Categories: Protection

Automatic Protection for your Software

CodeMeter Protection Suite keeps expanding and growing in strength. AxProtector .NET Standard has joined the Protection Suite family as the tool for .NET Standard 2.0 applications; the other tools continue to evolve and become more powerful. The GUI has been given a facelift, AxProtector .NET is now FIPS-compatible, and AxProtector and IxProtector for native applications now support the execution of code on CmDongles.


CodeMeter Protection Suite is a powerful toolbox for the automatic encryption of applications and libraries. It protects executable files from reverse engineering and ties them cryptographically to a valid license.

The individual tools have been tailored specifically to work with each platform or environment to allow optimum protection with minimum effort for you as an ISV. Whichever tool you choose, you select the Firm Code and Product Code (or combinations of them) to encrypt compiled libraries or applications. This is done with a key bound to the Firm Code and Product Code. Without the right license, decryption is simply impossible.

AxProtector and IxProtector

AxProtector protects native Windows, Linux, and macOS applications and libraries. It encrypts the entire code; when the application is launched or a library loaded, the system checks for the required license and decrypts the complete executable code, if the license is there. After that point, the application will perform just as well as if there were no automatic protections at all.

IxProtector allows you to mark and encrypt separate functions to be decrypted and executed during runtime. Depending on the settings, this is either done automatically or by an API call defined by the ISV. It allows you to move particularly sensitive code in separately encrypted form onto a CmDongle to be executed there. At no point is this code visible for would-be hackers.

AxProtector .NET

AxProtector .NET is CodeMeter Protection Suite’s dedicated tool for the automatic protection of .NET assemblies. It does so by encrypting the code of.NET framework applications on the level of individual methods: Each method is given its own stub code that checks for a license when the method is first accessed and only encrypts it if the license is present and correct. This can be compared to how IxProtector protects native code when choosing automatic decryption upon method access.

This approach automatically creates a higher level of security. As the security level has an effect on performance, developers can fine-tune their chosen approach to find the right balance between performance and obsession for security.

The current version of AxProtector is compatible with FIPS mode, a setting that PC users can configure to ensure that only FIPS-tested implementations of cryptographic functions in the .NET framework are allowed. This is a typically required setting among US official authorities, making it a relevant feature to remember if your users belong to this target group.

AxProtector .NET Standard

.NET Standard provides specifications for .NET APIs that facilitate interoperability and compatibility between different .NET environments. It makes it easier for ISVs to roll out their applications across platforms or to migrate from one platform to another.

The current release brings the launch of another version – AxProtector .NET Standard – equipped to protect .NET Standard 2.0 applications like .NET Core 2.0 or Mono 5.4 applications.

The protections work on the same basis used with AxProtector .NET: the application is analyzed and protected by encryption on the method level. It can only be decrypted and executed if the correct license is available in a CodeMeter container.

AxProtector Java

When compiling Java Source Code, the code is first translated into a unique interim language, called Java Byte Code. On the target platform the Java Virtual Machine (JVM) then sees to it that this code is interpreted and executed. This is the secret to Java’s platform independence, but it also adds certain weaknesses from the point of view of the security of the Java Byte Code.

As with .NET, the Java Byte Code is simple to decompile and makes reverse engineering less of a challenge for would-be attackers. AxProtector Java has the power to stop them in their tracks by encrypting the code – as its sister implementations do – and tying it to a specific license. The code can be encrypted on the level of classes or methods, and it never touches a hard drive in plaintext form, as it is decrypted on the fly.

Java 9’s introduction of modular JARs has led to some changes for AxProtector Java. The new version supports both traditional Java applications created under Java 7 or 8 and modular JARs made with Java 9.

AxProtector Graphical User Interface

AxProtector shows its true potential with its availability as a command line tool, which enables full integration into automatic build processes as part of continuous integration and continuous delivery. At the same time, a GUI guides users through the features and functions and makes AxProtector more comfortable to use on ISVs’ workstations.

The GUI has been given a new facelift, revitalizing, in particular, the settings for licensing systems. Before Universal Firm Codes were introduced in 2016, software developers needed two Firm Codes to combine software and dongle-based licenses: one for CmDongles and one for CmActLicenses. The Universal Firm Code removes the need for this distinction, and the new facelift reflects this in displaying only one Firm Code as the standard setting. Developers who still operate multiple Firm Codes to maintain compatibility are not affected: The option for them needs only one click of the mouse.

Compatible with WibuKey

CodeMeter Protection Suite supports all CodeMeter licensing systems currently in the field: CmActLicenses and CmDongles. CodeMeter Protection Suite also continues to support WibuKey, the predecessor of CodeMeter originally introduced in 1989. This is what Wibu-Systems means by long-term availability and lasting compatibility.

Always Evolving, Continuously Improving

All parts and components of CodeMeter Protection Suite are in continuous development, of course, with particular attention to security and performance. New capabilities like the ability to have executable code on CmDongles or the automatic setting of traps are just two examples of constant evolution. Caching mechanisms have been introduced and refined to improve performance. A committee of experts is charged with overseeing current and planned security features to make sure they deliver real added value and do not impact performance. For CodeMeter Protection Suite, only the best and fastest mechanisms make the cut.


KEYnote 36 – Edition Fall 2018

To top