traps for hackers - a guide for advanced software protection techniques
TRANSCRIPT
Page 1WIBU-SYSTEMS AG
Traps for Hackers
Advanced Software Protection Techniques
Rüdiger Kügler
VP Sales | Security Expert
Page 2WIBU-SYSTEMS AG
Easy Automatic Software
Protection
Page 3WIBU-SYSTEMS AG
Original Executable
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
04 10 40 00 03 07 42 6F 6F 6C 65 61 6E 01 00 00
00 00 01 00 00 00 00 10 40 00 05 46 61 6C 73 65
04 54 72 75 65 8D 40 00 2C 10 40 00 02 04 43 68
61 72 01 00 00 00 00 FF 00 00 00 90 40 10 40 00
01 07 49 6E 74 65 67 65 72 04 00 00 00 80 FF FF
FF 7F 8B C0 58 10 40 00 01 04 42 79 74 65 01 00
00 00 00 FF 00 00 00 90 6C 10 40 00 01 04 57 6F
72 64 03 00 00 00 00 FF FF 00 00 90 80 10 40 00
01 08 43 61 72 64 69 6E 61 6C 05 00 00 00 00 FF
FF FF FF 90 98 10 40 00 0A 06 53 74 72 69 6E 67
EC 10 40 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EC 10 40 00 04 00 00 00 00 00 00 00 44 33 40 00
50 33 40 00 54 33 40 00 58 33 40 00 4C 33 40 00
94 30 40 00 B0 30 40 00 EC 30 40 00 07 54 4F 62
6A 65 63 74 F8 10 40 00 07 07 54 4F 62 6A 65 63
PE..L....^B*....
.True.@.,[email protected]
ar.....ÿ....@.@.
..Integer.....ÿÿ
ÿ..À[email protected]..
rd.....ÿÿ.....@.
..Cardinal.....ÿ
ì.@.............
................
[email protected]@[email protected]@.
.0@.°0@.ì[email protected]
jectø[email protected]
Page 4WIBU-SYSTEMS AG
Automatic Protected Executable
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
B2 22 E8 E1 CA 85 3E 24 C5 30 D8 4E 89 7A DC D1
59 16 4B 75 53 FC E6 7E 87 1B A8 10 9D 00 10 1D
C7 15 2C AF 69 81 53 62 DE A6 F4 68 23 8F 20 45
49 6F F6 48 22 E7 B0 DA D1 4F 3E EF 39 FA FB 5D
A2 59 D0 BD 1A A9 DD F4 67 44 DB 30 C1 B8 82 0C
C3 FE 28 35 60 C3 50 46 4A 63 4C 37 EE BD 1D 4B
A8 B9 DB C5 D3 AE C5 51 27 B6 7A 80 75 99 52 79
A4 35 9C B2 1E FA D3 DD 10 DD E0 F6 D6 B0 3B 41
E8 D1 D9 6D DD 1B 74 CB 82 63 82 0A F7 B3 0C 21
CF BD 5D 71 23 8F EF C4 4C F0 79 0E 42 AA 06 BF
EA 5F E9 DC C5 2E 7E CC A2 3B 5D C3 F9 5F AC B2
89 59 E3 B0 0F E8 D0 58 D4 6E 7E 9C E2 C9 7A 65
0F 5B EE 1F 99 47 2F 74 E4 01 AE FB 18 0A 09 80
92 0F 6C 45 78 02 8B FE 06 E2 17 18 23 82 E4 5B
D9 5C 76 98 FD 18 4E 14 39 A1 C2 42 90 13 C4 23
5E BA A7 9A 3C AB 7D 78 17 78 DC DF 92 B8 1B C9
96 04 1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00
EA 06 1F 00 D4 06 1F 00 3A 06 1F 00 02 06 1F 00
E6 05 1F 00 CA 05 1F 00 12 05 1F 00 A8 05 1F 00
PE..L....^B*....
²"èáÊ.>$Å0ØN.zÜÑ
Y.KuSüæ~..¨.....
Ç.,¯i.SbÞ¦ôh#..E
IoöH"ç°ÚÑO>ï9úû]
¢Yн.©ÝôgDÛ0Á¸..
Ãþ(5`ÃPFJcL7î½.K
¨¹ÛÅÓ®ÅQ'¶z.u.Ry
¤5.².úÓÝ.ÝàöÖ°;A
èÑÙmÝ.tË.c..÷³.!
