I have already generated static libraries in the past to share our algorithms with customers by removing the 'debug symbols generation' option in the build settings so that it is not possible to read the code in CCES while in running the program in debugging mode. However I don't know for certain if that is a safe enough solution to protect our IP. I was thinking that obfuscating the code prior to generating the library would make it really tedious to reverse engineer our technologies. Would you have any comment about this approach or any suggestion on how to make this in a better way?
If you are looking to protect information about a library you should turn off the generation of debugging information. If you are using the IDDE, both the assembler and compiler property pages have a selection that
enables debugging information. These are typically on by default.
Secondly, if you are generating a library and would like to obscure the information that is in the library you can use the library encryption feature of the archiver (elfar.exe).
The command to the archiver to encrypt a library is:
elfar -s [-v] library_file in_library_file exclude_file type
library_file is the name of the encrypted library_file
in_library_file is the name of the library file before encryption
exclude_file is a file that contains names in the library not to be
encrypted; any symbol that is exported for a user to link against needs to be in
type is a letter that will be the first letter in all encrypted names
Using this feature, all symbols (except the exclude list) will be replaced with encrypted symbol names, e.g., Symbol_name_that_gives_away_my_algorithm will be replaced with something like X234f. This will make it harder for someone outside of your company that has your library to decipher the contents of your library.
If you would like to protect a library file, which has already been created,during the linking stage you can use the following linker options:
-S Omit debugger symbol information from the output file(s)
-s Omit all symbol information from the output file(s)