Are you using a Continuous Integration (CI) build pipeline that is based in the Cloud and need to code sign your plugins for AAX on a virtual machine?  If so, PACE has the solution for you.  Meet Cloud 2 Cloud.

Cloud 2 Cloud is a new service available for AAX code signing that no longer requires a physical iLok USB device to be attached to the machine that is handling the code signing certification.  Software developers can now achieve the same result - a validated AAX plugin for use in Pro Tools - now without the need for an iLok USB to be attached to the machine completing the code signing process.

With Cloud 2 Cloud, now you can utilize PACE's cloud-based AAX code signing technology into your existing cloud-based build pipeline for seamless, and truly continuous integration between cloud services. 

"Thanks to this tailored-made solution, we are now able to automate the build of AAX plug-ins and integrate the signing process inside Audio Modeling’s Continuous Integration system."

Emanuele Parravicini, CTO, Audio Modeling

To learn more about how Audio Modeling integrated Cloud 2 Cloud with their CI system, click on the link here.

https://audiomodeling.com/the-system-used-to-develop-incredible-audio-software-revealed/

Fighting software piracy is an ongoing battle; it means lost revenue, marketshare , and your reputation as a publisher could be at stake.

Unauthorized copying and distribution accounted for $2.4 billion in lost revenue in the United States alone in the 1990s,** and is assumed to be causing impact on revenues in the music and the game industry, leading to the proposal of stricter copyright laws such as PIPA and the DMCA. Everyone knows that illegally sharing software is wrong, yet it still happens every day. Lowering the barrier to entry by removing copy protection, or moving to a flimsy, online pay wall model has been proven ineffective at preserving software integrity. Our research has shown that a hacker’s intentions are difficult to predict. Sometimes, they wish to crack very expensive software to deliver it to the masses; other times, they crack software for sport and recognition amongst their peers. This makes anti piracy protection an important factor to consider if your goal is to make money. Not only do hackers offer product for free but they often abuse copyrights as well.

Another point to consider is how an anti piracy solution can protect your companies brand, perhaps your greatest asset. Good anti piracy software protects your executable inside and out and makes your product tamperproof. Our research has also shown us that global hackers are not as concerned about giving away your software for free, but rather they see your success as a vehicle to steal precious and sensitive information from your audience. By reverse engineering and inserting malware, hackers can gain access to your customers’ data and computers. If you have not adopted stringent anti piracy software protection practices, experienced hackers can quickly and easily infiltrate your distributions and ruin your company’s reputation. With open communication readily available in social media, it is even more imperative, as your potential customers will run from your product offering if they feel they cannot trust it.

Hackers are relentless. Their community is large and they are becoming more and more brazen with their attacks and frequency. They communicate with each other and will even crowdsource their efforts to take a software title down. They hate anti piracy protection and may often engage in a smear campaign to make software publishers believe that an anti piracy solution will hurt their bottom line. Common arguments are that the anti piracy copy protection scheme is cumbersome and a hassle for the end user. Sadly, many publishers believe this when in fact, we have the data to prove the contrary.

You would be mistaken to think that an anti piracy solution is a one-time cost, a set it and forget it investment. We have seen good, strong, expensive anti piracy software from our competitors hacked within days of being posted. Sadly, in some cases protected software lasts only hours in the wild. How do you combat this threat? Will any anti piracy solution work for your needs? We can help you with this fight. We have anti piracy solutions that are proven to be effective in protecting your company’s revenue stream.

Before we delve into discussing anti piracy software, we would like to give you a glimpse into how vulnerable you could be.

How do they do it?

Most anti piracy software protection schemes rely on license checks to validate ownership. A license check validates the ownership and allows your software to run. Remove the license and the software will cease to work. A seasoned hacker can easily spot simple license checks and remove the checks without degrading the functionality of the software.

Of course, as anti piracy solutions become stronger, the tools hackers write and use adapt, thereby escalating this war. Mid-size to smaller companies, who lack the financial resources to sink into a homegrown anti piracy solution, don’t stand much of a chance, and some have sadly resigned themselves that their product will be hacked as soon as it’s released.

Enter PACE Anti Piracy Inc. to fight this battle for you. We have a proven track record of over 30 years developing solutions to stay ahead of attacks on our customers: You, the publisher. Until recently, our most secure method of storing a license was on a proprietary USB iLok dongle. After some technological breakthroughs and years of development, our license servers are secure enough to deliver cloud licensing at an affordable cost AND be secure enough for us to brand with the iLok name.

How do we combat this?

Anti-Piracy Security Software

PACE Anti-Piracy, Inc has been in this business for over 30 years. We have seen it all and yet we are surprised at the tenacity, level of sophistication, and for lack of a better term, talent of the hacker community to quickly and methodically dismantle a publisher’s hard work and release it on a torrent site. The only way to combat these threats is to understand the motivations and methods used. We constantly monitor hacker boards and communications to understand their challenges. We look for methods that prove to be difficult for them to break. We also employ a team of reformed hackers to challenge our product offerings before they are released to our publishers. We use tested cryptography and have vast experience with anti-tamper and white box technologies. We test our anti piracy software against the most brilliant minds in the industry and we are only satisfied when they have to admit defeat.

We know it sounds like an unrealistic boast to say our anti piracy software cannot be cracked. Our goal is to stay ahead of the curve and hacking trends. We avoid giving known hooks or patterns that they recognize, and we pepper our anti piracy solutions with methods that we know are time consuming and difficult, if not impossible, to remove. We are constantly innovating and investing in the future.

The PACE Anti-Piracy, Inc. Solution

We are constantly asked by new publishers how long it will take to implement. To answer that, we must take many factors into consideration. We like to describe the amount of protection our anti piracy software solution provides as a dial that can be turned from 1 to 10. One being a deterrent to abuse; 10 being robust protection for valuable IP.

There are myriad reasons why a publisher would chose a particular anti piracy setting, it usually comes down to time available and effort required. Our solution is flexible enough to accommodate your needs.

How Much Anti Piracy Security Am I Getting?

An anti piracy solution is only part of the puzzle. PACE Anti-Piracy, Inc offers product licensing that works in tandem with the tamper-proof nature of our copy protection. In all of our years in business, our licensing system and hardware dongle have never been hacked. The license the end user purchases is always visible to you with our PACE Central portal and can accommodate many licensing scenarios from a full perpetual license to a limited trial or a renewing subscription, just to name a few. We offer reasonable license distribution solutions.

Please contact us to set up a discussion; we would love to understand your requirements and what you need to get to market.

Publishers looking for sales information about the iLok licensing system, software security, or anti-piracy may follow this link: http://go.paceap.com/proaudio.

**Greg Short, Comment, Combatting Software Piracy: Can Felony Penalties for Copyright Infringement Curtail the Copying of Computer Software?, 10 Santa Clara Computer & High Tech. L.J. 221 (1994). Available at: http://digitalcommons.law.scu.edu/chtlj/vol10/iss1/7

PRESS RELEASE – PACE ANTI-PIRACY, INC. - iLok USB-C Announced - Offering Professionals Even More Options To Keep Licenses Safe

FOR IMMEDIATE RELEASE

PACE Anti-Piracy, Inc. have today announced the USB-C version of the third generation iLok USB.

In addition to the iLok USB-A, PACE is now offering the iLok USB-C which uses the USB Type-C connector. Both iLok devices hold up to 1,500 authorizations—3x more than before—and deliver twice the transfer speed of the second generation iLok USB. Plus, it’s sleeker, smaller, and more secure, with a full metal jacket (made from durable aluminum) that won’t split or crack from normal use.

The iLok USB is fully backward compatible with previous versions – so all software developed for use with a 2nd generation iLok will continue to work with a 3rd generation iLok USB-A or USB-C. And with the addition of Zero Downtime (ZDT) protection, you will always have access to your licenses if your iLok USB is lost, damaged, or stolen.

Eden 5.0 - PACE Anti Piracy
iLok USB-A (back) & iLok USB-C (front)

Since its release over 20 years ago, the iLok USB hardware device has never been compromised.

The design of the 3rd generation iLok USB-A and USB-C are a huge step up from previous versions. The internal components are ingeniously small, packed into their metal case using methods that make duplication virtually impossible. And fewer components mean fewer points of failure once the device is being used in the field.

Many people asked for a USB-C version of the iLok, and here it is. More computers are entering the market with USB Type-C ports, and our new iLok USB-C allows users with USB-C ports to use our licensing key without the need of additional adapters. Along with our Fusion Anti-Tamper technology, the 3rd generation iLok USB-A and iLok USB-C provide a publisher with the most secure tools in the industry. Period.

