Code Encryption

Code encryption is a widely-used technique that aims to protect the intellectual property and sensitive information within a software application. While code encryption can provide some level of protection against decompilers, it has limitations in terms of resilience against attacks that dump the code from memory.

Codeguards approach to enhance code encryption is to store the code on the cloud and deliver it granularly as needed by the application. This approach offers a good balance between complexity, security, and performance. By delivering the code in small blocks, it becomes more difficult for an attacker to tamper with or dump the code from memory.

In comparison to legacy or traditional protection systems, this granular delivery method provides a higher level of security and makes it more challenging for attackers to access the code.

Real-time Alerts on Dashboard

Our anti-tamper product provides real-time alerts on the dashboard when different tampering or deobfuscation attacks are launched against the code that has been encrypted with our code encryption technology. This enables our customers to be immediately alerted and take action to prevent any potential security breaches or loss of intellectual property.

Our dashboard displays specific alerts for different types of tampering or deobfuscation attacks, providing detailed information on the nature and source of the attack. This allows you to quickly assess the situation and take appropriate measures to protect the code and sensitive information.

Responding to Tampering or Deobfuscation Alerts

When you see alerts regarding code encryption tampering or deobfuscation attacks on your dashboard, the best next steps to take are to inspect the attacks on the dashboard and determine the appropriate response. Depending on the severity of the attack, you may choose to suspend the connections license to prevent further damage. You can also reach out to our support team for assistance and guidance on how to handle the situation.

False positive alerts linked to code dumping or deobfuscation attacks are unlikely to occur, you can trust that any alerts you receive are genuine threats to your code security. By taking quick and decisive action, you can protect your intellectual property and sensitive information from being accessed by unauthorized parties.

Tamper Protection

By enabling the tamper protection field, the agent enables shields that prevent modification of the assembly and IL of your code. We recommend enabling the tamper protection on classes or methods you consider prone to attacks.

FAQ

Is the agent constantly encrypting and decrypting the code?

No, the decryption process only occurs once. Encrypting and decrypting the data constantly provides no real security benefit when it comes to reverse engineering complexity.

Why is the tamper protection an optional field?

The main reason for this decision is to make the protection as lightweight as possible. Not all your methods are prone to tampering attacks (in a realistic way); however, all your methods are candidates to be protected. Therefore, it makes sense to disable the flag by default and enable it only on those parts of your application that need it.