Ͻ]q#.ïÄLðy.Bª.¿
ê_éÜÅ.~Ì¢;]Ãù_¬²
.Yã°.èÐXÔn~.âÉze
.[î..G/tä.®û....
..lEx..þ.â..#.ä[
Ù\v.ý.N.9¡ÂB..Ä#
^º§.<«}x.xÜß.¸.É
....ö.......ú...
ê...Ô...:.......
æ...Ê.......¨...
Page 5WIBU-SYSTEMS AG
Easy Automatic Software Protection
During development:
Wrapper encrypts whole application
Wrapper adds decryption code (security engine)
Wrapper changes OEP to decryption code
During runtime:
Security engine gets executed
Security engine checks if license is available
Security engine uses license to decrypt code
Security engine jumps to original OEP
Page 6WIBU-SYSTEMS AG
How to crack this type of protection?
1. Load application into memory
2. Stop at OEP
3. Generate memory dump
4. Correct OEP in memory dump
5. Reconstruct IATInstr
uctio
n b
oo
k
Page 7WIBU-SYSTEMS AG
Improved Easy Automatic
Software Protection
AxProtector
Page 8WIBU-SYSTEMS AG
AxProtector does more …
Page 9WIBU-SYSTEMS AG
Function Level Software
Protection
IxProtector
Page 10WIBU-SYSTEMS AG
Original Executable
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3 3B 0D 00 30 40 00 75 02 F3 C3 E9
98 02 00 00 68 16 15 40 00 E8 8B 04 00 00 A1 60
33 40 00 C7 04 24 2C 30 40 00 FF 35 5C 33 40 00
A3 2C 30 40 00 68 1C 30 40 00 68 20 30 40 00 68
18 30 40 00 FF 15 94 20 40 00 83 C4 14 A3 28 30
40 00 85 C0 79 08 6A 08 E8 A5 03 00 00 59 C3 6A
10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D 80
33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40 00
89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4 BF
74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3 74
19 3B C6 75 08 33 F6 46 89 75 E4 EB 10 68 E8 03
00 00 FF 15 34 20 40 00 EB DA 33 F6 46 A1 70 33
40 00 3B C6 75 0A 6A 1F E8 35 03 00 00 59 EB 3B
PE..L....^B*....
SVWhô.@.ÿ.¨.@..=
..@.....@..Ä..I.
ÿ×.ðVÿÓ.Ä..þ.uñ_
^3À[Ã;[email protected].óÃé
....h..@.è....¡`
3@.Ç.$,0@.ÿ5\3@.
£,[email protected]@[email protected]
.0@.ÿ...@..Ä.£(0
@..Ày.j.è¥...YÃj
.hø!@.è....3Û9..
[email protected]ÿ.,.@.
.]üd¡.....p..]ä¿
[email protected]ÿ.0.@.;Ãt
.;Æu.3öF.uäë.hè.
..ÿ.4.@.ëÚ3öF¡p3
@.;Æu.j.è5...Yë;
Page 11WIBU-SYSTEMS AG
SVWhô.@.ÿ.¨.@..=
..@.....@..Ä..I.
ÿ×.ðVÿÓ.Ä..þ.uñ_
^3À[Ã;[email protected].óÃé
....h..@.è....¡`
3@.Ç.$,0@.ÿ5\3@.
£,[email protected]@[email protected]
.0@.ÿ...@..Ä.£(0
@..Ày.j.è¥...YÃj
.hø!@.è....3Û9..
[email protected]ÿ.,.@.
.]üd¡.....p..]ä¿
[email protected]ÿ.0.@.;Ãt
.;Æu.3öF.uäë.hè.
