KEYnote 34 English - Fall 2017 - Page 5

Most of these methods are implemented for Windows , which reflects the fact that most hacker tools are also used on Windows systems .
IxProtector for Dynamic Decryption in Runtime
IxProtector is the third layer of protection against memory dumps . You define individual functions that are kept in memory in encrypted form like other resources . You can use WupiDecryptCode and WupiEncryptCode to define yourself when which function would be encrypted and decrypted .
A memory dump would normally only produce a set of encrypted functions in this case . For a genuinely complete and executable hack , the hackers would have to decrypt all functions and piece the puzzle back together manually . By increasing the number of encrypted functions and decrypting them dynamically during runtime , you are effectively increasing the effort for the would-be attacker .
IxProtector is available for Windows , Linux x86 / x64 / ARM , and macOS .
Traps Preventing Static Analysis Attackers might try to decrypt all functions manually before attempting a memory dump or after they have access to the dump .
They would need the right license for the functions they are trying to hack . As another unique feature of the CodeMeter universe , different licenses come with different keys . If individual functions are assigned to different licenses , they would also be encrypted with different keys . To crack them , the hackers would need the entire key set .
Even in the unlikely case that this ever happens , IxProtector has a fourth protection mechanism : traps that are set to prevent the systematic decrypting of all functions . You include certain functions in your software that are never called in normal operations . At the start of each function , a special lock code is introduced . If a hacker then randomly decrypts this function ( while working his or her way through the entire set ), the code locks the license and stops the decryption of the remaining functions until it is allowed again by the developer . This is an effective mechanism , especially for CmDongles .
Translocated Execution for Ultimate Protection
Translocated Execution is the fifth , ultimate layer of protection against memory dumps . In addition to stronger security , Translocated Execution offers automatic features that make the integration of IxProtector simpler than ever .
Translocated Execution is an expansion of IxProtector . In contrast to the standard IxProtector , the functions are not decrypted and executed at their original location , but at a different place in memory . The same location is then used for several other functions , one after the other . This makes the process a confusing and complex puzzle for hackers , as it becomes dramatically more difficult to understand which piece goes where . It is a jigsaw puzzle whose pieces keep swapping places and changing form . On top of all this , the specific location where the decrypted code is handled is one that is ignored by most common dumping tools .
Two options are available for decryption :
1 . Automatic decryption 2 . and Manual decryption
When using automatic decryption , you do not have to worry about decrypting your functions . AxProtector automatically injects the required decryption code at the place of the original function . The function can also be kept in cache for a brief time before it is automatically cleared away . Without this optional caching , the function is immediately removed or overwritten once it has been executed .
For additional control or if the original function is too small , you can decrypt your functions manually with WupiDecryptCode and WupiEncryptCode and remove it from cache , as in the original IxProtector . You can choose the best option for your needs individually for each function .
Translocated Execution is available for Windows , Linux x86 / x64 , and macOS .
High Level Languages For high level programming languages like . NET and Java , AxProtector . NET and AxProtector Java offer two specialized tools , designed for these specific use cases . The line between AxProtector and the methods of IxProtector is less sharply defined in this case . Methods , functions , and classes are decrypted dynamically during runtime , and traps can be set . In the case of . NET , the decryption happens automatically at a different location in the memory .
Conclusion CodeMeter Protection Suite guards your software against memory dumps . IxProtector and Translocated Execution equips you with two powerful methods that are easy to integrate and add more layers of protection around your applications .
5
Most of these methods are implemented for Windows, which reflects the fact that most hacker tools are also used on Windows systems. addition to stronger security, Translocated Exe- cution offers automatic features that make the integration of IxProtector simpler than ever. IxProtector for Dynamic Decryption in Runtime Translocated Execution is an expansion of IxProtector. In contrast to the standard IxProtector, the functions are not decrypted and executed at their original location, but at a different place in memory. The same location is then used for several other functions, one after the other. This makes the process a confusing and complex puzzle for hackers, as it becomes dramatically more difficult to understand which piece goes where. It is a jigsaw puzzle whose pieces keep swapping places and changing form. On top of all this, the specific location where the decrypted code is handled is one that is ignored by most common dumping tools. IxProtector is the third layer of protection against memory dumps. You define individual functions that are kept in memory in encryp- ted form like other resources. You can use WupiDecryptCode and WupiEncryptCode to define yourself when which function would be encrypted and decrypted. A memory dump would normally only produce a set of encrypted functions in this case. For a genuinely complete and executable hack, the hackers would have to decrypt all functions and piece the puzzle back together manually. By increasing the number of encrypted func- tions and decrypting them dynamically during runtime, you are effectively increasing the effort for the would-be attacker. IxProtector is available for Windows, Linux x86/x64/ARM, and macOS. Traps Preventing Static Analysis Attackers might try to decrypt all functions manually before attempting a memory dump or after they have access to the dump. They would need the right license for the functions they are trying to hack. As another unique feature of the CodeMeter universe, different licenses come with different keys. If individual functions are assigned to different licenses, they would also be encrypted with different keys. To crack them, the hackers would need the entire key set. Two options are available for decryption: 1. Automatic decryption 2. and Manual decryption When using automatic decryption, you do not have to worry about decrypting your functions. AxProtector automatically injects the required decryption code at the place of the original function. The function can also be kept in cache for a brief time before it is automatically cleared away. Without this optional caching, the function is immediately removed or over- written once it has been executed. For additional control or if the original function is too small, you can decrypt your functions manually with WupiDecryptCode and WupiEn- cryptCode and remove it from cache, as in the original IxProtector. You can choose the best option for your needs individually for each function. Translocated Execution is available for Windows, Linux x86/x64, and macOS. High Level Languages For high level programming languages like .NET and Java, AxProtector .NET and AxProtector Java offer two specialized tools, designed for these specific use cases. The line between AxProtector and the methods of IxProtector is less sharply defined in this case. Methods, functions, and classes are decrypted dynamically during runtime, and traps can be set. In the case of .NET, the decryption happens automatically at a different location in the memory. Conclusion CodeMeter Protection Suite guards your soft- ware against memory dumps. IxProtector and Translocated Execution equips you with two powerful methods that are easy to integrate and add more layers of protection around your applications.  Even in the unlikely case that this ever happens, IxProtector has a fourth prote [ۂYX[\N\]\H]][B\[X]XXܞ\[و[[[ۜˈ[B[YH\Z[[[ۜ[[\ٝ\B]\H]\[Y[ܛX[\][ۜ˂]H\وXX[[ۋHXX[˜H\[XY YHX\[[[BXܞ\\[[ۈ [Hܚ[\܂\^HYH[\H] KHHHX[H[HXܞ\[ۈوB[XZ[[[[ۜ[[]\[YYZ[BH][\\\[YX]HYX[\K\XX[H܈Qۙ\˂[]Y^X][ۈ܂[[X]HX[ۂ[]Y^X][ۈ\HY [[X]B^Y\وX[ۈYZ[Y[[ܞH[\ˈ[