A few days ago, Jiwei Security received another round of strategic investment, led by Tongdun Technology and followed by Broadband Capital. Previously, the company received an angel round of investment from Beijing Pocket Yunji Technology Co., Ltd. in April 2015, and received a pre-a round of financing of 10 million yuan from Broadband Capital in May 2017.
36Kr has reported that Kiwi Security was founded in November 2014 to do code virtualization.
Usually, developers write out code, and then list the product package through the publisher, and if there is no encryption reinforcement, anyone can easily download and decompress and tamper with the internal logic. In the gaming industry, it may manifest itself in reducing the difficulty of the level after the application is cracked, such as jumping higher and running faster. If the unscrupulous person then carries out the second package upload to other channels, the newly downloaded players are actually using pirated copies, which will reduce the willingness to pay, which is not only a big loss for the enterprise, but also difficult to ensure the user's operational security.
Correspondingly, the protection work of the security manufacturer starts from the compression package, adding a layer of "shell" to the package to prevent the program from being cracked. However, there may be some problems in this way, the more changes to the system layer, the more monitoring is required, which will affect compatibility, black screen, crash and other issues.
Kiwivm Security uses kiwivm code virtualization solutions, which were productized at the end of October 2017. Here's how it works:
First of all, Kiwi designed a set of private instruction libraries, through the compiler to encrypt the developer's original code into private instructions, at this time the CPU is not recognized execution.
The encrypted instructions are then placed in a private interpreter and translated into CPU-recognizable instructions. But there is a difference from the previous original instruction. In this process, instructions can and can only be executed through a few-dimensional design interpreter. Also, the design of the interpreter is complex - the CPU is divided into a hardware layer and the assembly instruction layer above, and the interpreter is equivalent to a "software CPU".
Jiwei security CEO Fan Junwei, one-to-one mapping may be a long time and there is a risk of being cracked, so Kiwei uses a one-to-many random mapping, so that it can be strengthened enough. It is reported that there are more than 3,000 instructions in the instruction library of Several Dimensions.
And, by starting from the compiler, several-dimensional security protection can be cross-platform, supporting Android NDK and iOS, Windows, Linux and other full-platform project encryption. For example, there is a field of Internet of Things among customers, and the on-board terminal products are protected. ”
Of course, in the large track category, as with code confusion, the ultimate purpose of jivular code virtualization is to increase the cost of deciphering by attackers. If the process of code execution is likened to a road, "code obfuscation is to 'throw stones' on the road by adding garbage instructions, useless jumps, etc., while code virtualization destroys the original path." Fan Junwei said.
It is worth mentioning that the capital of this round is also a customer of Jiwei Security. A large part of the anti-fraud data collection of Tongdun comes from mobile phone applications, often encountered attacks, and many protection solutions on the market were not effective at that time, only the products of Jiwei Security can solve the problem. This also led to a later investment.
It is understood that the current team of Kiwi Security is more than 30 people, in addition to cto Liu Baijiang is a senior white hat hacker, CEO Fan Junwei also has a long period of experience in the field of game vulnerability mining, penetration testing and reverse analysis. The unit price of traditional security products is tens of thousands of yuan, while kiwivm code virtualization solutions of Kiwivm Security can be sold to a scale of 200,000-500,000 yuan. Coupled with the public cloud platform, Kiwi Security has now provided services for more than 2,200 users in industries such as games, e-commerce, education, and iot.
As for the financing process, the company has launched a series A financing.
———— I am Xu Ning, the leader of the 36Kr Enterprise Service Team, if you are starting a business or will soon start a business, welcome to WeChat exchange xu95704331.
![The Kiwi bird said: I am a kiwi bird, not a kiwi fruit![fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)