Andrew KirkVice President of PACE Anti-Piracy, Inc.

Whether you’re purchasing your first iLok device or want to consolidate licenses from older keys, iLok USB makes it easy to take all of your software authorizations with you, wherever you go.

PRICING:

Standard 3rd generation iLok USB-C pricing (as of April 2021)
All pricing is in US$
MSRP is $59.95

FAQS

How many licenses can the iLok USB-A and USB-C hold?

The 3rd generation iLok USB-A and iLok USB-C can hold up to 1500 licenses depending on the license type. By comparison, the 2nd generation iLok USB can hold up to 500 licenses.

Can I have original iLoks, the iLok USB-A, and iLok USB-C in my account at the same time?

Yes, you can have any combination of iLok USBs in your account at the same time.

Does the new version of the iLok USB work just like the original iLok device?

The 3rd generation iLok USB works the same as the 2nd generation iLok USB. It is also fully backward compatible.

Can I get Zero Downtime protection on a new iLok USB?

Zero Downtime (ZDT) is immediately available for 3rd generation iLok USB-A and iLok USB-C. Theft & Loss Coverage (TLC) may be enabled within the iLok License Manager application on ZDT-covered 2nd & 3rd generation iLoks.

Do I have to buy the new version of the iLok USB?

You do not need to purchase a new iLok USB to continue working. Note that software publishers may set some of their products to require 2nd generation or above iLoks.

Will you still be selling the third generation iLok USB-A?

Yes, 3rd generation iLok devices are now available in both USB-A and USB-C versions.

Why should I buy the new version of the iLok USB-C?

If your computer only has USB Type-C ports, you can use the new iLok USB-C without the need for a USB Type-A to USB Type-C adapter connector.

Can I move licenses from an old iLok device to a new iLok USB-C?

Yes, both the new and original iLok USB function the same.

ABOUT PACE ANTI-PIRACY, INC.

PACE Anti-Piracy, Inc. is a privately-held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high quality solutions for secure software distribution. PACE’s products are used by an ever-growing number of world-class software publishers around the globe. Current and past PACE Customers include AbbeyRoad/EMI, Adobe, Antares (Auto-Tune), Apple Computer, AudioEase, AVID/Digidesign, Brother International, Celemony, Corel, Cycling74, Dolby Laboratories, DTS, Inc., DxO Labs, EastWest Soundsonline, Electronic Arts, Empirical Labs, FontWorks Japan, Follett Corporation, Gobbler, Harman International/Lexicon, InstallShield Software, KORG, Line6, Massenburg DesignWorks, Mark of the Unicorn (MOTU), McDowell Signal Processing (McDSP), Morisawa and Company, Nemetchek America, Network Associates/ Netscout, Neural DSP, Nikon, Notionmusic, Philips, Sanyo, Slate Digital, Softube, Sonic Solutions, SSL, Sonivox, Sonnox Plugins, SoundToys, Unity3D, Universal Audio, US Cost, UVI, Verance, Vienna Symphonic Library, Waves, The Walt Disney Company, Write Brothers Inc, plus over 300 Pro Audio software companies.

PRESS CONTACT:

email: [email protected]
web: www.paceap.com and iLok.com
Media graphics can be downloaded here

PACE Anti-Piracy Announces White-Box Works, a Next-Generation White-Box Code Generator to Secure Cryptographic Keys and Data Against Discovery

FOR IMMEDIATE RELEASE

PACE Anti-Piracy, Inc. a leader in in-app protection technologies today announces the release of White-Box Works—a next-generation white-box code generator. This new in-app protection tool is a groundbreaking approach to white-box technology. Its unique industry-leading architecture adds new dimensions of security to protect cryptographic secrets against the most advanced discovery attacks.

Overview

White-Box Works is a white-box code generator, not simply a library of protected cryptographic operations. With White-Box Works software developers can generate or update an unlimited number of unique white-box implementations on-demand, keeping your team nimble and your bottom line safe from unexpected support bills. With White-box Works, updating your app no longer means updating your development budget.

White-Box Works includes many enhancements vs. previous generations of white-box products.

  1. Advanced proprietary architecture translates into resistance to the latest cryptographic attacks
  2. Algorithm agnostic
  3. Support for non-deterministic algorithms

The use of cryptography has grown significantly in recent years, and it’s increasingly common for applications to leverage cryptography. As encouraging as this might be, many developers have a false impression about what the use of cryptography in their application actually means in terms of security.

