Share Your Key - Share Your Costs - wibu-systems ag
Share Your Key - Share Your Costs - wibu-systems ag
Share Your Key - Share Your Costs - wibu-systems ag
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
E V E N T S<br />
Why did Not One of the 1092<br />
Contestants Succeed?<br />
Although the challenge was theoretically solvable,<br />
not one of the contestants could fully<br />
remove the protection. Most of the contestants<br />
fell in the trap of trying to by-pass the intruder<br />
detection and had their license locked in the Cm-<br />
Stick. This resulted in further brute-force attacks<br />
to the encryption. The chance of breaking the<br />
128-bit AES encryption was slim to none. Other<br />
contestants failed to jump other hurdles. But<br />
we did receive some excellent partial solutions<br />
and we awarded those contestants with 500 to<br />
2000 Euro each. Hackers or Crackers go down<br />
different paths than developers and the partial<br />
solutions were important input for us. These<br />
partial winners discovered some weaknesses<br />
in our system which we not seen before. And<br />
the discovery of these weaknesses allowed us<br />
to strengthen our overall security.<br />
The partial solutions included creating memory<br />
dumps and also the attempt to replace the<br />
CmStick with record-playback simulation within<br />
the communication of the protected application<br />
with the CodeMeter runtime. One of these<br />
attacks is described in detail in the renowned<br />
Germany computer m<strong>ag</strong>azine “c’t”, 21/2007,<br />
describing the tools used, like IDAPro, ImpRec,<br />
OllyDebug and NetCat. But, this attack did not<br />
provide a completely successful solution to the<br />
Hacker’s Contest: A second function also had<br />
to be decrypted – its license item was already<br />
in the CmStick, but not activated by a single bit.<br />
Since the contest we have added enhancement<br />
to the CodeMeter Runtime Kit – the attack of<br />
the “c’t” is now no longer possible.<br />
Attacking Methods<br />
Attacking Methods and why they don’t work<br />
with CodeMeter:<br />
Memory Dumping: CodeMeter uses<br />
“On Demand Decryption“, this means<br />
there is no time after running the complete<br />
program when code and resources are<br />
completely decrypted in the main memory<br />
of the PC.<br />
Dummy Driver: By using complex<br />
encryption, a simulation of the encryption<br />
by dummy drivers is prohibited, because<br />
there is no limit to the number of answers<br />
for calling a function.<br />
Cracking Tools: Most of the usual<br />
cracking tools will be detected by the<br />
protected application and this detection<br />
1092 Contestants from 27 Countries<br />
Germany 33%<br />
Rest 14%<br />
can be used to lock the license in the<br />
hardware (CmStick), avoiding any further<br />
attacks.<br />
Record-/Playback Driver: The use of<br />
randomly varied encryptions and changing<br />
of the Encryption Code avoids a successful<br />
use of recording and playback for a longer<br />
time range.<br />
Emulation of the CmSticks: The use<br />
of strong encryption (AES) and the use of<br />
secure hardware – a smart-card controller,<br />
make a complete emulation of the hardware<br />
nearly impossible.<br />
Patching of some bytes: With CodeMeter,<br />
protected applications are no longer<br />
using single checkpoints. But large areas<br />
of code and data are encrypted and such<br />
patching is impossible, especially when<br />
the automatic protection offered by AxProtector<br />
is used.<br />
Competition Program<br />
As an example, we show the competition<br />
program below, after the start, loading and<br />
decryption with the correct CmStick, in the<br />
memory of the PC: The green areas are still<br />
encrypted. The resource data areas are always<br />
encrypted and are only partially decrypted on<br />
demand. The IAT (Import Address Table), which<br />
is the connection to the called operating system<br />
remains encrypted as well as the individual<br />
functions – with two in the hacker’s contest. It<br />
is easy to understand that a memory dump will<br />
be not successful.<br />
India 2% Spain 2%<br />
Ukraina 2%<br />
PE Header<br />
Code Section<br />
Data Section<br />
China 18%<br />
France 3%<br />
Bangladesh 3%<br />
Poland 2%<br />
OEP<br />
Resource Section<br />
The Netherlands 4%<br />
Hungary 4%<br />
Link to new OEP<br />
IAT<br />
IAT redirect<br />
Security Section<br />
Security Code IAT<br />
USA 10%<br />
Operating<br />
System<br />
The Bottom Line<br />
We accept that no security system is 100%<br />
secure. But a high level of security can be<br />
reached by:<br />
Secure Hardware: The CmStick provides for<br />
secure key stor<strong>ag</strong>e and strong encryption<br />
in a smart-card chip. The CodeMeter<br />
System includes a crack detection, which<br />
can lock the license key.<br />
Secure Integration Technology: The code<br />
and resources of the protected application<br />
will never be completely decrypted in the<br />
main memory of the PC. Variable encryption,<br />
anti-debugging and obfuscation<br />
technology as well as tools to individually<br />
integrate the source code increase the<br />
security level <strong>ag</strong>ain.<br />
The “simple to use” tools from WIBU-SYSTEMS<br />
like AxProtector for automatic protection and<br />
the IxProtector to individually integrate the<br />
source code provide a maximum of protection.<br />
These are some of the main advant<strong>ag</strong>es of our<br />
solution… in addition to the high fl exibility of<br />
CodeMeter.<br />
13