Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-20-2007, 12:22
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Now, what's next? Is it the end of software protectors?

Having a look in the world of software protectors, we have the following scenarios:

Production Scenario:
ASProtect: Dead Project(Site still online but user forum offline. No updates in one year)
SVKP: Dead Project (v2 announced thousands of times but the site is dead (ghost))
Execryptor: Dead Project (Site still online but no activity, and no updates in one year)
SDProtector: Dead Project (Site still online but no updates in 2 years. Website shows version 1.14 while last is 1.16).
ACProtect: Dead Project (Version 2 came out last year, but no updates since then)
Armadillo: Semi-Dead Project (In user forums Gene said armadillo is still supported and new releases will consist of fixes but NO NEW FEATURES)
Themida: Active Project (THE ONLY ONE)
Obsidium: Semi-Active Project (version 1.4 is nearly out but as developer said, no new features will be present, only fixes and user database).

OS Scenario:

ASProtect: Crashes on Vista with DEP and generally unstable with Vista.
SVKP: No more supported, not tested on Vista.
ExeCryptor: Crashes on Vista with DEP and generally unstable with Vista.
SDProtector: Crashes even on Windows XP
ACProtect: Crashes even on Windows XP
Armadillo: Partly Supports Vista, fully with v5
Themida: Fully Supports Vista
Obsidium: Funny Behaviours on Vista...author is working on it.

Apart from those scenarios, all authors or most of them, moved from a "one purchase and life-updates" to "subscription models" (Armadillo, ASProtect, ExeCryptor, Themida)...exposing a clear money problem(no people trusts anymore protection systems, so no money to developers?).

So some questions arose in my mind:

It seems it's a black period for software protectors nowadays, but why?

Did Vista create loads of problems of compatibility?
Did the authors ran out of ideas on how to protect?
Did the cracking world won or partly won?

And a different question: are there/will exist arising software protection systems?

I personally believe it is a mix of this 3 reasons, maybe a 50% 20% 30%.

I'd like if we can exchange ideas on this subject and everyone to say his idea on this matter.

TmC

Last edited by TmC; 07-20-2007 at 12:27.
Reply With Quote
  #2  
Old 07-20-2007, 13:22
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 239
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Archer Reputation: 46
Actualy, as far as I know, ASProtect and ExeCryptor authors are planning to release future versions. I guess they are preparing astonishing versions and compatibility with Vista.
Reply With Quote
  #3  
Old 07-20-2007, 16:04
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
According to columnists and future-trends papers this is a period in which old protectors are left at the post..

1. they are extremely complex and each time is very difficult to test and write new things.
2. testing of new features is very difficult mostly because the packer are used to deeply go into the OS and until there were only XP the testing was simpler. Vista undoubtedly complicated things: a lot of kernel modifications, a lot of new features. Do you remember the drop of protector and malware when NT or Win32 arose? The previous W95 world was totally different. This same epochal change happened with Vista: it's much more different from the previous OSes than XP, that was an optimized NT after all).
3. Reverser recently demonstrated to completely own the system and the protectors; just to mention two milestone: rootkits and inlining of asprotect/armadillo or of themida. No casually for example rootkits and themida unpacking require the same knowledge
4. The proactive fight the industry engaged against malware is producing really interesting document which of course helps both sides of the barricades.

For these same reasons the AVID (Anti-Virus is Dead) movement is gaining credibility when talking of malware. For these same reasons the packers are moving into totally different directions. Consider that malware and piracy are strictly connected, different targets but same methods, not casually woodmann recently veer to malware.

The future for packers is in my opinion (but not only mine) in the VMs. The VMs seen up to now are just experiments relatively simple to reverse. The real potentiality of VMs is still unexplored. Developers are still getting confidential with the VMs possibilities.
Just to understand what can you expect from a really serious approach on VMs protectors, see the HyperUnpackMe2 on openrce site. How many of you would have been able to face up that beast?
Fortunately (for us) the sources of that protector got lost and there were some limits..

I thing that VMs will also require a completely new generation of tools from us to pick up the gauntlet.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com

Last edited by Shub-Nigurrath; 07-20-2007 at 16:13.
Reply With Quote
  #4  
Old 07-21-2007, 01:25
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by Archer
Actualy, as far as I know, ASProtect and ExeCryptor authors are planning to release future versions. I guess they are preparing astonishing versions and compatibility with Vista.
ASProtect has it's user forum closed for ages, and it is not a good sign, Execryptor forum, while still open, acts like a ghost since no there is no activity on it.