When an application encrypts data and sends it to a third party (that has a key to decrypt it), the data is protected in transit, but nothing is protecting the encrypt/decrypt operations themselves. If an attacker gains access to either device (a bank app running on a mobile device for example) they can easily extract an unencrypted copy of the key at the instance at which the key is decrypted.

Depending on how the application manages keys, this may allow the attacker to decrypt all past and future data sent by the application and possibly even all data sent by all users of the application. The result of such an attack is not simply a single compromised app, but potential intellectual property loss, DRM class breaks, back-end systems compromise, risk of costly GDPR and CCPA regulatory action, as well as damage to the App developer’s reputation and brand.

White-Box Works is an unmatched in-app protection tool to address this problem.

In cryptographic implementations transformed by White-Box Works, private keys, content keys and license store keys, trusted constants such as public keys, and proprietary algorithms are all executed within the boundaries of the White-Box and are never visible in a decrypted state in the static application or in runtime memory. White-Box Works was designed to defeat reverse engineering attacks and advanced statistical analysis attacks (like Differential Computation Analysis).

White-Box Works is a new, unique solution for adding white-box cryptography to applications. It provides unmatched protection for cryptographic keys vs. legacy solutions and is more flexible without compromising ease of use or performance.

Availability

White-Box Works is available today to software publishers as an option when updating their products.

Statement from PACE's CEO

Allen Cronce, CEO of PACE Anti-Piracy, Inc. states: “As app developers move more and more software logic to client side implementations, there is a pressing need to harden security related code against attacks. Financial services, identity, contact tracing, biotech and automotive apps are particularly vulnerable given their architectures.” With White-Box Works, PACE meets this need by providing comprehensive multi-layered security for keys and data.

About PACE Anti-Piracy, Inc.

PACE Anti-Piracy, Inc. is a privately held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high-quality solutions for secure software distribution. PACE products are used by a growing number of world-class software publishers around the world.

For more information, please visit https://www.paceap.com/software-white-box_cryptography.html

Contact: [email protected]

PACE ANTI-PIRACY, INC. ANNOUNCES SUPPORT FOR APPLE NOTARIZATION REQUIRED IN MacOS CATALINA

FOR IMMEDIATE RELEASE

October 14, 2019, San Jose, California.

PACE Anti-Piracy, Inc., a leading License Management and Application Protection platform, today announces compatibility with Apple Notarization.

Apple Notarization was initially announced at WWDC 2018 as an extension to the Developer ID program, where developers submit their apps to Apple for review. The program, as announced at WWDC 2018, was optional.

In April 2019, an update to Apple’s notarization support documentation  advised "Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run." While the process changed to force new developers to notarize, the notice also points out everyone else developing macOS software will have to do so eventually, as "In a future version of macOS, notarization will be required by default for all software." 

In September 2019, Apple updated app publishers again. https://developer.apple.com/news/?id=09032019a “As a reminder, Mac software distributed outside the Mac App Store must be notarized by Apple in order to run on macOS Catalina.”

About Notarization

Gatekeeper Dialog

Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a “ticket” for you to “staple” to your software; the notary service also publishes that ticket online where Gatekeeper can find it.

When the user first installs or runs your software, the presence of a ticket (either online or attached to the executable) tells Gatekeeper that Apple notarized the software. Gatekeeper then places descriptive information in the initial launch dialog to help the user make an informed choice about whether to launch the app.

Impact on PACE Anti-Piracy Eden Tools Users

Fast forward to today. With the October 1, 2019 release of Eden tools 5.1.0, PACE has added generalized support for Apple Notarization from within our tools. “To support our customers, we worked closely with Apple to get out ahead of Apple’s Notarization feature”, says Allen Cronce, CEO of PACE Anti-Piracy.

If your company hasn’t updated its licensing and application protection systems in the last few years, Apple is giving you yet another compelling reason to revamp those antiquated solutions. Now is a great time to adopt a new platform and work with a partner that’s committed to staying ahead of Apple ecosystem changes.

PACE has been providing licensing and application protection solutions to Apple application developers since 1985. We have the technology and experience to make transitioning to a modern, streamlined licensing and application protection solution painless and the cost of our technology is likely no more than your company is already investing in your current solution.

