Axprotector

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Automatic Software Protection using AxProtector Page 1 of 100

Automatic Software Protection using AxProtector


No Programming Skills required
With AxProtector you have a tool at hand that can automatically encrypt already compiled executables. AxProtector
®
allows you to integrate CodeMeter into your application - quickly and smoothly - without the need to alter your source
code. It is so easy to use, that integration can take place without any programming skills.
In just a few minutes, AxProtector encrypts and protects your application for a variety of project types:
AxProtector is also available as a commandline variant for Windows 32-bit / 64-bit, .NET, Linux, Mac OS, and Java
applications. Using the AxProtector GUI is a simple way to generate a commandline that can be extended and used
further to accomplish automatic protection.
The following table summarizes what kind of software applications can be encrpyted using various project types and tools
for different operating systems:
Application to be protected Project type GUI Commandline
Windows
Windows Application or DLL Windows commandline
AxProtector Windows

IxProtector Windows
NET Assembly .NET commandline
AxProtector .NET

IxProtector .NET
Mac OS X Application or Dylib Windows commandline
AxProtector Mac OS X
Commandline available for Mac OS X
IxProtector Mac OS X (runs on Mac OS X operating systems)
Java Application (Archive Windows commandline
Format *.jar, Webarchive AxProtector Java
Format *.war) Commandline available for Java (runs on
Windows, Mac Os X, Linux, and Solaris
operating systems)
Linux Application or Shared Windows commandline
Object AxProtector Linux
Commandline available for Linux (runs on
IxProtector Linux Linux operating systems)
Files your protected application Windows commandline
uses AxProtector File Encryption
Table 2: AxProtector – Applications to be protected, Project Types, and Encryption Tools
AxProtector:
• supports the encryption of all existing CodeMeter® license options (Product Item Options). Thus all necessary license
information is integrated into the encryption, for example, network licenses, or license checks at runtime.
• features functions to identify debugger use: in the case a debugger is detected, a CmContainer can be locked.
• provides the feature of "on-demand-decryption", i.e. parts of the protected application (source code and resources) are
decrypted only when accessed. This "on demand decryption" effectively protects against memory dumping and the
extraction of unprotected versions.
• offers the use of freely customizable user message dialogs including the creation of individual texts for purchasing
options or errors and also the embedding of company logos.
Structure and Navigation
You access AxProtector by using CodeMeterStartCenter or, alternatively, by the "Start | All Programs | AxProtector"
system menu item.

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 2 of 100

Figure 2: AxProtector – GUI and Navigation


The AxProtector GUI consists of five separate areas:
• Menu bar (1)
• Navigation window (2)
• Input window (3)
• Note and error window (4)
• Project type area (5)
Menu Bar
File menu
Element Description
Project New Project
To create a new project, please proceed as follows:
1. Select the "File | New Project" menu item. Alternatively, press the <CTRL+N> key combination. The "New
Project" dialog opens for selecting the project type.
Open Project
To open an existing project, please proceed as follows:
1. Select the "File | Open Project" menu item. Alternatively, press the <CTRL+O> key combination. The
"Open" system dialog opens from which you can select the desired project file.
2. Select the project file name to be opened, and click the "Open" button.
Save Project
To save a created or edited project, please proceed as follows:
1. Select the "File | Save Project" menu item. Alternatively, press the <CTRL+S> key combination.
Save Project as
To save an opened project using another project name, please proceed as follows:
1. Select the "File | Save Project as" menu item.
2. Select a destination folder in the "Save as" window and specify the new name of the project file.
If this file already exists, AxProtector prompts with an overwrite confirmation dialog. Click on the
"No" button and save the project using a different name, to keep the existing project file.

Export Wbc file Selecting this menu item exports the protection settings into a *.wbc file you are free to name and save.
Later you may use this file in the AxProtector commandline tool.

This menu item is active only after the project has passed all necessary checks.

Exit Select the "File | Exit" menu item to close AxProtector. Alternatively, close the AxProtector by the "x"
control or the <ALT+F4> key combination. Before exiting AxProtector you are prompted to save the
changes you have made to a project.
Options menu
Element Description

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 3 of 100

Language AxProtector provides you with different language version for the graphical interface. Select from eight
different language settings: Chinese, German, English, Spanish, French, Japanese, Dutch, and
Portuguese.
? menu
Element Description
Content Select this menu item to open the AxProtector online help.
About Select this menu item to open a window holding AxProtector version information.

Navigation Window
For every project type, the navigation window displays the single protection steps in a tree view. The navigation allows
you to access each single step.

Input Window
For each protection step, the input window provides for specifying protection options using corresponding fields and
controls. You navigate through the single steps by using the "Next >" or "< Back" buttons at the bottom of each window.

This symbol informs you that you have set additional protection options using the "Advanced" button.

Note and Error Window


This window displays information, errors or warnings using symbols. You also see the symbols in front of each protection
step within the tree view.
Symbol Description
When setting an option an error occurred. The protection step involved is not executed. A text informs you about what
the error might be. Then you have the option to check your input.
Please note a warning related to the options you set when protecting your application.
All settings are correct. This protection step is will be executed.

With a double-click on the and symbols you will automatically access the protection step to which the
information relates.

Project Type area


This area displays which project type you currently working with and shows the content of existing tooltip texts when you
move your mouse over dialog elements.
Project Dialog
When you open AxProtector or create a new project in AxProtector a project dialog opens where you make the selection
from different project types.
The tabs "AxProtector", "IxProtector" and "Other" show all available project types.
You receive help by clicking on the "Help" button.
Project Types
AxProtector features the following project types:
Icon Project type
AxProtector

Windows Application or DLL

.NET Assembly

Mac OS X Application or Dylib

Java Application (jar file)

Linux Application or Shared Object


IxProtector

Windows Application or DLL

.NET Assembly

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 4 of 100

Linux Application or Shared Object

Mac OS X Application or Dylib

Other
File encryption

AxProtector Tab
This tab offers you the selection of the following project types:
Windows Application or DLL

.NET Assembly

Mac OS X Application or Dylib

Java Application (jar file)

Linux Application or Shared Object

Windows Application or DLL


AxProtector protects executable files (applications *.exe and libraries *.dll) in PE format (Portable Executable): The
executable files may be created by established compilers, for example, (C, C++; Delphi, VB 6.0, FORTRAN, ...), or by
authoring tools (Adobe Flash, etc.).
The following table summarizes what kind of files can be encrypted using the AxProtector Windows GUI or the
commandline.
Application to be protected Project type GUI Commandline
Windows
Windows Application or DLL Windows commandline
AxProtector Windows
The following menu items are available in the navigation windows:
• File to protect
• Licensing systems
• License handling
• Runtime settings
• Security options
• Error messages
• Advanced options
• License lists
• IxProtector
• File encryption
• Summary
File to protect
To safely encrypt an executable file using AxProtector, first select the file you want to protect.
File to Protect
Element Description
Source file Click on the "…" button and select the file to protect using the system dialog "Open". Alternatively, manually
specify the path and name of the file in this field.
As alternative to the "…" button, you may also directly drag & drop the source file from Windows
Explorer into the source file field.
Destination file After you selected the source file, AxProtector automatically creates a secondary folder [..\protected\..].
You may change this default by manually specifying the path and name of the destination file. Then the destination
file corresponds to your protected application.
Commandline option see here.

Licensing Systems
After you select the file to be protected, the "Licensing systems" page displays in the input window. This is where you
can select which protection schemes will be used. Depending on your requirements, you can select one or all of the
check boxes (CmDongle and/or CmActLicense, WibuKey).