Authors promised new versions but nothing new has been said. One year of promises and no actually progress news, beta testing versions or announcements.

To me that sounds relly disappointing for real customers.
Reply With Quote
  #5  
Old 07-21-2007, 02:36
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,115
Rept. Given: 220
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 108
Thanks Rcvd at 216 Times in 124 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
TmC - you forgot VMProtect from your list. It is still going strong. 5 new releases this year, supports exes, dlls and .sys, and 32bit and 64bit. Support Win95, Vista and everything in between.

The bad news is the the personal version used to be free and is now $150 (

Git
Reply With Quote
  #6  
Old 07-21-2007, 02:44
deroko's Avatar
deroko deroko is offline
cr4zyserb
 
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
hmm securom and sf seem like pretty much alive. Maybe it's right time to move to game protections, and once those are broken in public... what then?
__________________
http://accessroot.com
Reply With Quote
  #7  
Old 07-21-2007, 03:00
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
retire in peace in a protectionless world or being hired by the adversary part ^_^
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #8  
Old 07-21-2007, 07:43
wassim_ wassim_ is offline
Friend
 
Join Date: Nov 2002
Posts: 104
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 14
Thanks Rcvd at 10 Times in 4 Posts
wassim_ Reputation: 2
I've always wondered when are we going to see the end of it, when is the scene going to close its doors, our grandfathers said it long time ago "if it runs, it can be defeated" their sons and grandsons are still proving it everyday with the release of every unpacker/unpacking script/tutorial. Even the hardest of protections and encryptions were reversed, what's next you ask? Nothing, if you're a developper, you should consider an alternative to buying a ready made armor and you should take into consideration the fact that your piece of compiled code will be reversed one day or the other and act accordingly...

From what I know, developpers are now 'seducing' potential customers with two things, free support and lifetime free updates, these two cannot be reversed and if it's worth the money, the customer will be happy to pay...

Since I have joined the crowd of knowledge seeking reversers, I have never stopped enjoying the power and peace of mind reverse engineering has brought to my digital life. I can't imagine being under the control of a developper who nags and cripples or even infect me just because I decided to test his program for a while or so...

It is over, no one will say it is, at least not on the other side, but in the eyes of those who know it really is the end of software protection era.
Reply With Quote
  #9  
Old 07-21-2007, 18:33
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 239
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Archer Reputation: 46
2TmC:
Maybe AsProtect's forum is closed, but I know some guys, who bought this protector and they wrote to the author by mail. So some private beta-versions are available for them but AFAIK for some extra money.
Reply With Quote
  #10  
Old 07-21-2007, 22:50
MR.HAANDI
 
Posts: n/a
To my mind theres one more point which has to be taken into account: .NET.
If the trend continues as m$ might want it, protection developers will have to come with ideas for that one or they won't earn any $$$. afaik there are only a few methods for obfuscation and no real method for protecting against decompiling (because of generic dumpers). But tbh I think (like Shub-Nigurrath and many others) VMs really are the future -as well for the .NET-.
Reply With Quote
  #11  
Old 07-22-2007, 06:06
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by Archer
2TmC:
Maybe AsProtect's forum is closed, but I know some guys, who bought this protector and they wrote to the author by mail. So some private beta-versions are available for them but AFAIK for some extra money.
That sounds like irritating for actual customers...the more money you give me, the more protection i give to you? Customers of A series and customer of B series?
Reply With Quote
  #12  
Old 07-22-2007, 14:03
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 239
Rept. Given: 1
Rept. Rcvd 46 Times in 19 Posts
Thanks Given: 3
Thanks Rcvd at 387 Times in 57 Posts
Archer Reputation: 46
Well, you can take a look at a letter from one AsProtect cutomer to the author here hxxp://cracklab.ru/f/index.php?action=vthread&forum=3&topic=9259 (the letter itself is in english). I guess they just want more money for updates and beta-versions.
Reply With Quote
  #13  
Old 07-23-2007, 03:21
CrackZ CrackZ is offline
VIP
 
Join Date: Sep 2004
Posts: 50
Rept. Given: 2
Rept. Rcvd 66 Times in 8 Posts
Thanks Given: 0
Thanks Rcvd at 14 Times in 8 Posts
CrackZ Reputation: 67
I'm going to take a contrary view to the preamble that its "the end of protectors" as we know it. To address the original points:

1. Vista has given the protection world a temporary headache in that the larger commercial offerings regard "MS Certification / Runs in Vista logos" as a must. Since making modifications to OS structures is never going to be 'certified' the days of lower level
hacking/protecting seem numbered, at least on a large scale, this was pretty much the case at XP launch time as well but eventually they found a way.

