Sentinel Envelope protects distributed software against AI-assisted reverse engineering, IP theft, and license copying and piracy, without touching your source code.
benefits
Why Choose Thales Sentinel Envelope
Protect your IP and AI models
Anyone with access to your binary can read what you built and steal your innovation. Sentinel Envelope ensures that competitors see nothing useful, even if your software is distributed outside a controlled environment.
- Blocks reverse engineering of proprietary algorithms, business logic, and competitive differentiators in your code.
- Shields embedded AI models including weights, parameters, and architecture from extraction or replication.
- Secures deployment surface where you have limited control: on-premises, embedded, IoT, and downloadable software.
Harden Your Software Against AI Threats
AI tools can now spot vulnerabilities and build exploits in minutes. Sentinel Envelope denies attackers access to your application logic, so there is virtually nothing for AI analysis to work with.
- Defeats the decompilation step that AI-assisted analysis depends on, leaving attackers with no recoverable application logic.
- Reduces malware injection risk. Protected software is far harder to crack, copy, and redistribute with malicious payloads.
- Buys time to patch. Vendors can detect and fix vulnerabilities before attackers find and exploit them.
Stop license copying and illegal distribution
Software license controls fail in untrusted environments. Sentinel Envelope cryptographically hardens your licensing, so you stay in control of who uses your software, wherever it runs.
- Reinforces license checks, seat limits, and feature gates, so license restrictions can not be cracked or bypassed.
- Encryption and anti-debugging make key cracking attempts futile before they gain any foothold.
- Prevent piracy at the source. Automatic key disabling shuts down an attack the moment it is detected. Only you can re-enable access.
Core Capabilities
Enhance Your Software Defense Strategy
Effective software protection combines multiple technologies that address different attack vectors. No single tool covers every threat, but Sentinel Envelope brings together a combination of critical protection technologies that form an essential layer in any defense strategy.
This forces attackers to overcome compounding barriers that make breaking through the defenses extremely difficult, turning reverse engineering into a frustrating and costly ordeal.
Encrypt code, data, and files for stronger protection
Sentinel Envelope utilizes encryption to protect applications against reverse engineering. Encryption is applied to the whole executable or library. For managed code applications, it is applied at the method- or class-level.
- Encryption prevents static analysis of executables and libraries at rest since their code only gets decrypted at runtime.
- Effectively forces the attacker to attempt dynamic analysis instead of static analysis, which is then prevented by anti-debugging and anti-tracing.
- Supports method- and class-level encryption, allowing protection of .NET and Java applications to be applied at a more granular level.
Make code extremely challenging to understand, analyze, and reverse engineer
Sentinel Envelope obfuscates code flow and symbols to make protected applications more difficult to reverse engineer across a broad range of platforms and programming languages.
- Obfuscates code to make the application’s internal logic harder for attackers to follow or reconstruct.
- Obfuscates symbols so names, structures, and references become completely senseless, hiding their significance.
- Configurable per function, method, or class to allow optimal balance between performance and security.
Defend applications against debuggers and binary instrumentation frameworks
Sentinel Envelope defends applications at runtime against traditional debuggers and Dynamic Binary Instrumentation (DBI) frameworks used in dynamic analysis attacks.
- Defends against dynamic program analysis, where attackers observe and analyze software while it is running.
- Helps protect against traditional debuggers that attach to a process, pause execution, step through code, and inspect internal behavior.
- Helps defend against Dynamic Binary Instrumentation frameworks that inject analysis code into a running application.
- Detects active tracing tools by identifying subtle execution differences and runtime anomalies they introduce.
- Goes beyond standard tool-specific blocking with Thales’ proprietary advanced anti-tracing technology.
- Helps distinguish malicious attackers from legitimate developers by halting execution if the initial warning is bypassed.
Detect unauthorized changes to protected binaries and resources
Sentinel Envelope verifies that protected binaries and resources remain unmodified, using digital signatures and obfuscated integrity checks to detect tampering attempts.
- Uses digital signatures to verify that the binary and resources remain unmodified.
- Hundreds of obfuscated checkers injected throughout the protected application continuously validate hash values across different binary ranges.
- Triggers a cascading defense mechanism if even a single byte is altered.
- Maintains full compatibility with Microsoft Authenticode signatures.
Disable license access when cracking attempts are detected
Sentinel Envelope disables the license key required for the application to run as soon as a cracking attempt is detected, preventing attackers from proceeding with reverse engineering.
- Designed to make false positives nearly impossible.
- Allows the vendor to re-enable the license if the vendor chooses.
- Supported by hardware and cloud license keys.
Execute protected code securely inside the hardware key
Sentinel Envelope extracts code, converts it into an executable format supported by the hardware chip, encrypts it, and embeds it in the binary to replace the original code.
- Keeps execution out of reach of cracker tools such as debuggers.
- Extracts selected code from the application.
- Converts the code into an executable format supported by the hardware chip.
- Encrypts the code and embeds it in the binary.
- Replaces the original code with the protected version.
- Uploads encrypted code to the hardware key at runtime.
- Decrypts and executes the code securely inside the hardware key.
Protect and monetize data files separately from application code
Sentinel Envelope extends protection beyond executables by encrypting data files and preparing them for decryption by the Envelope-protected application.
- Protects data files without requiring source code changes.
- Allows you to create separate licenses for data files to enable content monetization initiatives.
- Encrypts valuable content to prevent unauthorized use.
- Data protection utility is provided to vendors to pre-encrypt files.
How it Works
Thales-grade protection you can apply in minutes without modifying source code
- One-click application delivers advanced protection with minimal effort.
- No source code access or modification required.
- Invisible to legitimate users. Protection only surfaces when someone is actively trying to circumvent it.
Protecting AI
- Sentinel protects both the application and the model file.
- Protected application – Protects application code from disassembly and reverse engineering. Coupled software piracy protection.
- Encrypted model file – Protects model from adverse modifications by preventing targeted changes to parameters, weights, and biases.
Use Cases: Protecting LLMs, Protecting GenAI, Protecting AI enabled features within on-premises applications, e.g. healthcare and medical devices, supply chain and manufacturing, and customer insights
Compatible with a wide range of platforms and environments
Sentinel Envelope delivers protection in the age of AI-assisted reverse engineering
Advanced AI tools are changing how quickly attackers can analyze software, uncover vulnerabilities, and understand application logic. In this real-world test, Claude analyzed an application before and after Sentinel Envelope Plus was applied.
Before protection, the AI quickly surfaced vulnerabilities and areas of risk. After protection, Sentinel Envelope Plus made the application significantly harder to analyze, showing how the right combination of critical protection technologies can help defend software against AI-assisted attacks.
The right protection solution for every need
Sentinel Envelope is available with or without Sentinel licensing technology, and at different levels of protection strength to suit your target and requirements. Options span a range of protection needs, from anti-piracy and IP protection to vulnerability protection and license enforcement, all deployable without source-code changes.
