Wibu-Systems Blog

John Poulson

Recent Posts

Advantages of the CodeMeter Runtime

Posted by John Poulson on Jun 19, 2013 5:22:00 AM

I was recently asked why Wibu-Systems requires the installation of a CodeMeter "Runtime" on the end user's computer. There is one big misconception and several undocumented advantages that need to be explained. When one's goal is to provide the most secure software monetization system on the planet, one needs at the very least, to establish an encrypted communication channel between the protected application and the license container (dongle or software license). This is the fundamental reason we included the runtime option as a basic part of our architecture.

Misconception: The Installation of our Runtime is REQUIRED

CodeMeter Control Center Runtime icon in the Windows System Tray

The presence of the CodeMeter icon in the Windows System Tray is one way to determine the presence of the Runtime.

One of the misconceptions about the CodeMeter System is that it needs a "Runtime" in order to operate. This is not the case. The (highly flexible) CodeMeter System allows the ISV to integrate CodeMeter protection and license management features into the protected application in any number of creative ways. For example, ISVs can (in Windows):

  • Install standard runtime as an MSI module
  • Install standard runtime as a merge module
  • Install "silently"
  • Install as a Windows service
  • Simply copy CodeMeter.exe in the same directory as the installed program
  • Use the new CmCompact option
  • Use our custom CodeMeter Runtime Bridge
  • Incorporate our driver as source. We can supply this as a static library or as actual source code.

Each of these methods has its own set of advantages and disadvantages. For example, if you use the driver source code option, certain CodeMeter license handling features are disabled. With all these options available, why should you go to the trouble of seeing that the standard runtime gets installed in the suggested manner?

Answer: There are many technical and business flow reasons for a runtime. While I can’t list them all, a few appear below. We also feel that any license management company that wants to provide basic security is simply being lazy if they don’t provide a runtime.

Top Ten Reasons for providing a Runtime

Our customers gain several advantages by using the runtime in the manner we suggest. These advantages bring cost savings, higher security and less headaches. The top ten advantages are:

  1. We can quickly adapt to changes in operating systems without requiring that our customers download patches and recompile their software.
  2. The runtime includes the ability to create error log files and other diagnostics.
  3. The integration of networked licenses is simply one click away.
  4. The runtime knows how to handle virtual machine environments.
  5. The runtime knows how to handle terminal servers.
  6. The runtime maintains an encrypted communication channel between the protected application and the license container.
  7. The runtime keeps track of concurrent licenses; those in use and those that are idle.
  8. The runtime can simultaneously handle access from many DLLs in one process.
  9. The runtime can handle many executables from one ISV.
  10. The runtime can handle many different executables from many different ISVs.

As you can see from the above list, the advantages of a runtime environment far outweigh any perceived disadvantages. We will continue to improve the CodeMeter runtime and will continue to suggest that best practices include the installation of the runtime on the end user's system. We also suggest to the end user that he/she update the runtime on a regular basis.

See how easy it is to protect your software with CodeMeter. Watch our three-minute demo!

Watch the 3 minute demo!

 

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: software protection, CodeMeter, secure licensing, software licensing, software activation

Wrapper or API to Improve Secure Licensing

Posted by John Poulson on May 7, 2013 12:57:00 PM

First a bit of history

Wibu-Systems’ API’s “secret sauce” will securely protect your softwareAs many of you reading this know, Wibu-Systems has been in business since 1989, developing secure license management tools that enable software monetization options for ISVs and embedded systems developers. From the early days we provided our customers with the option of implementing our technology through the use of our API or by using an automatic wrapper tool. We told our customers that the automatic wrapper option provided a “quick and dirty” way to get a protected program to market; but that the most secure way to deploy was through the clever use of our sophisticated functions and API calls. We spent considerable effort in improving those functions and creating new ones that improved the overall security of our licensing solution. For over a decade, our “best practices” advice was to use the API and not the wrapper.

After several years we began to notice that illegal copies of our customers’ “protected” programs were appearing on various hacker sites on the Internet. This was distressful to us as a company and we wanted to find out what we were doing wrong. Upon analysis, we discovered that the vast majority of our customers were using the API in a way that resulted in a simple challenge / response dialogue between the protected program and the hardware dongle. All of our sophisticated function calls and suggested implementation methodologies were not being used. The engineers at Wibu-Systems had spent several years creating API functions that were being left on the shelf.

Where to put our secret sauce

Once we realized our “secret sauce” was not being implemented we had to change direction with the advice we gave to our customers. And we had to improve the wrapper tools. For several years now, we have worked hard to enhance and improve the security and performance of our encryption utilities and now emphasize that customers who want a quick and secure implementation should utilize the wrapper. And for those who require the most security we suggest they implement both automatic encryption and API functions.

