Frequently Asked Questions
Share:
General
- With an AxProtector version 11.10 or newer from CodeMeterSoftware Development Kit (SDK) version 7.50 or newer a warning is displayed, i the license for using AxProtector is about to expire. You should use therefore the latest licensed AxProtector version.
You can renew or collect the required licenses yourself via our License Portal. Please open the link https://license.wibu.com/portal/ and proceed as follows:
1. Login to License Portal, if you already have registered.
Alternatively, enter the necessary Ticket Id in the Ticket field.
The Ticket Id can be found in the COLI field (Customer Owned License Information)
displayed in the license in your Firm Security Box (FSB).
You can read this field e.g. via CodeMeter WebAdmin.
2. Click the "Renew licenses" button to renew or collect the licenses.
The retrieval of the licenses works either directly, by plugging in the respective CmContainer, or
using a current Context File (WibuCmRaC) of the respective CmContainer.
If no "Renew licenses" button is displayed, although the license has not been renewed, or should other questions/difficulties arise, please contact our sales department at sales@wibu.com.
You can ignore this message if you have recently received new AxProtector licenses - This error message results from a security feature activated on default, i.e. the code integrity check. In AxProtector you are able to activate or deactivate this feature. In the AxProtector GUI you find this option on the navigation page "Security options | Advanced". For the commandline use the parameter -cav.
Please note that the -cav option cannot or should not currently be used when using the Gnu Compiler Collection (GCC) under Windows. At runtime, GCC compiles in such a way that it is not possible to pre-calculate the checksums for later validation.
The code integrity check covers your protected application and DLLs to ensure at runtime, that the files are your original files and no manipulated files are used. In addition, for every second runtime check also the memory integrity of the process space of your application is checked. If then, for example, at runtime, a third party program modifies something in the memory of the process room, for security reasons the check triggers the exit of your application, for example, to prevent a reverse engineering of other manipulations of your application at runtime. Please find a description and more information in the separate CodeMeter Developer Guide documentaion in sections "Automatic Software Protection using AxProtector | AxProtector Tab | Windows Application or DLL | Security Options | Advanced Security Options" and "Automatic Software Protection using AxProtector | Commandline Options for AxProtector | Options for Encrypting and Decrypting".
If the code integrity check falsely strikes, this may also may be triggered by an anti-virus programs. These may also check modifications in memories of running applications. Then it is recommended to exclude your protected application from the anti-virus check and to specify the application as exception. - Wibu-Systems recommends to perform the encryption with AxProtector.
More precise: use the AxProtector GUI user interface to define the encryption parameters that will be used to call the actual AxProtectors.
Our AxProtectors are all pure command line programs.
For example, to automate the encryption process, you can export the encryption parameters to a file <ExportedFile> via the menu "File | Export" of the AxProtector GUi.
Then you can use the AxProtector @<ExportedFile>.wbc parameters to perform the encryption via command line, batch call, post build event in Visual Studio, etc.
The procedure for encrypting .NET assemblies or Java 'Jar' files is identical to AxProtectorNet.exe @<ExportedFile>.xml or java -jar AxProtector.jar @<ExportedFile>.xml.
You should make further changes to the encryption parameters in your AxProtector project via the AxProtector GUI and preferably test them with it.
Then you can simply export the encryption parameters again.
If you use the same options for different files, you can also customize the XML and delete the last two parameters regarding the source/destination file and add them to the command line:
AxProtector.exe -o: "protected\App.exe" "toprotect/App.exe @<ExportedFile>.xml - If you want to create your own UserMessage.dll, you find the required information in the attached PDF document.
A simple example of a self-generated UserMessage.dll can be found for C++ as "UserMessage | UserMessageSimpleGUI" and for C# as "UserMessage | UserMessageSimple" since CodeMeter version 6.80 in our examples in the CodeMeter Software Development Kit (SDK).
If you want to use the UserMessage without *.ini files, we recommend that you use this example as a template.
The source code of the standard UserMessage.dll, which uses *.ini files, can also be found in our examples, for C++ as "UserMessage | UserMessage" and for C# as "UserMessage | UserMessage". - To customize the license error handling, please proceed as follows depending on your AxProtector-Projecttype:
AxProtector Windows & AxProtector .NET
1. Go to the "Error messages" tab in the AxProtectorGUI.
2a. In AxProtector Windows select the option "User Message DLL" and keep the default file name (-u: "UserMsg").
2b. In AxProtector .NET select the option "Inline messages" (-ui).
3. After encryption, the target directory of the encrypted application will also contain
UserMessage *.ini files for different languages.
4. Adjust and change the UserMessage.ini file:
Gui=off
Logging=on
LogPath="C:\Temp\Logs"
5. Optionally, you can also adjust the retry behavior:
RetryTimeOut=1
NumberOfRetries=10
AxProtector Java
1. Select in AxProtectorGUI in the tab "Error messages" the option "User Message Class".
2. Enter class name 'com.wibu.xpm.MessageHandler' (-u: "com.wibu.xpm.MessageHandler").
Note:
The filenames of the *.ini files must be named the same as the dll. If your dll is called UserMsg.dll, the ini files used must also be named UserMsg*.ini. - To prevent the pop-up of the MessageBoxes in case of errors in AxProtector (e.g. no FSB found), please proceed as follows:
- Copy the two files UserMsgUs.dll and UserMessage.ini from the directory C:\Program Files (x86)\WIBU-SYSTEMS\AxProtector\Devkit\bin\UserMessage to the directory from which you are using AxProtector (default "C:\Program Files (x86)\WIBU-SYSTEMS\AxProtector\Devkit\bin)
- Open the UserMessage.ini configuration file
- Edit the following entries in the [Service] section
--
[Service]
Gui=off
;[on/off]
Logging=on
;[on/off]
; Destination for log files - current user requires write privileges to that directory
; Gui=off should be set to disable message boxes and redirect error messages to log files
LogPath="C:\Users\Default\AppData\Local\Temp"
---
This activates the GUI interface and logging. No more graphical error messages are displayed. - AxProtector has the option --isprotected <file>, which provides information about the AxProtector encryption of any file.
