• Company
• Solutions
• Technologies
• Support
• Download
• Press Room
• News & Events

• Hacker’s Contest

• Hacker’s Contest 2007
• Attacking Methods
• Press Release
• Past Contests

Attacking Methods

Principles of the attacking methods

• Memory Dumping
• Dumping of an application out of the RAM
• Patching of OEP (Original Entry Point) and IAT (Import Address Table)
• Emulating
• Dummy driver
• Record/Playback driver
• Complete Emulating / Analysis of the hardware
• ACOB (A Couple Of Bytes) Patches
• Seeking and patching of JZ, JNZ

Attacking Methods and why they don’t work with CodeMeter

Memory Dumping

CodeMeter uses “On Demand Decryption,” this means there is no time after running the complete program when code and resources are completely decrypted in the main memory of the PC.

Dummy Driver

By using complex encryption, a simulation of the encryption by Dummy Drivers is not possible, because there is no limit to the number of answers for calling a function.

Cracking Tools

Most of the usual cracking tools will be detected by the protected application and this detection can be used to lock the license in the hardware (CodeMeter), avoiding any further attacks.

Record-/Playback Driver

The use of randomly varied encryptions and changing of the Encryption Code avoids a successful use of recording and playback for a longer time range.

Emulation of CodeMeters

The use of strong encryption (AES) and the use of secure hardware, a smart-card controller, make a complete emulation of the hardware nearly impossible.

Patching of some bytes

With CodeMeter, protected applications are no longer using single checkpoints. But large areas of code and data are encrypted and such patching is impossible, especially when the automatic protection offered by AxProtector is used.

Competition Program

As an example, we show the competition program below, after the start, loading and decryption with the correct CodeMeter, in the memory of the PC: The green areas are still encrypted. The resource data areas are always encrypted and are only partially decrypted on demand. The IAT (Import Address Table), which is the connection to the called operating system remains encrypted as well as the individual functions with two in the Hackers Contest. It is easy to understand that a memory dump will be not successful.