AxProtector .NET


Automatic Protection for .NET Software

AxProtector .NET is the ideal solution to save time and effort when it comes to integrating protection in your .NET software. With AxProtector .NET, you can protect your software against piracy and reverse engineering in a fully automated fashion. The choice is yours:

  • You can encrypt the entire .NET application and automatically add a license check (basic configuration).
  • You choose modular encryption for your .NET application, allowing the separate activation of individual features on the user’s site (custom licensing). The Wibu Universal Protection Interface (WUPI) checks the required individual licenses and controls how the application is executed.
  • You use AxProtector .NET solely for protection against reverse engineering without the user needing any license (IP Protection Mode)

Your application is encrypted on the level of its classes and methods and placed in a secure shell, the AxEngine, with cutting-edge anti-debugging and anti-disassembly technologies added automatically.

Methods are loaded into memory in encrypted form and they stay encrypted until they are actively needed. At that point, they are automatically decrypted on the fly and in the background. After they have gone through the JIT compiler, they are removed again from memory, meaning that your IL code will only spend the briefest possible time in clear form out in the open. The effect on your application is minimal and the level of protection remains exceptionally high.

Using AxProtector .NET in this way represents an excellent way of achieving a very high level of protection with minimal effort when compared to using the CodeMeter Core API. However, it is always possible to use CodeMeter Core API additionally.

Basic Configuration

The use of AxProtector .NET does not require any changes to your source code. You just integrate AxProtector .NET as a post-build process. Encryption operations are carried out by AxProtector .NET after compilation of your software and before creation of the setup. AxProtector .NET is available both via graphical user interface and command line tool. As a command line tool, AxProtector .NET can run in continuous integration in an automated build system.

AxProtector .NET automatically selects and encrypts the methods with a license defined by you, excluding smaller methods and methods that cannot be encrypted for technical reasons. Decryption on the fly during runtime has only minimal impact on your application’s performance. To finetune the balance between protection and performance, you also have the option to define which methods should be excluded or included in the encryption.

When the protected application is launched, the system automatically checks whether the required license is available. If it is, the individual methods are decrypted dynamically during runtime, and the application can run. If it is missing, the system either displays an error message, stops the application, or reports an exception. You can customize the error message or define an unencrypted method to respond to the exception.

Custom Licensing

For modular protection, you define associations between licenses (Product Codes) and individual methods or complete classes. You can also query different licenses within the source code of your software with WUPI and set your software to react accordingly in case of missing licenses. You can, for example, hide menus or display custom error messages. The encryption with another license (Product Code) offers you the highest security level; by means of a query via WUPI, you can set controlled behaviors of your software. This makes the combination of encryption and API query the optimum solution.

IP Protection Mode

The IP Protection Mode was specifically created for freeware and freemium models or hybrid models with licensing. By contrast to the basic configuration, the IP Protection Mode does not tie the encryption to a CodeMeter License. Instead, it integrates the decryption key securely in the application itself, so that the application can be started by anybody.

For freemium models, the IP Protection Mode can be combined perfectly with custom licensing: Parts of the application are encrypted in IP Protection Mode only and are therefore ready for use at any time. Other parts are bound to a license and can only be accessed after the user has purchased the necessary license. A WUPI query can check whether the user has the right to access a given feature or function.

Supported Operating Systems

AxProtector.NET is available in two variants: AxProtector .NET and AxProtector .NET Standard.

AxProtector .NET protects applications (executables) and libraries created with .NET Framework 2.0 or newer. For access to the most recent security and performance improvements,.NET Framework 4.7.2 or newer is recommended.

When using a .NET framework prior to 4.7.2, the methods are removed from memory after a configurable time. Thanks to an intelligent two-stage caching, the influence of protection on performance is only slight in this case as well and the implemented mechanism offers a very high protection level here, too.

The IP Protection Mode requires .NET Framework 4.0 or newer.

AxProtector .NET Standard protects .NET Standard 2.0 applications, such as.NET Core 2.0 or Mono 5.4 applications.

Security Mechanisms in AxProtector .NET

AxEngine is activated whenever an encrypted method is first accessed. It checks whether the required license is available. If so, the license is automatically activated and used to decrypt the method in question. As part of an integrity check, AxEngine also tests whether the software has been tampered with. It uses cutting-edge anti-debugging and anti-reverse-engineering methods to recognize any threats to the software and stops it if any such risks are identified. Optionally, you can set the license to be locked in such cases.

AxProtector includes background monitoring to regularly check the license, the software’s integrity, and the presence of any threats.

AxProtector .NET also comes with optional hidden commands for CodeMeter that can be added as additional honey-trap methods in your software. Anybody trying to crack your software by attempting to decrypt all protected functions will automatically stumble into these traps and trigger the command that locks the license and stops it from being used for decrypting any more functions. This makes AxProtector .NET an excellent means against the systematic analysis of your software.

Compared to run-of-the-mill obfuscators, AxProtector .NET offers substantially better protections. Conventional obfuscation only changes names and scrambles the software as spaghetti code, whereas AxProtector .NET encrypts the executable code with tough 256-bit AES encryption. This makes it impossible to decompile the assemblies on the hard disk even with the best available tools. The protected code is decrypted either on a secure dongle or in a Windows system service, placing it further out of the reach of would-be hackers than simple obfuscation on the .NET level. A hacker lacking the right license – and the right key – cannot extract the code from the computer’s memory. With additional honey-traps, the blunt, systematic decryption and retrieval of all methods also becomes impossible in practice. When a trap is triggered, the license is locked and the key lost for any other attempts at decryption. On top of its exceptional protection record, AxProtector .NET has another essential advantage over obfuscators: Functions do not need to be renamed, which means that features like reflecting, remoting, or WCF are still available without any compromise to your software’s security.

Interested in a personalized offer for our CodeMeter technology? Just answer a few questions and our team will get back to you with all the information you need.


To top