With this you can control, for example, whether an application is already protected, or if necessary, with which version of AxProtector it was protected.
Depending on the AxProtector variant, you will then get the following outputs for a protected file :
Native:
AxProtector: warning 6004 - Image is already protected with Ax-/Ex- or IxProtector version 10.70.4402.
.NET Framework:
Image is already protected with AxProtector .NET.
.NET Standard:
Error 201: Using AxProtectorNet for Netstandard requires "-ui" or "-um" parameter to be set.
Java:
Info: Application is already protected with Ax- or IxProtector version 10.200a Build 3164 of 2018-Sep-26. - Encrypting may produce arbitrary patterns, and, as a result, an anti-virus program may detect these as a potential virus.
Short-term actions
You may check the settings of the anti-virus program. Eventually, very strict settings or additionally advanced options are the reason for the virus detection.
Moreover, you may declare the application an exception in the respective anti-virus program.
Medium-term actions
You may send your application to the respective anti-virus software vendor to allow the next update of the anti-virus program to skip the detection. However, the next application or a new version may be affected again.
Lasting actions
Virus scanner evaluate applications according to specific behavior patterns or anomalities. Usually, a scoring system applies.
The details which behaviour patterns are detected, how these are weighted and what the threshold is when an application is regarded a virus is the secret of the anti-virus software vendor. Sure enough the protection mechanism used in encrypting add some points to the score, as confering with anti-virus software vendors shows. Viruses use exactly these mechanisms to mask themselves. This explains why thresholds are quickly reached and why protected applications, in particular, are often declared as false positives.
There are also possibilities to collect plus points in this scoring system, e.g. if the manufacturer signs an application with Authenticode, this has a positive effect. The risk of virus classification is thus significantly minimized, but there is no 100% guarantee of correct classification. - To test IP Protection (exclusive protection without licensing), you need an additional license in your Firm Security Box (FSB): 100021:1600. This license is available as a demo version on request from the sales team (sales@wibu.com).
Further information about IP Protection can be found in the CodeMeter developers guide: "Automatic Software Protection using AxProtector (Tool of CodeMeter Protection Suite)| Advanced AxProtector Options |IP Protection - protecting know how ".
The options described under "Usage" are entered in the *.wbc file that is exported from the AxProtector GUI.
The appendix explains how the *.wbc file might look if the entire application is encrypted using IP Protection. - If the UserMessage dialog displays without an image, the following reasons may apply:
- The image file specified in the UserMessageXX.ini does not exist.
- The image used has the wrong dimensions. The image must be 160*385 pixels in size.
- The used image has a bit depth unequal to 24 bit. - To use WupiData, a HiddenData field without dependencies must be programmed into the CmContainer.
By default, a Product Item Option has dependencies whose values must be known so that the programming sequence for updating the Product Item Option can be calculated. The default dependencies are dsu (data, serial, update counter).
Therefore, a programming sequence can normally only be used to change exactly this Product Item Option in its current state in the target container. If the Firm Item in the target container is changed and the update counter increments, this programming sequence will no longer work.
By removing these dependencies AxProtector is able to pre-calculate a general valid programming sequence for the Hidden Data field target. This can then be imported at runtime to any CmContainer with any data. This makes it possible to write data at runtime.
The command line tool CmBoxPgm has a special option (-pwupidata) to program HiddenData for the use of WupiData which can be used:
Syntax:
/pwupidata:[e<ext. type>][,b<block size>][,a<acc. code>]:<file>
Allocates WUPI Data storage, filled with the contents of file <file>.
/pwupidata:s<size>[,e<ext. type>][,b<block size>][,a<acc. code>][,f<fill byte>]
Allocates <size> bytes of WUPI Data storage, initialized with the value <fill byte>.
Alternatively, you can also program with the Programming API (HIP). In this case, HiddenData must be explicitly programmed without dependencies. Programming without dependencies is currently not possible with CodeMeter License Central or CodeMeter License Editor.
When encrypting your application, you must then create a license list with the same Product Code and configure WupiData there. It is important that the same HiddenDataAccessCode (HDAC) is used for programming and encryption. If you omit this code when programming and encrypting, it is automatically stored in the background and should also be identical but unknown. If you set an HDAC explicitly, you can use it later to read HiddenData also via the CodeMeter Core API. If you only plan to use the WUPI API, this is not mandatory.
In the code you can then use the WUPI API functions WupiReadData and WupiWriteData to read or write data.
Note: The WUPI API only works after the code has been encrypted. Before that, the WupiEngine uses only a dummy implementation, so there are no errors.
Enclosed you will find a small example project for the use of WupiData.