Optimised Mach-o binary header size for app encryption

I use Wibu’s CodeMeter AxProtector and dongles to protect my applications. They encrypt the binary and decrypt on the fly with a correctly licensed dongle to my developer code and product code, with options for expiration time and Internet time verification etc…

After a couple of years of trying to get the things working with Xojo binaries, they have been a success. They don’t require any work in code to achieve basic functions, just protect post compile. There’s no SDK for Xojo but I’ve written a dylib in CPP that I can link to that allows checking of maintenance periods and extra feature codes.

Since Xojo added the code optimisation features (which have improved the performance of my app as there are lots of maths heavy loops involved), I’ve struggled to protect the binary with errors about not enough space being available in the Mach-o header. Sometimes switching between medium and aggressive fixes it. Success also varies as I add code to the app, some builds work in medium, some have to be default. My current build only protects at default optimisation.

Is there anything I can do to use medium/aggressive optimisation but ensure enough header space is left in Mach-o binary to allow protection?

Many thanks.

I would think that anything you do in that regard should be considered SUPER FRAGILE, and could stop working with any new release of macOS from Apple and/or any upgrades from Xojo. So I would think of another course of action (just my opinion)

Also my opinion… but I personally would take a hard pass on any software that requires a dongle to operate.

That sounds like a feature request for the addition of a compiler flag.

Regarding dongles -

Dongles are acceptable to a specific type of client. I use dongles for a number of professional music production tools as well as a corporate-level HSM application. No problems and no worries. And, the iLok allows me to use my music tools on any system with MY credentials without the issues of license limitations.

The linker already leaves space for the code signatures.
It shouldn’t be too hard to add more space.

I assume there is a command line parameter to ld for this, so maybe you could make request for Xojo to have an advanced linker options field for building where you can add arguments?

There’s almost always something you can do about it, in this case it would be totally possible as the Mach-O format is documented, However I must admit that I’m not sure it’s feasible, because if there isn’t enough space, you’d need to make some and that would require shifting all the offsets.

Do the dongle vendors not have a tool already for doing this? I would expect if they want you to use their dongle, they’d provide the tools to make it as easay as possible.

Thanks for all your replies. I’ll get a feature request to Xojo for this. It’s interesting how it varies so much between builds and optimisation levels.

I’m a bit cautious of amending the binary post compile myself. I think I’ll leave that to the pros. I will ask the dongle supplier if they have any tools for achieving this.

Regarding dongle use; I’m of the same thought, that dongles are inconvenient for most applications. My software is very industry specific and being able to activate certain features for time limited periods is critical to my model. Practically all the software used in the live events industry (that isn’t free or low cost) is protected by dongles so hire companies can switch licenses between their hire stock of computers with ease.

Also, the encryption included makes it easy to protect my application from piracy or replication.