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 5 of 100

If you are switching from WibuKey to CodeMeter®, please activate both licensing systems.
In this way, you are able to ship updates and upgrades to existing customers who already have a WibuBox without
the need to replace the hardware. New end-users will be the ones to receive a CmDongle or a CmActLicense
together with the protected application.
For CmDongle and CmActLicense the following settings are available:
Element Description
Firm Code Specify the Firm Code to be used for encrypting the software.
The Firm Code 10 used in figure above is the CmDongle evaluation Firm Code found in the
®
CodeMeter Software Development Kit (SDK). In real life you would not use a Firm Code of 10,
since this would be insecure. As a registered licensor, you will be issued your own unique Firm
Code..The test Firm Code for CmActLicense is 5010.
As a registered licensor, you will be issued your own unique Firm Code(s).
Commandline option see here.
Product Code Enter the Product Code which defines the encryption of a specific product. You can freely choose this
identifier, e.g. for a separate module of a software application, or for a single application.
Commandline option see here.
Feature Code Enter the Feature Code which defines, for example, the encryption of different software versions.
By default, a Feature Code of 0 is set. This deactivates the use of the Product Item Option Feature
Map.Enter a 32-bit value to use the option.
Using the "…" button you may enter the feature map value in hexadecimal, decimal or binary format.

Figure 3: AxProtector - Windows Feature Map Input


Commandline option see here.
®
Encryption Algorithm Select the algorithm to encrypt your software. Currently, CodeMeter solely supports AES (Advanced
Encryption Standard).
Commandline option see here.
Minimum Driver Version Enter the minimum driver version required for the installed CodeMeter License Servers.
When setting the minimum driver version to 3.20 the session handling for terminal servers is automated.
This means that AxProtector automatically handles sessions of the protected software, and each session is
allocated one of the available licenses.
Setting the driver version is also required when, for example, you wish to use new features for the
encryption of an application. Older driver versions will not support these new features, and will
trigger error messages when starting the protected software.
Commandline option see here.
®
Release Date Starting with Firmware version 1.18 CodeMeter supports the Product Item Option Maintenance Period. In
the PIO two date values are stored: a start and an end value. This allows you to implement license models
which map the granting of support and services when using the software.
Then the use of a license is limited to software versions, corrections, and extension which have been
created, i.e. released, within this Maintenance Period. The Release Date is stored in the protected
application and at runtime a check is executed whether the date is within the defined period. In the case
the Release Date is not within the Maintenance Period, the use of the software is not covered by the
license
To store the Release Date, please proceed as follows:
1. Activate the "Release Date" checkbox to type in the Release Date. The current date is preset.
2. Change if desired the date either directly in the field located below or use the calendar element which
opens via the arrow button at the left margin of the field.
After activating the checkbox automatically the content of the "Mimimum Firmware" field changes
to version 1.18 which is at least required to use the Product Item Option Maintenance Period.
Please note also that you have to activate the checkbox here to be able to activate the check
options for the Maintenance Period in the advanced runtime settings.
Commandline option see here.
Minimum Firmware Specify the minimum firmware version required. In order to use the Product Item Option Maintenance

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 6 of 100

Period you require the firmware version 1.18.


Commandline option see here.

WibuKey
For setting WibuKey options, see the separate "WibuKey Developer Guide".
License Handling
This input window lets you to define whether the protected application is to search for existing licenses locally in the
CmContainer, on the network or both. Moreover, you can define the license allocation (access) mode.
Subsystems
Here you can define in which subsystem (local or network) the protected application is to search for matching license(s)
(commandline options see here).
Element Description
Local This setting determines if the protected application searches exclusively for licenses located on the same PC or
allocated to the same VM.
Network This setting determines that the license of the protected applications is to be sought in the network, i.e. only PCs are
accessed where CodeMeter License Server runs and is activated as network server.
On selecting both subsystems at the same time, the license is first sought locally and then subsequently on
the network.

License Options
In this group you define how started instances of the protected applications perform together with the allocation of
licenses (commandline options see here).
Element Description
Normal user limit Here each started instance allocates a single license. It does not make a difference if the CmContainer was
found locally, or on a network.
Station Share Here multiple instances can be started on a single PC but allocate only a single license.
You use this setting, for example, when you want to provide the end-user with the option of starting
the application several times. On a terminal server each session allocates a license. In virtual
machines each machine allocates a license.
WibuKey Compatibility Here each started instance in the network allocates a license (normal user limit) but the local access is
Mode unlimited (no user limit).
This allocation option exists only because of compatibility issues with WibuKey. Wibu-Systems
recommends the setting 'normal user limit' and 'station share'.
Exclusive Mode Here a protected application can be started only once on a PC.
No user limit Here any number of instances of the protected application can be started locally or in a network, and no
additional licenses are allocated. Allocated licenses in this mode can be re-used.
Linger Time
Element Description
Ignore Linger Time Activate this option to ignore a programmed LingerTime.
This license option allows to define an allocation time of the license after the license of a protected application
has been released or the protected application has been closed.