To learn more and get a demo today, please contact us.


https://appleinsider.com/articles/19/04/09/apple-amping-up-requirements-for-app-notarization-starting-in-macos-10145

https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

https://developer.apple.com/news/?id=09032019a

PACE ANTI-PIRACY, INC. REAFFIRMS SUPPORT FOR 64-BIT APPLE APPLICATIONS

FOR IMMEDIATE RELEASE

September 10, 2019, San Jose, California.

PACE Anti-Piracy, Inc., a leading License Management and Application Protection platform, today reaffirms their commitment to compatibility with 64-bit Mac applications.

Apple first warned developers in 2017 that updates to macOS after High Sierra would not run 32-bit apps ‘without compromise’. 64-bit has been required for both app submissions and app updates to the Mac App Store since January 1, 2018. To notify users of the upcoming changes, an alert dialogue in macOS was added in early 2018.

App is not optimaixed for your Mac. Warning dialog

Fast forward to today. With the public beta of the next major version of macOS, macOS Catalina now here, it's no surprise that Apple is dropping support for 32-bit apps.

Why is Apple dropping support for 32-bit apps in macOS Catalina?

Here's what Apple has to say on the subject:

“A State-of-the-art technology is what makes a Mac a Mac. All modern Macs include powerful 64-bit processors, and macOS runs advanced 64-bit apps, which can access dramatically more memory and enable faster system performance. The technologies that define today's Mac experience—such as Metal graphics acceleration—work only with 64-bit apps. To ensure that the apps you purchase are as advanced as the Mac you run them on, all future Mac software will eventually be required to be 64-bit.

Apple began the transition to 64-bit hardware and software technology for Mac over a decade ago, and is working with developers to transition their apps to 64-bit.”

So where does that leave software companies that have delayed releasing 64-bit Mac applications because their legacy licensing system is not 64-bit compatible? Well, the short answer is scrambling for a modern alternative to dongle-based licensing systems that were designed in the last century. Based on the inquiries we have received to-date, in addition to the soon to be retired DevMate licensing system, we are led to believe that many popular licensing systems, including the Thalas Gemalto Sentinel product, are not 64-bit compatible.

If your company hasn’t updated its licensing and application protection systems in the last few years, Apple is now giving you a compelling reason to request the budget to revamp those antiquated solutions. It’s not a secret that many of the best-known legacy licensing solutions suffer from well-understood security cracks, are at best keeping honest people honest, and are often just creating headaches for you, your staff, and your customers. Now is a great time to finally adopt a more modern solution.

Please contact us. PACE has been providing licensing and application protection solutions to Apple application developers since 2010, we have the technology and experience to make transitioning to a modern streamlined licensing and application protection solution painless, and the cost of our technology is likely no more than your company is already investing in your current solution.

Contact: [email protected]

About PACE Anti-Piracy, Inc.

PACE Anti-Piracy, Inc. is a privately held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high-quality solutions for secure software distribution. PACE products are used by a growing number of world-class software publishers around the world.


Sources

“32-bit app compatibility with macOS High Sierra 10.13.4 and later” https://support.apple.com/en-gb/HT208436

“macOS Catalina Is Dropping Support for 32-Bit Apps: How to Check Which Mac Apps Will Stop Working”, 4 July 2019 https://gadgets.ndtv.com/apps/features/macos-catalina-32-bit-apps-support-stop-work-how-to-check-2063627

Important Announcement DevMate end of life https://announcement.devmate.com/

As this is our first ever blog post, I’ve been struggling for days to come up with a title. With the name PACE, there are a lot of clever choices. “PACE of Change” came to me first, then “Keeping PACE”, PACE in your Face… Coming up with a name for the blog may be harder than actually writing it.

So, despite the lack of a catchy name, to begin our first blog, perhaps a look back at a very successful 2018 in the software business:

51% of businesses say they’re shifting the way they price and deliver their products or services to customers.

Last year was the year of the subscription model for PACE Anti-Piracy. Virtually every conversation we had with prospects and customers turned to when they would be rolling out a subscription offer. Inspired by Adobe and other success stories, nearly every software publisher wanted a piece of the subscription revenue pie, and who could blame them.

