WIBU-SYSTEMS WIBU-SYSTEMS Logo
COMPANY SOLUTIONS TECHNOLOGIES SERVICES DOWNLOAD PRESS ROOM NEWS & EVENTS
Newsletter | Schedule | Newsletter Archive | Hacker`s Contest
 

WIBU-SYSTEMS Hackers Contest 2007: unbeaten for the fourth time

No protection system can be 100% safe. But we keep trying. In the past, WIBU-SYSTEMS arranged competitions to check the security quality of our products. In these previous competitions, a protected program was published and it was shown that its protection could not be cracked and made to run without a suitable license in the WibuBox. This is a serious praxisrelevant test for software producers who want to publish a protected software product for free download on their website.
In our Hackers Contest for 2007, we went one step further and the participants in the competition received not only the protected application, but also a CmStick with the appropriate license. Over Thousand contestants entered the competition to claim the attractive prize of 32,768 Euro (or US-$ 40,000).

Task

To win the contest you had to manipulate a CodeMeter protected software so it would run without the CmStick.

    Competition with 2 functions
  • Program only with CmStick executable
  • Function 1: Feature-Bit set in the CmStick -> run
  • Function 2: Feature-Bit is not set in the CmStick
  • Both Functions display a password
    Task:
  • Find out 2 passwords.
  • Program has to be completely executeable without the CmStick.
  • Send resolution method and cracked program via emaill to WIBU-SYSTEMS.

 

Contestants

1,092 contestants from 27 countries entered the contest and had up to six weeks to remove the copy protection and claim the attractive prize of 32,768 Euro (or US-$ 40,000). Most of the contestans were from Germany, followed by China, USA, the Netherlands, Poland, Hungary, France, Great Britain and the Ukraina.
Teilnehmer Hackers Contest 2007

 

Result

Although the challenge was theoretically solvable, none of the contestants could fully remove the protection. Most of the contestants fell in the trap of trying to by-pass the intruder detection and had their license locked in the CmStick. This resulted in further brute-force attacks to the encryption. The chance of breaking the 128-bit AES encryption was nearly to none.

    No one succeeded completely
  • No attack against the encryption
  • No attack against the hardware or manipulation of the Feature Map

Other contestants failed to jump other hurdles. But we did receive some excellent partial solutions and we awarded those contestants with 500 to 2,000 Euro each. Hackers or Crackers go down different paths than developers and the partial solutions were important input for us. These partial winners discovered some weaknesses in our system which we not seen before. And the discovery of these weaknesses allowed us to strengthen our overall security.

    Partial solutions
  • Partial MemoryDump
  • Partial Record/ Playback approach
  • Partial solutions awarded with a total amount of 16,000

The Bottom Line

We accept that no security system is 100% secure. But a high level of security can be reached by:

  • Secure Hardware:The CmStick provides for secure key storage and strong encryption in a smart-card chip. The CodeMeter system includes a crack detection, which can lock the license key.
  • Secure Integration Technology:The code and resources of the protected application will never be completely decrypted in the main memory of the PC. Variable encryption, anti-debugging and obfuscation technologies as well as tools to individually integrate the source code increase the security level again.

CmStick
CodeMeter has not been cracked

 

iconTypical Attacking Methods
Overview:

iconHacker´s Contest 2007
iconAttacking methods
iconPress release
iconReview

© 2010 WIBU-SYSTEMS AG | Imprint | Contact | Privacy Policy