undefined | Better HN

0 pointsrvz6y ago0 comments

According to a old AppSec talk, they used a third-party security company to implement this stuff. They are a customer to a company called ‘Arxan Technologies’ that implements these ‘guards’ in their software. They’re very good at not revealing this, but it came up whilst looking at their private API.

These secret keys are there but heavily obfuscated and is nothing more than white-box cryptography which can be bypassed via emulation.

0 comments

1 comments · 1 top-level

theincredulousk6y ago

Worked with Arxan before. They are legit - what is described here is the tip of the iceberg. Haven’t even gotten into in-memory instruction and data encryption. If you’re dumping the binary you’re likely not even seeing all of what is executing at runtime

j / k navigate · click thread line to collapse