The result? The powerful tool many of you know today as AxProtector.

AxProtector — The right recipe

Wibu-Systems’s AxProtector is a smorgasbord of secure software protection for everyoneFrom debugger detection to sophisticated code encryption, AxProtector provides anti-tampering and reverse engineering protection. It is no longer a simple wrapper. Why? Because AxProtector encrypts and rearranges your executable, DLLs, data, media, or video files with minimal effort on your part. In most cases, you don't even have to change your source code. On program load, the program starts only if the required CodeMeter license is available.

And AxProtector is a smorgasbord to meet everyone’s requirements. Use it with software activation codes (CmAct) or hardware dongles (CmDongle).Use it with Windows, MacOS, Linux, .NET (also Mixed Mode), even VxWorks, and in the near future… Android.

The end result

As a result of our change in philosophy, we no longer put the bulk of our development effort into just creating API functions. We concentrate instead on improving AxProtector. And, it is true… part of that improvement process includes creating more sauces, improving existing sauces and changing the recipe. It is a constant process to stay one step ahead of the global hacking community. Now… Our “best practices” advice is to use the AxProtector wrapper along with the API.

Watch the 3 minute demo!

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: CodeMeter, software copy protection, AxProtector, secure licensing

CodeMeter Dongle Now Detected as HID

Posted by John Poulson on Apr 23, 2013 6:00:00 AM

I was pondering the benefits associated with our new HID interface option available to CodeMeter users; when I realized that I didn’t know how to put my own personal CmDongle into HID mode. After reviewing the steps found in the CodeMeter User Manual, I was able to successfully make the change.

Before showing the "HOW," let me remind everyone about the "WHY."

One of the major objections end users have against traditional dongles is the hassle involved in keeping the device drivers current.

Wibu-Systems answered this objection with the very first "driver-less" dongle to hit the market. Wibu-Systems developed a patented method that allowed the operating system (Windows, Mac, Linux, etc.) to see the dongle as a "Mass Storage Device (MSD)." All modern operating systems have kernel level drivers that know what to do with MSD hardware.

This feature has served the market very well for several years. However, never a company to rest on past laurels, Wibu-Systems recently announced that CodeMeter USB sticks can now be set to appear as Human Interface Devices (HID) as well as MSD. This means the CmStick no longer appears as a detachable memory device but integrates as a USB input device; just like a keyboard or mouse does. Every CmStick with a Serial Number in the 2-xxx format can be switched at will between either interface. One requirement is that the CmStick is updated to firmware 2.02 or higher. The second requirement is that CodeMeter RunTime 5.0 is installed on the target system.

By design, CmStick/M and CmCards do not support the HID interface and are restricted to the MSD interface: For the CmStick/M, MSD is used to address the flash memory. Card interfaces in general do not support the HID interface.

The biggest advantage of the HID interface vs. the MSD interface is that CmSticks no longer appear as memory sticks or thumb drives. In some network environments detachable memory devices are forbidden. It always took a special white paper and lots of red tape to explain that a CmStick is not really a memory device to administrators with such restrictions. Now that a CmStick can appear as a simple HID device, this concern has been eliminated.

If you would like a downloadable copy of the MSD to HID instructions for either you or your end users, please download the instructions PDF here.

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: CodeMeter, CmSticks

Wind River's New VxWorks EDK Improves Embedded Systems Security

Posted by John Poulson on Feb 15, 2013 12:35:00 PM

Threats to Embedded Systems Security is on the rise Worldwide

In a report published in 2012, the German Engineering Federation (VDMA) indicated that for larger companies (those with more than 1,000 employees) 9 out of 10 respondents were affected by piracy of intellectual property (IP) in one form or another. In addition to proprietary software, industrial computing systems can contain data in logs, service records, and documentation that has value to competitors and organized crime. Such intellectual capital is subject to theft and gray-market competition as well as outright counterfeit copies of proprietary machinery.

Top 5 Security Threats in ICS (Industrial Control Systems):

  • Unauthorized reading and writing messages in ICS
  • Unauthorized access to resources
  • Introduction of malware using USB devices or other hardware
  • Distributed Denial of Service Attacks (DDOS)
  • Attacks to commercial off-the-shelf systems, in ICS, like OS or networks

Wind River Reacts to Threats

For maximum embedded systems security Wind River's new VxWorks Embedded Development Kit uses CodeMeterRecognizing that the security threat to embedded systems is growing year by year with no end in sight, Wind River in partnership with Wibu-Systems, a world leader in IP protection and secure software licensing is delivering an EDK for VxWorks with a focus not only on securing the code, but also on securing the certificate chain for signed code.

