To top
Company Company

黑客大赛

Share:

Wibu-Systems has been organizing hackers' contests for many years to prove the strength of its protection and security technologies. By involving hackers early on in the process and letting the door open even to countries like Russia and China known to have the highest piracy rates in the world, we prove that our products represent the pinnacle of secure licensing and intellectual property protection.

And the result is: No contestant has ever succeeded in cracking the sample application protected by CodeMeter. Customers can stay reassured that Wibu-Systems does not just enforce high quality standards of its own, but is also taking the necessary steps to have hackers, crackers, and pirates test its technology first hand before it is commercialized.

Global Hackers' Contest 2017

To test the validity and strength of the newly patented encryption method Blurry Box, integrated with the anti-debug and obfuscation methods of CodeMeter Protection Suite, we launched a new contest, open to all hackers around the globe. The underlying principle of Blurry Box is the exact opposite of “security through obscurity”; based on Kerckhoffs’ Principle, Blurry Box cryptography uses published methods that greatly increase the complexity and time required for an attack to be successful.

The contenders were delivered a game application protected with Blurry Box cryptography that came with its license stored in a CmDongle. Between May 15th and June 2nd, they were requested to hack the protected game and prove they could run it without the provided dongle and without any Internet connection to a jury consisting of IT security scientists and independent from the challenge partners (Wibu-Systems, Karlsruhe Institute of Technology, and FZI ResearchCenter for Information Technology).

None of the 315 international contendants managed to send in a full crack of the encryption scheme. The only two exploits that were received were found to be incomplete: They simulated a record playback attack that did not lead to any valid result or playable game. The two participants who submitted their partial solution received a volunteer award of €1,000 each. The remaining €48,000 of the original prize at stake will go towards further research and development.

第四届威步CodeMeter大赛,威步再次立于不败之地

没有一个软件保护系统可以做到百分之百安全,但是我们会不断的努力去实现这个目标。我们曾经多次举办过黑客竞赛,以此来检验威步产品的安全性。在每次比赛中,我们都会公布一个加密后的程序,我们将用它来展示该程序是无法被破解的,在没有对应WibuBox许可的情况下,它是无法运行起来的。这种测试对于希望将自己的产品放在网上供人免费下载试用的开发商来说无疑是相当重要的考验手段。

在2007年的黑客大赛中,参赛者不仅免费得到保护应用程序,而且还可获得具有许可的CmStick硬件加密狗。1000多名来自世界各地的参赛者参与到了奖金总值为32768欧元(或美$ 40000)的比赛中。

任务

为了赢得比赛,每位参赛者必须要修改受CodeMeter保护的程序,已使它能够脱离CmDongle运行。

比赛中包含两个模块的破解

  • 程序只有在检测到CmDongle之后才能运行起来

  • 模块1: 该模块的许可已经包含在CmDongle中,可以直接运行

  • 模块2: 该模块的许可未被写入到CmDongle中

  • 两个模块的功能相同,都会显示一组密码

任务:

  • 找出2个密码
  • 程序必须完全脱离CmDongle运行
  • 将破解方法和已破解程序通过Email发送至威步公司

参赛者

总共有来自世界27个国家的1092位参赛者参加此次持续6周时间的黑客大赛,奖金总额为32768欧元($ 40000)。大多数参赛者来自德国,其次是中国,美国,荷兰,波兰,匈牙利,法国,英国,乌克兰等。


比赛结果

虽然理论上本次挑战是可以被打败的,但最终没有一个人可以完全将软件破解。大多数黑客在试图破解的初期就落入了陷阱,CmDongle会自动将自身锁死。剩下唯一的选择是使用暴力破解方式来解密代码,然而破解128位AES算法的概率机会几乎为零。

无人能够成功的实现完整破解

  • 无法破解加密算法
  • 无法破解硬件或伪造Feature Map

其他参赛者在破解过程中也同样会被困在某些破解障碍中,然而从参赛者提交的作品中,我们也获得了某些优秀的局部破解方案。因此,我们将对这些优秀的挑战者奖励5002000欧元作为感谢。这些部分破解的方案对于我们来说,也是一个巨大的收获。他们发现了一些以前从来未被发现的漏洞。对于这些漏洞的发现,能使我们更好的完善我们的产品,加强其安全性。

部分解决方案

  • 部分内存转储
  • 部分记录/播放方式
  • 奖励16000欧元

底线

我们承认没有一个软件保护系统可以做到百分之百安全,但是做到以下几点将使我们获得足够的安全:

        • 安全的硬件:CmDongle提供安全的密钥存储系统和强大的智能卡芯片加密系统。当软件检测到攻击时,CodeMeter®系统可以自动锁定许可密钥。
        • 安全的软件集成技术:受保护程序的可执行代码和资源部分将永远不会被完整的解密与计算机内存中。可变加密,反Debug,陷阱系统以及源代码独立加密系统的使用,都将增加软件保护系统的安全性。

CodeMeter® has not been cracked!