AxProtector with Obfuscation
Wibu-Systems has developed a completely new variant of its popular AxProtector for native applications on Windows, Linux, and macOS.
AxProtector Compile Time Protection (CTP)
AxProtector CTP is available for Windows, Linux, and macOS and introduces a new handling and new protection technology for these operating systems.
AxProtector CTP is available for download as of February 2023 alongside the release of AxProtector 11.20. AxProtector CTP can be used with existing licenses for AxProtector Windows, Linux, or macOS. Its automatic protection, modular license, license free (IP Protection) mode, file encryption features and the all-new Compile Time Obfuscation feature can be used with native applications for all three operating systems.
AxProtector CTP’s protection mechanisms are integrated in the compile process of the build system.
Why AxProtector CTP?
Apple has made changes to its macOS operating system on the ARM platform with toughened code signing guidelines in force as of macOS version 12.3. It becomes harder to run protected software, especially plugins, that need to be decrypted during runtime.
This does not yet affect the ability to run protected software on Intel or Intel-emulated (Rosetta) systems.
Another reason for AxProtector CTP is the opportunity to increase the level of protection for intellectual property, especially for software that is only secured against reverse engineering, but without requiring a license (license free or IP Protection mode). The traditional IP protection approach used by Wibu-Systems relies on encrypting and temporarily decrypting executable code in the memory of the user’s device. This means that the executable code has to switch into its plaintext form, albeit only for a brief moment in time.
How Does It Work?
Our newest innovation works by obfuscating the code of native applications. This native code obfuscation works in a way related to traditional obfuscation methods. During compiling in a specially adjusted LLVM compiler, functions are protected in three steps. First, the function name and text strings are made unreadable by encryption (image 1). Secondly, the blocks of code are obfuscated. Additional code blocks and sequence branches make the code even less evident (image 2). This increases the size of the executable code.
Finally, the logical connections between the code blocks are replaced by indirect calls (image 3).
The logical connection of the executable code in the binary cannot be recognized anymore with the broken branches, making it securely protected against reverse engineering.
The approach adds excellent protections against reverse engineering, as the executable code never enters the working memory other than in fragmented and obfuscated form. An analysis of the code is essentially impossible.
The new technology does not only include protection for intellectual property, but also licensing for software and its components. All license configuration options available with AxProtector .NET NC are available here.
The license checking code injected by AxProtector is hard to distinguish from the original application code. It can only be executed with the right license key.
The protection offered by the new AxProtector CTP requires special build environments, compatible with a modified Clang compiler and an additional plugin made by Wibu-Systems. Only minimal adjustments to the compiler are needed; they can be made by software developers with the setup guide provided by Wibu-Systems. Their purpose is simply to activate the use of plugins.
AxProtector CTP is currently delivered with the compiler Clang 14.05.
As the Clang compiler is supported in most common development environments like Visual Studio and Xcode, the capabilities of AxProtector CTP are immediately available, including cross-platform protection as provided by the standard AxProtector. AxProtector supports Windows, Linux, and macOS systems and Intel, ARMHF, and AARCH64 platforms.
Recommended Use Cases
Wibu-Systems continues to support and develop AxProtector Windows, AxProtector Linux, and AxProtector macOS. Software developers can continue to use these versions.
Software developers who plan to produce and protect plugins for macOS with CodeMeter should use the new protection mechanism. This applies, in particular, if the host application that loads the protected plugin is not protected by AxProtector. Developers of macOS applications should also consider AxProtector CTP, as this will become the standard protection system for macOS.
Windows and Linux
AxProtector CTP offers efficient protection for intellectual property with the additional security for the code afforded by obfuscation. A switch can be recommended if the system requirements can already be met or can be fulfilled in the future.
Experience tells us that applications protected with AxProtector or AxProtector CTP run at similar levels of performance. When obfuscation is used with critical runtime functions, there can be certain effects, depending on the system. We recommend running a test with the integrated profiler of the AxProtector CTP.
Wibu-Systems can provide a preconfigured Clang compiler and compiler plugin for the protection process for a first evaluation. The compiler can be easily integrated into a build system. Instructions for the plugin are available for developers who want to adjust the compiler themselves.
The configuration of AxProtector CTP is virtually identical to AxProtector .NET NC or AxProtector Python NC.
AxProtector includes a selection of powerful functions, including automatic protection, modular licensing (license lists), license-free use (IP Protection mode), and file encryption. AxProtector CTP adds the option of Compile Time Obfuscation that can easily be activated with the configuration. An additional license is required to access this feature.
AxProtector CTP uses the intermediate file format of the LLVM compiler. That means support for many programming languages and platforms, including C, C++, Rust, and Swift, which are supported by the LLVM compiler infrastructure.
Wibu-Systems will continue to refine and improve both AxProtector and AxProtector CTP for Windows, Linux, and macOS. Software developers and vendors can pick and choose the right protection mechanism to match their applications’ needs. The next step will add Code-Moving as a separately licensed feature in AxProtector CTP.
KEYnote 45 – Edition Spring/Summer 2023