Learn How to Protect Your Embedded Code When Using NITX-315 Boards

Join Emerson Network Power, along with Wind River and Wibu-Systems as they launch the Embedded Development Kit (EDK); the "first ever" out of the box solution for IP protection, tamper protection and license management for Emerson Network Power NITX-315 boards.

Sign up for this free webinar today

What You Will Learn:

  • Protecting embedded software intellectual property and embedded software license management results in the prevention of "jail-break" software and reverse-engineering and IP theft.
  • Secure boot & integrity protection
  • Protecting the signature chain for signature verification
  • IP protection & copy protection
  • New business models through flexible licensing

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: CodeMeter, embedded security

5 Reasons to Choose Software Copy Protection Dongles

Posted by John Poulson on Jan 29, 2013 9:55:00 AM

Dongles – The Historical “Bad Rap”

The WibuBox parallel port copy protection dongleWhen describing software protection dongles in a 2007 article appearing in PC Magazine, John C. Dvorak, a well-respected (but self-described curmudgeon) and award winning columnist said, “The dongle was a mostly failed copy-protection device that came into existence in the 1980s. It was also a point of controversy…”

The controversy mentioned by Mr. Dvorak boiled down to (1) The rights of software publishers to get paid for their efforts and (2) the rights of users to use the software they legally purchased without the inconvenience associated with plugging in a hardware dongle.

Activation Codes – The Compromise

In an effort to address the concerns of their users, software publishers rolled out a scheme of utilizing activation codes which bind a license to a PC. When companies like Microsoft and Adobe began requiring users to activate licenses, the practice became almost universal for software costing as little as $50.  In essence activation codes turn the whole PC into a “dongle”.

Dongles in the Twenty-first Century

It has been over five years since Mr. Dvorak’s comment. But more tellingly, it has been over twenty-five years since the first parallel port dongle appeared on a PC protecting the first CAD/CAM programs written for DOS.

Worldwide dongle sales have increased year over year since the late 1980s and any computer technology that has been around that long must have merit. And such software copy protection technology should be seriously investigated by any software publisher tasked with protecting Intellectual Property, controlling software usage via licensing, and preventing profit erosion due to wide-spread illegal use of software titles. If you are tired of seeing “free” versions of your products posted on bit-torrent sites; read on.

Why End-Users Prefer Dongles

The CodeMeter/C. All the benefits of CodeMeter and in a tiny package.Considering all the technologies that have come and gone in the last twenty-five years, it’s remarkable that dongles are not only still with us but are still undergoing improvement in both function and design. There are some things that an end user can do with a dongle that cannot be done with an activation code. In a recent survey of users who had software installed protected with a dongle, the following were the top five reasons they preferred this method of license enforcement over activation codes.

  • License Portability – The license is on the dongle and is easily moved from one system to another.
  • License Recovery – The end user can self-restore a license to an existing or replacement dongle.
  • License Borrowing – Licenses can be lent out (to travelling engineers and salespeople, for example)
  • License Redundancy – Important in “Mission Critical” applications (Ex:  Hot and Cold Stand-by licenses)
  • License Security – Conscientious companies do not want employees or others using software illegally.

Software Activation via activation codes can offer end-users the ability to recover licenses. This usually involves communicating with the software developer and convincing them that you need to move your legally purchased software to your new PC. This can be time consuming and problematic, especially if the activation code is protecting a 25 user license on a server where the hard drive just failed.

Dongles v Activations – Why not have both?

The CodeMeter License Platform from Wibu-Systems offers an ISV the option to seamlessly protect a product with a dongle and/or activation code. Either method has its pro and cons. We leave it up to you, your sales team and your customers to choose which method is best.

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: dongles, CodeMeter, software copy protection, Copy Protection, software activation

Breaking Enigma – 80th Anniversary

Posted by John Poulson on Dec 13, 2012 6:02:00 AM

For software developers concerned with preventing software piracy or enforcing licensing policies, there is a great lesson to be learned from events that took place eighty years ago this month.

The Enigma cipher machine was invented by a German engineer (Arthur Scherbius) just as World War I was coming to an end. The machines were used for commercial purposes throughout the 1920s but as Germany began to re-build its military forces in the 1930s a secure form of communication was needed. The German government looked to the Enigma cipher machine as the answer.

German Military Intelligence relied on the mathematics of the Enigma machine for securing their sensitive military and diplomatic communications. Consider the design of the machine and the possibilities and combinations of this clever electro-mechanical device and you will come to understand why they were confident in its use.