Runtime Settings
This input window lets you define the application's runtime settings, e.g. license checks for CmContainer, issue warnings,
etc.
Runtime Check
In this group you define whether and how often the protected application checks the license at runtime.
Element Description
Activate Runtime Activates or deactivates the check at runtime of the protected application.
Check Commandline options see here.
Period Defines the period between two checks. You specify this time interval in the format: hours: minutes:
seconds.
Max. Allowed Ignores Defines how often the end-user is able to ignore a failed check
If the connection to a CmContainer should fail or the license cannot be accessed, you can assign a
reasonable number of “ignores” allowing the end-user to continue working without a license access.
Activate Plug-out This option closes the protected application when the CmDongle is removed while the application is running.
Check Immediately, an error message is issued. This option is valid for CmDongle only.
(only CmDongle) Commandline option see here.
Unit Counter Decrement

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 7 of 100

Decrementing an Unit Counter can serves to establish the validity of licenses in a CmContainer. This group allows you to
define this behavior (commandline option see here).
Element Description
Decrement by Defines the value by which the Unit Counter is decremented. This option causes a decrement of the counter
when the protected application starts.
If the "Also at Runtime Check" option is activated and the specifications are set as shown in the figure above
every 30 seconds (see the defined period) a set Unit Counter is decremented by a value of 1.
Also at Runtime Check Decrements the Unit Counter also at runtime of the protected application.
This option works only when the "Also at Runtime Check" option in the "Runtime Check" group is
activated.

Thresholds
In this group you define when a message is issued to give information on the validity of a license.

For customizing the messages texts see here.

Element Description
Unit Counter If the defined threshold falls short, a warning message is issued.
Commandline option see here.
Expiration Time (days) If the specified Expiration Time (in days) is achieved within the defined threshold, a warning message is
issued.
Commandline option see here.

Advanced Runtime Settings


This input window lets you define further settings at the runtime of an encrypted application.
For checking the options Unit Counter, Expiration Time, Activation Time defined in a license the following handling is
valid.
Status Standard Required Ignore
=0

<>0

not specified

Unit Counter
Defines the handling of a Unit Counter set in a license (commandline option see here).
Element Description
Standard Decrements at runtime and/or start time an existing Unit Counter entry in a license by the value defined on the
previous page.
If the Unit Counter reaches 0 (null) the encrypted application does not start.
Required A Unit Counter entry < > 0 in a license is required. Without such an entry the encrypted application does not start at
all.
Ignore An existing Unit Counter entry in the license is ignored. The application does not decrement the Unit Counter. The
application will start with a Unit Counter entry set to 0.
Expiration Time
Defines the handling of an Expiration Time set in a license (commandline option see here).
Element Description
Standard Checks for an existing Expiration Time entry in a license. However, the application also starts if no Expiration Time
entry exists, or the current date precedes the Expiration Time.
Required An Expiration Time entry in a license is required. Without such an entry the encrypted application does not start.
Ignore An existing Expiration Time entry in a license is ignored. Also, if the current date exceeds the Expiration Time.
Activation Time
Defines the handling of an Activation Time set in a license (commandline option see here).
Element Description
Standard Checks for an existing Activation Time entry in a license. However, the application also starts when no Activation
Time exists, or the certified time is later than the Activation Time.
Required An Activation Time entry in a license is required. Without such an entry the encrypted application does not start.
Please note that in that case, an Internet connection for getting the certified time is also required.
Ignore An existing Activation Time entry in a license is ignored. Also, if the current date precedes the Activation Time.
Maintenance Period
Defines the handling of a Maintenance Period saved to the license. Then the use of a license is limited to software
versions which have been created, i.e. released, within this Maintenance Period. The Release Date is stored in the

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 8 of 100

protected application and at runtime a check is executed whether the date is within the defined period (commandline
option see here).

