Protection Details

After a Mac binary is included in a project, you can specify protection details for the binary in the Protection Details screen.

To display a binary’s Protection Details screen, click its corresponding entry in the Project pane. Sentinel LDK Envelope evaluates the binary and displays the signals and exceptions in the General tab.

>You can block signals by selecting the Block signals check box, then selecting the check boxes of individual signals that you want to block.

Signal blocking is provided because most debuggers connect and communicate to the process under inspection using signals. This is an additional layer of debugger detection and prevention. For example, a debugger can send SIGINT to interrupt the running process. By blocking SIGINT, you can disable the ability of the end user to stop a process using Ctrl-C. If your customers require the option to interrupt their process with CTRL-C, clear the check box for SIGINT in the list of options. In some cases you may need to clear the check box for other signals as well. The security risk of allowing the use of CTRL-C to stop a process is that the process can be stopped from outside the application. Since this is an interrupt, it is possible to gather a memory dump (which may fail due to the other settings). For more information, see: https://discussions.apple.com/thread/2531483

>You can block exceptions by selecting the Block exceptions check box, then selecting the check boxes of individual exceptions that you want to block.

Exception blocking ensures that the selected exceptions are handled by the Envelope runtime exception handler and are not passed on to the system exception handler. This is done to prevent a crash report or a crash dump. An exception usually causes a crash which is caught by macOS. The Envelope exception handler catches the exception before it reaches macOS, and performs a graceful exit with an error alert. Therefore, no crashlog (which might give hints to an attacker) is written.

Note: Even some debuggers use exceptions to control the process under inspection.

In addition to the primary protection details, you can enable or modify other parameters by clicking the following tabs:

>Advanced tab

>Protection Settings tab

>Data File Settings tab

Related Topics

Defining Data File Filters

Defining Binary Protection Details

Considerations for Protecting Mac Applications

Default Protection Settings

Advanced Protection Details

Working with Binaries

Project Pane