By 2020, all new entrants and 80% of historical vendors will offer subscription-based business modelsGartner Research

What software publisher wouldn’t want to get off the annual release roller coaster? Betting the business each year that the next release would capture new users, beat last years “best release ever”, or be compelling enough to get folks to upgrade is a gut check. The promise of a nice, predictable revenue stream that would fund continued product development is most compelling.

What publishers learned quickly was that taking a handful of old, tired products and offering them as a subscription bundle was not the key to software publisher nirvana. Successful subscription offerings stay successful by consistently adding value to the subscription bundle, such as high-profile new product additions and truly useful new features. Some larger publishers even hosted developer conferences to showcase their latest and greatest and to create a one-on-one relationship with their most devoted users and key influencers.

Other learnings were that some publishers’ products are just never going to be a good fit for a subscription model. For example, publishers with a portfolio of products that won’t ever expand, or products that are marketed at low price points.

In the first quarter of 2019, the dominant market trend we are seeing is publishers of high-value software that has traditionally been sold as a perpetual license plus maintenance fee are investigating usage-based pricing models as a means to move down market. This strategy potentially gets their software into the hands of mid-sized and smaller companies with little or no upfront cost to their customers. The metered usage fees, billed monthly, can then be mapped to their customers various profit centers, or charged to a project.

This model is even more attractive in vertical markets where the competition is open source software or where hacked versions of competitive offering are readily available for download.

Stay tuned for future posts. We will do our best to keep you up to date on the latest software industry trends and, with luck, spark some new ideas that will make 2019 a banner year for you. Oh, and maybe even come up with a name for our blog.

Introduction

Protect and License Your Product to Make a Profit

There are many options available to software developers to reduce the risk of software piracy and malicious use of their code. The following document explores the advantages and drawbacks of several protection strategies including Code Signing (Digital Signing), Software Obfuscation, Anti-Tampering, Software Protection Dongles, Cloud License Location, and White-box Cryptography. We hope this article is useful in exploring some of the many options available to protect your intellectual property.


Code Signing

Code Signing

Code Signing, also known as Digital Signing, is the process of digitally signing executables and scripts to assure the client OS (and therefore the user) that the software is genuine. Code Signing does nothing to assure the software developer that their code has not been tampered with in the field. The process employs the use of a cryptographic signature and certificate to validate authenticity.

Code Signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some programming languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other metadata about an object.

If your software is a stand-alone application, the signature is checked at the operating system level at first launch. If your software is a plug-in or add on, it may be checked by the host application as it loads. Code Signing is a good first step to protecting your software, however it should not be your only defense as it is susceptible to a number of work arounds. For example, if the system or host is compromised, the signature check may be ignored or removed. Without effective application protection (which is a subject covered later in this document), software protected exclusively with Code Signing be easily cracked and shared.


Obfuscation

Obfuscation

In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans/hacker, and their tools to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in the industry.

Advantages of Obfuscation

There are several advantages of automated code obfuscation that have made it popular and widely useful across many platforms. On some platforms (such as Java, Android, and .NET) a decompiler can reverse-engineer source code from an executable or library. A main advantage of automated code obfuscation is that it helps protect the trade secrets (intellectual property) contained within software by making reverse-engineering a program difficult and economically unfeasible. Other advantages might include helping to protect licensing mechanisms.

Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "man-in-the-middle". For run-time interpreted languages like Javascript, many publishers perform source text compression - renaming variables and methods to a single character and removing white space. Done to speed up loading, it has a side effect of some obfuscation.

Disadvantages of Obfuscation

While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible. Some obfuscation techniques have been analysed enough to make automated de-obfuscation possible. Further, implemented poorly, obfuscation has the potential to bloat the size of your code significantly, and also provide clues to a skilled hacker as to where your sensitive IP can be found. Security by obscurity (obfuscation) does not alone provide long lasting robust software protection.


Tamper Proof Your Code (Anti-Tamper Software)

The goal of tamper proofing is to protect your code from being modified and used in a way you have not intended. Tamper proofing is designed to fail gracefully at run-time, and not offer any clues as to why the modified code fails to operate. It does not stop a user from examining or extracting code from your executable. Effective tamper proofing makes software dynamic analysis very difficult. A motivated malicious actor given unlimited resources and time will eventually be able to crack tamper proofed code. But months of false positives and dead ends will hopefully deter them from targeting your code and extracting anything of value for their efforts. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. Though both of code bloat and performance impacts can be mitigated through the use of advanced automation technologies. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.

Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the computer program code and behavior. Examples include: installing rootkits and backdoors, disabling security monitoring, subverting authentication, malicious code injection for the purposes of data theft, or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of software piracy, code interference to extract data or algorithm, and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.

Anti-tamper protection can be applied either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as malware scanners and anti-virus applications. Internal anti-tampering is used to turn an application into its own security system, and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as cyclic redundancy checksums, anti-debugging measures, encryption, or obfuscation. Some anti-tamper software uses white-box cryptography, so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.

Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, anti-cheating in games, military, license management software, and digital rights management (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal developer effort. Malicious software itself can and has been observed using anti-tampering techniques, for example the Mariposa botnet.


Software Protection Dongle

Branded image of the iLok USB Smart Key

A software protection dongle (commonly known as a dongle or key) is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

In software protection, dongles are two-interface security tokens with transient data flow with a pull communication that reads security data from the dongle. In the absence of these dongles, certain software may run only in a restricted mode, or not at all. There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to make this hard to crack. For example, a simple implementation might define a function to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".

Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute program instructions which may be input to the cryptoprocessor only in encrypted form.

Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which are widely used in extremely rigid security requirement environments such as military and banking.

The PACE Anti-Piracy iLok is a robust security product that runs code. Not merely a dongle with a digital identifier or secret. The iLok is an active security device that leverages both hardware and software encryption, public key private key infrastructure (PKI), and digital signing in conjunction with application protection tools that are used to protect the software.


Cloud License Location

Branded image of the iLok Cloud

Modern cloud licensing solutions are as secure, and in some cases more secure, than traditional dongle systems, as the cloud provides a secure active security component. Cloud-based software licensing also removes the risk of lost or damaged dongles and computers. You can rest assured that the licenses activated to the modern cloud-based software license solutions will not be cloned, hacked, or tampered with.

License checks that are performed by the client software still need to be secured against reverse engineering and modification; otherwise, they can be identified and disabled by hackers.


White-box Cryptography

White-box Cryptography

White-box cryptography is a necessary building block in any overall software security strategy. It is a cornerstone in the protection of cryptographic primitives in applications that run on potentially hostile execution platforms, such as on PC’s, Tablets, or Smartphones, and white-box cryptography is a key component of DRM and software licensing solutions.

The underlying idea of white-box cryptography is to merge the key and the crypto algorithm code into a new, transformed code. The key is effectively hidden in the code and cannot be easily separated. White-box cryptography implementations of symmetric block ciphers, like AES and DES, are available as commercial products. Additionally, some white-box cryptography suppliers offer implementations of algorithms such as hashes, RSA, and Elliptic Curve Cryptography, with the capability to combine multiple algorithms without disclosing the intermediate values, as well as tools to build unique White-box implementations on-demand.

Advantages

Disadvantages

For more information on how PACE can help you protect your software, contact us today.

PRESS RELEASE – PACE ANTI-PIRACY, INC. INTRODUCES A MAJOR UPGRADE TO THEIR INDUSTRY LEADING SOFTWARE LICENSE PROTECTION

FOR IMMEDIATE RELEASE

PACE Anti-Piracy, Inc. introduces Eden 5.0—a major upgrade to their industry leading software license protection service. The new version has major increases in security, performance and ease-of-use for software developers that use iLok copy protection for their products.

Today, PACE Anti-Piracy, Inc. has released a major upgrade to their Copy Protection and License Management toolset and end user software—Eden 5.0.

Overview

The Eden 5.0 release includes many updates and enhancements for PACE’s Publisher Partners—software publishers that use iLok to protect their intellectual property and their end user customers. The new version has major increases in security, performance, and ease-of-use for software developers.

For our publisher partners that use our Eden SDK, several new Windows security countermeasures, as well as enhancements that enable faster build times of protected products, are included in Eden 5.0.

Periodic license checks have also been added to the Eden 5.0 Wrapper to provide an additional level of protection.

The Fusion parser has been updated to provide improved support of C++11 through C++17 language standards.

PACE is also announcing that the iLok Cloud feature is enabled for all publishers that want to offer their customers the ability to activate without a dongle.

For convenience, iLok Cloud-enabled Eden Tools licenses are now available for Eden 5.0, so developers can authorize the Eden 5.0 SDK tools without an iLok. Developers that use PACE’s Digital Signing Service will also be able to sign their binaries without an iLok by leveraging Eden 5.0’s iLok Cloud licensing feature.

For End-User Customers, Eden 5.0 Features

Availability

Eden 5.0 is available today to software publishers as an option when updating their products.

Statement from PACE's CEO

Allen Cronce, CEO of PACE Anti-Piracy, Inc. states:

"This version of the Eden SDK is our best yet, setting a new standard for security, quality, performance, and ease of use.""

Meet PACE Anti-Piracy at NAMM 2019

PACE Anti-Piracy will exhibit in booth 14800 at NAMM 2019 in Anaheim, CA., January 24 th  – 27th, 2019. We invite software publishers to visit our booth, where we’ll be happy to answer any questions.

For more information, please visit https://www.paceap.com/software-security-service.html

Contact: [email protected]

About PACE Anti-Piracy, Inc.

PACE Anti-Piracy, Inc. is a privately held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high-quality solutions for secure software distribution. PACE products are used by a growing number of world-class software publishers around the world.

The Software Security Service sector is one of the fastest growing and evolving industries in the world.

Nearly every sector depends on software to improve efficiency, and in most cases, it’s critical to getting the actual job done. A minor software problem could grind a project to a standstill.

Software has evolved significantly over the last decade, and this has led to better operational efficiency. Unfortunately, with every evolution, new security threats emerge.

Security Code

Gartner Group found that 70% of current security risks are found within the software applications. The widespread adoption of software in every sector has made software protection even more critical to success. As such, having a robust and up-to-date software protection and licensing system is crucial, especially in this connected age where cracks can be made available to millions in a few keystrokes.

Many businesses suffer losses, running into billions of dollars because of software piracy. According to Business Software Alliance (BSA), more than a third of all software in use is stolen. This criminal act costs publishers billions each year, which, in turn, drive up the price for legal software. Besides this, there are several security issues that businesses have to grapple with.

Consider these thefts and cybercrime scenarios:

Statistics from Software Alliance shows that about four in ten software installations are illegal. These installations have a commercial value of more than $51 billion. The above crimes are just the tip of the iceberg when examining the need for organizations to have a solid software protection service. In fact, the need for software protection and implementing tight security measures goes beyond software publishers.

The question now is how to address this challenge

Security Image

To effectively respond to these challenges, PACE has developed a robust software protection platform service. With over three decades of winning the challenge and over 32 million licenses for our customers, we understand the kind of software protection service our customers need to protect their systems.

Why choose our software protection service

For organizations who would like to deploy a turnkey software security and licensing management solution, PACE offers a complete software protection service that supports them through the complete product development lifecycle. Whether you are a software publisher concerned about reverse engineering attacks or creating an easy to use activation experience for your customers, we are up to the challenge.

Our Ecosystems gives you several benefits:

Custom Protection Design

Our software protection service allows you to choose the level of protection you want for your product.

Flexible Licensing Model

Through our platform you can design different licensing models; Perpetual, Subscription, Rental, Trials, and more.

Multiple Delivery Channels

To deliver licenses to customers in real time, you can choose between license activation codes, a web portal, and even an API.

Easy to Manage Licenses

Our system gives your customers the power to manage their own licenses with iLok License Manager, reducing your customer support.

In addition to the above, our software protection comes with the following features:

Strong security

Our software protection service helps organizations secure their most vulnerable asset, so they can focus more on serving their customers.

Different license types

We offer several different license types designed to cover varying business needs. These include perpetual, network-based, subscription, trial and timed.

Subscription support

We have simplified our low-cost subscription software protection service for easier control.

Custom settings

Design a security model that works best for your operations.

Full support

Every sign-up comes with quality support from our engineering team on top of the full documentation that our customers receive.

Digital Signing

Ready to make a Pro Tools plugin? Our software service also allows you to digitally sign your binaries for use in Avid Pro Tools as a verified AAX plugin.

We would love to protect your business

To fully tackle security threats, it is crucial that you evaluate software security needs, weaknesses, and strategy. Ideally, you should come up with a security policy to safeguard your systems. With our software protection service, we can help you to secure your systems so you can focus on producing great products and services for your users.

Get in touch with us to schedule an appointment with one of our experienced security experts who will help you understand how our software protection platform service could solve your software security challenges. Partnering with PACE allows you to get ahead of the criminals planning to harm your business.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram