Vulnerabilities in software protectors
Other software protectors have important vulnerabilities, which prevent them from being a perfect solution to protect an application against reverse engineering or cracking. The following section identifies some of those vulnerabilities and shows how Themida resolves them.
Obsolete protection techniques
Most modern software protection systems use already broken techniques that are quite easy to bypass. Normally, an attacker will reuse the same proven tools that have been used over years to break protection systems. Often the attacker will release a global technique to attack every application protected by a specific protection system. SecureEngine uses new technology in software protection to ensure each protected application is unique thus preventing any cracking tool from being used to create a universal crack to your application.
Attackers are one step ahead of the protection system
When a software protection system has been broken, their authors implement patches to avoid a specific attack from being used again on new versions. Typically attackers will inspect the new changes that have been applied in the new version and will easily bypass them again. In this common scenario, attackers are always one step ahead from the protection system because the new applied patches can easily be identified and defeated.
SecureEngine has a different approach to avoid this. If vulnerability is found the vulnerable object is quickly changed (due to the mutable technology used in SecureEngine) instead of releasing a patch against the specific threat. The new object, joined with the rest of the SecureEngine objects, creates a completely new protection system. The benefits of this, when compared to common software protectors, is that attackers will have to reexamine the whole protection code to bypass the new changes.
Understanding the risk
When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Then the object files are linked together to create the final executable.
In the same manner that the source code of an application is converted into machine code at compilation time, there are tools that can convert a compiled application into assembly language or a higher programming language. These tools are known as dissemblers and de-compilers.
An attacker can use a dissembler or de-compiler to study how a specific application works and what a specific routine does. When the attacker has a good knowledge of the target application, he can modify the compiled application to alter his behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever or even worse, cause the application to behave as if it was registered.
|