We’ve been asked many times what are the best way to protect software against cracking and reverse engineering with Enigma Protector? Here I will explain what are the best tricks to protect usual application.
Many developers think that if they simply click “protect” button then protection program will do everything automatically, and there is no need to embed additional protection features. This is completely wrong. Protection System as a very complex service also requires configuration.
Best way to protect application against cracking, unpacking or patching is integration protection into your application. So protection should be a part of application and it should perform some functionality that is necessary for stable and correct work of your product. Just imagine, if you do not use additional protection features, the protection works like an envelope inside which the real application is located. While execution of the program, the envelope opens, and application is being mapped to the process memory for execution. If no additional options of protection is used, cracker may dump the application from the memory, extract necessary information, and reverse it (of course, this is not so easy as I’m writing, newbie cracker will never pass even such protection, but very advanced crackers may do this). From the other side, if your application is integrated with protection (envelope), if application talks and works with envelope, then it is very difficult to divide protection and application and so very difficult to unpack and crack the protection.
Below are common ways how to integrate protection into application.
Virtual Machine
The modern way of protection – virtualization application code. The main purpose of Virtual Machine – translate executable code to own PCODE and then execute it on own virtual processor. 4 letter domains data mining Virtualized code is very difficult to reverse, it is good choice to place some unsafe code parts (like verifying registration keys, trial counter etc) inside Virtual Machine. http://www.softwareprotection.info/2011/07/best-ways-to-protect-your-software/In the Enigma Protector there are 2 ways to virtualize the code:
– using VM Markers, you just around necessary code parts with the VM Markers, and this code will be virtualized while protection
{$I ..\..\..\EnigmaSDK\Delphi\vm_begin.inc}
ShowMessage('This message is shown under virtualized code');
{$I ..\..\..\EnigmaSDK\Delphi\vm_end.inc}
– using Virtual Machine – Functions Selecting feature. Using this feature may require to generate a MAP file, take a look there how to generate map file for different compilers.
Virtual Box
This feature allows to embed the files that your application uses into single protected executable. Embeded files are not extracting to the disk, protection emulates them only in memory, so the files becomes safe. What is advantage of this feature, and how it can help to protect application? Very simple, if cracker want to unpack protection, he will need also extract all embeded files, that could be very difficult!
Markers
Except described above VM Markers it is good to use any other kind of markers. For example, Reg_Crypt markers allows to lock code parts to the registration key, i.e. until the application is not registered, the code inside Reg_Crypt markers become encrypted and can’t be decrypted and executed.
Run_Once marker – deletes the code inside it from the memory after first execution, so if cracker will dump process memory, the code inside these markers will be missed
Enigma API
Try to use special functions of protection that allows control many protection parameters, read more there Enigma API
Crackers often use different strings that exist in your application to find a way to crack it. For example, if you perform check of registration key and then show a message like “Invalid Key”, cracker may find a code where this message is shown, then find a code that check registration key and bypass it. To hide such string constants you may use Protected Strings feature and integrate protection with application by using EP_ProtectedStringByID or EP_ProtectedStringByKey Enigma API.