Wibu-Systems Blog

How does copy protection work?

Posted by John Browne on Mar 22, 2011 6:56:00 AM

We all know software piracy is a Bad Thing. But how can you prevent it?

The answer isn't quite as simple as you would expect. The easy way, of course, is to rely on CodeMeter to protect your software absolutely. Using AxProtector and a CmStick, your software is rendered effectively uncrackable. How uncrackable is that? We designed it from the beginning to have no universal crack (because there's no single key to decrypt the code). And we've tested it against hacking contests where we invited all the bad guys to take a swing at the protection with big bucks if they could break it. So far no one has.

So CodeMeter is the gold standard. How does it work? How do you keep people from stealing your creation? How do other systems work?

Let's start with CodeMeter. Our protection system, like a stool, has three legs: encryption, key storage, and debugger detection.

Encryption: We use AxProtector to encrypt your executable (.exe) using AES 128-bit algorithms. Since it's encrypted, the compiled assembly language is now meaningless drivel to your CPU until it's decrypted. Encryption is used all the time--every time you log onto Amazon.com and use a credit card to make a purchase that credit card info is being encrypted at your computer, transferred over the 'net, and decrypted in Amazon's server. AES 128-bit is recognized as sufficiently "strong" enough that no brute-force attack is possible.

Key Storage: The beauty of the CmStick is that it stores the key necessary to decrypt your software so it will run. The CodeMeter runtime turns the encrypted meaningless drivel back into assembly language via decryption. The key is stored inside the CmStick in an area that can't be accessed—even trying can cause the stick to permanently lock itself. And the key generation is dynamic with up to 4,000,000,000 different keys possible, eliminating the possibility of a "master crack."

Debugger Detection: Of course, once the application has been decrypted and loaded into memory, a cracker could just take a "picture" of the contents of the computer's memory and use that to create a cracked version of the application, right? No. Here's why:

First of all, CodeMeter never completely decrypts the entire application at any one time. Some critical pieces are left encrypted until called, then decrypted individually until they are no longer needed. So if you take a snapshot of memory you only get a partial decryption of the application, which is not a crack. Second, you can optionally turn on debugger detection: when you choose this, the license is locked if a debugger is detected on the computer. This works well to prevent reverse engineering or theft of algorithms. It can be unlocked, but it would require someone to call you up and say, "Uh, hmmm, gosh, I tried to crack your license and now my license is locked. Could you please unlock it so I can try again?"

What do other systems do? Many rely on encryption and hardware-based key storage like we do. Some take a simpler route, using code obfuscation or just checking for the existence of a dongle. These simpler methods are extremely easy to crack, and should never be used for high-value software. In future posts I'll describe how simple these are to crack.

Topics: CodeMeter, software copy protection, AxProtector, software piracy