a guided protection system for java applications

1

A Guided Protection System for Java Applications

Wolfgang Völker| Product [email protected]

Günther Fischer| Professional [email protected]

2

Agenda

Java dissection Brief overview of protection technologies for Java applications

AxProtector Java fundamentals

Additional options for AxProtetcor Java

Protection at class and method level

Short introduction to licensing of Java applications

3

Java Dissection

4

Java and the JVM/JRE

Java: programming language developed by Sun in 1995.

The JVM defines an abstract machine.

The instruction set of the VM is the Java byte code.

Compiled Java programs consist of class files that contain byte code. JAR files are ZIP files including a manifest.

The byte code is interpreted and executed by the Java Virtual Machine (JVM).

The byte code is easy to reverse engineer.

The OpenJDK is an open source implementation of a JVM.

5

JAVA – Write Once, Run Anywhere (WORA)

Java Program (.java)

Interpreter (JVM)

Java CompilerJAVAC

Java Byte Code (.class /.jar)

Windows

Interpreter (JVM)

Linux

Interpreter (JVM)

MacOS

…

6

The Java architecture

ClassloaderJava Program *.class Files

Byte code Verifier

Interpreter (JVM)

Host Operating System(Windows, Linux, MacOS,..)

Java API *.class Files

Java and security

Java classes are Easy to extract

Easy to replace (including system classes!)

Easy to modify

The Java byte code is no "secret “ Conclusion

Everything that is written in Java is inherently insecure!

Seite 7

Java byte code and native code

8

Java Runtime(Java)

Java Virtual Machine

(Native Code)

JNI(Native Code)

C/C++ code can be invoked through the JNI (Java Native Interface)

9

Protection goals

Protection against piracy (licensing) Protection of intellectual property (reverse engineering)

Protection against analysis by competitors

Protection against unauthorized use of code

Integrity protection of data and code Protection of data as integral part of the product (competitive advantage,

trade secret)

10

Arms of the attacker (Java Decompiler .jar/.class -> .java)

11

Protection Technologies for Java Applications

12

Options considered

Obfuscation Basic Obfuscation

Heavy Duty Protection (Klassmaster)

Java2Exe (JET Engine) Compiling Java byte code into native code

Encrypting native code

Encrypting Java byte code AxProtector

Additional methods CodeMeter Core API

13

Java obfuscation tools (KlassMasterAltaori/ProGuard….)

14

Basic Obfuscation

15

Basic obfuscation (name obfuscation)

Quelle: Zelix Webseite

16

Reverse engineering basic obfuscation


Decompile

17

Heavy Duty Protection

18

Zelix KlassMaster

19

Heavy duty protection (flow, exception, string obfuscation …)


20

JDO: Java de-obfuscator / JMD: Java byte code de-obfuscation tool

21

JAVA2EXEExcelsior JET Engine

22

Java2Exe – The main principleJa

va s

ourc

e co

de

Java

byt

e co

de

Nativ

e co

deJAVACCompiler

Excelsior JIT

Compiler

23

Additional protection through native code encryptionJa

va s

ourc

e co

de

Java

byt

e co

de

Nativ

e co

de

Encr

ypte

d na

tive

codeJAVAC

Compiler

Excelsior JIT

Compiler AxProtector

24

Encrypting Java Byte Code

Encrypting the code

25

Encrypting the byte code before shipping:

Decrypting classes/methods at run time

EncryptionUnprotected Application

Decryption

AxEngine

AxEngine

26

AxProtector Suite

AxProtector native Windows 32-/64-bit Mac OS X Linux

AxProtector .NET .Net 2.0, 3.0, 3.5, 4.0, 4.5

AxProtector Java Java 1.6

Java 1.7

Java 1.8

Java Applications

Java Applets

Java Servlets

27

AxProtector – The main principle

UnprotectedapplicationWin32 ExecutableWin32 Dynamic Link LibraryWin64 ExecutableWin64 Dynamic Link LibraryMac OS X 32-BitMac OS X 64-BitMac OS X Universal Binary.NET 2.0 Assembly (Exe).NET 2.0 Assembly (Dll).NET 3.0 Assembly (Exe).NET 3.0 Assembly (Dll).NET 3.5 Assembly (Exe).NET 3.5 Assembly (Dll).NET 4.0 Assembly (Exe).NET 4.0 Assembly (Dll).NET 4.5 Assembly (Exe).NET 4.5 Assembly (Dll)Java 1.6 ApplicationJava 1.7 ApplicationJava 1.8 Application

protected

application

AxEngine

Protection

Licenses

Encryption

AxProtector

28

AxProtector Java – fundamentals

AxProtector Java automatically encrypts the byte code at class level and method level and protects your application.