..ÿ.4.@.ëÚ3öF¡p3
@.;Æu.j.è5...Yë;
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3 3B 0D 00 30 40 00 75 02 F3 C3 E9
98 02 00 00 68 16 15 40 00 E8 8B 04 00 00 A1 60
33 40 00 C7 04 24 2C 30 40 00 FF 35 5C 33 40 00
A3 2C 30 40 00 68 1C 30 40 00 68 20 30 40 00 68
18 30 40 00 FF 15 94 20 40 00 83 C4 14 A3 28 30
40 00 85 C0 79 08 6A 08 E8 A5 03 00 00 59 C3 6A
10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D 80
33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40 00
89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4 BF
74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3 74
19 3B C6 75 08 33 F6 46 89 75 E4 EB 10 68 E8 03
00 00 FF 15 34 20 40 00 EB DA 33 F6 46 A1 70 33
40 00 3B C6 75 0A 6A 1F E8 35 03 00 00 59 EB 3B
Cut it into many pieces
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
3B 0D 00 30 40 00 75 02 F3 C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
Page 12WIBU-SYSTEMS AG
96 04 1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00 EA 06 1F 00 D4 06 1F 00 3A
06 1F 00 02 06 1F 00 E6 05 1F 00 CA 05 1F 00 12 05 1F 00 A8 05 1F 00 96 04
1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00 EA 06 1F 00 D4 06 1F 00 3A 06 1F
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
3B 0D 00 30 40 00 75 02 F3 C3 74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
Encrypt each piece separately
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
80 92 0F 6C 45 78
02 8B FE 06 E2 17
18 23 82 E4 5B D9
5C 76 98 FD 18 4E
14 39 A1 C2 42 90
13 C4 23 5E BA A7
9A 3C AB 7D 78 17
FE 28 35 60 C3 50 46 4A 63 4C 37 EE BD 1D 4B A8
B9 DB C5 D3 AE C5 51 27 B6 7A 80 75 99 52 79 A4
35 9C B2 1E FA D3 DD 10 DD E0 F6 D6 B0 3B 41 E8
D1 D9 6D DD B3
47 2F 74 E4 01 AE FB 18 0A 09
1B 74 CB 82 63 82 0A F7 B3 0C 21 CF BD 5D 71 23
8F EF C4 4C F0 79 0E 42 AA 06 BF EA 5F E9 DC C5
2E 7E CC A2 3B 5D C3 F9 5F AC B2 89 59 E3 B0 0F
E8 D0 58 D4 6E 7E 9C E2 C9 7A 65 0F 5B EE 1F 99
B2 22 E8 E1 CA 85 3E 24
C5 30 D8 4E 89 7A DC D1
59 16 4B 75 53 FC E6 7E
87 1B A8 10 9D 00 10 1D
C7 15 2C AF 69 81 53 62
DE A6 F4 68 23 8F 20 45
49 6F F6 48 22 E7 B0 DA
D1 4F 3E EF 39 FA FB 5D
A2 59 D0 BD 1A A9 DD F4
67 44 DB 30 C1 B8 82 0C
78 DC DF 92 B8 1B C9 97 BE F2 59 64 7F 03 D2 1C 6A 07
24 5A 77 A0 0E E9 BC 62 2E 6C 57 4A 9E 89 61 D0 F3 66
90 31 89 BC B7 C4 F2 B2 5C F4 04 FA BD 5A E9 64 C6 EE
F8 D0 3C 73 F8 AD 15 BF 10 C7 4B 4D 2C 65 A6 64 3D 44
1C A4 77
Page 13WIBU-SYSTEMS AG
Function Level Software Protection
During development:
IxProtector cuts application into many pieces
IxProtector encrypts every piece separately
…
During runtime:
Every piece is decrypted when needed (see
differences for .NET, Win32/64 and Java)
Piece of code is re-encrypted / deleted from cache
Page 14WIBU-SYSTEMS AG
FE 28 35 60 C3 50 46 4A 63 4C 37 EE BD 1D 4B A8
B9 DB C5 D3 AE C5 51 27 B6 7A 80 75 99 52 79 A4
35 9C B2 1E FA D3 DD 10 DD E0 F6 D6 B0 3B 41 E8
D1 D9 6D DD B3
47 2F 74 E4 01 AE FB 18 0A 09
Snapshot from memory
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
3B 0D 00 30 40 00 75 02 F3 C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
96 04 1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00 EA 06 1F 00 D4 06 1F 00 3A
