EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-20-2010, 02:02
smartins
Guest
 
Posts: n/a
Answered: Best software protector: Themida or Enigma Protector?

Hi guys. I know this is a kinda odd question, but I'm trying to decide between Themida and Enigma Protector as the software solution to protect a program.

I'll be using my own registration engine so I will only use Themida/Enigma Protector to protect the exe from decompiling/analysis.

Which solution do you guys think is more secure, Themida or Enigma Protector?

Thanks!
Reply With Quote
Best Answer - Posted by quosego
Both have been fully defeated. I'd go for good customer care. Beats any protection.
Personally I've got not much experience with enigma, though did not find it particularly impressive when I unpacked it once or twice.

Themida on the other hand I've unpacked many times. Good protector, but not what it used to be nowadays.

I think both have the same probability of being cracked. Depends a bit on the cracker I suppose.
  #2  
Old 02-20-2010, 02:06
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 396
Thanks: 107
Thanked 110 Times in 69 Posts
Groans: 6
Groaned at 3 Times in 3 Posts
Reputation: 0
Av0id is an unknown quantity at this point
Provided Answers: 6
Quote:
I'll be using my own registration engine so I will only use Themida/Enigma Protector to protect the exe from decompiling/analysis.
don't worry, it will be inlined then, use encrypted code parts Luke
Reply With Quote
  #3  
Old 02-20-2010, 05:57
quosego quosego is offline
Lo*eXeTools*rd
 
Join Date: Feb 2009
Posts: 104
Thanks: 8
Thanked 39 Times in 13 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
quosego is an unknown quantity at this point
Provided Answers: 1
Both have been fully defeated. I'd go for good customer care. Beats any protection.
Personally I've got not much experience with enigma, though did not find it particularly impressive when I unpacked it once or twice.

Themida on the other hand I've unpacked many times. Good protector, but not what it used to be nowadays.

I think both have the same probability of being cracked. Depends a bit on the cracker I suppose.
Reply With Quote
The Following User Says Thank You to quosego For This Useful Post:
  #4  
Old 02-20-2010, 17:36
smartins
Guest
 
Posts: n/a
Thanks for your reply.

Do you have any suggestion for a protector you feel is better than any of these two I mentioned? I also have TTProtect, VMProtect, NoobyProtect and Code Virtualizer (although this last one will only obfuscate with a virtual machine the areas I select) on my list. Do you have any comments to make about any of these programs?

Last edited by smartins; 02-20-2010 at 17:45.
Reply With Quote
  #5  
Old 02-21-2010, 01:26
Deathway's Avatar
Deathway Deathway is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 40
Thanks: 8
Thanked 154 Times in 23 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 2
Deathway is an unknown quantity at this point
Quote:
Originally Posted by smartins View Post
Thanks for your reply.

Do you have any suggestion for a protector you feel is better than any of these two I mentioned? I also have TTProtect, VMProtect, NoobyProtect and Code Virtualizer (although this last one will only obfuscate with a virtual machine the areas I select) on my list. Do you have any comments to make about any of these programs?
Well, don't know about Enigma nor VMProtect, but Themida or WinLicense has been fully defeated. About Code Virtualizer, I made a CodeUnvirtualizer to fully convert Virtual Opcodes to Assembler Language . The same with CISC machines in Themida and WinLicense, about RISC part, until know didn't see any public tool that can dothis job.
Reply With Quote
The Following User Says Thank You to Deathway For This Useful Post:
  #6  
Old 02-21-2010, 04:17
quosego quosego is offline
Lo*eXeTools*rd
 
Join Date: Feb 2009
Posts: 104
Thanks: 8
Thanked 39 Times in 13 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
quosego is an unknown quantity at this point
Provided Answers: 1
Quote:
Themida has been impossible, for now...
Hmmm as deathway also noted themida has not been impossible for quite some time.

VMprotect has no public devirtulaizer, but they exist. Obfuscation is also pretty lame there. It's antidebug I'd say is best of all these, however with the correct plugins you don't have to do anything to bypass.. And sunbeam documented this pretty well.

Noobyprotect is not often used and has some compatibility issues I noticed, at least in the crackme's released. Perhaps they're fixed by now. No experience with TTprotect, rarely used as far as I know.

Well the point is actually all have been defeated, though most are actually pretty good. Themida/enigma and VMprotect are the more commonly used ones, but they all have been defeated. There's simply no flawless protector out there. The above protectors will stop all newbies anyway so in that regard you're already good.
Reply With Quote
The Following User Says Thank You to quosego For This Useful Post:
  #7  
Old 02-21-2010, 16:39
metr0 metr0 is offline
Lo*eXeTools*rd
 
Join Date: Apr 2009
Posts: 64
Thanks: 19
Thanked 11 Times in 5 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
metr0 is an unknown quantity at this point
Well, we got Themida/WL/CV defeated, VMProtect unpacking is doable as well (proven by LCF-AT and Nooby) and NoobyProtect seems to have some teething troubles.

TTProtect hasn't updated for ages if I'm not mistaken and does not run on my Windows 7 box. Might be some kernel32 retrieval issue?

Protection coders used to offer customized versions, not sure about them still doing it. There are custom Armadillo versions but it's defeated as well.

