CPSRT
License Check Content Decryption Anti Reverse Checks CodeMoving Runtime Check
encrypted in a protected script , alongside the means for handing over the encrypted code to the native CPSRT component . This checks the required licenses , decrypts the functions , and sends them back to the interpreter , where they can be executed . The native component could also take over other jobs for the script language , e . g . conducting regular license checks or tracking debuggers .
The native component is protected by AxProtector to stop would-be attackers from tampering with itself . Hardening its own protections is just as important as having the right safeguards for the communication between it and the protected application . This would seem an ideal target for attackers – simply listen in on the communication to find out everything you need to know , or even to inject your own malicious instructions like the classic man-in-the-middle attack . This is why Wibu-Systems ’ developers teamed up with the company ’ s security experts and came up with a foolproof communication system .
Encrypted communication When loading the native component , an encrypted line of communication is started that uses certificates created for the protected application . The two certificates , a copy protection key certificate and a protectee certificate , form links in a chain of signatures connecting the licensor ’ s private key certificate provided by Wibu-Systems to software developers back to Wibu-Systems ’ very own root certificate .
Validate / Authenticate
Decrypt Functions Decrypt Resources
CodeMoving
Protected JavaScript Application
Protected . NET Assembly
Firm Codes that the protected application has the right certificate for . It can also use these certificates to check the integrity of the protected application , stopping manipulated software in its tracks from its very first launch .
Certificates The certificate chain is based on the infrastructure first introduced for the Universal Firm Code ( Firm Codes higher than 6.000.000 ), although this does not exclude software developers using older CodeMeter Firm Codes or even its predecessor WibuKey . They can also use the new native component with the same certificate infrastructure by going through their Firm Security Box ( FSB ). The required certificates will be rolled out automatically with the next update for all CodeMeter Firm Codes ; developers who do not want to wait can update at any time and free of charge . Should your FSB lack the certificate , you will be notified when you next try to encrypt an application , with detailed information about the next steps you should take .
Protected Java Application
The new native component is currently used by AxProtector . NET and AxProtector Python but will soon be rolled out to other AxProtector variants and provide the additional capabilities of the native component to the protection mechanisms for even safer and more secure software .
Installation required The native component needs to be available on the user ’ s computer . With AxProtector . NET , it is copied into the protected folder in which the encrypted assembly and the other required files are kept . Since the platform on which the assembly is eventually executed cannot be known beforehand with . NET , the native component is included in versions for different platforms , as a CPSRT . dll file in several subfolders . Beginning from version 10.70a , the mechanism with which assemblies protected with AxProtector . NET look for the CPSRT . dll has been refined : It initially looks in the application ’ s folder and its subfolders and then in all other places named in the PATH variable .
The next CodeMeter version 7.30 will come with CPSRT . dll included with the installers and install the latest version of the new component to avoid the need to distribute it manually . As always , Wibu-Systems is committed to backward compatibility , so that any application protected with CodeMeter Protection Suite will continue to work perfectly with newer incarnations of CPSRT . dll .
Protected Python Script
|
The protected application – the protectee – can use the protectee certificate to authenticate itself to the native component and show that it has the right to access licenses and decrypt functions . Vice versa , the native component has a certificate signed by Wibu-Systems to identify itself with the protected application and prove its genuineness . With the trust ensured by this process , the two can work together to negotiate the communication key without any outside party ever getting near it .
The native component will also only execute the instructions ( e . g . for decrypting code ) for
|
Protected Windows Application
Protected macOS Application
|
CPSRT ( Windows , macOS , Linux ) |
Protected Linux Application
Protected . NET Assembly
|
12