06 1F 00 02 06 1F 00 E6 05 1F 00 CA 05 1F 00 12 05 1F 00 A8 05 1F 00 96 04
1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00 EA 06 1F 00 D4 06 1F 00 3A 06 1F
80 92 0F 6C 45 78
02 8B FE 06 E2 17
18 23 82 E4 5B D9
5C 76 98 FD 18 4E
14 39 A1 C2 42 90
13 C4 23 5E BA A7
9A 3C AB 7D 78 17
1B 74 CB 82 63 82 0A F7 B3 0C 21 CF BD 5D 71 23
8F EF C4 4C F0 79 0E 42 AA 06 BF EA 5F E9 DC C5
2E 7E CC A2 3B 5D C3 F9 5F AC B2 89 59 E3 B0 0F
E8 D0 58 D4 6E 7E 9C E2 C9 7A 65 0F 5B EE 1F 99
B2 22 E8 E1 CA 85 3E 24
C5 30 D8 4E 89 7A DC D1
59 16 4B 75 53 FC E6 7E
87 1B A8 10 9D 00 10 1D
C7 15 2C AF 69 81 53 62
DE A6 F4 68 23 8F 20 45
49 6F F6 48 22 E7 B0 DA
D1 4F 3E EF 39 FA FB 5D
A2 59 D0 BD 1A A9 DD F4
67 44 DB 30 C1 B8 82 0C
78 DC DF 92 B8 1B C9 97 BE F2 59 64 7F 03 D2 1C 6A 07
24 5A 77 A0 0E E9 BC 62 2E 6C 57 4A 9E 89 61 D0 F3 66
90 31 89 BC B7 C4 F2 B2 5C F4 04 FA BD 5A E9 64 C6 EE
F8 D0 3C 73 F8 AD 15 BF 10 C7 4B 4D 2C 65 A6 64 3D 44
1C A4 77
FE 28 35 60 C3 50 46 4A 63 4C 37 EE BD 1D 4B A8
B9 DB C5 D3 AE C5 51 27 B6 7A 80 75 99 52 79 A4
35 9C B2 1E FA D3 DD 10 DD E0 F6 D6 B0 3B 41 E8
D1 D9 6D DD B3
47 2F 74 E4 01 AE FB 18 0A 09
Page 15WIBU-SYSTEMS AG
IxProtector
Win32 / Win64
Developer defines functions (WUPIDECLFUNC)
Possible on self defined area
Developer integrates decryption / encryption manually
(WupiDecryptCode / WupiEncryptCode)
.NET
Automatically, per method
Option: definition per attribute
Java
Automatically, per class
Page 16WIBU-SYSTEMS AG
How to crack Function Level Protection?
Memory Dumping?
How to run 100% of your code?
Even in your test cases you don‘t reach > 80%
Not reasonable for a „real“ application
Automatic decryption tool
Analysis of the structure of the protected application
Decryption of each piece (method / class / area)
Re-creation of the complete application
Page 17WIBU-SYSTEMS AG
Function Level Software
Protection with Traps
Traps
Page 18WIBU-SYSTEMS AG
Statements
It is not possible to decrypt the whole software
or even small pieces without the right key.
CodeMeter offers
license locking
(FAC = 0).
CodeMeter: A
locked license is
like “no key”.
Page 19WIBU-SYSTEMS AG
Original Executable (in pieces)
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
3B 0D 00 30 40 00 75 02 F3 C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
Page 20WIBU-SYSTEMS AG
Inserted Traps (Locking Sequences)
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
3B 0D 00 30 40 00 75 02 F3 C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
LO CK IN G# SE QU EN CE 04 50 35 B6 8C 29 69 D4
D3 95 D7 BA 78 06 1D 9A 95 87 28 19 BE 38 1A E7
LO CK IN G# SE QU EN CE
E7 CA DB BA 05 75 8F BA
Page 21WIBU-SYSTEMS AG
LO CK IN G# SE QU EN CE
E7 CA DB BA 05 75 8F BA
LO CK IN G# SE QU EN CE 04 50 35 B6 8C 29 69 D4
D3 95 D7 BA 78 06 1D 9A 95 87 28 19 BE 38 1A E7
74 19 3B C6 75 08
33 F6 46 89 75 E4
EB 10 68 E8 03 00
00 FF 15 34 20 40
00 EB DA 33 F6 46
A1 70 33 40 00 3B
C6 75 0A 6A 1F E8
3B 0D 00 30 40 00 75 02 F3 C3
6A 10 68 F8 21 40 00 E8 15 06 00 00 33 DB 39 1D
80 33 40 00 75 0B 53 53 6A 01 53 FF 15 2C 20 40
00 89 5D FC 64 A1 18 00 00 00 8B 70 04 89 5D E4
