Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

SafeNet Enhances Protections for Software Reverse Engineering and Piracy

SafeNet has released the latest version of its secure app development technology to help organizations protect their software from counterfeiting and misuse.

SafeNet has released the latest version of its secure app development technology to help organizations protect their software from counterfeiting and misuse.

With the third-generation “Sentinel Envelope” technology, software developers can ensure code integrity so that apps can’t be misused without throwing up additional barriers to legitimate customers, SafeNet said Tuesday. Sentinel Envelope works with Sentinel LDK, the company’s out-of-the-box software protection, licensing, and entitlement management system, SafeNet said. Sentinel Envelope helps organizations protect software and intellectual property with minimal disruption, the company said.

SafeNet LogoSoftware developers gain access to superior application protection, including an automatic file packer that uses advanced file encryption, code obfuscation, and anti-debugging technologies. The Sentinel Envelope also creates a robust shield that wraps the executable file and dynamically linked library (DLL) files and binds them to hardware- or software-based encryption keys, SafeNet said. This way, customers can effectively enforce copy protection. Safe Envelope allows enterprises to protect trade secrets and intellectual property within those apps from reverse engineering, tampering, and privacy.

“Sentinel LDK Envelope delivers cutting-edge code encryption and counter-hacking techniques to protect valuable IP from persistent, intelligent threats,” Jake Fox, vice president of product management at SafeNet, said in a statement.

Sentinel Envelope includes import table gating and original entry point (OEP) obfuscation, constant runtime debugging protection, and improved real-time anti-debugging and anti-tracing capabilities. The third-generation platform also offers a file packer which utilizes a white-box-based secure channel to protect the secure channel encryption key from dynamic or static extraction from protected binaries.

Import address table (IAT) obfuscation and gating refers to the practice of removing IAT and scattering the information within the Envelope code to make it difficult to extract. Calls for imported system functions are also redirected for all known system DLL files, the company said.

Sentinel Envelope has enhanced security protection for both its 32- and 64-bit engine to block unauthorized parties from reconstructing protected binaries as part of memory dumping attacks. The white-box-based secure communication channel ensures the channel encryption key cannot be dynamically or statically extracted from the protected binaries.

SafeNet also enhanced the platforms ability to detect user-mode debugger and hardens the software against tracing techniques. The protective mechanism confuses unauthorized parties with delayed responses, misleading commands, and false information so that they are unable to easily reverse-engineer the software.

“LDK Envelope makes it extremely difficult for hackers to reverse engineer protected intellectual property,” Fox said.

With Sentinel LDK and Sentinel Envelope, organizations can deliver strong application security, while still reducing development delays and overhead costs. The combined technology allows organizations to protect “hard-earned trade secrets and intellectual capital” in order to stay “competitive and relevant in the market,” Fox said.

Related ResourceAre Your Applications Secure? Test Your Code For Free

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...