KEYnote 45 English - Spring/Summer 2023 | Page 4

PROTECTION

AxProtector with Obfuscation

Wibu-Systems has developed a completely new variant of its popular AxProtector for native applications on Windows , Linux , and macOS .
AxProtector Compile Time Protection ( CTP )
AxProtector CTP is available for Windows , Linux , and macOS and introduces a new handling and new protection technology for these operating systems .
AxProtector CTP is available for download as of February 2023 alongside the release of AxProtector 11.20 . AxProtector CTP can be used with existing licenses for AxProtector Windows , Linux , or macOS . Its automatic protection , modular license , license free ( IP Protection ) mode , file encryption features and the all-new Compile Time Obfuscation feature can be used with native applications for all three operating systems .
AxProtector CTP ’ s protection mechanisms are integrated in the compile process of the build system .
Why AxProtector CTP ? Apple has made changes to its macOS operating system on the ARM platform with toughened code signing guidelines in force as of macOS version 12.3 . It becomes harder to run protected software , especially plugins , that need to be decrypted during runtime .
This does not yet affect the ability to run protected software on Intel or Intel-emulated ( Rosetta ) systems .
Another reason for AxProtector CTP is the opportunity to increase the level of protection for intellectual property , especially for software that is only secured against reverse engineering , but without requiring a license ( license free or IP Protection mode ). The traditional IP protection approach used by Wibu-Systems relies on encrypting and temporarily decrypting executable code in the memory of the user ’ s device . This means that the executable code has to switch into its plaintext form , albeit only for a brief moment in time .
How Does It Work ? Our newest innovation works by obfuscating the code of native applications . This native code obfuscation works in a way related to traditional obfuscation methods . During compiling in a specially adjusted LLVM compiler , functions are protected in three steps . First , the function name and text strings are made unreadable by encryption ( image 1 ). Secondly , the blocks of code are obfuscated . Additional code blocks and sequence branches make the code even less evident ( image 2 ). This increases the size of the executable code .
Finally , the logical connections between the code blocks are replaced by indirect calls ( image 3 ).
The logical connection of the executable code in the binary cannot be recognized anymore with the broken branches , making it securely protected against reverse engineering .
The approach adds excellent protections against reverse engineering , as the executable code never enters the working memory other than in fragmented and obfuscated form . An analysis of the code is essentially impossible .
Basic Block
Encrypted string
Jump
T
Image 1
4