SmartExporter

Technical Background

and Security Aspects

 Copyright
Audicon GmbH
Am Wallgraben 100
70565 Stuttgart
Germany

Audicon did its utmost to ensure the quality of the information supplied in this document. All
information is supplied without warranty of any kind. Audicon GmbH hereby disclaims all
warranties and conditions with regard to this information whether express, implied or
statutory.
The document is protected by international copyright law. Translating, printing, copying
images, tables or the publishing of the whole document or parts of it requires the
written permission of Audicon GmbH.

SAP, SAP DART, R/3, ABAP/4 and the SAP logo are registered trademarks of SAP SE,
Walldorf, Germany.
Microsoft Excel is a registered trademark of Microsoft Corporation.
Acrobat Reader is a registered trademark of
Adobe Systems Inc.

Disclaimer
Although Audicon did its utmost to ensure the quality of the information supplied in this
document, it may happen, that as a result of the on-going development or
adaptations after the release this document may contain certain
inaccuracies. The following paper is supplied without warranty
of any kind regarding completeness and correctness
of its content.
This publication contains references to the products of SAP SE. SAP, R/3, SAP NetWeaver,
Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects Explorer, and other
SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP SE in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal
Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services
mentioned herein as well as their respective logos are trademarks or registered trademarks
of SAP France in the United States and in other countries.
SAP SE is neither the author nor the publisher of this publication and is not responsible for its
content. SAP Group shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP Group products and services are those that are set forth in the
express warranty statements accompanying such products and services, if any. Nothing
herein should be construed as constituting an additional warranty.
Contents
Introduction ........................................................................................................................... 5
Deployment and Installation .................................................................................................. 7
System Requirements........................................................................................................ 7
Installation ......................................................................................................................... 7
Update ........................................................................................................................... 7
Registry entries .............................................................................................................. 8
Edition Overview since SmartExporter 2013 R1 .................................................................... 9
Auditor – Client Workflow / “Desktop Edition“ - “Client Edition“ .......................................... 9
Where Does SmartExporter Save Data? ..............................................................................10
Local User Data ................................................................................................................10
Global Application Data ....................................................................................................11
Extracted Data ..................................................................................................................13
Communication between SmartExporter Windows Client and SAP® System / Connections .14
Online and offline mode ....................................................................................................14
Online mode .....................................................................................................................14
Offline Mode .....................................................................................................................15
Protocols...........................................................................................................................16
Ports .................................................................................................................................17
Connections ......................................................................................................................18
… with specifying a password .......................................................................................18
… without specifying a password ..................................................................................18
Support of Secure Network Communication (SNC) .......................................................19
Showing SAP® Error Messages ...........................................................................................21
Sample of CPIC message .................................................................................................21