An Enigma cipher machine consisted of five variable components:

Enigma Diagram

Enigma wiring diagram with arrows and the numbers 1 to 9 showing how current flows from key depression to a lamp being lit. The A key is encoded to the D lamp. D yields A, but A never yields A; this property was due to a patented feature unique to the Enigmas, and could be exploited by cryptanalysts in some situations.

Picture courtesy of Wikipedia

  1. A telephone operator style plug board containing up to thirteen dual-wired cables.
  2. Three ordered (left to right) rotors which wired twenty-six input contact points to twenty-six output contact points positioned on the opposing faces of each rotor.
  3. The rotors also contained twenty-six serrations around the circumference of each rotor allowing the operator to specify an initial position for each rotor pair.
  4. A moveable ring on each rotor which controlled the rotational behavior of the rotor to the immediate left by means of a notch.
  5. A fourth half rotor that “reflected” the input and outputs to the same face of contact points.

Dr. A Ray Miller, PhD wrote a paper about Enigma (date unknown), which was published by the Center for Cryptologic History (part of NSA), located at Fort Meade, Maryland.  In the paper he disclosed for the first time the mathematics behind the typical Enigma machine used by the German Army (the German Navy had added a fourth rotor to their machines enhancing the encryption). Considering all of the possible rotor positions, the possible plug board options and the position of the notched rings, Dr. Miller calculated that the total possibilities Allied cryptanalysts were typically faced with during most of the Second World War when attempting to “read” Enigma traffic was:

                107,458,687,327,250,619,360,000 (approximately 1023) or… stated another way it is about one hundred thousand billion billion.

With such daunting odds on their side, it is not surprising that German cryptographers felt secure in using Enigma. They had on their side the strength of large numbers, numbers so vast they are really beyond comprehension. And in that misplaced confidence, the Germans of that era were absolutely, completely and fatally wrong as three Polish cryptanalysts proved eighty years ago this month.

Historians may continue to argue over the military value of the decrypted communications. What cannot be argued is the incredible engineering feat performed by Marian Rejewski , Jerzy Rozycki and Henryk Zygalski of the Polish Cipher Bureau when they first broke Germany's military Enigma ciphers in December, 1932. Then just five weeks before the outbreak of World War II, they presented their Enigma-decryption techniques and equipment to British military intelligence. Throughout WWII, Allied Intelligence used information decrypted from German military communications very sparingly. They wanted to prevent the Germans from learning that their codes had been compromised. The fact that Enigma had been broken was not generally disclosed until the 1970s.

The breaking of the Enigma Cipher machine is an object lesson for software developers today. And is one that has not been lost on the development team at Wibu-Systems. While the CodeMeter encryption system used by Wibu-Systems incorporates the AES algorithm and Elliptical Curve Cryptography coupled with RSA for asynchronous key exchange and should be mathematically impossible to crack using brute force; the software engineers and developers at Wibu-Systems constantly make improvements to the basic CodeMeter architecture and security algorithms. Because it is a fact of life that whatever can be engineered… can be reverse engineered.

CodeMeter SmartBind is Wibu-Systems' newest technology to determine whether a software activation is valid or not by using internal heuristics. With SmartBind, you don’t have to worry about the details of which hardware aspects of your customer’s computer might change. The algorithm takes care of it for you.

Download the FREE whitepaper

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: software protection, CodeMeter, cracking

Software Licensing is now easier than ever

Posted by John Poulson on Nov 6, 2012 1:00:00 PM

Imagine Easy Software Licensing Customization

 

Those of you who are using or are familiar with CodeMeter License Central (the Flexible Software Licensing Management Solution from Wibu-Systems) know that the GUI was designed as a programmer’s tool. Many of our customers (who understand the importance of brand management) wanted the ability to make this tool one that could easily be managed by non-technical employees.

The challenge has been how to maintain a high level of security (centralized control) and still provide our customers the ability to make CodeMeter License Central an extension of their own site (decentralized control). We are pleased to announce that we have solved this challenge.

By separating out the “depot” function we increase value to  our customers in two ways:

  1. We place the customized “depot” in its own sandbox, in front of the firewall, thereby increasing the overall security of CmLC
  2. Allow for customization through the use of CSS (Cascading Style Sheets) files of your own design.

The possibilities for further developing the Web-Depot are numerous. Functions such as login, license return and license overview can be easily added to the Web Depot.

Stay tuned to this space for more information about how you can customize your installation of Licesen Central

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: CodeMeter License Central, software licensing