Protect the .NET application

Introduction

Virbox Protector support to protect/encrypt the .NET application and .NET Core 3.0 above applications, protect/encrypt the .dll and executive file directly.

Virbox Protector support to protect .NET application both in GUI tool and CLI tool.

Here we use Virbox Protector GUI tool to show the protection process for .NET application step by step. for how to use CLI tool to protect .NET application, pls refer the User Manual or contact us.

Prerequisites

Sign-up Virbox Protector and install the Virbox Protector;

Open Virbox Protector GUI tool and sign in with your account;

Above pre-requisition is for test/evaluation Virbox Protector only.

To protect formal and commercial release software, pls purchase and get the related Virbox Protector license.

Protect your .NET application in 5 steps

  1. Import .NET file: drag the .NET file which need to be protected to Virbox Protector;

  2. Set the configuration in "Function Option" tab; (Protect specified functions)

  3. Set the configuration in "Protection Option" tab; (Protect the .NET apps in general)

  4. Click to Start the "Protection" Process

  5. Backup the source file. Use the protected file to test/evaluate and save the "configuration" file

Protection Process

1. Import .NET file: Drag .NET file into Virbox Protector

Drag the .NET file into the Virbox Protector, in the sample case, the .NET file we used is DotNetGame.exe;

Then Virbox protector will parse the .NET exe sample automatically. and show .NET file information in the "Basic info" tabs:

2. Set the configuration of "Function Option" tab; (Protect specified functions of the .NET file)

Developer may design your protection scheme via setting of Function Options and protection Options tabs.

For those critical functions of .NET files which need to be protected, Developer may select and define protection mode to each function via "Function Option" tabs:

2.1 Go to "Function option" and click "Add Functions", click the exe file shown in the box, Virbox Protector will show and list more functions:

2.2 Select the functions which you want to protect: Virbox Protector provides 3 kinds of protection mode for developer selection: No Protected, Obfuscation, Encryption; and the security to each protection mode comparison from high to low is: Code encryption>Obfuscation;

2.3 Performance analysis: you can click the button "Analysis" to verify if the execution performance is satisfied.

Click "OK" when finalized the setting.

  1. Ctrl+A to select all of functions, and Right click, to select the protection mode, then you can quickly select the all functions with same protection mode accordingly;

2. Considering the program execution performance may be impacted, so we don't suggest to protect all of .NET functions, instead of to select those critical and important functions to protect only.

3. For some functions may not support the protection mode set to "Encryption", pls change the protection option from "Encryption" to "No Protect" or "Obfuscation" mode, if prompt message pop-up;

4. "Analysis", since protection may impact the .NET application execution performance, Virbox Protector provides "Analysis" Function (The button on the top right corner of Main Menu,) to developer to verify when the protection mode to each function has been selected. Then developer can evaluate/simulate the program execution performance before the protection finalized. if execution performance is not satisfied, developer can change protect option to some function which frequently called. "No Protect" to improve the performance.

3. Set the configuration of "Protection Option" tab; (Protect the .NET project in general)

Go to "Protection Option" tabs, Set protection option and Protect the .NET file in General:

Besides to protect the specifies critical functions, Virbox Protector supports to protect .NET application in fundamental, with multiple technology: Compression, Name of Obfuscation, JIT encryption, and also provides with Plug in unit: DS Protector to protect .NET data resource.

Developer may set and define following factors in the "Protection Option" tabs

3.1 Output Info: Set output path and protected .NET filename, as shown in the "box 1" marked with blue frame, on default it will create new sub directory in same directory, the protected file located in this new sub directory, with same name of source .net file, in the same case, the protected file is:

\protected\DotNetGame.exe

3.2 Protection Option Setting: Click to Protect the .NET file in fundamental in general, includes:

Compression:

To compress the file size and prevent the protected file from the static decompiling

JIT Encryption:

.Net JIT encryption means it encrypt all of the IL instructions of method in the .Net Program, and the instructions will be decrypted only when the JIT compiling proceed in the .Net Virtual Machine, This can be used to prevent static decompiling and prevent the IL code being Dumped in memory.

Anti-Debugging:

Click to enable the protected .NET file with Anti debugging capability;

Name of Obfuscation:

Rename the .Net program method, class, Variety and parameter name with random string, the name that exported for external call will not be changed.

3.3 Options can be set for Name of Obfuscation:

Disable:

Not obfuscate the name of variety, parameter, method and classes;

Obfuscate private member only (recommend):

Obfuscate the Variety and Parameter name, but not obfuscate the class's name and method's name;

Keep Custom Name:

Yes: to obfuscate the name of parameters, not for class and method name;

No: None of name of parameter, class, method will be obfuscated.

3.4 Plug-in Unit Setting: If Developer has data resource need to be protected, switch on "ds" button to open "DS Protector" to protect relevant data resource via "DS Protector" and set the password to protected data resource.

3.5 Switch on/off: DS Protector, a plug in unit which used to encrypt/protect the data source file of protected program, you need to "switch on" the "ds" button to open "DS Protector"and set the password for protected data source file.

