Exploits Database by Offensive Security

Inj3ct0r.com

Saturday, October 2, 2010

CodeMeter not cracked at international Hacker’s Contest

March 21, 2007

Hanover (CeBIT) – Today, the fourth Hacker’s hosted by Wibu-Systems closed. The task was to by-pass of the software protection solution CodeMeter that was developed by Wibu-Systems. The competition started on February 1, 0:00 CET and ended on March 14, 23:59 CET. All in all, 1,092 contestants from 27 countries participated. Most of the participants were located in Germany, followed by China, the United States, the Netherlands, Poland, Hungary, France, Great Britain and the Ukraine.

No protection solution can offer 100% protection. This time the competition was extremely exciting because each contestant had received the protected software together with the suitable license stored in a CmStick, the dongle. Both are necessary for executing the competition software on their PC. For a second function in the competition software the license bit in the CmStick wasn’t set. Here the encryption would be cracked – which is nearly impossible – or the license bit in the dongle or software would be manipulated.

But today, after exactly six weeks, it is certain: no contestant was able to crack the protection. Oliver Winzenried, C.E.O. of Wibu-Systems AG, said: “We hoped that our solution CodeMeter held out against attacks and now we are especially pleased about the fantastic result. There are plenty of protection solutions available on the market with their advantages and disadvantages. One of the most important features is the protection level in addition to flexibility and license management. Here we have given proof of the security of our solutions in public as a worldwide first manufacturer of software protection solutions.”

Next to the usage of approved secure encryption algorithms and the secure storage of keys in a Smart Card Chip in the CmStick, it is characterized by the identification of hacking attacks so that the license in the hardware will be disabled through a policy registered for a patent by Wibu-Systems. Many of the contestants have addressed exactly this problem and some of them asked for a second activation. If the license in the CmStick is disabled, the competition program can’t be executed. This is comparable to what would happen if a CmStick was not connected.

Only some contestants in Germany, China and one of Poland have sent partial solutions that will be rewarded each time with 1,000 Euro by Wibu-Systems. They provided suggestions for the company for improving the protection mechanisms further. Oliver Winzenried says: “Of course it was the ambition of this contest to show that our solutions provide a high level of security. Additionally it was an important purpose to find unknown weak points for improving the security level.” Christoph Fischer, an accepted IT security specialist, says: “The contest shows clearly that even if there is no 100% protection possible in all areas, top-quality solutions can provide a sufficient high barrier against cracking even through specialists.”

At the end the competition was worth it for all involved: Wibu-Systems didn’t need to pay off the complete prize and received invaluable ideas for a continuous improvement of the software protection on the interest of all vendors of software and digital content. The contestants have received a CmStick for an attractive price and they can use its personal “security suite” further on. And the senders of a partial solution have received an attractive consolation prize.

How this thing works ? http://www.wibu.com/software_protection_01.php?lang=en

No comments:

Post a Comment