DEVICE FOR OBFUSCATING APPLICATION CODE AND METHOD FOR SAME

摘要

The present invention relates to an apparatus for tamper protection of an application and a method thereof. An apparatus for tamper protection of an application according to the present invention includes: an input unit that receives codes to be used in an application; a code separator that separates the inputted code into sensitive codes requiring application tamper protection and general codes including calling codes for calling the sensitive codes; a code converter that converts the sensitive code into the format of a native code; an encoder that encrypts the sensitive codes and inserts the address of a sensitive code connector storing the address information of the sensitive codes; a controller that separates the calling codes from the general code and registers the calling codes on a management server, and adds a calling code loading routine for requesting the calling codes and a vector table loading routine for requesting a vector table including vector information of the called sensitive codes; and a code combiner that creates an application by combining the obfuscated general codes with the sensitive codes. According to the present invention, it is possible to compensate vulnerability to reverse engineering of a managed code by converting a sensitive code in the codes of an application into a native code and performing encryption of a code protection scheme based of self modification on the converted sensitive code. Accordingly, it is possible to increase security against forgery of an application. Further, since the control flow is changed by a dynamic vector and a calling code for calling a sensitive code converted into a native code and a vector table connecting the calling code are separately managed to be dynamically loaded when an application is executed, it is possible to enhance reverse engineering analysis resistance.