Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.

Abstract: An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a disposed code importer generating part, a code loader generating part, a memory inner code modifier generating part and a decrypted code caller generating part.

Abstract: An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a loader generating part, a decrypted code caller generating part and an unloader generating part. The secret code dividing part divides an application code into a secret code and a normal code. The secret code caller generating part generates a secret code caller. The dummy code generating part generates a dummy code corresponding to the secret code. The code disposing part disposes the dummy code and the encrypted secret code and generates position information thereof. The code decryptor generating part generates a code decryptor. The loader generating part generates a loader. The decrypted code caller generating part generates a decrypted code caller. The unloader generating part generates an unloader.

Abstract: An application code obfuscating apparatus includes a secret code divider, a secret code caller, a code converter and an obfuscating part. The secret code divider is configured to divide an application code having a first type into a secret code and a normal code. The secret code caller generating part is configured to generate a secret code caller to call the secret code. The code converter is configured to convert the secret code having the first type to a second type. The obfuscating part is configured to generate a first table and a second table. The first table includes an obfuscated signature of the secret code and a first random vector. The second table includes an offset of the secret code which corresponds to the obfuscated signature of the secret code and a second random vector which is liked with the first random vector.

Abstract: A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.

Abstract: A mobile device and a method of operating a mobile device are disclosed. The mobile device includes a main processor executing a normal code of a mobile application program, a co-processor executing a core code of the mobile application program, and a co-processor driver enabling the main processor and the co-processor to communicate with each other. The normal code includes commands executable by the main processor, and the core code includes commands executable by the co-processor. Since the core code is separated from the mobile application program on a level lower than an operating system level when the mobile application program is installed on the mobile device and the core code is stored in a core code storage to which the main processor is not allowed to access directly, the core code is not exposed to an attacker, such that resistance to a reverse engineering attack is increased.

Abstract: The integrity verification system includes a client and an RCE server. The client requests an RCE service to the RCE server using a pointer of a return function as a parameter of a service call function and transmits a memory code of the return function to the RCE server when Reverse-RCE for obtaining the memory code of the return function is requested from the RCE server. The RCE server generates a first hash key of the transmitted memory code, compares the first hash key to a stored second hash key of the memory code of an original return function, generates a return value according to a compared result between the first hash key and the second hash key and transmits the generated return value to the client using the generated return value as a parameter of the service call function. The client executes the return function using the return value as a parameter of the return function.

Abstract: A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.

Abstract: A code obfuscation device and a method of obfuscating a code of an application program file are disclosed. The code obfuscation device includes an extraction circuit uncompressing an application program file to extract a Dalvik executable file, a code analysis circuit analyzing a bytecode of the Dalvik executable file, a control circuit determining an obfuscation character and a number and a location of the obfuscation character to be inserted in the bytecode, and an identifier conversion circuit inserting the obfuscation character in the bytecode to convert an identifier of the bytecode. Since the identifier of the bytecode is converted using an obfuscation character, which corresponds to a character that is invisible on a screen or has a different Unicode from another character displayed on the screen as a same shape as the character, the application program file has an increased resistance to a reverse engineering attack.

Abstract: A user terminal for detecting forgery of an application program based on signature information and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a signature information extraction circuit, a communication circuit and a forgery determination circuit. When the application program is installed on the user terminal, the signature information extraction circuit extracts the signature information of the application program on a platform level. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on the platform level to receive original signature information of the application program from the authentication server, or receives the original signature information from a peripheral device paired with the user terminal.

Abstract: A user terminal for detecting forgery of an application program based on a hash value and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a communication circuit, a hash value generation circuit and a forgery determination circuit. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on a platform level to receive an original hash value of the application program from the authentication server, or to receive the original hash value from a peripheral device paired with the user terminal. The hash value generation circuit generates the hash value of the application program on the platform level.

Abstract: A user terminal includes a pairing circuit, a communication circuit, and a control circuit. The pairing circuit receives a normal code of an application from an application providing server in a process of downloading and installing the application from the application providing server, and performs a pairing operation with a peripheral device that stores a core code of the application received from the application providing server. The communication circuit, in a process of executing the application, transmits distinct information of the user terminal to the peripheral device to make the peripheral device encrypt the core code and decrypt the encrypted core code. The control circuit transmits an execution request message to the peripheral device, and receives an execution result of the core code from the peripheral device.

