Have you ever used code virtualizer or vmprotect to protect from reverse engineering?

Question

I know that there is no way to fully protect our code. I also know that if a user wants to crack our app, then he or she is not a user that would buy our app. I also know that it is better to improve our app.. instead of being afraid of anticracking techniques. I also know that there is no commercial tool that can protec our app.... I also know that....

Ok. Enough. I've heard everything. I really think that adding a little protection won't hurt.

So.... have you ever used code virtulizer from oreans or vmprotect? I've heard that they are sometimes detected as virus by some antivirus.

Any experiences that I should be aware of before buying it. I know it creates some virtual machines and obfuscates a little the code to make it harder to find the weaknesses of our registration routines.

Is there any warning I should know?

Thanks. Any advice would be appreciated.

Jag

Answer 1

Software VM protection is quite popular today, especially as it's now available at an accessible price for small companies and independent software developers. It also takes a considerable amount of effort to crack in comparison to non-VM techniques - the wrappers usually have the standard anti-debugging tricks that other protections have, as well as the VM protection. Since the virtual machine is generated randomly on each build, the crackers will need to analyze the VM instruction set and reverse engineer the protected code back to machine code.

The main disadvantage of VM protection is that if it's overused (used to protect excessive parts of the code), it can slow down your application considerably - so you'll need to protect just the critical parts (registration checks, etc). It also doesn't apply to certain application types - it likely won't work on DLLs that are used for injection, as well as device drivers.

I've also heard that StrongBit EXECryptor is a decent protection package at a decent price. (I'm not affiliated with said company nor guarantee any quality what-so-ever, it's just word of mouth and worth checking out IMO).

Answer 2

Thanks for your information Vladimir....

I've read about some legit applications being tagged as false positives by nod32 and other AV, just because they are packed.

I know that Themida (packer by Oreans) packed/protected software is often tagged as a threat (you can find that fact on their homepage).

So... Would you say that VM protected software less likely of being tagged as false-positives than packed software? So VM protecting is better than packing?

I haven't heard anything about false-positives by using code virtualizer or VM protection tools.

I want to use a tool to make it harder to crack, but I wouldn't like to get support request that involving the VM protection throwing false-positives. (I rather perfer to get cracked in a second that getting into support troubles).

Has somebody heard anythig about false-positives, troubles or weird things by using VM based protections???????

Thanks again.

P.S. I do not want to ship an application, and then find some weeks, months or years later that some AV is giving some false-positives because of the VM thecnique it uses.

Answer 3

Unfortunately, VM-protected software is more likely to get affected by false positives than conventional packing software. The reason for that is that since AV protection is so complicated, AV software are often unable to analyze the protected code, and may rely on either pattern libraries or may issue generic warnings for any files protected by a system it can't analyze. If your priority is to eliminate false positives, I suggest picking a widely-used protection solution, e.g. AsProtect (although Oreans' products are becoming quite popular as well).

Answer 4

That's too bad Vladimir.

I wanted to use a VM-protection, but after your comments I am really unsure about usig it.

I don't want more troubles to my users. (My app bugs are enough.)

If someone else has something to say about this, any comment would be really appreciated. Thanks.

Answer 5

IMHO you should be lucky or even eager to be pirated, because that means your product is successful and popular:)

Answer 6

"IMHO you should be lucky or even eager to be pirated, because that means your product is successful and popular:)"

That's plain incorrect. My software that I worked many months on was cracked the moment it was released. There are organised cracking groups that feed off download.com's RSS channel etc and crack each app that appears. It's a piece of cake to extract the keygen code of any app, so my response was to: a) resort to digital certificate key files which are impossible to forge as they are signed by a private AES key and validated by a public one embedded in the app (see: aquaticmac.com - I use the stl c++ implementation which is cross-platform), along with b) the excellent Code Virtualizer. I will say that the moment I started using Code Virtualizer I was getting some complaints from one or two users about app crashes. When I removed it from their build the crashes ceased. Still, I'm not sure whether it was a problem with CV per se as it could have been an obscure bug in my code, but I since reshuffled my code and I have since heard no complaints.

After the above, no more cracks. Some people look at being cracked as a positive thing, as it's a free publicity channel, but those people usually haven't spent months/years on an idea only to find you're being ripped off. Quite hard to take.

Answer 7

Guys, have you heard anything about DYAMAR Obfuscator? I am looking into it now... They say they obfuscate whole EXE/DLL files. I think it can be a good alternative, since VM slows down applications a bit... Does anyone tried it before?