BF 74 33 40 00 53 56 57 FF 15 30 20 40 00 3B C3
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D A0 20
40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00 FF D7 8B F0
56 FF D3 83 C4 04 83 FE 2E 75 F1 5F 5E 33 C0 5B C3 3B
0D 00 30 40 00 75 02 F3 C3 E9 98 02 00 00 68 16 15 40
00 E8 8B
53 56 57 68 F4 20 40 00 FF 15 A8 20 40 00 8B 3D
A0 20 40 00 8B 1D 9C 20 40 00 83 C4 04 8D 49 00
FF D7 8B F0 56 FF D3 83 C4 04 83 FE 2E 75 F1 5F
5E 33 C0 5B C3
80 92 0F 6C 45 78
02 8B FE 06 E2 17
18 23 82 E4 5B D9
5C 76 98 FD 18 4E
14 39 A1 C2 42 90
13 C4 23 5E BA A7
9A 3C AB 7D 78 17
47 2F 74 E4 01 AE FB 18 0A 09
1B 74 CB 82 63 82 0A F7 B3 0C 21 CF BD 5D 71 23
8F EF C4 4C F0 79 0E 42 AA 06 BF EA 5F E9 DC C5
2E 7E CC A2 3B 5D C3 F9 5F AC B2 89 59 E3 B0 0F
E8 D0 58 D4 6E 7E 9C E2 C9 7A 65 0F 5B EE 1F 99
78 DC DF 92 B8 1B C9 97 BE F2 59 64 7F 03 D2 1C 6A 07
24 5A 77 A0 0E E9 BC 62 2E 6C 57 4A 9E 89 61 D0 F3 66
90 31 89 BC B7 C4 F2 B2 5C F4 04 FA BD 5A E9 64 C6 EE
F8 D0 3C 73 F8 AD 15 BF 10 C7 4B 4D 2C 65 A6 64 3D 44
1C A4 77
04 50 35 B6 8C 29 69 D4 D3 95 D7 BA 78 06 1D 9A
95 87 28 19 BE 38 1A E7 9F 30 80 72 F9 A9 A2 23
E7 CA DB BA 05 75 8F BA
C2 23 1E 42 A1 15 A4 4D
E9 98 02 00 00 68 16 15
40 00 E8 8B 04 00 00 A1
60 33 40 00 C7 04 24 2C
30 40 00 FF 35 5C 33 40
00 A3 2C 30 40 00 68 1C
30 40 00 68 20 30 40 00
68 18 30 40 00 FF 15 94
20 40 00 83 C4 14 A3 28
30 40 00 85 C0 79 08 6A
08 E8 A5 03 00 00 59 C3
Which one is a Locking Sequence?
50 45 00 00 4C 01 09 00 19 5E 42 2A 00 00 00 00
FE 28 35 60 C3 50 46 4A 63 4C 37 EE BD 1D 4B A8
B9 DB C5 D3 AE C5 51 27 B6 7A 80 75 99 52 79 A4
35 9C B2 1E FA D3 DD 10 DD E0 F6 D6 B0 3B 41 E8
D1 D9 6D DD B3
B2 22 E8 E1 CA 85 3E 24
C5 30 D8 4E 89 7A DC D1
59 16 4B 75 53 FC E6 7E
87 1B A8 10 9D 00 10 1D
C7 15 2C AF 69 81 53 62
DE A6 F4 68 23 8F 20 45
49 6F F6 48 22 E7 B0 DA
D1 4F 3E EF 39 FA FB 5D
A2 59 D0 BD 1A A9 DD F4
67 44 DB 30 C1 B8 82 0C
96 04 1F 00 F6 04 1F 00 0A 07 1F 00 FA 06 1F 00 EA 06 1F 00 D4 06 1F 00 3A
Page 22WIBU-SYSTEMS AG
IxProtector with Traps
Win32 / Win64
Manual definition of a trap
.NET
Manual definition with attribute
Automatic generation of traps
Java
Not supported
Page 23WIBU-SYSTEMS AG
Improvements
Make traps look like standard functions.
if (false) { call trap()}
Duplicate code to run your code in different
variations.
Page 24WIBU-SYSTEMS AG
Traps with Ax/IxProtector .NET
Automatic implementation
Manual implementation
Page 25WIBU-SYSTEMS AG
Automatic traps with Ax/IxProtector .NET
Page 26WIBU-SYSTEMS AG
Ax/IxProtector + Traps vs.
CodeMoving / AppOnChip
Comparison
Page 27WIBU-SYSTEMS AG
Comparison
AxProtector /
IxProtetcor / Traps
CodeMoving /
AppOnChip
Network License Yes (+) Limited (-)
Performance High (+) Low (-)
Code never decrypted No (-) Yes (+)
Any code piece Yes (+) Special functions (-)
Many code pieces Yes (+) Limited (-)
Locking of keys Yes (+) No (-)
Implementation effort Medium (+) Low .. High (-)
SummaryMore pieces & higher performance & locking
Ax/IxProtector = scalable / highest security
Page 28WIBU-SYSTEMS AG
Germany: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
worldwide: http://www.wibu.com