Abstract: A user terminal includes a communication circuit, an encryption-decryption circuit, and an execution circuit. The communication circuit receives a core code file of an application from a peripheral device, which stores the core code file of the application, when certifying a core code of the application. The encryption-decryption circuit encrypts the core code file and transmits the encrypted core code file to the peripheral device, and, when executing the application, receives the encrypted core code file from the peripheral device and decrypts the encrypted core code file. The execution circuit executes the application using the decrypted core code file and a normal code file of the application stored in the user terminal. Since the normal code file is stored in the user terminal and the core code file is stored in the peripheral device, the core code of the application is protected from reverse engineering attacks.

Abstract: Disclosed is an apparatus for tamper protection of an application which includes: an input unit that receives codes to be used for an application; a code separator that separates the inputted codes into sensitive codes requiring application tamper protection and general codes including sensitive method calling routine for calling the sensitive codes by analyzing the input codes; an encoder that encrypts the sensitive codes and inserts the address of an sensitive code connector storing the address information of the sensitive codes; a controller that converts the sensitive method calling routine to be able to call dummy codes by inserting the dummy codes to the general codes, inserts vector table generator, to the sensitive codes, and insert a sensitive method calling routine converter, to the sensitive codes; and a code combiner that creates the application by combining the general codes and the sensitive codes.

Abstract: Disclosed is an apparatus for tamper protection of an application which includes: an input unit that receives codes to be used for an application; a code separator that separates the inputted codes into sensitive codes requiring application tamper protection and general codes including sensitive method calling routine for calling the sensitive codes by analyzing the input codes; an encoder that encrypts the sensitive codes and inserts the address of an sensitive code connector storing the address information of the sensitive codes; a controller that converts the sensitive method calling routine to be able to call dummy codes by inserting the dummy codes to the general codes, inserts vector table generator, to the sensitive codes, and insert a sensitive method calling routine converter, to the sensitive codes; and a code combiner that creates the application by combining the general codes and the sensitive codes.

Abstract: Disclosed is an apparatus for tamper protection of an application which includes: an input unit that receives codes to be used for an application; a code separator that separates the inputted codes into sensitive codes requiring application tamper protection and general codes including sensitive method calling routine for calling the sensitive codes by analyzing the input codes; an encoder that encrypts the sensitive codes and inserts the address of an sensitive code connector storing the address information of the sensitive codes; a controller that converts the sensitive method calling routine to be able to call dummy codes by inserting the dummy codes to the general codes, inserts vector table generator, to the sensitive codes, and insert a sensitive method calling routine converter, to the sensitive codes; and a code combiner that creates the application by combining the general codes and the sensitive codes.

Abstract: A mobile privacy protection system using a proxy, a proxy device, and a mobile privacy protection method are provided. The mobile privacy protection system includes: an electronic tag to store predetermined tag information; a proxy device to adjust a privacy level of the electronic tag; and a home server to create new tag information in response to a request from the proxy device wherein the new tag information is used to adjust the privacy level.

Abstract: Disclosure relates to a method of sharing a session key between wireless communication terminals using a variable-length authentication code. The method includes: generating a public key by using an own private key; generating a message including the public key and a first random number and encoding the message using an own secret key to exchange an encrypted message with the other terminal; decoding the encrypted message of the other terminal by receiving a secret key of the other terminal; generating an authentication code by calculating the first random number and a second random number included in the decoded message; obtaining a medium value from the authenticated code; and generating a session key by using a public key included in the decoded message of the other terminal.

Abstract: Disclosed is an apparatus for tamper protection of an application which includes: an input unit that receives codes to be used for an application; a code separator that separates the inputted codes into sensitive codes requiring application tamper protection and general codes including sensitive method calling routine for calling the sensitive codes by analyzing the input codes; an encoder that encrypts the sensitive codes and inserts the address of an sensitive code connector storing the address information of the sensitive codes; a controller that converts the sensitive method calling routine to be able to call dummy codes by inserting the dummy codes to the general codes, inserts vector table generator, to the sensitive codes, and insert a sensitive method calling routine converter, to the sensitive codes; and a code combiner that creates the application by combining the general codes and the sensitive codes.

Abstract: Provided are method and apparatus for authenticating a password of a user terminal. The method includes: pre-setting, by a user, a password and an identification image for identifying the password; moving a keypad window or an image window realized on a screen of the user terminal according to an action of the user; determining, when a plurality of images included in the image window and a plurality of keys included in the keypad window sequentially overlap with each other, whether a plurality of keys and the identification image corresponding to the password sequentially overlap; and authenticating the password when the plurality of keys and the identification image corresponding to the password sequentially overlap. Accordingly, password information may be protected from a third person observation as the user inputs a pre-set password in an indirect method without having to directly input the pre-set password through an authentication interface.