Sentinel Envelope ensures code integrity and app security
SafeNet announced the availability of its third-generation Sentinel Envelope technology, which helps software developers protect code integrity and deliver application security.
As software publishers try to balance how best to prevent misuse of their software without creating unnecessary obstacles for legitimately paying customers, Sentinel Envelope works with Sentinel LDK, the company’s out-of-the-box software protection, licensing, and entitlement management system, to help them protect their software and intellectual property.
Sentinel Envelope achieves this by providing software developers with superior application protection, including an automatic file packer (i.e., wrapper) that employs SafeNet’s advanced file encryption, code obfuscation, and anti-debugging technologies.
The Sentinel Envelope also creates a robust shield that wraps executable files and DLLs and binds applications to hardware- or software-based protection keys, enabling customers to more effectively enforce copy protection, protect trade secrets, professional know-how, and IP from reverse engineering, tampering, and piracy.
The Sentinel Envelope introduces innovative new features for both its 32- and 64-bit engine, including import table gating, OEP (original entry point) obfuscation, constant runtime debugging protection, improved real-time anti-debugging and anti-tracing capabilities, and what is believed to be the industry’s first and only file packer utilizing a white-box-based secure channel that protects the secure channel encryption key from dynamic or static extraction from protected binaries. All of the features in Sentinel Envelope combine to provide software vendors with enhanced copy protection and prevention of modification and tampering.
The third-generation enhancements to the Sentinel Envelope include:
Enhanced security protection for 32- and 64-bit architectures – blocks the reconstruction of protected binaries from attacks based on memory dumping.
White-box-based secure communication channel – utilizes vendor-specific components to ensure that the secure channel encryption key cannot be dynamically or statically extracted from the protected binaries. This is the first solution of its kind in the industry.
Import address table obfuscation and gating – removes the import address table (IAT) and scatters its information inside the Envelope code, including the original entry point (OEP). Calls for imported system functions are also redirected via import gates for all known system DLLs.
Constant runtime-debugging protection – enhances user-mode debugger detection on running processes that hardens the software against tracing techniques and confuses hackers with delayed responses, misleading commands, and false information.
User-mode software-based licenses – provides “user-mode” licenses that do not require installation of the runtime environment, enabling faster, easier, and lower overhead installations, regardless of administrative rights.