The option is available only, if you activated the checkbox Release Date on the page "Licensing systems.

Two checking options exist:


Element Description
Standard At runtime of the protected application a Release Date check is performed only in the case a Maintenance Period
exists. This corresponds to the default setting, even when on the page "Licensing systems" the checkbox Release
Date has not been activated.
Required At runtime of the protected application a Release Date check is mandatory performed. The PIO Maintenance Period
must exist.
Certified Time
Each CmContainer has an integrated clock which advances when the CmContainer is connected with the computer or
activated. When the CmContainer is connected or activated, the clock's time synchronizes forward. Otherwise, the time
last saved applies.
®
If desired, the Certified Time can be updated by synchronizing with any CodeMeter Time Server. The Time Servers are
spread globally by Wibu-Systems and provide a Certified Time. On updating the Certified Time the internal CmContainer
time is synchronized and updated as well (commandline option see here).
For information on the fail safe and manipulation safe processes referring to Activation and Expiration Time see
here.For information on the fail safe and manipulation safe processes referring to Activation and Expiration Time
see details in the CodeMeter® Developer Guide.
Element Description
Set Certified Time This option attempts to update the Certified Time in a CmDongle. The Certified Time is requested from the
Time Server.

This option requires a connection to the Internet.

Check Certified Time This option checks to see if the Certified Time is older than the 'Maximum Certified Time Age' you defined
here. If the 'Maximum Certified Time Age' is exceeded, the application will not start.
Maximum Certified Time If you select the option "Check", you are able to define here the Maximum Certified Time Age in hours.
Age (hours) The age is calculated by the difference between the running System Time and the Certified Time.
Period without time checking Specifies the period (in hours) when no check of the Certified Time certificate is performed.
(hours) If this period is not reached, a check is not performed. If the Certified Time certificate is located between
this period and the 'Maximum Certified Time Age', an attempt to update the Certified Time certificate is
performed. If this is not successful, however, the application continues running until the 'Maximum
Certified Time Age' is reached. Not until this happens, is an update of the Certified Time certificate
required.
System Time
In this area you define settings for additional protection preventing license manipulation by faked PC Time setting
(commandline option see here).
Element Description
Encryption Time check This option saves the time when the encryption takes place (PC Time) in the protected application. Then
the application runs on the user PC only when the CmContainer System Time is newer than the
encryption time.
®
Requires at least CodeMeter 4.10.

CmContainer / PC System If activated, these options define a time corridor in which a difference between CmContainer System
Time check Time and PC Time is allowed. If the PC Time does not fall into this defined time corridor, the protected
application will not run on the user PC.
Minutes to be allowed older States in minutes how much the PC Time is allowed to be older than the CmContainer System Time.
Minutes to be allowed States in minutes how much PC Time is allowed to be younger than the CmContainer System Time.
younger

Advanced options
This group allows to set further options.
Element Description
Add control and about menu Adds the "About" and "Control" menu items to your application (commandline option see here).
Terminate host application When no valid license is found, in the case of protected DLL application files the calling *.exe is
terminated (commandline option see here).
Create mobile application [not yet implemented]

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Automatic Software Protection using AxProtector Page 9 of 100

Security Options
This input window lets you select from different mechanisms and methods for protecting your application. You are able to
scale the degree of security for yourself, for example, how intensive the search for debugger is to be, or whether a
CmContainer is locked.
If the options you set here turn out to be incompatible with your protected application, you are also able to
separately deactivate single security options.
Advanced Protection Schemes
The advanced protection schemes deeply intervene into your application. In some cases, this may mean that some single
mechanisms will not work due to compatibility reasons (commandline options see here).
Element Description
Resource Encryption Also encrypts the resources of your protected application. After the start of your application, the
resources located in the PC memory and are decrypted "on demand".
Static Code Modification Your software is modified in a way so that it is protected against debugging, dumps and reverse
engineering. These modifications are added to your application when encrypted.
Extended Static Modification This option adds extended multi-nested security mechanisms to the static code modification.
Dynamic Code Modification The source code of the application to be protected is modified dynamically at runtime of the application.

The options "Static Code Modiification" and "Extended Static Modification" conflict with an activated option
"Activate Automatic File Encryption" on page "Advanced Options".
Anti-Debug Schemes
Debugger programs serve an honest role in searching for error and finding bugs. But they may also be used by hackers
to analyze software. In this group you determine how to react to debugger programs (commandline options see here).
Element Description
Basic Debugger Check Checks if a debugger is attached to your application. If a debugger is found, your application will not be
started or exited.
Kernel Debugger Check Additionally checks for Kernel debugger programs, such as, SoftICE. If a debugger is found, your
application will not be started.
The next two mechanisms comprise methods for detecting specific debugger programs and tools.
Advanced Debugger Check Checks in an advanced search for debugger programs which may run parallel to your application, also
cracker tools, such as, ImpREC, are detected. If a debugger is found, your application will not be started.
IDE Debugger Check Checks for all debugger programs. With this option, debugger programs are not allowed at all, i.e. even
within developer environments, e.g. Visual Studio, Delphi. If a debugger is found, your application will not
be started.
Generic Debugger Adds a mechanism to the application preventing the attachment of a debugger program to the application
Detection at runtime.
Virtual Machine Detection Detects if the application is to be started on a virtual machine, and prevents this.
Activates license access This option locks the license access to the used Firm Item in a CmContainer as soon as a debugger
lock program is detected.
If this option is activated, the settings are applied you defined in the dialog to be opened by the
"Configuration" button.

This button is activated only for CodeMeter.

Configuration If the option "Activates license access lock" is activated, you are able to define further settings in the dialog
which opens by clicking the "Configuration" button:
Depending on the Firmware used this dialog allows to define separate locking scenarios.
Locking Scenario Description
immediate locking is performed starting with Firmware Version 1.14 as soon as a debugger is
detected.
prepared locking is performed by checking the Firm Access Counter (FAC). The Firm Access
Counter locates at the Firm Item level of a CmContainer. This counter allows you to
control whether a Firm Item can be used for encryption and decryption operations.
By default, the FAC is deactivated and has a value of 65535 (0xFFFF). A software
vendor is able to program it to any other value. On detecting a debugger the FAC is
decremented by a value of 1.
If the FAC reaches a value of 0, the Firm Item is locked.
The owner / end-user of the locked Firm Items must contact the software vendor for
unlocking codes. This can be done by remote programming.

file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh2BF9.htm 7/3/2024


Figure 4: AxProtector - Windows "Security Options - Hardware Locking"
The following settings are available:

This input window lets you define further settings.


Advanced settings
This area allows for setting additional options.

This input window lets you define the messages displayed if errors occur. You define whether a user message DLL with a
separate error display is used, or whether you use default error message windows.
Error Messages
Figure 5: AxProtector – UserMsgUs.ini
File name (without Language Extension)
Enter the file name without specifying path and language file extension.
The UserMsgDll is copied from the directory

This input window lets you set further options for the encryption using IxProtector and for the project type file encryption.

This menu item lets you manage license lists. Those you need to protect using IxProtector via the Software Protection-
API (WUPI) .
License lists consist of a unique identifier (ID), a Description, and hold specifications on Items and Item Details.

Using this menu items also allows you to create License Lists. Please proceed as follows:
Click the "Add" button.
Assign in the area License List an Id and complete the field Description.
Element Description
Id This ID uniquely identifies a license list and serves for referencing.
By default, an ID of 0 is initially set by the selection of the licensing system. Following, you are able
to add license list entries starting with IDs starting from 1.
Description Here you will describe a license list with text.
3. Define the license by completing the fields in the License item details group.

Figure 6: AxProtector - Windows "Add License Lists"

You might also like