...
Name Mangling is a technique that transforms functions, variables names and strings inside the source code. It converts something like 'myFunction()' to something like '8b8508871ea()'. The goal is to make the source code harder to be understood during a reverse engineering. It is the main code protection technique, without it the rest of the other techniques like Code Flow Flattening would not be effective.
We apply Name Mangling using Stunnix on the source code before compilation. The public kernels API is left unmodified. This process doesn't affect anything (performance, development process, etc...).
...
Code Flow Flattening is a technique that modifies the flow of execution to obscure it. Even with Name Mangling, if you know at what place in the process chronology something happens you can still manage to reverse engineer it. For example, validation processes (like serial number, authentication or anti-piracy methods) tend to happen at the beginning of the execution flow. Code Flow Flattening helps to prevent reverse engineering from re-ordering the code to make it difficult to know what part of the software is executed before or after another one (it hides the chronology of execution).
We use DeClang for this, it The code flow flattening tool we use, is based on the LLVM compilator. The source code is compiled using DeClang the code flow flattening tool after applying the Name Mangling to generate the final AAR file.
...
The MPoC certification requires additional security from the final product than just Name Mangling and Code Flow Flattening on the kernels. It is your responsibility to secure the entire solution and integrate the kernels inside it. Relying only on the two techniques we applied to get certified will not be enough to MPoC certify your end-to-end solution.
...
We didn't apply more security techniques on the kernels because it will make to facilitate the integration harder for you. Security . In fact, security and protection techniques tend to conflict with one another and create issues that are hard to solve. If we did so, it will end up costing you time and money. By only applying Name Mangling and Code Flow Flattening we ensure you to provide MPoC compliant kernels that can be easily integrated inside your product and will not interfere with your MPoC security.