Embedded Protection

ExProtector is the ideal solution to protect a complete embedded device from counterfeiting, reverse engineering, tampering, and the execution of malicious code. However, if you only want to protect the software of your embedded device against reverse engineering and piracy, you have the option of using either ExProtector or AxProtector CmE.

When compared with the integration of AxProtector CmE or CodeMeter API, ExProtector provides a deeper level of integration into the embedded system. ExProtector does not secure the software only, but also the entire operating system and the bootloader. The layers to protect are encrypted with ExProtector and digitally signed. For the highest possible protection level, a safe anchor is necessary: the decryption and the signature verification are integrated as ExEngine into the operating system, the bootloader or a pre-bootloader.

The additional use of CodeMeter API allows you to license individual functions of the software separately.

Supported Operating Systems

ExProtector is available in the following variants:

  • ExProtector VxWorks 6.8 / 6.9
    Integrated in Wind River Workbench, it encrypts VIPs (VxWork Image Project), RTPs (Real Time Process) and DKMs (Downloadable Kernel Module) for PowerPC and Intel.
  • ExProtector VxWorks 7.x
    Encrypts VIPs (VxWork Image Project), RTPs (Real Time Process) and DKMs (Downloadable Kernel Module) for ARMv6 and higher, ARMv6HF, ARMv7HF, x86, x86_64.
  • ExProtector Linux
    Encrypts Linux executables and shared objects.
  • ExProtector µController
    Encrypts the application code for microcontrollers. Available as ready-to-use integration for Infineon XMC4500. Adaptation to other platforms, on request.

Operational Principle

The integration of ExProtector in your software occurs in three easy steps:

  • Encryption and Signature of the Software
    With ExProtector you can encrypt, sign, or encrypt and sign your software. In all such cases, no integration into the source code is required. The protection can be incorporated as a post-build process in the context of continuous integration in an automated build system.
  • Integration of ExEngine
    You can integrate ExEngine in the layer that calls and starts the protected software. In the event that the software application is the target of your protection, you should integrate ExEngine into the operating system. Should you aim to protect the operating system, the integration of ExEngine should occur in the bootloader. For the protection of the bootloader, ExEngine should be integrated in a pre-bootloader. To achieve the highest protection level, a simultaneous integration into multiple layers is recommended. During integration your root public key will be embedded in ExEngine. This is a crucial step to ensure the authenticity of your software in the embedded device. ExEngine comes already integrated in VxWorks 7; it can be activated with just one click.
  • Use of certificates
    You should sign the software with your private key in order to verify its authenticity. Certificates and certificate chains make it possible to assign different rights and set up an emergency plan in case of compromised keys.

At runtime ExEngine checks any software that is loaded. Only software signed by you, and thus authentic, is loaded. Hence, the execution of malicious software on the embedded device is completely prevented.

In the next step, ExEngine uses the necessary licenses to decrypt the software. Should the license be missing, the embedded device would not start.

Interested in a personalized offer for our CodeMeter technology? Just answer a few questions and our team will get back to you with all the information you need.


To top