It’s been over two years since we started developing the Jigsaw next-gen obfuscation engine at Promon. Whilst we’ve excelled in runtime protection with our SHIELD products for both mobile and desktop, we aimed to create a new, unified code obfuscation engine. The Jigsaw engine is designed to work across all platforms and lay the groundwork for tackling emerging threats such as generative artificial intelligence approaches to static analysis.
Innovative code obfuscation engine with cross-platform support
Using Rust as our development tool, which has proven reliable, safe, and highly productive, we created the Jigsaw binary obfuscation engine. The engine supports Mach-O, ELF, and PE executables and libraries across four instruction sets: Arm32, Arm64, Intel X86, and Intel X86-64. Our development team has successfully achieved this goal and has enjoyed working with Rust throughout the process.
One notable advantage of using Rust is its cross-platform support. This allows us to easily build for MacOS, Linux, and Windows, and any of these platforms can be used to protect apps from the others. Namely, with Jigsaw’s code obfuscation capabilities, you can protect an iOS app on Windows or Linux in addition to MacOS. This flexibility is quite useful, for example, in large banks where the security function may be separate from the development teams. The security function can independently own the protection process. Moreover, it benefits CI/CD pipelines that often run on Linux virtual machines.
Why choose binary obfuscation? A deep dive into the Jigsaw engine’s capabilities
As a binary obfuscator, it operates on the post-compile app code by disassembling, transforming, and reassembling the binary executable or library. This approach avoids any toolchain integration issues and is not dependent on LLVM bitcode, unlike most obfuscators. Therefore, it remains unaffected by Apple’s recent bitcode deprecation of Xcode. Additionally, being independent of the toolchain enables customers to protect various binary types, such as Swift, C/C++, Rust, Golang, Dart, Unity, etc. This allows developers to freely choose the tools they prefer without compromising security.
The main reason for choosing a binary approach to obfuscation was to have a robust platform for developing our patent-pending dynamic obfuscation capabilities. Unfortunately, LLVM did not provide us with the necessary ability to manipulate instructions at runtime. Our research, conducted three years ago, indicated that it wouldn’t be long before generative AI models could automate many reverse engineering and de-obfuscation tasks using current generation static obfuscation techniques. Therefore, we needed to develop a roadmap to counter this impending challenge.
How a major game developer boosted security with the Jigsaw engine
About a year ago, we initiated our first pilot project with a major game development company. Initially, the pilot focused on Android to safeguard their native game libraries. Later on, we extended the pilot to iOS. The game developer has a wide range of titles that cater to more than 250 million players across various versions of Android and iOS.
The reason they selected Promon was due to the smooth integration of the Jigsaw engine into our existing SHIELD product. This integration provided them with comprehensive and overlapping protection, covering everything from Android DEX code to native code. No other vendor offered this level of integrated protection.
We’re pretty excited about it, and you can read the anonymized case study here.
What’s next? Upcoming products powered by the Jigsaw engine
Today, we announced the general availability of Jigsaw. This will power two upcoming solutions from Promon. One that protects sensitive, high-value IP and one that protects mission-critical SDKs within the app. These products, which bundle the Promon Jigsaw engine and Promon SHIELD’s unrivaled runtime protections, deliver overlapping security for modern Android and iOS apps.
Stay tuned for a series of new protection products, all leveraging the foundational work we’ve done with the Jigsaw engine to protect IP and SDKs.