ensure our products and the protection of your mobile apps remain updated with the changing mobile app security landscape.
iXGuard enables mobile app developers to protect their applications against runtime binary patching through its code checksumming capability, among the rest of its rich set of other capabilities you can use to protect your app. Like the rest of iXGuard’s RASP capabilities, code checking will have minimal impact on your app’s performance because it requires very little compute resources and can be tuned by localizing them to specific code areas.
A more in-depth discussion of code checksumming and a lab can be accessed here.