EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-20-2010, 02:02
smartins
Guest
 
Posts: n/a
Best software protector: Themida or Enigma Protector?

Hi guys. I know this is a kinda odd question, but I'm trying to decide between Themida and Enigma Protector as the software solution to protect a program.

I'll be using my own registration engine so I will only use Themida/Enigma Protector to protect the exe from decompiling/analysis.

Which solution do you guys think is more secure, Themida or Enigma Protector?

Thanks!
Reply With Quote
  #2  
Old 02-20-2010, 02:06
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 2 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
Quote:
I'll be using my own registration engine so I will only use Themida/Enigma Protector to protect the exe from decompiling/analysis.
don't worry, it will be inlined then, use encrypted code parts Luke
Reply With Quote
  #3  
Old 02-20-2010, 05:57
quosego quosego is offline
Family
 
Join Date: Feb 2009
Posts: 104
Rept. Given: 8
Rept. Rcvd 39 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
quosego Reputation: 39
Both have been fully defeated. I'd go for good customer care. Beats any protection.
Personally I've got not much experience with enigma, though did not find it particularly impressive when I unpacked it once or twice.

Themida on the other hand I've unpacked many times. Good protector, but not what it used to be nowadays.

I think both have the same probability of being cracked. Depends a bit on the cracker I suppose.
Reply With Quote
The Following User Gave Reputation+1 to quosego For This Useful Post:
  #4  
Old 02-20-2010, 17:36
smartins
Guest
 
Posts: n/a
Thanks for your reply.

Do you have any suggestion for a protector you feel is better than any of these two I mentioned? I also have TTProtect, VMProtect, NoobyProtect and Code Virtualizer (although this last one will only obfuscate with a virtual machine the areas I select) on my list. Do you have any comments to make about any of these programs?

Last edited by smartins; 02-20-2010 at 17:45.
Reply With Quote
  #5  
Old 02-21-2010, 01:26
Deathway's Avatar
Deathway Deathway is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 41
Rept. Given: 8
Rept. Rcvd 155 Times in 24 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
Deathway Reputation: 100-199 Deathway Reputation: 100-199
Quote:
Originally Posted by smartins View Post
Thanks for your reply.

Do you have any suggestion for a protector you feel is better than any of these two I mentioned? I also have TTProtect, VMProtect, NoobyProtect and Code Virtualizer (although this last one will only obfuscate with a virtual machine the areas I select) on my list. Do you have any comments to make about any of these programs?
Well, don't know about Enigma nor VMProtect, but Themida or WinLicense has been fully defeated. About Code Virtualizer, I made a CodeUnvirtualizer to fully convert Virtual Opcodes to Assembler Language . The same with CISC machines in Themida and WinLicense, about RISC part, until know didn't see any public tool that can dothis job.
Reply With Quote
The Following User Gave Reputation+1 to Deathway For This Useful Post:
  #6  
Old 02-21-2010, 04:17
quosego quosego is offline
Family
 
Join Date: Feb 2009
Posts: 104
Rept. Given: 8
Rept. Rcvd 39 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
quosego Reputation: 39
Quote:
Themida has been impossible, for now...
Hmmm as deathway also noted themida has not been impossible for quite some time.

VMprotect has no public devirtulaizer, but they exist. Obfuscation is also pretty lame there. It's antidebug I'd say is best of all these, however with the correct plugins you don't have to do anything to bypass.. And sunbeam documented this pretty well.

Noobyprotect is not often used and has some compatibility issues I noticed, at least in the crackme's released. Perhaps they're fixed by now. No experience with TTprotect, rarely used as far as I know.

Well the point is actually all have been defeated, though most are actually pretty good. Themida/enigma and VMprotect are the more commonly used ones, but they all have been defeated. There's simply no flawless protector out there. The above protectors will stop all newbies anyway so in that regard you're already good.
Reply With Quote
The Following User Gave Reputation+1 to quosego For This Useful Post:
  #7  
Old 02-21-2010, 16:39
metr0 metr0 is offline
Friend
 
Join Date: Apr 2009
Posts: 64
Rept. Given: 19
Rept. Rcvd 11 Times in 5 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
metr0 Reputation: 11
Well, we got Themida/WL/CV defeated, VMProtect unpacking is doable as well (proven by LCF-AT and Nooby) and NoobyProtect seems to have some teething troubles.

TTProtect hasn't updated for ages if I'm not mistaken and does not run on my Windows 7 box. Might be some kernel32 retrieval issue?

Protection coders used to offer customized versions, not sure about them still doing it. There are custom Armadillo versions but it's defeated as well.

