ByteCode Strategy

Parent Previous Next

ByteCode Strategy.

Ordinary software solutions, that rely on built-in security measures like license key evaluation or similar, are often cracked.


To avoid this you should use SCRAMBLECODE to implement the required security functionality, e.g. the algorithms to evaluate the license information.


Beside the powerful security aspects, it furthermore gives you the benefit of being able to combine different product versions (e.g. Trial, Standard, Pro) into one common executable, and let the bytecode control which parts of your program the customer may access.


Secure Implementation.

SCRAMBLECODE uses:

These security measures are all described here. Removing secret code from your host application and replacing it with encrypted bytecode is a very important factor in order to raise the security level of your applications or enterprise services.


However, in addition to these measures, you must be absolutely certain that a cracker can't circumvent the security measures and simply bypass the encrypted bytecode.


The solution is: Always combine (bundle) security functions with other essential functionality in the SAME bytecode.


Example:

If the bytecode is only used for evaluating the customer license, a cracker might simply circumvent and ignore it. This could have the fatal consequence, that the rest of the application could be used without any restrictions. However, if the application is designed to have some parts inaccessible (e.g. some bytecode functions won't work) until a certain bytecode function has read and accepted a license file, then the bytecode can't be bypassed. It could also be combined with callback functionality to instantiate certain important objects in the host application etc.


Please note: The bytecode must contain essential functionality with a certain amount of complexity and variation, otherwise a cracker can insert a simple spy-DLL between the host application and the VM DLL (or simply use a debugger) and eventually figure out, what the bytecode does and emulate that.


Just-In-Time Deployment.

Your VM DLL does not contain any secrets and can be safely deployed.


Your compiled bytecode is totally unique, heavily encrypted and signed with your private key, allowing it to be safely deployed as well.


However, please be aware of the possibility of implementing a separation-strategy, where the VM DLL is permanently deployed, but the bytecode only arrives in memory at the very last moment before execution.


SCRAMBLECODE makes it easy to remove certain parts of your source code from your native program, and replace it with just-in-time delivered bytecode to be executed by the VM DLL. You can deploy the bytecode as a simple string - perhaps as part of a text file, a database field or as the result of a web request. It furthermore makes it easy to perform small updates involving bytecode solely.


TIP: This kind of separation-strategy raises the security level, but please notice, that even though your deployed VM DLL can only execute bytecode which originates from you (eliminating the risk of executing unauthorized code), you should consider the consequences of the deployed bytecode being intercepted, copied and later used again by a malicious party.