Another way to open the DS Protector is go to the \bin subdirectory of Virbox Protector and double click: deprotector.exe to open DS Protector. but you still need to "Switch on" ds button to enable the ds function in Virbox Protector.

3.6 Switch on/off: Advanced Process Protection: enable "RASP" plugin

Optional feature and license required to activate this feature

RASP: Runtime Application Self Protection: this plugin focus to protect the process running in the kernal for the application in windows platform, when this plugin start to execute, it will load the driver integrated to protect process itself to prevent the third party plugin to skip the normal anti debugging protection from debugging in memory. It is also effective to defense the "Cheat Engine" to scan the memory which running the process.

RASP plugin are most effective functions and applied to those scenario which highly security required. additional license from Virbox required.

There are 3 features can be select in the "RASP" plugin:

  • Memory Protection:

Click to protect the memory information executed for windows application; which to prevent the attacker/hacker to scan the process memory by use of "Cheat Engine" tools;

  • Anti-debugging (Kernal Mode)

Click to activate the Anti-debugging feature to prevent the debugging tool to debug the kernal;

  • Show Error Message

Pop up error message inlcudes error code when program

Remove the "Strong Name" to your .NET project before Protection and add "Strong Name" after protection completed.

4. Click to Start the "Protection" Process

​ Click "Protect selected Project" to start protection;

Then go to the output folder, you will find 2 news file has been generated, in the sample, we have set the output path: D:\VBP protection sample\Dotnet

you can one new file: DotNetGame.exe.ssp and new sub directory: \protected has been created in the output directory:

entry to the sub directory: \protected, you will find a new file, which name is same as the original .Net File name has been generated:

The new file which name DotNetGame.exe.ssp, is the configuration file which stored the protection option setting.

The new file which has same name of original .NET file name: DotNetGame.exe, is the protected .net application; pls use this protected .NET file for further testing. and keep the original file and the configuration seperately. the configuration file can be reused when you update the .Net file or when you use Virbox Protector CLI tool to protect your .NET file.

5. Backup the source file, Use the protected file for further testing and save the "configuration" file

Next, you need to use the protected .NET file for furthur testing, don't publish this original file. and

Please Don't distribute the configuration file: DotNetGame.exe.ssp, to your enduser. please keep it, if you use CLI mode to protect your .NET application, it is useful configuration file when you use Virbox Protector CLI mode later.

Protect .NET Project with Virbox Protector CLI tool

1. Generate the configuration file (.ssp file) by use of Virbox Protector GUI tool:

1.1 Drag the .NET project into the Virbox Protector GUI tools, and set the protection mode to the specific Functions (Method) of .NET project in "Function Option" tabs.

1.2 Click to "Save selected configuration" to generate the protection configuration file (.ssp file) which will be used when you use Virbox Protector CLI tool to protect your .net project later.

If no configuration file has been generated or found, when you use Virbox Protector CLI to protect your .NET project, The entry functions of the .NET project will be protected on default.

1.3 Put the confiuguration file (.ssp file) in the same directory of the .NET file which you want to protect.

The .NET project which will be protected is: dot_NET2_bounce.exe in the sample case.

2. Use Virbox Protector CLI tool to protect the .NET project

Windows Environment:

go to the installation directory of Virbox Protector, you can find 2 CLI tools:

virboxprotector_con.exe;

dsprotector_con.exe ( CLI tool of DS protector)

Linux Environment:

The on default installation path to Virbox Protector in linux environment:

/usr/share/virboxprotector/

go to /bin of installation directory of Virbox Protector, you can find 2 CLI tools:

virboxprotector_con.exe;

dsprotector_con.exe ( CLI tool of DS protector)

3. Use CLI command to protect .NET project/file:

Windows:

virboxprotector_con <*The *.dotNET project name which need to be protected> -o <*the dotNET project name which output

Linux:

virboxprotector_con <*The *.dotNET project name which need to be protected> -o <*the dotNET project name which output

Appendix: Using label to mark the key functions in .NET project

Virbox Protector support to protect the key functions with 2 protection modes:

Code Encryption and Code Obfuscation

Developer may set a label to mark the protection mode to the function will be protected in code building process, and it can be quoted and viewed in the code, so, when the compiling completed, developer drag the apps into the Virbox Protector, the GUI will show the protection mode set in the code accordingly, here is label sample for code:

//Label

namespace Virbox{

​ //Code Obfuscation

​ class Mutate : System.Attribute

​ {

​ }

​ //Code Encryption

​ class Encrypt: System.Attribute

​ {

​ }

}

public class main

{

​ [Virbox.Mutate]//Code Obfuscation

​ public static void test1(string[] args)

{

​ System.Console.WriteLine("hello Virbox.Mutate!");

​ }

​ [Virbox.Encrypt]//Code Encryption

​ public static void test2(string[] args)

​ {

​ System.Console.WriteLine("hello Virbox.Encrypt!");

​ }

​ public static void Main(string[] args)

​ {

​ test1(args);

​ test2(args);

​ }

}

PreviousProtect Jar/War Project with Java VME Protection ModeNextBest Practice--Protect .NET applications

Last updated