I'd go for a customized VM protector (insisting on the customization of the VM; if you got the budget and it's worth it) plus some own protection tricks which will keep off newbies using scripts/step-by-step tutorials as quo already mentioned.
Reply With Quote
The Following User Gave Reputation+1 to metr0 For This Useful Post:
  #8  
Old 02-22-2010, 05:26
AttonRand
Guest
 
Posts: n/a
Coders trust so much protectors that they feel secure just by enabling some/all features which the protector offers.
Most of them doesnt even care about using code markers in their source thus making unpacking very easy and cut off 50% of protector power.

All the protectors you listed are quiete good but depends on the way you implement them.

My advice: develop your own registration procedure, add some asm tricks to your app and pack it using code crypters.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
  #9  
Old 02-22-2010, 13:38
SaNX SaNX is offline
ex-eVC cracker
 
Join Date: Feb 2010
Location: Russia
Posts: 62
Rept. Given: 1
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SaNX Reputation: 31
Remember this release: VB.Decompiler.Pro.7.7.RETAIL.INCL_KEYGEN-FFF.rar. VB Decompiler uses Themida's registration scheme. So, it can be breaked too
Reply With Quote
The Following User Gave Reputation+1 to SaNX For This Useful Post:
  #10  
Old 02-23-2010, 19:44
Enigma Enigma is offline
Developer
 
Join Date: Oct 2009
Posts: 30
Rept. Given: 0
Rept. Rcvd 23 Times in 8 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Enigma Reputation: 23
Quote:
Originally Posted by AttonRand View Post
Coders trust so much protectors that they feel secure just by enabling some/all features which the protector offers.
Most of them doesnt even care about using code markers in their source thus making unpacking very easy and cut off 50% of protector power.
It is most useful and correct advice to my mind. Many people buy a protector, simply choose input and output files and click protect button. After some time they become amazed to find a cracked executable of own software. Probably the most unpacked programs are not a weakness of protection systems but the lazy of software developers.

Simply spend a whole day for protection implementing and you will get good results.

Quote:
Originally Posted by AttonRand View Post
My advice: develop your own registration procedure, add some asm tricks to your app and pack it using code crypters.
Disagree regarding this... If you are not well in cryptography then you could make many errors applying own registration, that could be bypassed and keygened. Registration routines of protectors are much stronger and do not have mistakes (not sure about all protectors of course )

Regarding asm tricks - also disagree, some tricks could work on 50% machines, but for another 50% you will get a crash. It is really better to use protectors that had been dozen times tested on dozen machines..
Reply With Quote
The Following User Gave Reputation+1 to Enigma For This Useful Post:
  #11  
Old 02-24-2010, 00:49
Gladiyator's Avatar
Gladiyator Gladiyator is offline
Family
 
Join Date: Jan 2009
Location: .:: Tehran ::.
Posts: 63
Rept. Given: 64
Rept. Rcvd 50 Times in 14 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
Gladiyator Reputation: 50
it think the best of protectors is that you develop it , because for many protectors we have so many tools that make it easy to unpack for newbie users.
Reply With Quote
The Following User Gave Reputation+1 to Gladiyator For This Useful Post:
  #12  
Old 04-26-2010, 19:30
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 539
Rept. Given: 42
Rept. Rcvd 39 Times in 15 Posts
Thanks Given: 10
Thanks Rcvd at 25 Times in 7 Posts
taos Reputation: 39
And remember, Themida is having a lot of false positives with antivirus.
__________________
omnino lo qui quae que quod somos es pulvis en el ventus.
TAOS

-The opposite of courage in our society is not cowardice, but conformity-
Reply With Quote
  #13  
Old 04-27-2010, 08:46
unknownone
Guest
 
Posts: n/a
enigma? a joke jaja
Reply With Quote
  #14  
Old 04-27-2010, 17:58
ChupaChu's Avatar
ChupaChu ChupaChu is offline
Friend
 
Join Date: Dec 2007
Posts: 38
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
ChupaChu Reputation: 0
imho best way to protect your software is:
1. to not alow crackers to read authentification algorithms - simply put them on some web server, and athenticate through some php script.. the algorithm can be simple as you want..
2. encrypt and decrypt exe critical code parts on the fly using the key that can be checked only on the web..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Enigma Protector ollydbg Reversing Software 89 03-25-2015 03:52
The Enigma Protector x64 v4.20 besoeso Reversing Software 6 06-02-2014 00:06
Enigma Protector x64 Enigma x64 OS 14 05-28-2012 15:11
Enigma protector The Boss Reversing Software 4 12-18-2005 17:54


All times are GMT +8. The time now is 20:39.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX