Advanced Windows Software Protection System
Version: 3.1
Version:
3.1.4.0 Date: November 10, 2022
Overview
When an application is created, the Compiler compiles the application source code into multiple object files consisting of machine language code. The object files are then linked together to create the final executable.
In the same way that an application's source code is converted to machine code at compile time, there are tools that convert a compiled application into assembly language or a higher-level programming language. These tools are called decompilers and decompilers.
An attacker can use a decompiler, or decompiler, to study how a particular application works and what a particular routine does. When an attacker knows the target application well, he can modify the compiled application to change his behavior. For example, an attacker could bypass a routine in an application that checks for a trial period and make it run forever or worse, causing the application to behave as if it was registered.
Dongles Dongles
were created to prevent attackers from directly inspecting or modifying compiled applications. A dongle is like a shield that keeps applications encrypted and safe from possible attacks. When a protected application is to be run by the operating system, the dongle will first take control of the CPU and check for possible cracking tools (decompilers or decompilers) that might be running on the system. If everything is safe, the dongle will proceed to decrypt the protected application and give it control of the CPU for normal execution.
The advantages of using a dongle are:
Protect applications from piracy.
Prevents attackers from researching how the application is implemented.
Does not allow attackers to modify the application to change its behavior
Vulnerabilities
Since the inception of dongles, many attackers have focused most of their efforts on attacking the dongle itself rather than the application. Many tools have been developed to help attack software protection programs. These attacks typically result in the attacker obtaining the original application decrypted and the protective packaging removed.
The main problem with Themida software protectors is that they use protection techniques well known to crackers, so they can be easily bypassed using traditional cracking tools. Another important problem with dongles is that they restrict the execution of the operating system, that is, they run with normal application permissions. As a result, attackers can use cracking tools that run at the same priority as the operating system, allowing them to fully supervise what the software protection program is doing at a specific time and attack it at a specific location.
Revolutionary Solution
With Themida®, we have focused on the key weaknesses of software protectors, thereby providing a complete solution to overcome them. Themida® uses SecureEngine® protection technology which, when running at the highest priority, implements never-before-seen protection techniques to protect applications from advanced software cracks.
SecureEngine® defeats all cracking tools currently available for protected applications and will ensure your protected applications only run in secure environments.
Current conservator claims to be the best!
Software protection programming is not a very well-known field for most programmers. Software protection technologies are not like "visible" features that can be seen and compared. Because of this, most software protection writers can talk about the impressive technologies embedded deep within protection schemes, and many times most of these technologies barely exist, or they are much simpler than they appear. Most software protectors repeatedly emphasize the use of very strong encryption algorithms such as RSA, elliptic curves, and AES in the hope that end users will trust that these protectors and encryption algorithms are unbreakable. This couldn't be further from the truth, because software protection is very different from data protection. Even if a dongle encrypts a protected application with the strongest encryption algorithm, sooner or later the protected application needs to be decrypted in order to be run by the CPU. It is at this stage that most attackers will start their work by dumping the decrypted application from memory to disk, saving them from having to deal with encryption algorithms and rebuilding the original application.
Mission
At Themida® we want to get a realistic understanding of what weaknesses attackers can exploit and what we really need to pay attention to in order to protect applications from software cracking with the highest possible security.
Features
These are the main features of Themida®:
Anti-debugger technology to detect/spoof any kind of debugger
Different encryption algorithms and keys in each protected application
Anti-API scanner technology to avoid rebuilding original import table
in target application Automatic decompilation and scrambling technology for
virtual machine emulation in specific code blocks
Advanced mutation engine
SDK to communicate with protection layers
Disassembly technology for any static and interactive disassembler
Multiple polymorphic layers
high-level API with more than 50.000 permutations Wrapper techniques
Anti-monitor techniques for file and registry monitors
Random insertion of junk code between real instructions
Special protection of threads
Advanced threaded network communication
Anti-memory patching and CRC techniques in target applications Advanced
metamorphic engine to scramble original instructions
Entry point protection
Dynamic encryption in target application
Anti-trace code insertion between real instructions
Advanced anti-breakpoint manager
Real-time protection in target application
Compression of target application, resources and protected code
Anti-"debugger hiding" technology
protected code Full mutation, avoiding pattern recognition
Real-time emulation in target application
Smart protection code insertion inside target application
Random internal data relocation
Possibility to customize dialogs in protected application
Command line support
And many, many more...