SmartExporter 2020 R1 - Technical Background and Security Aspects 4

Introduction
This document is a collection of internal technical SmartExporter windows client details.
SmartExporter SAP® components especially authorization concept are not covered by this
document. If you’re interested in, please read SmartExporter SAP® Components manual for
details.
For those reader who are not so familiar with SmartExporter, following a short SmartExporter
guide excerpt (SmartExporter_Guide_EN.pdf chapter Introduction):
“SmartExporter is the simple and fast solution if you want to extract and prepare data from
SAP® systems. SmartExporter supports auditors or other persons interested in SAP®
application data to get the data they require.
Using SmartExporter you do not have to be a trained SAP® user and you do not need to
have thorough knowledge about SAP® table structures. SmartExporter enables you to
extract exactly the data from SAP® you require for your analyses. At the same time
SmartExporter prepares the data for the use in other auditing software like IDEA, AIS
TaxAudit, SmartAnalyzer or Microsoft® Excel where they can be edited and analysed
immediately after extraction. If you are using SmartExporter in combination with AIS
TaxAudit Professional or SmartAnalyzer, SmartExporter will extract automatically the data
from SAP® required for the audit tests you have selected previously.
Once a Data Request is defined you can save it as a favorite. This favorite can be reused or
modified whenever required. You only need to define an initial Data Request that might be
useful for multiple data extractions.
SAP® administrators accept SmartExporter as the application is based on the SAP®
authorization concept and allows just read only access for the SAP® system. However, the
user has access to all transparent SAP® tables (including Database Views, Pooled Tables
and Cluster Tables) and archived data as long as these were archived using the SAP® ADK
(Archive Development Kit). In SmartExporter 2015 R1, a new concept called Additional Data
Sources was introduced to extract data from some reports, HCM/HR or DART.
SmartExporter communicates with the SAP® system using SAP® RFC protocol with RFC
modules. For details regarding the supported SAP® systems refer to the Readme file on the
CD or select Start – Programs – Audicon – SmartExporter – Readme.
Additionally, SmartExporter is able to use existing SAP® standard components which are
already installed on the SAP® system. SmartExporter will automatically switch to the SAP®
standard components and allow a data extraction in online mode if SmartExporter discovers
that neither ZAUDICZ_RFC_READ_TABLE nor the specific SAP® components are not
implemented or SmartExporter has no access to these components. Because of several
limitations of this approach, it is highly recommended to use SmartExporter with the specific
SmartExporter SAP® components. For details, please read SmartExporter user guide
chapter “Limitations when using SAP® standard components”.
Even if you do not have a connection to an SAP® system, the SmartExporter offline mode
provides the ideal alternative to create a Data Request and for instance send it by email to
the administrator in charge who can then extract the required data for you.

SmartExporter 2020 R1 - Technical Background and Security Aspects 5

Auditors and other persons who do not have direct access to an SAP® system can use the
SmartExporter Client Edition to run an existing Data Request. An auditor can benefit from the
Client Edition by simply sending the Data Request he created with his SmartExporter
Desktop version to the company. The company can run the Data Request using the
SmartExporter Client version which is connected to the Desktop license of the auditor and
extract the required SAP® data which are provided for the auditor.

SmartExporter 2020 R1 - Technical Background and Security Aspects 6

Deployment and Installation
System Requirements
Officially supported operating systems of SmartExporter 2020 R1 are
Windows 8.1, Windows 10, Windows Server 2008 R2,
Windows Server 2008 R2 SP1, Windows Server 2012,
Windows Server 2012 R2, Windows Server 2016.
Microsoft .NET Framework 4.7.2 is required and included in the installation.
Customers uses SmartExporter also on Citrix or on other server platforms successfully.

Installation
SmartExporter installation package as well as all executables and dynamic link libraries are
signed by Symantec Class 3 SHA256 Code Signing CA.
In order to install SmartExporter properly, the computer must be set to have local
administrator privileges.
Default installation folder is
• C:\Program Files (x86)\Audicon\SmartExporter on x64 operating systems.
Installation of SmartExporter x86 and x64 version or
• C:\Program Files\Audicon\SmartExporter on x86 operating systems.
Only SmartExporter x86 version will be installed
Folder can be changed during setup.

See also chapter Global Application Data.

Update
If a previous version of SmartExporter version is installed on your system, it will be updated
automatically. All settings, data and license information aren’t touched and can be used with
the new version immediately, if it is not otherwise documented.

SmartExporter 2020 R1 - Technical Background and Security Aspects 7

Registry entries
The following registry items are created at installation time
• HKEY_CURRENT_USER\SOFTWARE\Audicon\SmartExporter
• HKEY_LOCAL_MACHINE\SOFTWARE\Audicon\SmartExporter
o AppPath
o AppVersion
These are used for integration in other products like IDEA, SmartAnalyzer or AIS TaxAudit
and enables these to call SmartExporter directly.

SmartExporter 2020 R1 - Technical Background and Security Aspects 8

Edition Overview since SmartExporter 2013 R1
SmartExporter comes with a variety of editions and licensing models tailored to suit the
needs of your company or auditing firm. These are
1. Desktop Edition - SmartExporter full version
2. Client Edition - Optimized for auditor – client workflow
3. Server Edition - Integration in processes like IDEA Server or Alessa formerly
CaseWare Monitor

• One deployment for Desktop and Client Edition

• License key activates edition

• SmartExporter SAP® Components doesn’t need to be activated

• Server Edition as a separate deployment

An edition comparison of the functions can be found at http://smartexporter.de/en/node/103.

