Reference Hiding

Reference hiding conceals the method, field, and API calls in your code, so an attacker cannot map what your application connects to or depends on.

  • .NET.NET
  • AndroidAndroid
  • AppleiOS
Start free
See it in ByteHide Shield
TL;DR

Reference hiding obscures the calls your code makes to methods, fields, and system APIs. Instead of direct, visible references, calls are routed through encoded indirection or generated proxies. Static analysis can no longer build a clear map of what your application does and which APIs it uses.

Definition

What is reference hiding?

Reference hiding is a technique that conceals the references an application makes: calls to its own methods and fields, and calls to system or framework APIs.

When an attacker analyzes an application statically, the references are the map. Seeing which system APIs are called, and how internal methods connect, tells them what the application does without running it.

Reference hiding removes that map. Calls are encoded, redirected through proxies, or resolved indirectly, so a static view of the code no longer reveals the references behind it. This protection unifies what is called call hiding on .NET, API hiding on iOS, and reference proxy on Android.

Mechanism

How reference hiding works

Reference hiding applies several indirection techniques:

  • Encoded references. Direct calls to methods and fields are replaced with encoded forms resolved at runtime.

  • Proxy methods. Calls are routed through generated intermediary methods, so the real target is not directly visible.

  • API call hiding. References to system and framework APIs are concealed from static analysis.

The application calls exactly what it always called. A static analyzer simply cannot see it clearly.

Example

Reference hiding example

The same login flow, before and after reference hiding. The same methods get called; the static map of those calls does not survive.

Original

Static analysis lists every method call and every system API the application uses, producing a clear map of its behavior.

Hidden

The same analysis sees encoded references and proxy calls. The real targets are resolved only at runtime.

Original
var user = userService.GetCurrentUser();
var token = authProvider.GenerateToken(user);
logger.Info($"Issued token for {user.Name}");
Hidden
var user = Invoke<User>(0x4f12, null);
var token = Invoke<string>(0x9a07, new object[] { user });
Invoke<object>(0xb031, new object[] { user.Name });

Use cases

When to use reference hiding

Reference hiding is most useful when your application:

  • Calls sensitive system or framework APIs you do not want exposed.
  • Has internal structure that reveals how components connect.
  • Must resist static analysis that maps behavior through references.

It pairs with name obfuscation and control flow obfuscation: names, structure, and references are all part of the map, and these protections obscure all of it.

Platform availability

Reference hiding across platforms

  • .NET

    Call hiding, encoding references to methods and fields.

  • Android

    Reference proxy, redirecting calls through generated proxy methods.

  • iOS

    API hiding, concealing references to system API calls.

Related

Related Shield protections

Frequently asked questions

What is reference hiding?
Reference hiding is a technique that conceals the method, field, and API calls in your code by routing them through encoded indirection or proxies, so static analysis cannot map what the application does.
Does reference hiding affect performance?
It adds a small overhead from the indirection. The level is configurable so you can balance protection and speed.
What is the difference between call hiding, API hiding, and reference proxy?
They are the same protection on different platforms. Call hiding is the .NET name, API hiding the iOS name, and reference proxy the Android name. ByteHide presents them together as reference hiding.
Does reference hiding change behavior?
No. The application calls exactly the same targets. Only the visibility of those calls to static analysis changes.
Which platforms support reference hiding?
ByteHide Shield provides reference hiding for .NET, Android, and iOS.
10,000+ developers and companies protect their applications with ByteHide

Protect your application with
ByteHide Shield

Reference hiding is one of more than 20 protections in ByteHide Shield. Apply it to your .NET, Android, or iOS application.

Start free
Book a demo
ByteHide runtime dashboard showing live threat monitoring and protection metrics