Microsoft .NET offers an efficient framework for developing and deploying Windows applications, including Web 2.0 server and client-side applications. However, it also uses Microsoft intermediate language (MSIL) or Common Intermediate language (CIL), which contains highly detailed metadata that makes compiled applications easy to reverse engineer, tamper and pirate. Once Microsoft .NET applications are deployed, hackers and competitors have easy access to the source code and the embedded IP within the applications themselves.
Arxan’s Solution for .NET Mobile Applications:
GuardIT for .NET protects managed code in mixed-mode and pure managed-code assemblies. It can be used for protecting Microsoft .NET managed code in pure managed-code or with GuardIT for Windows in mixed mode assemblies. GuardIT for .NET provides various Guards for obfuscating and encrypting character strings in managed code. The obfuscation Guards in GuardIT for .NET transform program instructions into code that is difficult to understand, for instance by inserting garbage code. These transformations do not affect the functionality of the protected application. The checksum guard in GuardIT for Microsoft .NET Framework provides strong anti-tamper capability by detecting whether a program has been modified by computing a checksum within a specified range.
- Obfuscation and Checksum plus dynamic security of Microsoft .NET, via layered Guard-based protection
- Comprehensive and tailored defend-detect-react protection of native code (with GuardIT for Windows) and managed code
- Point-click breach management
- Ability for users to directly edit and optimize GuardSpec
- User-friendly graphical user interface
- Web 2.0 server and client-side code protection
Guards at work to protect .Net 24/7:
GuardIT® for .Net leverages thousands of guard instances, of many types, to comprehensively safeguard your applications against revese-engineering, tampering and decompilation.
The following table summarizes the types of Guards for .NET and functions performed by each of them:
|Class of Defense||Guard Type||Function|
|DEFEND||Obfuscation||Transforms programs into code that’s difficult to disassemble and understand, but has the same functionality as the original|
|Renaming||Renames the symbols in the protected application to meaningless strings|
|String Encryption||Encrypts string literals and decryption at run -time|
|Garbage Code||Inserts extra useless code to hide the actual code|
|DETECT||Checksum||Detects whether a program has been modified by computing checksum within a specified range|
|Authentication||Verifies if the loaded module (for example DLL) is the correct one|
|REACT||Repair||Self-repairs any damaged or tampered code/data|
Following exhibit summarizes the process of transforming unprotected application into a protected application using GuardIT® for .Net: