Under Linux and Mac the values must be entered into the "wibuKey.ini" file:
Mac OS X: /Library/Preferences/com.wibu.WIBU-KEY.WIBUKEY.ini
To enable or disable interfaces for WibuKey, you can proceed as follows.
1. Open WibuKey Control Panel
The main instrument for controlling the access to WibuBoxes is the WibuKey Control Panel Applet in the control panel of Windows.
Note: If you do not have the systray icon for WibuKey, run WkSvrMgr.exe at C:\Program Files (x86)\WibuKey\Server.
2. Activate Advanced Mode
To see all the configuration options, you need to activate the Advanced Mode.
You can do this by clicking on the WibuKey icon at the top left of the window and making sure that the Advanced Mode is selected.
3. Set up interfaces
Now the new tab "Setup" should display, that lists all potentially available interfaces, which can individually be activated or deactivated.
The description of the error WK1130 is: WK1130 no user rights to manage Name kernel driver.
The security rights of the current user are not sufficient under Windows NT to start or stop, install or uninstall the specified kernel driver or to set the driver. Please ask your system administrator for more security rights.
As the description shows, you lack the rights to install the necessary core drivers for WibuKey.
Please make sure that you have enough rights on this system to install kernel drivers, i.e. are administrator for the local system. Then please try to run the installer as administrator.
Please also make sure that no WibuBox is connected during the installation.
To import a WibuKey "Remote Programming update file" (.rtu), please proceed as follows:
1. Open "Finder".
2. Left-click on "Applications" and open the "WIBUKEY" directory.
3. Open the "WkConfig" app and select the "Update" tab.
4. Click the "Run Update" button and select the update file.
1. Open Terminal.
2. Execute WkConfigLin.
3. Switch to the "Update" tab.
4. Click the "Run Update" button and select the update file.
This seems to be a problem of the shell extension which is responsible for the "Mouse Menu".
At "C:\Program Files\WIBU-SYSTEMS\System" you will find a repair script that can fix this.
Run the file "WibuShellExtRepair.cmd" in this folder via an administrative console.
Alternatively, you can import the update file via the WibuKey control panel tool ( see WibuKey user help)
1. Start the WibuKey control panel tool (Control Panel). Make sure that the Advanced Mode is active.To display all pages the Advanced Mode can be used.
2. Switch to the page "WibuBox Update".
3. Use "Browse" at "Remote Programming Update File" to select your update file and click on "Apply" (see WibuKey User Help).
Reservations are always made when servers are accessed via 'Broadcast' or 'DNS Name'.
Normally the reservations are used several times.
However, if several reservations for the same entries come from the same client in short intervals, such reservations can remain.
Usually the requests then come to the server via different routers.
This can be prevented by entering the IP address in the server search list of the clients.
This is because routed TCP/IP access does not create reservations, but allocates the license immediately.
Unfortunately, Wibu-Systems cannot guarantee the passthrough of WibuKey hardware to virtual machines (VM), since VM software-specific structures and systems are used here that are not provided by Wibu-Systems.
Possible options to provide a WibuBox to a VM would be
- using WibuKey in a server/client setup or
- using a USB-over-Ethernet hub that can make USB devices available via Ethernet connection to any device on the same network.
WibuKey in a server/client setup
For the first scenario, the WibuBox is physically plugged into a computer acting as server.
The server function must be activated on the server. Please proceed as follows:
1. Open the WibuKey Control Panel via "Open Control Panel" in the WibuKey Systray Icon ※ (next to the time in the Windows task bar).
Note: If the SysTray Icon is not available, start: C:\Program Files (x86)\WibuKey\Server\WkSvMgr.exe
2. Navigate to the "Network" tab
3. Activate the WkLAN subsystem (everything else should be deactivated)
4. Start the WibuKey Server via "Start Server" in the WibuKey Systray Icon (this is only necessary once, afterwards it should start at the system start).
The server must be made available on the client, i.e. the computer that is to license. Please proceed as follows:
1. Open the WibuKey Control Panel via "Open Control Panel" in the WibuKey Systray Icon .
2. Navigate to the tab "Network".
3. Enter the IP address of the server in the WkLAN server search list.
Variant two is used by ourselves in many places at Wibu-Systems and offers a solid solution to make USB devices available to a VM.
Here, there are only restrictions with energy saving options of the hubs, which "hang away" the USB devices, which leads to the fact that the WibuKey server does not recognize the WibuBox anymore and this can cause problems.
In WibuKey, the License Quantity of a license is represented by the difference of the User Code of two license entries.
If, for example, a license with User Code 5 is to be available ten times, a license with the same Firm Code and User Code 15 must be programmed in the following entry.
Please note that the difference between two clusters must not exceed 250. However, it is possible to program several of these clusters (max. 5) on one WibuBox.
If you want to program a License Quantity of 300, the clusters look as follows:
How can one easily determine via console whether the WibuKey kernel drivers are running?
Under Windows enter the command wku32.exe in the console at C:\Program Files (x86)\WIBUKEY\Bin.
Under macOS and Linux, enter "wku" in the console (located in the search path).
The WKU tool will then show you the installed and (if loaded) WibuKey driver version.
c:\Program Files (x86)\WIBUKEY\Bin>wku32
wku32 - WibuKey User Universal Support Tool.
wku32 Version 6.51 of 2019-Apr-02 (Build 3477) for Win32.
Copyright (C) 1994-2019 by WIBU-SYSTEMS AG, www.wibu.com. All rights reserved.
Available WibuKey ports at local computer:
[Calling Driver: Version 6.51 of Apr/02/2019]
[Kernel Driver: Version 6.50a of Jan/08/2019]
1 WibuKey ports scanned:1 WibuBoxes at 1 ports found.
To perform tests with connected WibuBoxes, proceed as follows:
1. Open the WibuKey Tool in "Windows Control Panel | Hardware and Sound".
2. Activate the expert mode by clicking on the WibuKey icon in the upper left corner of the window bar in front of the title:
WibuKey Software Protection: Test and Settings.
You should now see the tab pages "Test" and "Diagnosis".
3. Navigate to the 'Diagnosis' page and activate the diagnosis by clicking on 'Active' at the bottom left of the page.
Save the settings by clicking the "Apply" button.
4. Switch to page 'Test'. On the right you can select the connected WibuBoxes with which you want to perform tests.
5. Start the tests via the "Start" button.
Behind "Successful tests", you see the number of tests performed, approx. 100 tests should suffice.
You can stop the tests by clicking the "Stop" button.
If errors occurred during the tests, the number of errors behind the corresponding WibuBox is not equal to 0.
and shows the number of errors that occurred.
To find out more details about the errors, please return to the "Diagnostics" page.
The list shows details of the errors that occurred in the tests.
By clicking the button "Save" you can save the diagnosis and Wibu-Systems Support
for further analysis.
In this case we would also ask you to create a WibuKey report file using the "Report" button and to send them to us as well.
In general, it was examined which possibilities our driver software "offers" foreign code to potentially carry out manipulations on systems. Please note that the security of protected/encrypted applications are not affected, i.e. there is no need to re-encrypt them.
The vulnerabilities in this area are to be taken however quite seriously and you should ask your customers to accomplish an update.
Especially since the new version of the WibuKey drivers has already been tested by the security service provider and fixes all vulnerabilities.
The found and fixed vulnerabilities refer to the possibility that:
a) an unauthorized reading of kernel memory information on the local system might be possible (this [CVE-2018-3989]only affects Windows operating systems).
b) an potential unauthorized privilege escalation on the local system might be possible (this [CVE-2018-3990] only affects Windows operating systems).
c) it would potentially be possible to infiltrate "foreign code" via clients on WibuKey network servers. This problem affects all operating systems because the WibuKey server process is affected [CVE-2018-3991].
Since it can be assumed that your customers do not have their WibuKey servers unprotected on the Internet, it would be necessary for all scenarios for the cracker software to infiltrate the company network locally. In other words, the software must be installed/copied locally in the corporate network so that these vulnerabilities can be exploited. This should not be so easy in usual corporate networks.
Furthermore, this application must explicitly exploit the vulnerabilities found, i.e. it must be explicitly written for our drivers/API code in order to exploit these vulnerabilities.
However, this does not mean that these "gateways" are not to be taken seriously. We recommend that you strongly advise your customers to update their drivers. Especially since, as mentioned above, the new versions close these vulnerabilities.
Of course, our CodeMeter drivers have also been checked. They have no security risks, so that you do not have to inform "CodeMeter-only" customers.
Please proceed as follows:
1. Activate WibuKey 'Logging' in the context menu of the Windows Systray icon of WibuKey.
2. Reproduce the problem.
3. Send the log files including timestamps of when you tested.
The log file can be found as WkServer.log at C:\Program Files (x86)\WibuKey\Server.
4. Create a WkReport from Client & Server.
Control Panel | tab 'Diagnostics' | Button 'Report...'.
You may have to activate this tab by activating the expert mode. To do this, click on the icon in the upper left corner of the window and then check the box for Expert mode in the context menu.
The used WibuBox entry is already used by another instance (34).
This means that an application already has this entry in use, usually 'locally' on the server machine.
This error usually occurs if the protected application is also used locally on the server, i.e. the WibuBox is accessed locally here. This then 'blocks' the access of the clients via the network.
The solution is to ensure that the server itself also accesses the license 'over the network'.
To do this, please proceed as follows:
1. Exit the protected application(s) locally on the server.
2. Open the WibuKey control panel on the server (Control Panel | WibuKey).
3. Navigate to the page "Network".
4. Deactivate the "Local" subsystem and activate the "WkLAN" subsystem for the "User" and "Computer" (dropdown box above the subsystems).
5. Click on the "Apply" button to save the changes.
The server itself should then be able to obtain the licenses via the network (local network interface) and the clients should be able to work simultaneously.
In this case, please check the following:
a) Is the WibuBox 'locally' recognized on the server in the WibuKey tool of the control panel?
b) Has the service 'WibuKey Network Server' actually been started?
This is visible in the WibuKey Network Server Manager in the taskbar.
c) Are the 'Cluster'/Licenses recognized correctly in the Network Monitor or in the WibuKey Network Server Manager?
Proceed as follows:
1. Open WibuKey Network Monitor (WkSvMon) via 'Start | Programs | WibuKey Network Monitor'.
2. Connect the WibuBox.
3. Restart the WibuKey Server service.
4. Check, if network licenses display.
d) Are the licenses on the server now correctly displayed in the WibuKey network monitor?
e) Can the client communicate with the server?
Check in the WibuKey Tool of the Control Panel (click on Network icon on the 'Contents' page) or