...
- Study the test examples of programs written in respective program-ming language (see Folder “C:\Program Files\Guardant\SDK7\Samples”). The tests contain examples of using the main API functions
- Develop you own protection system using the acquired knowledge and recommendations described in Appendix on Increasing Tamperproofness of Protection
What method to choose?
Of course, you can use these methods separately – only the automatic protection or only the API-based protection. However, all of the above leads to the conclusion that both methods should be used together. This is the only way to combine the advantages of both methods and mitigate their disadvantages. Use the automatic protection to protect an application against debuggers and disassemblers, encrypt its body, and conceal the calls of API functions from the outsiders. Besides, this is a great method of protection from curious users not sufficiently skilled to break the protection system.
However, the automatic protection should remain just the outer defense position. At its core the protection must be based on the use of API functions. That is where the main work functions must be performed: dongle presence verification and reaction to missing dongle, operations with memory and hardware algorithms, etc. The most important thing is to build protection so that it becomes an integral part of protected application that it will require in order to operate properly.
Follow the main rules listed below while organizing a protection system. These rules will help you build a more effective and reliable protection.
- Combine the automatic protection with protection based on the use of API functions
- Use hardware data encryption algorithms
- In case of automatic protection of applications use the following options wherever possible:
- Encryption of the loadable part of application
- Regular verification of dongle presence
- In case of APIbased protection:
- Do not keep the access codes in the application body in an explicit form
- Use complex algorithms working with API functions
- Distribute checks about the application code
- Use various checks with different expectancy
- Delay the application reaction to return codes of API functions
- Complicate the logic of processing the return codes
More information: Increasing the tamperproofness of protection.