Wibu-Systems Hackers Contest 2011: Unbeaten for the Sixth Time
Are the Russians the best in the world at cracking software? Perhaps, but they were unable to crack CodeMeter in Wibu-Systems’ sixth cracking contest. This time, the contest was sponsored by Rainbow Security, the exclusive distributor of CodeMeter in Russia.
114 participants pitted their cracking skills against CodeMeter's best-in-class security. Would-be crackers comprised 60% software developers, 20% system administrators, 15% IT professionals, and 5% other. They had two weeks to figure out how to run a protected application with no CodeMeter stick. Not only were there no outright winners, no one was able to perform even a partial crack.
To win the contest you had to manipulate a CodeMeter protected software so it would run without CodeMeter.
Competition with 2 functions
- Program only with CodeMeter stick executable
- Function 1: Feature-Bit set in CodeMeter → run
- Function 2: Feature-Bit is not set in CodeMeter
- Both Functions display a password
- Find out 2 passwords.
- Program has to be completely executable without CodeMeter.
- Send resolution method and cracked program via e-mail to Wibu-Systems.
1,092 contestants from 27 countries entered the contest and had up to six weeks to remove the copy protection and claim the attractive prize of €32,768 (or US $40,000). Most of the contestants were from Germany, followed by China, USA, the Netherlands, Poland, Hungary, France, Great Britain and the Ukraine.
Although the challenge was theoretically solvable, none of the contestants could fully remove the protection. Most of the contestants fell in the trap of trying to by-pass the intruder detection and had their license locked in CodeMeter. This resulted in further brute-force attacks to the encryption. The chance of breaking the 128-bit AES encryption was nearly to none.
- No one succeeded completely
- No attack against the encryption
- No attack against the hardware or manipulation of the Feature Map
Other contestants failed to jump other hurdles. But we did receive some excellent partial solutions and we awarded those contestants with 500 to 2,000 Euro each. Hackers or Crackers go down different paths than developers and the partial solutions were important input for us. These partial winners discovered some weaknesses in our system which we not seen before. And the discovery of these weaknesses allowed us to strengthen our overall security.
- Partial solutions
- Partial memory dump
- Partial Record/ Playback approach
- Partial solutions awarded with a total amount of 16,000
The Bottom Line
We accept that no security system is 100% secure. But a high level of security can be reached by:
- Secure Hardware:
- CodeMeter provides for secure key storage and strong encryption in a smart-card chip. The CodeMeter system includes a crack detection, which can lock the license key.
- Secure Integration Technology:
- The code and resources of the protected application will never be completely decrypted in the main memory of the PC. Variable encryption, anti-debugging and obfuscation technologies as well as tools to individually integrate the source code increase the security level again.