Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

SafeNet Enhances Protections for Software Reverse Engineering and Piracy

SafeNet has released the latest version of its secure app development technology to help organizations protect their software from counterfeiting and misuse.

SafeNet has released the latest version of its secure app development technology to help organizations protect their software from counterfeiting and misuse.

With the third-generation “Sentinel Envelope” technology, software developers can ensure code integrity so that apps can’t be misused without throwing up additional barriers to legitimate customers, SafeNet said Tuesday. Sentinel Envelope works with Sentinel LDK, the company’s out-of-the-box software protection, licensing, and entitlement management system, SafeNet said. Sentinel Envelope helps organizations protect software and intellectual property with minimal disruption, the company said.

SafeNet LogoSoftware developers gain access to superior application protection, including an automatic file packer that uses advanced file encryption, code obfuscation, and anti-debugging technologies. The Sentinel Envelope also creates a robust shield that wraps the executable file and dynamically linked library (DLL) files and binds them to hardware- or software-based encryption keys, SafeNet said. This way, customers can effectively enforce copy protection. Safe Envelope allows enterprises to protect trade secrets and intellectual property within those apps from reverse engineering, tampering, and privacy.

“Sentinel LDK Envelope delivers cutting-edge code encryption and counter-hacking techniques to protect valuable IP from persistent, intelligent threats,” Jake Fox, vice president of product management at SafeNet, said in a statement.

Sentinel Envelope includes import table gating and original entry point (OEP) obfuscation, constant runtime debugging protection, and improved real-time anti-debugging and anti-tracing capabilities. The third-generation platform also offers a file packer which utilizes a white-box-based secure channel to protect the secure channel encryption key from dynamic or static extraction from protected binaries.

Import address table (IAT) obfuscation and gating refers to the practice of removing IAT and scattering the information within the Envelope code to make it difficult to extract. Calls for imported system functions are also redirected for all known system DLL files, the company said.

Sentinel Envelope has enhanced security protection for both its 32- and 64-bit engine to block unauthorized parties from reconstructing protected binaries as part of memory dumping attacks. The white-box-based secure communication channel ensures the channel encryption key cannot be dynamically or statically extracted from the protected binaries.

SafeNet also enhanced the platforms ability to detect user-mode debugger and hardens the software against tracing techniques. The protective mechanism confuses unauthorized parties with delayed responses, misleading commands, and false information so that they are unable to easily reverse-engineer the software.

“LDK Envelope makes it extremely difficult for hackers to reverse engineer protected intellectual property,” Fox said.

Advertisement. Scroll to continue reading.

With Sentinel LDK and Sentinel Envelope, organizations can deliver strong application security, while still reducing development delays and overhead costs. The combined technology allows organizations to protect “hard-earned trade secrets and intellectual capital” in order to stay “competitive and relevant in the market,” Fox said.

Related ResourceAre Your Applications Secure? Test Your Code For Free

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.