WIBU-SYSTEMS AG
Rüppurrer Straße 52-54
76137 Karlsruhe
Telefon: +49 721 93172-0
Telefax: +49 721 93172-22
info@wibu.de

Hackers Contest

 

Wibu-Systems has been organizing “Hacker Contests”  for many years to prove the strength of the CodeMeter® security.  We have hosted these events in Germany, Russia and China (with China and Russia  known to have the highest piracy rates in the world) to prove that we offer the highest level of secure licensing and intellectual property protection.  No contestant has ever succeeded in cracking the sample application protected by CodeMeter®.

Hacker Contest 2011 in Russia

We held our most recent Hacker Contest in Russia from November 23rd to December 8th, 2011.  The hackers were motivated by the 20,000 Euro which would be rewarded to anyone who could crack the CodeMeter protection.  Access to the application needed to be attained without the use of a debugger.  If a debugger was used the CmStick would lock the licensed software and it could no longer be accessed.  CodeMeter® once again proved its comprehensive security when protecting software.  Not one of the 144 participants was able to crack the CodeMeter® protected sample application.  Our distribution partner in Russia – Rainbow Security – was quite excited by the results especially when considering the number of encryption experts who reside in that country. 

The bottom line: CodeMeter® was successful again. 
CodeMeter® was not cracked and not even partial solutions were attained.

Hacker Contest 2010 in Shanghai

All Chinese-located contestants registered for the Hacker’s Contest 2010 had a chance of winning the prize of 100,000 RMB. The Chinese competition started on October 20, 2010 and ended on November 19, 2010. The task was to crack the protected contest application so that it runs without the protection hardware CmStick. Operating a contest with lifelike conditions means that a hacker needs the protection hardware: for this reason each contestant received a CmStick.

The bottom line: CodeMeter® was successful again. 
CodeMeter® was not cracked and not even partial solutions were attained.

Hacker Contest 2007

Wibu-Systems Contest: unbeaten for the fourth time

No protection system can be 100% secure. But we keep trying. In the past, we have organised competitions at Wibu-Systems to test the security quality of our products. In these competitions, a protected program was published, and it was shown that its protection could not be cracked and made to run without the corresponding license in the WibuBox. This practical test is serious and relevant to software manufacturers who want to publish protected software products for free download from their websites.
In our Hackers Contest 2007, we went one step further and the participants not only received the protected application, but also a CmDongle with the corresponding license. Over a thousand contestants entered the competition with prize money worth 32768 euro (or US-$ 40000).

Task

To win the contest participates had to manipulate software protected by CodeMeter® so it would run without the CmDongle.

    Competition with 2 functions
  • Program only executable with CmDongle
  • Function 1: Feature bit set in the CmDongle -> run
  • Function 2: Feature bit not set in the CmDongle
  • Both functions display a password
    Task:
  • Find out 2 passwords.
  • Program must be completely executable without the CmDongle.
  • Send solution and cracked program via email to Wibu-Systems.

 

Contestants

1092 contestants from 27 countries entered the contest and had up to six weeks to remove the copy protection and claim the attractive prize money of 32768 euro (or US $ 40000). Most contestants came from Germany, followed by China, USA, the Netherlands, Poland, Hungary, France, Great Britain, and the Ukraine.

Result

Although the challenge was theoretically solvable, none of the contestants could fully remove the protection. Most of the contestants fell into the trap of trying to by-pass the intruder detection and had their license locked in the CmStick. The only remaining option was to use brute force attacks to decrypt the code. The chance of breaking the 128 bit AES encryption was pracitically zero.

    No one succeeded completely
  • No attack against the encryption
  • No attack against the hardware or manipulation of the Feature Map

Other contestants stumbled at other hurdles. But we did receive some excellent partial solutions and we rewarded these contestants with prizes worth between 500 and 2000 euro. Hackers or Crackers follow different paths to developers, and the partial solutions were an important input for us. These partial winners discovered some weaknesses in our system which we not seen before. The discovery of these weaknesses has allowed us to strengthen our overall security.

    Partial solutions
  • Partial memory dump
  • Partial record/ playback approach
  • Partial solutions awarded with a prizes worth 16000 euro

The Bottom Line

We accept that no security system is 100% secure but a high level of security can be achieved with:

  • Secure Hardware: the CmDongle provides secure key storage and strong encryption in a smart-card chip. The CodeMeter® system includes crack detection which can lock the license key.
  • Secure Integration Technology: the code and resources of the protected application are never fully decrypted in the main memory of the PC. Variable encryption, anti-debugging and obfuscation technologies as well as tools to individually integrate the source code are used to further increase security.

CodeMeter® has not been cracked!

  • Wibu-Systems Blog
  • facebook
  • youtube
  • linkedin
  • flickr
  • twitter
  • googleplus

Contact

Public Relation
Elke Spiegelhalter
+49 721-93172-11
send e-mail