First a bit of history
As many of you reading this know, Wibu-Systems has been in business since 1989, developing secure license management tools that enable software monetization options for ISVs and embedded systems developers. From the early days we provided our customers with the option of implementing our technology through the use of our API or by using an automatic wrapper tool. We told our customers that the automatic wrapper option provided a “quick and dirty” way to get a protected program to market; but that the most secure way to deploy was through the clever use of our sophisticated functions and API calls. We spent considerable effort in improving those functions and creating new ones that improved the overall security of our licensing solution. For over a decade, our “best practices” advice was to use the API and not the wrapper.
After several years we began to notice that illegal copies of our customers’ “protected” programs were appearing on various hacker sites on the Internet. This was distressful to us as a company and we wanted to find out what we were doing wrong. Upon analysis, we discovered that the vast majority of our customers were using the API in a way that resulted in a simple challenge / response dialogue between the protected program and the hardware dongle. All of our sophisticated function calls and suggested implementation methodologies were not being used. The engineers at Wibu-Systems had spent several years creating API functions that were being left on the shelf.
Where to put our secret sauce
Once we realized our “secret sauce” was not being implemented we had to change direction with the advice we gave to our customers. And we had to improve the wrapper tools. For several years now, we have worked hard to enhance and improve the security and performance of our encryption utilities and now emphasize that customers who want a quick and secure implementation should utilize the wrapper. And for those who require the most security we suggest they implement both automatic encryption and API functions.
The result? The powerful tool many of you know today as AxProtector.
AxProtector — The right recipe
From debugger detection to sophisticated code encryption, AxProtector provides anti-tampering and reverse engineering protection. It is no longer a simple wrapper. Why? Because AxProtector encrypts and rearranges your executable, DLLs, data, media, or video files with minimal effort on your part. In most cases, you don't even have to change your source code. On program load, the program starts only if the required CodeMeter license is available.
And AxProtector is a smorgasbord to meet everyone’s requirements. Use it with software activation codes (CmAct) or hardware dongles (CmDongle).Use it with Windows, MacOS, Linux, .NET (also Mixed Mode), even VxWorks, and in the near future… Android.
The end result
As a result of our change in philosophy, we no longer put the bulk of our development effort into just creating API functions. We concentrate instead on improving AxProtector. And, it is true… part of that improvement process includes creating more sauces, improving existing sauces and changing the recipe. It is a constant process to stay one step ahead of the global hacking community. Now… Our “best practices” advice is to use the AxProtector wrapper along with the API.
John Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.