I'd go for a customized VM protector (insisting on the customization of the VM; if you got the budget and it's worth it) plus some own protection tricks which will keep off newbies using scripts/step-by-step tutorials as quo already mentioned.
Reply With Quote
The Following User Says Thank You to metr0 For This Useful Post:
  #8  
Old 02-22-2010, 05:26
AttonRand AttonRand is offline
Junior Member
 
Join Date: Jan 2009
Posts: 21
Thanks: 12
Thanked 2 Times in 2 Posts
Groans: 1
Groaned at 0 Times in 0 Posts
Reputation: 0
AttonRand is an unknown quantity at this point
Coders trust so much protectors that they feel secure just by enabling some/all features which the protector offers.
Most of them doesnt even care about using code markers in their source thus making unpacking very easy and cut off 50% of protector power.

All the protectors you listed are quiete good but depends on the way you implement them.

My advice: develop your own registration procedure, add some asm tricks to your app and pack it using code crypters.
Reply With Quote
The Following User Says Thank You to AttonRand For This Useful Post:
  #9  
Old 02-22-2010, 13:38
SaNX SaNX is offline
ex-eVC cracker
 
Join Date: Feb 2010
Location: Russia
Posts: 59
Thanks: 1
Thanked 30 Times in 12 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
SaNX is an unknown quantity at this point
Remember this release: VB.Decompiler.Pro.7.7.RETAIL.INCL_KEYGEN-FFF.rar. VB Decompiler uses Themida's registration scheme. So, it can be breaked too
Reply With Quote
The Following User Says Thank You to SaNX For This Useful Post:
  #10  
Old 02-23-2010, 19:44
Enigma Enigma is offline
Senior Member
 
Join Date: Oct 2009
Posts: 29
Thanks: 0
Thanked 23 Times in 8 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
Enigma is an unknown quantity at this point
Quote:
Originally Posted by AttonRand View Post
Coders trust so much protectors that they feel secure just by enabling some/all features which the protector offers.
Most of them doesnt even care about using code markers in their source thus making unpacking very easy and cut off 50% of protector power.
It is most useful and correct advice to my mind. Many people buy a protector, simply choose input and output files and click protect button. After some time they become amazed to find a cracked executable of own software. Probably the most unpacked programs are not a weakness of protection systems but the lazy of software developers.

Simply spend a whole day for protection implementing and you will get good results.

Quote:
Originally Posted by AttonRand View Post
My advice: develop your own registration procedure, add some asm tricks to your app and pack it using code crypters.
Disagree regarding this... If you are not well in cryptography then you could make many errors applying own registration, that could be bypassed and keygened. Registration routines of protectors are much stronger and do not have mistakes (not sure about all protectors of course )

Regarding asm tricks - also disagree, some tricks could work on 50% machines, but for another 50% you will get a crash. It is really better to use protectors that had been dozen times tested on dozen machines..
Reply With Quote
The Following User Says Thank You to Enigma For This Useful Post:
  #11  
Old 02-24-2010, 00:49
Gladiyator's Avatar
Gladiyator Gladiyator is offline
Senior Member
 
Join Date: Jan 2009
Location: .:: Tehran ::.
Posts: 62
Thanks: 53
Thanked 50 Times in 14 Posts
Groans: 0
Groaned at 1 Time in 1 Post
Reputation: 0
Gladiyator is an unknown quantity at this point
it think the best of protectors is that you develop it , because for many protectors we have so many tools that make it easy to unpack for newbie users.
Reply With Quote
The Following User Says Thank You to Gladiyator For This Useful Post:
  #12  
Old 04-26-2010, 19:30
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 530
Thanks: 33
Thanked 29 Times in 10 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
taos is an unknown quantity at this point
Provided Answers: 6
And remember, Themida is having a lot of false positives with antivirus.
__________________
omnino lo qui quae que quod somos es pulvis en el ventus.
TAOS

-The opposite of courage in our society is not cowardice, but conformity-
Reply With Quote
  #13  
Old 04-27-2010, 08:46
unknownone unknownone is offline
Junior Member
 
Join Date: Apr 2002
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
unknownone is an unknown quantity at this point
enigma? a joke jaja
Reply With Quote
  #14  
Old 04-27-2010, 17:58
ChupaChu's Avatar
ChupaChu ChupaChu is offline
Senior Member
 
Join Date: Dec 2007
Posts: 38
Thanks: 0
Thanked 0 Times in 0 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Reputation: 0
ChupaChu is an unknown quantity at this point
imho best way to protect your software is:
1. to not alow crackers to read authentification algorithms - simply put them on some web server, and athenticate through some php script.. the algorithm can be simple as you want..
2. encrypt and decrypt exe critical code parts on the fly using the key that can be checked only on the web..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Enigma Protector ollydbg Software Release 83 04-01-2014 08:11
The Enigma Protector 3.70注册机模块汉化版 speedboy Chinese Area 0 06-05-2012 08:36
The Enigma Protector v2.00 ollydbg General Discussion 2 06-07-2010 03:27
Enigma protector The Boss Software Release 4 12-18-2005 17:54


All times are GMT +8. The time now is 00:33.


苏ICP备05004977号
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX