ByteLab 59.05°N / 9.69°E

Custom software / licensing / protection / reverse engineering

Control over your software shouldn’t end at compile time.

ByteLab is an independent engineering practice. We build custom software, license and protect what you ship, and reverse-engineer the systems nobody documented, from application code down to the kernel.

Based in Norway, working worldwide Native code: PE · ELF · Mach‑O Ring‑3 → ring‑0
Fig. 01 Protected binary · cross‑section
0x0000
HEADER
magic · arch · entry point
0x1000
.text · application code
control-flow obfuscation, applied selectively where it pays
0x8C40
.lic · license gate
entitlements · node lock · expiry · signed offline
0x9E00
INTEGRITY MAP
hash tree over code + license, checked at runtime
0xA200
.data
runtime state
0xB7F0
OVERLAY · vendor signature
Ed25519, verified before anything else runs

0x01 / Services

We build software, and take apart the software that won’t explain itself.

Four disciplines across the whole life of a binary: we work forward when you’re building, and backward when you’re stuck. When a problem reaches the kernel, so do we.

SRV/01

Custom software

Applications, services and internal tooling built to fit how your business actually works, instead of bending your business around a tool that nearly fits. Yours to keep at the end: clean code, documentation, no lock-in.

  • Product & customer-facing applications
  • Internal tools & line-of-business systems
  • Services, APIs & integrations
  • Automation & data pipelines
  • Built to hand over, documented and testable

SRV/02

Software licensing

A licensing model is a contract enforced by code. We design entitlement systems that survive contact with real customers (offline sites, air‑gapped networks, VM sprawl) and implement them with modern cryptography instead of obscurity.

  • Entitlement & activation architecture
  • Cryptographically signed license files
  • Node‑locked, floating & offline models
  • License servers, portals & usage telemetry
  • Migration off legacy license managers

SRV/03

Software protection

Assume a hostile runtime. We layer anti‑tamper, integrity verification and targeted obfuscation (in user space, or in the kernel where it’s warranted) so that breaking your software costs more than buying it, and so you find out when someone tries.

  • Anti‑tamper & runtime integrity checks
  • Kernel‑assisted integrity & tamper detection
  • Driver (WDM/WDF) & ring‑0 security review
  • Anti‑debug & environment analysis
  • Key management & secret handling

SRV/04

Reverse engineering & systems analysis

When the source is missing or a vendor vanished, we work back from the binaries and the traffic to recover what your systems depend on, and turn undocumented systems into engineering facts you can build on.

  • Reverse engineering & binary audits
  • File‑format & protocol analysis
  • Interoperability with closed systems
  • Crash & fault root‑cause analysis
  • Legacy systems without source

0x02 / Method

Every engagement runs like a lab protocol.

Fixed scope or retained, always documented, never a black box. Four phases, each with a concrete output you keep.

Phase 01

Assess

We model the threat before touching code: who attacks your software, with what tools, for what gain. Your current licensing and protection get the same scrutiny an attacker would give them.

Output → Findings memo & threat model

Phase 02

Design

Mechanisms on paper first (licensing model, protection layers, key handling), each costed for build impact, performance and maintenance before a line is written.

Output → Mechanism specification

Phase 03

Implement

We integrate into your codebase and CI, not beside it. Everything we add is documented, testable and owned by your team on handover.

Output → Integrated, reviewed code

Phase 04

Verify

Then we switch sides and attack our own work: measuring time‑to‑bypass, closing what we find, and writing down what would break next.

Output → Adversarial review report

0x03 / Working surface

Where we operate.

The shipped binary is the material: bytes on disk, mapped into memory, running in front of a hostile world. This is the ground we stand on and the range we cover.

Platforms Windows/Linux/macOS
Privilege Ring‑3 (user)/Ring‑0 (kernel)
Architectures x86-64/ARM64
Binary formats PE/ELF/Mach-O
Kernel WDM/WDF/minifilters
Languages C/C++/Rust/Go/.NET/asm
Cryptography Ed25519/ECDSA/AES-GCM/BLAKE3
Tooling IDA Pro/Ghidra/WinDbg/custom

Fig. 02 · live read. What’s in the bytes is the whole job.

0x04 / About

Protection is a moving target. We treat it as an engineering discipline. Measured, versioned, verified. Never a checkbox.

ByteLab is a small, senior practice. The people you meet are the people who do the work, engineers who have shipped licensing systems, hardened commercial software and spent years inside other people’s binaries.

We keep the team small on purpose. This is precision work, and precision doesn’t delegate well.

  • Independent & privately held
  • Based in Norway · working worldwide
  • NDA by default
  • Fixed scope or retained

We work the defender’s side. We protect and analyse software for the people who own or license it. When our work turns up a flaw that affects a third party, it goes through coordinated disclosure, never into the wild.

0x05 / Contact

Tell us what you’re shipping.

A sentence or two about your software and what worries you is enough to start. We reply within two working days, and an NDA is never a problem.

Write to the lab post@bytelab.no

PGP key on request
Stathelle · CET/CEST