Call Hiding

Protection ID: reference_proxy

This protection encodes and hides the references of your application.

This protection is available in the editions:

Scale Enterprise Admits © Smart Integrity Protection System

How It Works

Call hiding protection transforms direct method calls in your application into indirect references. When someone decompiles your code, the references to other methods, types, fields, and events appear encoded or hidden, making it difficult to understand the application's flow and dependencies.

This protection effectively prevents static analysis of your application by hiding method calls and other references. It also makes it harder for attackers to locate important functions or understand the relationships between different parts of your code.

Hide all calls to other methods, types, fields and events. This protection is suitable to prevent the flow of your application from being analyzed.

Parameters

• Hide instances boolean : Hide instances of classes and references false by default

Rules configuration

• shield.config.json

{
  "protections": {
    "reference_proxy": {
      "hide instances": true // default false
    }
  }
}

Modes

• Default
• © Smart Integrity Protection System: This mode hides the reference by encoding its pointer with native methods. It guarantees integrity during all internal executions of the application.

Code Example

• Original code:

public class Program
{
    public static void Main(string[] args)
    {
        Console.WriteLine("Hello World!");
        ProcessData(GetData());
    }

    private static string GetData()
    {
        return "Sample data";
    }

    private static void ProcessData(string data)
    {
        Console.WriteLine($"Processing: {data}");
    }
}

• After call hiding (conceptual representation):

public class Program
{
    public static void Main(string[] args)
    {
        // Direct call to Console.WriteLine is replaced with an indirect reference
        __Proxy__.InvokeMethod(0x7A2D, "Hello World!");
        
        // Method calls are replaced with encoded references
        __Proxy__.InvokeMethod(0x8B3F, __Proxy__.InvokeMethod(0x9C4E));
    }

    private static string GetData()
    {
        return "Sample data";
    }

    private static void ProcessData(string data)
    {
        __Proxy__.InvokeMethod(0x7A2D, $"Processing: {data}");
    }
}

Exclusions

• Exclude with attribute

Include this attribute in your source code:

[Obfuscation(Exclude = false, Feature = "-reference_proxy")]

• Exclude from the interface

You can exclude this protection from methods or classes you want using the Shield configuration interface.

When to Use

Call hiding protection provides robust security benefits in these scenarios:

• Security-critical applications: Applications where understanding the flow and relationships is a significant security concern
• Anti-reverse engineering: When you want to make static analysis and reverse engineering more difficult
• Proprietary algorithms: Methods implementing unique algorithms or business logic
• Licensing mechanisms: Code responsible for license validation or authentication
• API security: Protects how your application interfaces with external services
• Class libraries: Helps protect the internal implementation of shared libraries

Shield intelligently applies this protection using optimized techniques based on your application's framework and structure. The advanced engine analyzes call patterns in your code and applies the appropriate protection strategy to each method call, ensuring maximum security without any impact on application performance.

Compatibility

Shield is compatible with all versions of .NET. It automatically adapts to your specific framework, whether you're using .NET 2.0, .NET 4.7, .NET Core 2.1, or Xamarin.Forms 5.0.