Categorieën: Protection

CodeMeter Security

The blinds weren’t drawn and there was no bright light glaring right in my face. But it all still felt a bit like an interrogation. Here I was, sitting on one side of the table with two executives from a potential client facing me from the other side. After two hours of this, I heard those words I had hoped for: “Mr Kuegler, I know that nothing is 100% secure, but CodeMeter seems to be the best option on the market.”

Let’s go back two hours.

Mr X: So, tell us, Mr Kuegler: How exactly does AxProtector encrypt our software?

That was easy for me to answer: With CodeMeter Protection Suite, we have reached the optimum balance of performance and security. When you want to encrypt software, one or more pseudo-random software keys are created. These keys are used to encrypt your application or parts of it with AES 256-bit. The keys are then encrypted themselves and stored in the software with multiple CodeMeter keys that are contained in the CodeMeter license.

When the application is run or an encrypted part of it accessed, one of these several CodeMeter keys is picked to decrypt the software key and, in turn, the software. If the right license is missing, there is no way to get the necessary software key, and the software cannot be decrypted or executed.

Mr X: But is a CmActLicense not more secure than a dongle? With a CmDongle, you are using a familiar USB interface, but a CmActLicense could use asymmetric procedures.

My answer: To encrypt large amounts of data like an application, you always need symmetric encryption, like AES 256-bit. And if you want one installer package to work for every client, the key has to be identical for all licenses. Whether you use a CmDongle or a CmActLicense, or indeed a CmCloudContainer, the symmetric keys are transferred into in the container in an asymmetric process. They are then stored there: in the case of a CmDongle, in a smart card chip; in a CmActLicense, in the license file that is bound to certain properties of the device; or in the cloud in the case of CmCloudContainers. If you are using a CmDongle or a CmCloudContainer, the CodeMeter key never gets into the memory of the user’s device. This is not the case with CmActLicenses, which have to have the key in the memory, but only for a brief moment and protected with additional anti-reverse engineering features. But you should remember: You cannot steal what was never there.

Mr X: But people could try wiretapping: Listen in on the USB interface and simulate a CmDongle.

My answer: Again, CodeMeter has several mechanisms in place: First, communication between CodeMeter Runtime and the CmDongle is always encrypted. And the license always contains an asymmetric key alongside the symmetric keys. The protected one creates a random challenge that the CmDongle has to respond to with the private key. The software then checks the challenge with the public key. You cannot fake that check without the private key. But that’s not all there is: As I said, we are using several CodeMeter keys to encrypt a software key. That creates a large number of possibilities, of which one is actually chosen when the software is launched. The selection process is designed to ensure that not all possible keys are used, even when the software is launched a thousand times over. In practice, this means that a simulator created by recording all sequences would never be complete and would be severely limited in its capabilities.

Mr X: But what about software updates? Are we using the same key then? Or would it be safer to create a new license with every update, even minor ones?

My answer: No it would not. You can protect each update with the same license. That is the point: CodeMeter does not only give you secure protection, it also simplifies the licensing process. Behind every license, there is a root key, the Product Item Secret Key (PISK), from which the required CodeMeter keys are created during encryption (on the CmDongle). The keys are derived from a checksum of the application that you want to protect.

Same application / Same license -> Same key -> Same protected application.

Different application (e.g. after a mini update) / Same license -> Different key -> Different protected application.

Mr X: My colleagues managed to read our own keys on one of our chips via a side channel attack. Wouldn’t that work with a CmDongle as well?

My answer: Again, we are using several countermeasures: We are using a secure smart card chip that is equipped with means against side channel attacks by the manufacturer. And we have some of our own tricks in the firmware. Finally, the PISK cannot be used directly, so that you could not attack the root key directly.

Mr X: And how secure is the IP Protection mode if it allows me to use the software without a CodeMeter license?

My answer: To be frank, this type of protection cannot rival the level of protection offered by a CodeMeter license. With a CodeMeter license, you have the software linked to a key that is kept in secure key storage. With the IP Protection mode, the software key is encrypted, but it is kept in the protected application. Hiding the key is one of our, pardon the pun, key competences, but separating the software and the license naturally increases the level of protection.

Mr X: Did I understand it correctly that the automatic protection of a native C/C++ application is better than a .NET application? With .NET, you have intermediate code that is more easily read out than machine code.

My answer: Paradoxically, the opposite is true. With AxProtector .NET, you have a far higher level of protection than with AxProtector Windows because the intermediate code is easier to read. AxProtector Windows encrypts and decrypts the entire application in one go, whereas AxProtector .NET breaks the application down into individual functions that it encrypts piece by piece. During runtime, only the pieces that are actively being used are decrypted, turned into machine code, and then immediately removed from working memory again. That raises the bar of protection massively.

Mr X: Could an attacker not simply read out and decrypt every function of a .NET application?

My answer: In theory, that is possible. You call this static analysis, because the code is not being executed, as it would be with dynamic analysis. AxProtector .NET has traps built in to prevent this. These traps look like regular code, but they would lock the license when an attacker decrypts them. The license would be useless. You could not continue to decrypt the rest of the application, even by static analysis, once the trap has been sprung.

With a native application, e.g. in C/C++, Delphi, Fortran etc., you can also choose dynamic decryption during runtime and include traps, but this would force you to define those functions and traps in the application. In essence, it means a bit more work on your side.

Mr X: What would you recommend if I wanted the highest possible level of protection with CodeMeter and AxProtector?

My answer: For C/C++ applications, we have introduced a new type of obfuscation in AxProtector. We call it CTP (Compile Time Protection). It works by changing the application when it is compiled so that its structure would be unrecognizable. The technology goes far beyond the IP Protection mode and it can be used with or without CodeMeter license. However, you need a Clang compiler for the purpose.

If you are using a CmDongle or a CmCloudContainer, I would then suggest that you move particularly sensitive code into the CmContainer. The code is written by you, encrypted, and moved into the CmContainer to be decrypted and executed. We call this mechanism CodeMoving, and it is our top weapon against reverse engineering, because no would-be attacker would ever get to see the code which never touches the computer’s memory in unencrypted form.

The two people facing me thanked me for the complete and technically detailed explanations of CodeMeter’s security capabilities, including my honest words about the potential limitations of our technology. It is Wibu-Systems’ openness about these details that speaks in favor of CodeMeter. Even 140 years ago, Auguste Kerckhoff knew that real security cannot come from keeping the mechanisms and principles secret: It is the key that has to stay secret. And, as my new customers agreed, a CmDongle is the perfect place to keep a key safe and secure.

 

KEYnote 45 – Edition Spring/Summer 2023

Naar top