Wibu-systems' technology protects software and combats reverse engineering | NEXTY Electronics, a trading company for electronic components and semiconductors

Countering security threats in embedded device development with code encryption and debugger detection (anti-debugging function)

With the shift to IoT, security threats to embedded devices include the loss of information assets, making it important to develop devices that take into account threats such as unauthorized Access and vulnerabilities such as security holes. This column provides an overview of the security technology concepts and usage methods of Wibu-Systems' CodeMeter products.

overview

What you can do with Wibu-Systems' CodeMeter security technology

By making full use of CodeMeter security technology, application programs used in embedded systems are encrypted and digitally signed for strong protection.

Countermeasures against reverse engineering
Software copy protection
Application Integrity Protection
(Prevention of tampering and counterfeiting)
License activation is possible for each feature
Flexibility in Access control management

By incorporating the software and API provided by Wibu-Systems, powerful security protection measures can be implemented in a short period of time.
It also saves you time and effort in software protection measures and protects your software from piracy and reverse engineering.

Commentary

AxProtector products: full software encryption tools

AxProtector encrypts the software suite you want to protect and protects it with a security shell, AxEngine, after which the best anti-debugging and anti-disassembly methods are inserted into the software.
No source code changes are required. AxProtector is integrated as a post-build process. Encryption operations are performed by AxProtector after compiling your software and before creating your setup. AxProtector can be used both via a GUI (Graphical User Interface) and a command line tool.
As a command line tool, AxProtector can be run continuously integrated into automated build systems.
When you start the protected software, the AxEngine code runs first.
AxEngine will check for available licenses.
If a license is available, it is automatically assigned and used to decrypt the protected software.
Additionally, AxEngine performs integrity checks to verify possible tampering attacks.
AxEngine constantly monitors your software for security threats using advanced anti-debugging and anti-reverse engineering methods. It immediately suspends software execution if a risk is detected. As an ISV, you can define whether your license should be locked in these situations. A watchdog within AxEngine regularly checks your license, integrity, and possible threats in the background.

Original Code
Encrypted Code

*Source: Wibu-Systems Inc.

Creating Variants

To increase the complexity of the software, software functions are copied as variants of the function, and the wrapper function selects which variant to execute depending on certain input parameters of the function.

Modifying variants

Each individual variant is modified to only work within the range of values that are valid for that variant, preventing an attacker from patching the wrapper function to only execute the same variant every time.

Variant Encryption

All variants are encrypted to prevent attackers from reverse engineering the code without first decrypting it.

Inserting a trap

In addition to the already created variants, a further variant is inserted as a trap and encrypted. The trap contains a locking code, and once the trap is decrypted via the dongle, the dongle self-locks and can no longer be used for decryption. This prevents an attacker from decrypting all the methods without reverse engineering.

Choosing a dongle variant

The wrapper function uses the dongle to select the variant: the input parameters are sent to the dongle and the variant to be used is returned. This makes it impossible for an attacker to distinguish the desired variant by simply reverse engineering the decrypted wrapper function. To be absolutely certain, they would need to run the code for all possible input parameters.

Dongle State Engine

The developer knows that the functions can only be executed in the order they choose. The most recent decryption method is saved as state on the dongle. The next decryption checks if this state is met. If not, a trap is set off, preventing the attacker from trying all variants of the software at any time. The attacker must always return to the starting point, increasing the complexity of the attack.

Decoding Delay

During normal operation, only a certain number of decryptions can be performed every 30 seconds. This number is stored as the dongle's decryption threshold. The dongle paces its decryption efforts accordingly. This mechanism not only makes the process more complex, but also slows down attackers.

quotation

CODEMETER protection technology | BLURRY BOX CRYPTOGRAPHY (Wibu-Systems official website)

Example

Easy to use!: The UI is intuitive and allows for easy encryption.

Start AxProtector, specify the file name, and configure the security settings.
All protection can be done through on-screen operations, so no programming knowledge is required, significantly saving time and money!

Video: See how your application reacts when it detects a debugger!

Files that can be encrypted

Windows 32bit/64bit program
.NET Assembly
Java App
macOS Programs
Linux Programs
AI algorithm (python)
Virtual environments such as Docker Containers and VMs
Text file

Python code can also be encrypted

Can be distributed as platform-independent software.
The encrypted Python code has every function encrypted individually.
With just one encryption step, you can distribute your Python assets safely across multiple platforms.

Anti-debugging feature

It is equipped with powerful countermeasures to block analysis by hackers, including an anti-debugging function to prevent analysis by debuggers.
(It also has a security lock function that locks the hardware itself when a debugger is detected.)

Basic Debugger Checks

Build anti-debugging features into your program that are based on basic debugger checks.
Detects the debugger and does not run if detected.

Kernel Debugger Check

This incorporates kernel-level debugging prevention functionality into programs.
Detects kernel debuggers and does not run them if detected.

Advanced Debugger Checks

In addition to basic debugger checks, it also incorporates more advanced debugger prevention features into your programs.
It will detect a debugger and will not run if detected.

IDE Debugger Checks

Checks for the presence of a debugger in an integrated development environment such as Visual Studio. Prohibits connection from a program development tool for debugging purposes.
It will not run if an IDE debugger is detected.

Enable License Access Lock

If it detects a target with the anti-debugging scheme option enabled above, it will lock Access to the license.
*You can set detailed rules for applying the lock using the "Settings" button.

Reference

We have an encryption and protection demo system using Nvidia Jetson.
We are available to provide you with the following technical information at any time during our workshops:

Setting up the NVIDIA Jetson Nano Developer Kit
Build a program for human pose estimation on Jetson development kit
Encrypt Python data and check decryption using a license
Camera-based human pose estimation using Python data
Encrypted data confirmation

For more details and to apply for the workshop, please click on this banner

Inquiry

Make a product Inquiry

Wibu-systems' technology protects software and prevents reverse engineering