4

This question has been asked before: Have you ever used code virtualizer or vmprotect to protect from reverse engineering?

But as it's 4 years old now I felt it would be OK to ask a similar question again, as it's likely things have changed a lot since then.

We're looking at protecting our software from crackers with software such as VMProtect.

What we would like to know are what are the downsides of using software such as VMProtect? Is it popular software, and does it suffer from many false positives with anti virus? What else should we be considering? Are there any more popular alternatives, or studies comparing them?

Community
  • 1
  • 1
Tom Gullen
  • 61,249
  • 84
  • 283
  • 456
  • Well using public code protectors isint a good idea, if you really want to protect your program, you need to write your own protection. for reference with your question : http://www.softwaresprogramming.com/search/label/VMProtect - http://pl.rghost.net/45008132 – n00b May 05 '13 at 15:21
  • Using an self developed protector is not a good idea unless the user is well conversed in Reverse Engineering and platform intricacies in general. It is better to use a commercial protector lest a hand grown protection may turn out to be lot weaker. Virtualization protectors like VMprotect/Themida offers good protection from majority of crackers but on the downside AVs will complain unless you get a Code Signing Certificate for your application. – Extreme Coders May 23 '14 at 06:12

1 Answers1

0

Yes, new things happened since.

There is a lot of new Anti-temper softwares that appeared in the market, each one with it's own tecnology. some like Arxan and whiteCryption...

Also there is a new anti-temper system called Denuvo that it seems to be almost impossible to reverse engineer.

VMProtect seems to create a virtual processor and run its encrypted code there, this probably have some huge performance loss there, if performance it's not crucial for your code ignore this.

So, there is a lot of options to you to choose, but keep this in mind, every protection program is equal in this: they are not impossible to reverse engineer, so you cant relay only on the protection system to protect your software, some good practices to protect your software are:

  • Don't use the "30 days trial" idea, if you want to give a free sample make a demo where the important features are not compiled with it.
  • Encrypt the software, make sure that only who bought it has the key to decrypt it.
  • Don't let anyone download the full software freely, even if it is encrypted, make sure only the customer can download it.
  • Place watermarks on the code, basically have the info of the customer inside the software, so it can be used to know from where the leak happened.
  • Make the software bound to the specific machine that it was installed (some anti-tempers may do this)

Some downsides of using Anti-tamper to protect your software are:

  • Performance loss (some technologies only hurt the performance non time important functions).
  • Increase in size of the executable.
  • Increase in memory usage.
  • And other that may be program specific..
Ollegn
  • 2,294
  • 2
  • 16
  • 22
  • You can aswell implement you own anti-temper, here you can find some examples http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide – Ollegn Feb 19 '16 at 21:25