• From your memory, third parties can read: your
  • Your code can be changed, and manipulated.

SafeOrbit is a cryptographic library to protect sensitive dataof an application from being manipulated or read.

It’s open-source on GitHub  (stars: 31, watchers: 31, forks: 5) and available on NuGet .

  • Protects your strings in memory while allowing you to securely compare & modify them.
  • Protects your binary data with SafeBytes.
  • Anti injection module safeguards your application against memory injections and timing attacks.
  • Leverages high performance and secure algorithms for encryption, hashing and random in interfaces that makes it much hard to screw up.

It’s written for & used by my password manager Password Orbit.

A simplified example

Before SafeOrbit 

    code:
        check-license-function: '1. goto website, 2. check if user paid'
    data:
        user-name: jade1983
        pwd: password123
        has-license: false
YAML

A hacker can

  • read password password123 easily from application memory.
  • can modify application memory and change last three words has-license: false to has-license: true and gives person a license by tricking the application.
  • or a hacker can modify check-license-function and bypass license validation logic.

After SafeOrbit 

    code:
        check-license-function: '1. goto website, 2. check if user paid'
    data: ue95bEEfSaaMjbpylkwnmsCqGoy8ra2VPqjIRT72wVoKFAYzUVMNWKIV7dvXN1EMpFYjPMGddU7+iua8DskPAA==
    signature: EQ8RgU/q/34cO7Ea4gc2y610kvsCCbZ3e9eYAKXaytqC/fKb09EFuG74JK+kbQHGfsP+BfuwwtX9NhOP9AxIyw==
YAML

A hacker can not:

  • read any password as they are encrypted as the user types them.
  • cannot forge any application data or code as every change to the application code or state is signed.