Auditor – Client Workflow / “Desktop Edition“ - “Client Edition“

The Client Edition was designed to provide a smooth and optimized workflow between
auditor and client. The Client Edition offers the option to extract data from an SAP® system
in a synchronous and asynchronous way. This guarantees a maximum of flexibility because
the client is able to decide when and how the data requested by the auditor is extracted.
Note:
The licenses of the Desktop and the Client Edition are connected and the Client
Edition can only import Data Requests or favorites created by the corresponding
Desktop Edition. Both licenses (Desktop and Client) have to be activated before they
can be run together.
Auditors and other persons who do not have direct access to an SAP® system can use the
SmartExporter Client Edition to run an existing Data Request. An auditor can benefit from the
Client Edition by simply sending the Data Request he created with his SmartExporter
Desktop version to the company using a Client Edition. The company can run the Data
Request using the SmartExporter Client version which is connected to the Desktop license of
the auditor and extract the required SAP® data which are provided for the auditor.
The following diagram shows the relationship between a SmartExporter Client Edition and a
related Desktop Edition.

SmartExporter 2020 R1 - Technical Background and Security Aspects 9

Where Does SmartExporter Save Data?
SmartExporter saves data in local user and global application data folders or user can
specify location when extracting data.

Local User Data

For every SmartExporter user, input data is stored in files which are located at
%AppData%\Audicon\SmartExporter\<InternalFileVersion> where < InternalFileVersion> is
2.
Local user profile protects private user data from other users using Windows security
mechanism.
Following sub folders are used:
• Connections Contains Information how current user could connect to SAP® systems
• Dictionaries Contains Binary User Data Dictionaries downloaded by user
• Favorites Contains Binary Data Requests saved as favorites
• Licenses Contains text file with license activation information. User can see data
in License Activation tool

SmartExporter 2020 R1 - Technical Background and Security Aspects 10

 • Session Contains global application options file Global.xml
• Trackers Contains xml files about asynchronous Data Requests
• Transfers Intermediate binary Data Requests not saved as favorite
• UserInfo Contains registration information which can be entered in
/Home/Options/Change application options/About SmartExporter

Global Application Data

When SmartExporter is installed, global application data folder will be created and files will
be installed so that every SmartExporter user can use these. Files are located at
%ProgramData%\Audicon\SmartExporter\<InternalFileVersion> where < InternalFileVersion>
is 2.
Following sub folders are used:
• Dictionaries Binary Built-In Data Dictionaries covering English and German SAP®
systems

SmartExporter 2020 R1 - Technical Background and Security Aspects 11

 • Distributor Contains a distributor xml file which is shown in About page
->Distributor details

• Profiles Contains an encrypted file profiles.drm which includes information

about which features can be used in current activated edition.

SmartExporter 2020 R1 - Technical Background and Security Aspects 12

Extracted Data
If user extracts data from a SAP® system, files are saved in folder specified by user.
• For synchronous extraction, it’s the preferred folder in Options page

• For asynchronous extraction, SAP® job saves file on SAP® file server.
Location can be specified by SAP® administrator using SmartExporter SAP®
customizing (transaction /AUDIC/SE_CUST). See
https://docu.audicon.net/SmartExporter/2020R1/Components/en/Content/Sma
rtExporter_SAP_Components/Logical_File.htm .
Alternatively, when SmartExporter SAP® components 7 or higher are
installed, SAP® administrator can define storage locations like FTP server,
WebDAV server or Microsoft Azure File and Blob Services. See
https://docu.audicon.net/SmartExporter/2020R1/Components/en/Content/Sma
rtExporter_SAP_Components/StorageLocation_SE_STRG.htm

When user downloads these files, he can specify the preferred folder in
“Download Files” dialog

SmartExporter 2020 R1 - Technical Background and Security Aspects 13

Communication between SmartExporter Windows Client
and SAP® System / Connections
Following some excerpts of SmartExporter guide:

Online and offline mode

There are several scenarios for the use of SmartExporter. If you have a connection to an
SAP® system, simply collect the data you need to extract. SmartExporter provides a few
different options to extract those data and run the Data Request you have defined. For users
having no direct access to an SAP® system, the offline mode is the suitable way to request
the desired data from SAP® for auditing purposes.

