Guardant’s automatic protection supports 32-bit Windows applications and is designed for processing the executable files of Native applications (*.exe), as well as .NET assemblies (*.exe, *.dll).
- The automatic protection can be set on the application only upon with the presence of the required dongle in the port!
- Despite its rich capabilities, autoprotection cannot guarantee the highest software security. For this reason we strongly recommend increasing protection using Guardant API!
|
Guardant’s autoprotection tools consist of several console utilities (a utility for protecting Nativeapplications and two separate utilities for the obfuscation and protection of .NET code assemblies) as well as GUI utilities:
| Autoprotection Utilities | Function |
|---|
| Filename | Type |
| NwKey32.exe | Console | Native executables protection |
| CodeObfuscator.exe | .NET obfuscation and string encryption |
| CodeProtect.exe | .NET obfuscation and string encryption |
| LicenseWizard.exe | GUI | Autoprotection and licensing wizard (Native & .NET) |
| NativeProfilerGUI.exe | Native profiler |
| NativeProfilerGUI.exe | .NET profiler |
Protection mechanisms for Native applications and .NET assemblies have significant differences; therefore we will consider them separately:
- Native Executables Automatic Protection
- .NET Assemblies Automatic protection
Guardant automatic protection has a wide range of features:
| Autoprotection Features | Win32 apps |
|---|
| Native executables (*.exe) | .NET assemblies (*.exe, *.dll) |
| Local dongles support | + | + |
| Network dongles support | + | + |
| GSII64 and AES hardware algorithm support | + | + |
| Protection without binding to a dongle | + | + |
| Dongle ID verification | + | + |
| Application serial number and version verification | + | + |
| Binding many applications to the same dongle | + | + |
| Multi-module applications protection | + | + |
| Limiting the application's operating time | + | - |
| Limiting the number of application launches | + | - |
| Verifying the dongle presence periodically | + | - |
| Controlling USB Dongle’s Presence | + | - |
| Protecting imported functions | + | - |
| Encryption and packing application fragments | + | - |
| .NET string encryption | - | + |
| .NET obfuscation | - | + |
| .NET MSIL code encryption | - | + |
Guardant dongle is a highly effective mean of software/hardware protection. It allows building protection of virtually any level of complexity and tamperproofness.
Native-application (Win32)
Use automatic protection utilities for protecting ready-to-use applications against the attempts to learn their operating logic. To ensure proper protection it is recommended to use the following options:
- Protection against viruses. This option is used to protect an application against illegal modification of the application file (incorporating program modules, alteration of copyright information, etc.).
- Encryption of the loadable part and internal overlays of the application. This option protects the application against attempts to use another method of code research – disassembling.
- Use the time-dependant dongles checks options. In this case even full dump of the application memory will be just a waste of time for a hacker.
- Use import and code extraction protection options. These options allow the autoprotection to extract a range of instructions from the body of the protected application and transfer it into the virtual machine’s body. This allows withstanding the automatic deactivation of hinged protections which significantly increases the difficulty and cost of attack.
If the use of /RIP_CODE and /IMPORT_HOOK options significantly slows down the work of the application, it is recommended to use /RIP_CODE_LIST and /IMPORT_HOOK_LIST options for optimizing the speed of the protected application. |
In the event when the tie is done to Sign or Time dongle use ECC160 asymmetric algorithm operating option. Whereas, random data will be generated and signed by a digital signature on elliptic curves directly in the dongle in the course of operating the protected application. Later the signature will be verified by Guardant API function, protected by pseudo code, traffic encryption and other protection mechanisms.
.NET applications (Framework 2.0 – 4.0)
Use the symbol obfuscator and MSIL-code protection utility. It is also reasonable to use the following options:
- Symbol obfuscation. It allows obfuscating the application code, which when coupled with other measures significantly increases the level of application protection. Use the obfuscation for all *.exe and *.dll assemblies in the application, except for the third-party applications and applications signed by digital signature.
- String encryption. Ties the obfuscated application to the Guardant dongle and encrypts the string constants in the protected assemblies. It is recommended to use this option if there are no logical elements, significantly depending on the speed of string constants.
- When the public interface obfuscation optionis used a complete obfuscation of all the assembly occurs. However be careful, the use of this option is possible only with the looped system (all assemblies are obfuscated in one session and no methods of obfuscated assemblies from other applications are not used). In most of the cases it is safe to conduct the obfuscation of public interfaces for exe-assemblies (except for the cases of using the Reflection technology on the assembly itself or exporting types for other applications).
- Use the exclusions file. Use ExclusionUtility.exe utility in the Developers’ Kit to generate this file. Generally, the developer needs to have a clear understanding of types, methods and properties that need to be included as exclusions for the symbol obfuscator. As a rule, these are all the language elements that can be used from within. You should pay attention to the use of Serialization, Reflection, Data Binding technologies.
You have to remember the following when using the MSIL-code automatic protection utility:
- Wisely use the option indicating the percentage of protected methods. The large and more complex the protected application, the less is the necessity to indicate the percent. Generally, you may set 100 percent for the most simplistic assemblies not sensitive to the execution speed, containing 2-3 types with 10-15 methods each. For large projects the % should be lowered to 10.
- Do not protect assemblies, types and methods sensitive to the execution speed. Remember that MSIL-code transfer to the encryption area and execution of it on a virtual machine may in some cases slow down its execution (especially during the first call). Further calls may also incur some overheads, therefore, the less the size of the method, the more obvious is the execution speed loss.
- Use the option and utility for setting exclusions. Exclude from protection all small methods not containing logic and holding commercial value.
- When working together with symbol obfuscator you need to use MAP-file creation option (see Of the present documentation for details).
- Exclude all language elements based on asynchronous data transfer. MSIL-code protection of such elements may lead to unpredictable results.