Each class/method is automatically decrypted when loaded. The AxProtector Runtime must be initialized. There are several ways to achieve this: Java applications with Main-Class => wrapper

manual loading through EntryPoint

manual loading through ProtectionManager

Manual instantiation might be necessary (e.g. Application Server) Build extended protection measures (IxProtector) Specific license queries (CoreAPI)

29

Supported Applications Types

What types of applications can AxProtector Java protect? Console and desktop applications

Applets, Web Start applications

Servlets

Eclipse RCP, Eclipse Plugins

OSGi

30

AxProtector – The main principle

Encrypted Class on the hard drive

Class in Memory

AxProtector RuntimeJVMloadClass

31

AxProtector Classes

Automatic protection (integrated into the JAR or as WibuXpm4JRuntime.jar) Adjustments in your code Automatic code protection during runtime execution:

Integrated into the protected application (included in the JAR file)

Separate WibuXpm4JRuntime.jar in classpath

32

AxProtector Java 9.1 – What‘s new?

IxProtector– Method Protection Annotations

EntryPoint

Protected

Unprotected

Trap

Parsable class files (support of annotation parser) Command line file in XML-format (license list)

33

Example

34

Decompiling Encrypted Code

35

Java class file structure

Magic Number Version

Constant Pool

Access Flag

this Class

super Class

Interfaces

Fields

Methods

Attributes

36

Unencrypted code (CAFEBABE)

37

AxProtector protected Java byte code

38

Enigma

39

D4J

40

Lython

41

JD-GUI

42

Additional levels of protection

Java VM signature check Verifies the authenticity of the JVM being executed

WibuXPM4J32/64.dll integrity check Callback check

Checks that no JNI functions have been changed

JVMPI/JVMTI detection Checks whether a JVMPI/JVMTI agent is present

Detecting JVM manipulations (changes to the JVM source code)

43

OpenJDK is an open source implementation of the JVM Available since version 6

Easy to implement backdoors in the JVM

Inserting code that logs loaded classes is pretty easy

Solution: JVM verification

44

Updating the signature

Attacks through tool interfaces

In Java there are some " Tool" interfaces Intended to analyze/modify byte code

Debugger, Profiler

JVMPI: Java Virtual Machine Profiling Interface Up to and including Java 6

JVMTI: Java Virtual Machine Tools Interface Since Java 7, successor of JVMPI

Seite 45

46

Additional Techniques

47

Protecting data files

Assumption Data is the intellectual property e.g. vehicle data for licensed garages

Protection goal Secure the data against unauthorized use (licensing)

Protect the data against "extraction" and reproduction by competitors

Solution: Data encryption

48

Protecting data files

Only secure when the keys are stored in a trusted storage.

49

CodeMeter Core API

com.wibu.CodeMeter Foundation of all protection mechanisms Communication interface for CodeMeter Advanced protection options

Unified interface throughCodeMeter License Server

License in a dongle or in an encrypted license file

Unified license options

Transparent interchangeable use within an application

Dongle

Your Software

Activation

Java Native Interface

CodeMeter License Server

50

Protection of data – encryption

Protection through encryption/decryption within the application

cmCrypt2 ()

51

Integrity protection – signatures

Integrity protection of data/libraries

cmCalculateDigest()

cmCalculateSignature()

cmValidateSignature()

52

Core API – Documentation and Examples

CodeMeter Java API Help (HTML Format) Servlet Sample CmCalculator CmDemo

License access

Reading of licenses

Encryption

…

53

A Few Words About CodeMeter

54

At the core of the CmDongle

Smart card Chip Protection against side channel attacks

Differential Power Analysis (DPA)

Firmware Update Enhanced security features

Enhanced features

Secure update channel

64 kByte | 384 kByte | 512 kByte license storage

55

Software integration

Automatic encryption (AxProtector Java) Encrypting classes/methods before release

Wrapped in JAR file

Wrapper for automatic decryption when loading classes/methods

Integration with CodeMeter Core API Encryption API

Activation of specific modules

Counting concurrent sessions

56

Flexible licensing models for licensor

Single User

Network

Feature On Demand

Perpetual

Trial version

Rent / Leasing / Subscription

Pay-Per-Use

Maintenance period

Downgrade

Grace Period

Volume

Version

Standby

High Availability

Overflow

Borrowing

Name/PC

Time zone

57

Centralized automatic license management

Ticket

Id

License

Ticket

Lice

nsor

Lice

nsee

Ticket

58

Summary

59

Protection through Obfuscation





trade secret)

60

Protection through Java2EXE





trade secret)

61

Protection through Encryption





trade secret)

62

We are prepared!

63

Thank you for your attention!

WIBU-SYSTEMSGermany +49-721-93172-0

USA +1-425-775-6900

China +86-21-55661790

www.wibu.com | [email protected]

http://www.wibu.com/

mailto:[email protected]