PROTECTION
Blurry Box Hacker ’ s Contest
Hundreds of eager participants from all over the world took part in our latest hacker ’ s contest . Their mission : To crack the Blurry Box ® protection for a game application to work without its license . Blurry Box is a novel protection technology that relies on fully public encryption mechanisms . The end result : Not a single hacker managed to break the new technology .
For three long weeks , the contestants labored away at the challenge . Two indeed managed to send meaningful results to the independent jury , including Professors Dr . Thorsten Holz and Dr . Christof Paar from the Horst Goertz Institute ( HGI ) and Professor Dr . ( TU NN ) Norbert Pohlmann from the Institute for Internet Security if ( is ). Neither hack actually broke the Blurry Box protections . The jury decided to withhold the € 50,000.00 prize money , but both entrants were granted € 1,000.00 in recognition of their effort . The remaining prize money will go towards more research and development in the area .
Blurry Box was developed by the Competence Center for Applied Security Technology ( KASTEL ) at the Karlsruhe Institute of Technology ( KIT ), the Research Center for Information Technology ( FZI ) and Wibu-Systems and took first prize at the 2014 German IT Security Awards . It has been integrated in CodeMeter and its capabilities have been proven publicly in the open contest . The technology , based on seven special mechanisms , duplicates , modifies , and encrypts individual functions in a program and selects the right variant only during runtime , with due consideration for the program flow . It also limits the rate of decryption . When a function is called up , only that function will be decrypted , while the other functions remain locked away in the memory . Decrypting a function that is not actually required will lead to the automatic termination of the license , making brute force attacks impossible . The effort that would-be hackers need to invest to crack the protections is higher than the work that would go into developing the program from scratch . For a vivid explanation of the mechanism , Wibu-Systems has produced a special animation video : http :// www . wibu . com / bb .
Professor
Dr . Joern Mueller-Quade , Director of the Institute of Cryptography and Security at the Karlsruhe Institute of Technology ( KIT ), explains the thinking behind the contest : “ The results of the hacker ’ s contest make me proud . However good our analytical work beforehand , real-world security depends on how well our theoretical models match the reality out there . We can only know this by observation and empirical experiments . Even theories benefit from hacker ’ s contests . Our IT security research at the KASTEL competence
Delay
State Engine
Modification
Variants
Choice
Encryption
Traps center sees systems holistically and considers many different disciplines and methods . Blurry Box is a perfect example of this .”
Blurry Box is being integrated in AxProtector , IxProtector , AxProtector . NET , and AxProtector Java . Parts of its features , specifically traps and the encryption of individual functions , are already in use , and more features will be added – a good reason to always stay up to date and use the newest version of CodeMeter Protection Suite .
Greater security is usually coming at the price of lower performance . This means that some of the more computing-intensive features of Blurry Box will only be working with local licenses .
Blurry Box vs . CodeMoving : Who wins ?
Blurry Box and CodeMoving are not mutually exclusive . In fact , Blurry Box uses CodeMoving to select the next method on the CmDongle . However , traditional CodeMoving typically works slowly and the protected functions are trivial . With Blurry Box , CodeMoving truly comes into its own . Even complex functions can now be protected , and only the choice of variants is made on the CmDongle . This makes Blurry Box readily scalable with continued acceptable performance .
3