Online mode
If a connection to an SAP® system exists, you are able to export the data directly. To
optimize the export of data you may extract the data from SAP® either synchronously or
asynchronously. Using the synchronous method you are extracting the data immediately
without placing your Data Request in a queue or scheduling the transfer. Using the
asynchronous export, you are able to specify the exact time when the data transfer is to be
done. This enables you to schedule the extraction of data to off-peak hours to reduce the
workload of the system. Depending on your objectives and the data volume you can select
the suitable method of data extraction.

IDEA or SmartAnalyzer of diagram above are optional because SmartExporter also works stand alone.

SmartExporter 2020 R1 - Technical Background and Security Aspects 14

Offline Mode
The offline mode provides access to the data to be analysed for those users who do not have
a connection to an SAP® system. Particularly auditors and other users interested in SAP®
data can create a Data Request and send the generated binary file to their contact in the
company. This person can import the Data Request using the SmartExporter version (e.g.
Client Edition) installed on a machine in the company. Using SmartExporter with connection
to the company’s SAP® system the data can be extracted and provided for the auditor or
others.
The offline mode provides access to the data to be analysed for those users who do not have
a connection to an SAP® system. Particularly auditors and other users interested in SAP®
data can create a Data Request and send the generated binary file to their contact in the
company. This person can import the Data Request using the SmartExporter version (e.g.
Client Edition) installed on a machine in the company. Using SmartExporter with connection
to the company’s SAP® system the data can be extracted and provided for the auditor or
others.

IDEA or SmartAnalyzer of diagram above are optional because SmartExporter also works stand alone.

SmartExporter 2020 R1 - Technical Background and Security Aspects 15

Protocols
SmartExporter either requires the classic RFC DLL 'LIBRFC32.DLL' for communication with
an SAP® system or alternatively supports the SAP NetWeaver® RFC DLLs as of version
2018 R1. For legal reasons, however, these can not be delivered with SmartExporter
(https://support.sap.com/en/product/connectors.html “The redistribution of any connector is not
allowed.”).
If an SAP® GUI version smaller than 7.50 is installed on the same computer as
SmartExporter, "SmartExporter 32-Bit" can use the classic RFC DLL. Please start this (via
Windows START - Programs - Audicon - SmartExporter - SmartExporter (32-bit))

The SAP NetWeaver® RFC DLLs are available as of SAP® NetWeaver 7.10. See SAP Note
413708.

Which variant of SmartExporter is to be used can be set in the category Options, task
Change application settings, navigator item Communication.
If the previous requirements are not fulfilled or if you want to use "SmartExporter 64-Bit",
please carry out the following steps:
Download
If you want to use the classic RFC DLL 'LIBRFC32.DLL', you can download this as a SAP®
registered user from the SAP® ONE Support Launchpad
https://launchpad.support.sap.com/#/softwarecenter/search/classic%2520rfc%2520library.
Please note that for the 32-bit version, you select RFC_13-10009729.SAR (version
7200.3.800.8330) and for the 64-bit version RFC_13-10009731.SAR (version
7200.0.800.8330).
The corresponding SAP NetWeaver® RFC DLLs can be found under
https://launchpad.support.sap.com/#/softwarecenter/search/netweaver%2520rfc%2520library
Unpack
Unpack the .SAR files using the SAP® tool SAPCAR with the parameter -xvf.
Example: SAPCAR_712-80000936.EXE -xvf RFC_13-10009729.SAR
For SAPCAR, see SAP® Note 212876.

In the case of the classic RFC DLL, you will find the 'LIBRFC32.DLL' in the rfcsdk\lib
directory and the SAP NetWeaver® RFC DLLs in the nwrfcsdk\lib directory.
Installation
• If you are using the 32-bit version of SmartExporter "SmartExporter" or
"SmartExporter 32-bit" on a 32-bit Windows operating system, copy it to
"C:\Windows\System32".
• If you are using the 64-bit version of SmartExporter "SmartExporter" or
"SmartExporter 64-bit" on a 64-bit Windows operating system, please copy the 32-bit
version to "C:\ Windows\SysWOW64" and the 64-bit version to
"C:\Windows\System32".

