Events Protection
Protection ID: events
This protection encodes and hides the events of your application.
This protection is available in the editions:
Enterprise Admits © Smart Integrity Protection System
How It Works
Events protection obfuscates the publisher-subscriber pattern in your .NET applications by hiding the underlying event implementation details. This protection transforms the way events are defined, subscribed to, and triggered in your code, making it harder for reverse engineers to understand how components interact.
When this protection is applied, the standard event patterns are replaced with encoded references, hiding both the event definition and the delegate mechanisms. This makes it significantly more difficult to track event handling flow during static analysis.
Parameters
This protection has no parameters or settings.
Rules configuration
shield.config.json
{
"protections": {
"events": {}
}
}
Modes
- Default default : It encrypts and protects the application events and hides the original events call to any method.
- © Smart Integrity Protection System: This mode uses advanced integrity checks to protect events. Enterprise
Code Example
- Original code:
public class Publisher
{
public event EventHandler<string> DataReceived;
public void ProcessData(string data)
{
// Trigger the event
DataReceived?.Invoke(this, data);
}
}
public class Subscriber
{
public void Initialize(Publisher publisher)
{
publisher.DataReceived += HandleData;
}
private void HandleData(object sender, string data)
{
Console.WriteLine($"Received: {data}");
}
}
- After events protection (conceptual representation):
public class Publisher
{
// Event implementation is hidden
private readonly object _eventStorage;
public void ProcessData(string data)
{
// Event trigger is obfuscated
__EventsProxy__.TriggerEvent(this, _eventStorage, this, data);
}
}
public class Subscriber
{
public void Initialize(Publisher publisher)
{
// Event subscription is hidden
__EventsProxy__.RegisterHandler(publisher, 0x7A2D, this, "HandleData");
}
private void HandleData(object sender, string data)
{
Console.WriteLine($"Received: {data}");
}
}
Exclusions
- Exclude with attribute
Include this attribute in your source code:
[Obfuscation(Exclude = false, Feature = "-events")]
- Exclude from the interface
You can exclude this protection from methods or classes you want using the Shield configuration interface.
When to Use
Events protection enhances your application security in these key scenarios:
- Event-driven applications: Secures software with complex event-based architecture where understanding the flow is critical to reverse engineering
- UI frameworks: Protects applications with rich user interfaces that rely heavily on event handling
- Plugin systems: Safeguards systems where components communicate via events
- Security operations: Strengthens events that trigger security-related functionality like authentication or validation
Shield automatically optimizes events protection based on your application type and target platform, ensuring the perfect balance between security and performance.
Events protection works seamlessly with Call Hiding protection to create a comprehensive obfuscation strategy. Shield intelligently applies both protections to maximize security while maintaining optimal application performance.
Compatibility
| Framework | Compatibility | Comments |
|---|---|---|
| .NET Core | ✔ | |
| .NET Framework | ✔ | |
| .NET (up to 8 version) | ✔ | |
| .NET Standard | ✔ | |
| Xamarin IOS | ✔ | |
| Xamarin Android | ✔ | |
| Xamarin MacOs | ✔ | |
| WPF | ✔ | |
| Blazor | ✔ | |
| .NET Maui | ✔ | |
| Unity | ✔ | |
| ASP | ✔ | |
| Silverlight | ✔ | |
| VBa (Visual Basic) or C# (CSharp) | ✔ | |
| WinRT | ✔ |
Shield is compatible with all versions of .NET. It automatically adapts to your specific framework, whether you're using .NET 2.0, .NET 4.7, .NET Core 2.1, or Xamarin.Forms 5.0.