2. The authors didn't run out of ideas, they simply realised for every "new technique" you find to frustrate crackers the code eventually gets analysed and documented, what they have ALL realised is that a custom VM will require much larger scale analysis (as Shub has already pointed out), the cutting edge of the games scene has known this for years and continues to implement this approach, this will continue to be a viable business model where games sell most of their legitamate copies in the first 3 months. If you spend a month of your time reversing a VM for free, frankly you need to be working for these companies ;-).

3. The cracking community definitely hasn't won, in fact its going to lose out long term; protectors have realised the 1997 maxim from Stone of "if it runs, it can be defeated....." so I expect to start seeing much more common custom hardware (software on chip), custom VM's and eventually some sort of thin-client over the Internet software model (where you pay for a server license and most of the code executes there), thereby coining my own maxim of "if it doesn't run on your computer, you can't crack it ;-)". 2 of these approaches render software reverse engineering a dead duck.

In short then, lets enjoy this temporary golden age, because it isn't going to last forever.

Regards

CrackZ.
Reply With Quote
  #14  
Old 07-24-2007, 11:34
Sabor Sabor is offline
Friend
 
Join Date: Sep 2005
Posts: 68
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 2 Posts
Sabor Reputation: 3
hm

I must say nice post to the poster. Interesting points you noticed.

Protection is not dead; wont be dead ever. Protection will be around as long as there is a fear of theft/crackers/hackers etc.

Reversers will never die out as long as there is something to crack.

These two industries fuel each other. Antivirus needs viruses writers, and virus writers need something to-do, and most of the time they work for antivirus companies anyways. Billions of dollars at hand.

In terms of system on chip and thin clients, only problem is universal adoption. Will never happen. Everyone has there own ways of doing things and it just wont happen. Also most companies wont like the idea of having their proprietary info stored on remote server farms where some China men can come in and hack out the newest golf club designs. Besides, it will be infeasible to phase out the comfort everyone has grown to with their own system, much like it is hard to phase out the cars on the road in the United States vs going on trams/trains; everyone is comfortable with their own control which server farms dont give. System on chip is prone to the same fate vulnerabilities as dongles. Not to mention the amount of debugging and effort put into such designs wont be viable for everyday software producers, also updates, errors, hardware failure, stolen devices, cloned devices, etc. I see this being hard, but again isolated cases could work (though I havent seen one in 15+ years that survived). I am sure some people on this forum are very good hardware hackers as well, and as time continues will become just as effecient as software reversers.

There can be a few isolated cases where a application is online based only, but even in this has a new form of cracking in hacking and different kind of approaches. Imagine a trend of hacking an internet application and rehosting it on your windows vista home server. Industry demands that software be localized for most cases, as they cannot rely on a third party, or lightning storms cutting down your wimax connection, or your server farm going bankrupt etc etc. So let the best protection win the most money.

We will continue to fuel each other. The best things to come are the methods of code mutation/VM. This will be increasingly grow in complexity. Then something new will come out like quantum computers and the cycle will repeat.

Great post though, as far as the now goes, lots of slowdown on certain sectors and still so much room for improvement, I guess everyone just cashed in and some others failed so you get the current draught that exist now. Not to mention all the new talent is just great lately. There are some great new posters I seen lately here that really just tear these software protectors a new one (deroko, fly, the russkies, the dks, the de's)

I dont remember what i typed so far but i do realize I might have triggered every counties "echelon" by now with all keywords and statements made in this post.

DONGS
Reply With Quote
  #15  
Old 04-04-2018, 01:32
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 43
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 181
Thanks Rcvd at 45 Times in 25 Posts
Abaddon Reputation: 3
I'm resurrecting this old thread to note that although what CrackZ predicted 11 years ago isn't quite fulfilled yet, we are definitely getting there. Perhaps Sab was more precise in his prediction that "the best things to come are the methods of code mutation/VM". However, although i hate to admit it, the so called 'golden era' of cracking is well behind us.

Gone are the days where a newbie was introduced to cracking and 3 months or so into the game, was able to unpack/keygen pretty much anything thrown at him/her. It's gotten to a point where you need real dedication to exercise this craft, and would also help if you had IT - related studies (cryptography, compiler theory, programming, strong mathematic background).

Of course this is only my opinion. I 'm out of the game for so long now, that i'm estranged with it. What is your opinion regarding the evolution of cracking since 10 years ago? Do you think the aforementioned predictions were fulfilled? Where do you see the future of cracking in 10 years from now?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 18:58.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )