Skip to main content
Skip table of contents

KOP-HTC patching

The Kudelski Obfuscator Process Hardening Tool Chain (KOP-HTC) Patcher tool is applied to the final binary based on pre-hardened libraries. This step injects some data into the binary, which can only be computed when all allocation and address resolution is complete.

The pre-hardened binary is not executable.

The version of the KOP-HTC Patcher tool to use is directly linked with the version of the KOP-HTC pre-hardening tool used to generate the pre-hardened library. Check the release notes for the correct version.

The KOP-HTC Patcher tool 2.23.2.2 is delivered as an additional directory (kop_htc) in the SDK zip file. It contains the debug and production versions of the  Hardening and the Patcher libraries. There is no need to install libraries for this as the Patcher uses the system python from Xcode. 

Installing the KOP-HTC Patcher package

Ensure that the host meets the requirements described in the KOP readme text file. In particular, please pay attention to the comments about the Mach-O handling Python library (macholib) that must be installed (only once).

  • Unzip the SDK package and extract the kop_htc directory to a location of your choice on the host. There are no frameworks or libraries to install with the latest version of Patcher/KOP.

Uninstalling the KOP-HTC Patcher package

No special steps are required. Delete the files you extracted earlier.

Completing the protection

This section describes using this KOP-HTC Patcher package to complete the protection and produce a binary file with the linked, protected library.

After receiving a partially-protected SDK framework from NAGRA, do the following:

  1. Open the Xcode project for the application to which the framework will be linked.

  2. Make sure that the following build settings are used:

    • Bitcode disabled ("Enable Bitcode" ENABLE_BITCODE=No)

    • Do not strip symbols ("Strip Debug Symbols During Copy" COPY_PHASE_STRIP=No)

    • If Arxan Finalizer was used previously, remove the related linker flags. These are under "Other Linker Flags" (OTHER_LD_FLAGS).

  3. Add a post-link phase for executing the Patcher script (for executing the patching and stripping phases):
    Under Build Phases, add a New Run Script Phase.
    In Shell, type /bin/bash and copy the sample script from below and paste it into Command

  4. The scripts for production and integration builds should be slightly different – in the script below, they are differentiated by the condition.

  5. In Input File, type . .

An example post-build Patching script is shown here.

This script may vary between build variations, and for brevity, it caters for both Debug and Production versions. Normally there would be a different variant of the script for each build type.

BASH 
set -e
set -x
PATCHER_DIR=${SRCROOT}/nmp-sdk/kop_htc/patcher
CHECKSUM_LIBS_DIR=""
if [ "${CONFIGURATION}" = "Release" ]; then
  echo "Relese build configuation"
  CHECKSUM_LIBS_DIR=${SRCROOT}/nmp-sdk/kop_htc/production/prmc/ios
else
  echo "Debug build configuation"
    CHECKSUM_LIBS_DIR=${SRCROOT}/nmp-sdk/kop_htc/debug/prmc/ios
fi
COP_ARCH=${ARCHS[0]}
if [ "${COP_ARCH}" = "arm64"]; then
  echo "build for arm64"
  CHECKSUM_LIBS_DIR=${CHECKSUM_LIBS_DIR}/arm64
else
  echo "build for x86_64"
    CHECKSUM_LIBS_DIR=${CHECKSUM_LIBS_DIR}/x86_64
fi
STRIP_OPTIONS=""
app_binary=${TARGET_BUILD_DIR}/${EXECUTABLE_PATH}
DUMMY_LD_DIR=${SRCROOT}/nmp-sdk/kop_htc/dummy_ld/ld_ios
LIPO_CMD="lipo -create -o $app_binary "
LIPO_CMD="$LIPO_CMD ${app_binary} "
PATCHER_DIR=${SRCROOT}/nmp-sdk/kop_htc/patcher
${PATCHER_DIR}/pcop --checksum-lib-location=$CHECKSUM_LIBS_DIR -Xpatcher --verbose $DUMMY_LD_DIR -o $app_binary
$LIPO_CMD

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close