Binary Encryption Configuration
The binary encryption configuration is used to specify the encryption options for the binary.
Encrypt Code Chunks
This option allows you to specify whether or not to encrypt the code chunks in the binary. Without this option, the produced binary will significantly be vulnerable against reverse engineering.
Highly recommended to only disable this option for debugging purposes.
- Default:
true
{
"binary_encryption": {
"encrypt_code_chunks": true
}
}
Encrypt Data Chunks
This option allows you to specify whether or not to encrypt the data chunks in the binary.
Generic production-level compilers place the datas (such as constants, strings, etc.) in data segments of the binary unless they are explicitly placed in the code section by the developer. Avaritia protects such segments as possible as it can.
Highly recommended to only disable this option for debugging purposes.
- Default:
true
{
"binary_encryption": {
"encrypt_data_chunks": true
}
}
Code Chunk Read Detection
When this option is enabled, Avaritia will perform a verification to detect whether the chunk decryption attempt is being made by the read operation instead of execute operation for the marked chunks.
The code chunks containing datas, such as jump tables, will not be marked for this verification.
- Default:
false
{
"binary_encryption": {
"detect_code_chunk_read": true
}
}
Code Chunk Integrity
When this option is enabled, Avaritia will perform a verification to detect whether the code chunks are being tampered with.
To guarantee that this option is fully compatible with your application, please make sure that no code will perform byte patches at runtime.
- Default:
true
{
"binary_encryption": {
"detect_code_chunk_tampering": true
}
}
Re-Encryption Threshold
This option allows you to specify the threshold for the re-encryption of the code chunks.
Avaritia will re-encrypt the code chunks when the number of the executed chunks reaches the specified threshold.
This value is the 32-bit unsigned integer representing the percentage. For instance, when specifying 70
, Avaritia will perform re-encryption for all possible code chunks when there are more than 70% of decrypted code chunks.
Setting this value to 0
will completely disable the all re-encryption.
Depending on the size of application, the re-encryption may cause a very frequent all re-encryption and will result in unacceptable performance overhead. We recommend to adjust this value depending on the number of code chunks and the performance requirements.
- Default:
80
{
"binary_encryption": {
"all_reencryption_threshold": 100
}
}
Function Discovery Strategy
This option allows you to specify how the chunk generation algorithm will discover the functions in the binary.
When this value is set to true
, the code chunks with no discovered functions will not be marked for the read detection.
This avoids potentially false positive as possible as it can and the application runs with more reliability but less security.
We are continuously committing our effort to make function detection and chunk generation algorithms more reliable and this option may be deprecated in the future.
- Default:
true
{
"binary_encryption": {
"ignore_no_function_discovered_chunks": true
}
}