What is RASP?

RASP is commonly known as Runtime Application Self-Protection. RASP wraps around your application rather than a general defensive solution. This more targeted solution allows the protection to monitor itself and your application, ensuring the highest security on the client-side. At Cyphor, we provide different levels of runtime protection, allowing you to opt which security benefits your application need.

In an attempt to enhance the security of the application, developers might be forced to inject integrity checks, DRM checks, and watermarks across their applications. While this helps to slow down the attacker, it has some major flaws that need a solution.

• Waste of development time by injecting and cloning existing checks.

• Introduction of anti-patterns by making your code harder to maintain and read.

• Static placement of the checks allows the attackers to easily identify regions to patch.

Check proliferation will clone and spread your licensing and integrity checks across your app, automatically for you. Depending on the hints that you give to our engine, your checks will become one with other obfuscation techniques, enhancing the resilience levels exponentially.

For example, let's say that there is a pattern or method that you use to verify the integrity of your licensing system. In that case, you would mark that method as seen below:

[CheckProliferation(ReturnType.None)]
public static void LicenseCheck()
{
 // Licensing check
}

This would result in random equivalent clones and calls being made to the LicenseCheck method.

Due to the randomness factor, there is a potential risk of calls being added before your license is established. To combat that risk, you have to disable CheckProliferation in the methods or classes where you wouldn't want checks added.

/* Now you are safe against calls and license checks being injected in the Login
 * Function 
 */
[Disable(ProtectionType.CheckProliferation)]
public static void Login()
{

}

At the same time, you can enhance the integration of the verifications by introducing a return type and expected value on the functions.

[CheckProliferation(ReturnType.Bool, expectedValue: true)]
public static bool IsValidLicense()
{
}

Following the behavior previously described, by giving the obfuscator further information about the method/check behavior, the protection level increases considerably as the engine will attempt to merge your verifications within the obfuscation techniques of your choice.

The integrity check protection will safeguard your application against static modifications that tamper with the code, assets, or metadata of your application.

The self-healing module locks your application against dynamic modifications that occur during the runtime (Third-party reflections, method hooking or tampering, Abnormal runtime presences, ...).

The anti-tamper module encrypts the code of your application, decrypting it at runtime when needed. Multiple agents are embedded in your application to ensure that the decryption process occurs as expected and tamper-free.

Below you can find some of the most common questions related to our RASP protection.

Who has access to RASP?

By default, RASP is available to those subscribed to the Scale package or are part of our business or success program.

Are there false positives?

The only scenario that could lead to false positives is the incorrect implementation of check proliferation. If you are experiencing issues after enabling said feature, double-check the implementation or reach out to us to receive inmeat assistance.

Can RASP replace an anti-cheat?

Some cheats will attempt to exploit your game by using similar techniques that are mitigated by our RASP. However, Cheating can take different shapes and attack your game in ways that our modules wouldn't consider malicious. The RASP should be used along with your anti-cheat, ensuring that your anti-cheat of preference safeguards your game. The RASP module would guard your game and the anti-cheat against tampering.