Notes on the classic RFC DLL:

1. Please note that there are different ‘LIBRFC32.DLL’ files for 32-bit and 64-bit
Windows operating systems, but both are ‘LIBRFC32.DLL’!

SmartExporter 2020 R1 - Technical Background and Security Aspects 16

 2. If the ‘LIBRFC32.DLL’ higher than 7200 is used, the error message "Can not call
classic RFC API ..." may be displayed when establishing the connection.

Ports
The following ports are used (https://help.sap.com/viewer/ports):
• Custom application server:
33NN where NN = System number 00 … 99
• Group/Server selection:
36NN where NN = SAP® instance number
• Secure Network Communication (SNC)
48NN
• If SAPRouter string is specified, look at /S/<port> (default port 3299)

See SAP® Logon Pad for connection details.

In case of a “…:<port> not reached” CPIC error, please check if firewall blocks port.

SmartExporter 2020 R1 - Technical Background and Security Aspects 17

Connections
SmartExporter saves how to connect to a SAP® system in an xml file which can be found in
%AppData%\Audicon\SmartExporter\Connections folder.

… with specifying a password

First implementation of SmartExporter was that user should enter a password if he wants to
connect to SAP® system (online mode).
Passwords are encrypted and decrypted using symmetric key algorithm Rijandael/AES 256-
bit SHA1 with a static pass phrase and salt value.

… without specifying a password

Since SmartExporter 2013 R1, it isn’t necessary that user enters a password in “Manage
connections” page.
If the user doesn’t specify a password, SmartExporter will ask for credentials when it
connects to SAP® system for the first time.

As long as user does not close SmartExporter, passwords are stored in memory in a special
“vault” using symmetric key algorithm Rijandael/AES 256-bit SHA1. Salt value is tied to
machine name, user domain name and operating system version and is generated by
Rfc2898DeriveBytes Microsoft .NET class (“Implements password-based key derivation
functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.”
See http://msdn.microsoft.com/de-
de/library/system.security.cryptography.rfc2898derivebytes%28v=vs.100%29.aspx).
For all subsequent logins to SAP® system password input is used. If user closes
SmartExporter, application won’t save such passwords.

SmartExporter 2020 R1 - Technical Background and Security Aspects 18

Support of Secure Network Communication (SNC)
Also since SmartExporter 2013 R1, if secure network communication is configured on the
machine, user can create a connection setting the parameters similar to SAP® GUI for
Windows.
“Secure Network Communications (SNC) integrates SAPNetWeaver Single Sign-On or an
external security product with SAP systems. With SNC, you strengthen security by using
additional security functions provided by a security product that are not directly available with
SAPsystems.
SNC protects the data communication paths between the various client and server
components of the SAP system that use the SAP protocols RFC or DIAG. There are well-
known cryptographic algorithms that have been implemented by the various security
products, and with SNC, you can apply these algorithms to your data for increased
protection.”
From https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e6/56f466e99a11d1a5b00000e835363f/frameset.htm

See following sample configuration Single Sign-On using Kerberos for SmartExporter 32 bit:

See also https://docu.audicon.net/SmartExporter/2020R1/Components/en/Content/Support-

Portal/SecureConnectionSingleSignOn.htm

SmartExporter 2020 R1 - Technical Background and Security Aspects 19

SAP® GUI for Windows: System Entry Properties/Network tab

SmartExporter 2020 R1 - Technical Background and Security Aspects 20

Showing SAP® Error Messages
For support reasons to help our customers, if they have issues to connect to SAP system, we
decided that SmartExporter should show original CPIC messages similar to SAP® GUI for
Windows.

Sample of CPIC message

SmartExporter Test Connection

SAP® GUI for Windows: Create New Connection

SmartExporter 2020 R1 - Technical Background and Security Aspects 21

SAP® GUI for Windows: Error messages when trying to connect to SAP® system

SmartExporter 2020 R1 - Technical Background and Security Aspects 22