Security for Microsoft .NET Mobile Applications


Microsoft .NET offers an efficient framework for developing and deploying Windows applications, including Web 2.0 server and client-side applications. However, it also uses Microsoft intermediate language (MSIL) or Common Intermediate language (CIL), which contains highly detailed metadata that makes compiled applications easy to reverse engineer, tamper and pirate. Once Microsoft .NET applications are deployed, hackers and competitors have easy access to the source code and the embedded IP within the applications themselves.


Arxan’s Solution for .NET Mobile Applications:

GuardIT for .NET protects managed code in mixed-mode and pure managed-code assemblies. It can be used for protecting Microsoft .NET managed code in pure managed-code or with GuardIT for Windows in mixed mode assemblies. GuardIT for .NET provides various Guards for obfuscating and encrypting character strings in managed code. The obfuscation Guards in GuardIT for .NET transform program instructions into code that is difficult to understand, for instance by inserting garbage code. These transformations do not affect the functionality of the protected application. The checksum guard in GuardIT for Microsoft .NET Framework provides strong anti-tamper capability by detecting whether a program has been modified by computing a checksum within a specified range.

 Core Features

  • Obfuscation and Checksum plus dynamic security of Microsoft .NET, via layered Guard-based protection
  • Comprehensive and tailored defend-detect-react protection of native code (with GuardIT for Windows) and managed code
  • Point-click breach management
  • Ability for users to directly edit and optimize GuardSpec
  • User-friendly graphical user interface
  • Web 2.0 server and client-side code protection

 


Guards at work to protect .Net 24/7:

GuardIT® for .Net leverages thousands of guard instances, of many types, to comprehensively safeguard your applications against revese-engineering, tampering and decompilation.

The following table summarizes the types of Guards for .NET and functions performed by each of them:

Class of Defense Guard Type Function
DEFEND Obfuscation Transforms programs into code that’s difficult to disassemble and understand, but has the same functionality as the original
  Renaming Renames the symbols in the protected application to meaningless strings
  String Encryption Encrypts string literals and decryption at run -time
  Garbage Code Inserts extra useless code to hide the actual code
DETECT Checksum Detects whether a program has been modified by computing checksum within a specified range
  Authentication Verifies if the loaded module (for example DLL) is the correct one
REACT Repair Self-repairs any damaged or tampered code/data

 


Following exhibit summarizes the process of transforming unprotected application into a protected application using GuardIT® for .Net:

GuardIT_for_.NET_Protection_Process

 


 

Terms of Use|Site Map

© 2014 Arxan Technologies, Inc. All Rights Reserved.