mix your experience in RE with Coding then you will make an uncrackable soft :d

starforce the best for me and too hard ! also i will keep it private
But One day a friend Told me this : What ever is executed IS CAN BE CRACKED (he have cracked ZENON 7 !

Hi p4r4d0x
"What ever is executed IS CAN BE CRACKED"; not always.

For all practical concerns, the statement "Whatever is executed can be cracked" is correct. However, from a more theoretical perspective, a protection based on homomorphic encryption is in principle not crackable, only its input and output are observable. For specific cases this can yield an uncrackable (i.e. not understable) mechanism.

Protection builded on WhiteBox technology

where i can get software + medicine?

For your concern ... what is made by man hands will be "broken" also by mans hand.
So i think is no "uncrackable" protection.
Just hard to bypass or reverse.
It just require lots of knowledge and hard work.
All software protections are down at the moment.
Most of the hardware protections can be emulated, bypassed.
I think the private solutions for the protections exists in every passionate reverser.
Most of the strong protections solutions are kept in private so from here the impresion that a protection is "uncrackable".
I think the discusion is futile.
The thread subject is, IMHO, what is the hardest software protection not "uncrackable".
;)

Well, as I said that's not technically correct. Counter examples include homomorphic encryption which is provably secure with respect to what information can be extracted from the code using static/dynamics analysis.
Also, take crypto systems such as RSA or AES, those were built "by man" as well. By your logic you should be able to break any instance of it. That's obviously not true.

Depends on the time and resources only. They are secure enough from the current point of view. BTW, for practical reasons RSA le 512 is insecure. AES is also not secure in some cases, including pure WBAES.
homomorphic encryption looks nice as theory, but there are no existing implementations.

Sure, but his general statement is not true for all practical concerns. Or to put it differently: I can construct an instance which you won't be able to crack within the lifetime of our universe.

There are libraries (just google for it), but I haven't seen an implementation that was used for a protection mechanism.

LOL
Yes it is.
For me the argue is over.

Is that supposed to be an argument? Since you disagree with my statement

you must be able to break any problem instance in that domain. How about I give you a RSA4096 public key and you factor it for me?
Quite obviously, you won't be able to do so, and I don't think anyone can arguably disagree with that (without trolling).

@mcp
You can not proof it because nobody knows which attacks appear tomorrow. Just suppose in 10 years quantum computers appear. And almost all current crypto would be trash.
Years ago DES looks uncrackable. Nowadays it is weak.
The same to RSA. Ten years ago RSA-512 was strong. Now it is weak.
Could you make the RSA less or equal to 512 bits which we can not crack? Sure, you cant. Most algos add more rounds to be stronger or increase key sizes or other params.

HE libraries are very rough. Limited in the operations to Add and Mul in most. Also, it is hard to imagine the use cases which help to protect applications. Could you describe any?
To operate in HE you need both numbers encrypted with private key. To decrypt result you need also public key. Would you store both keys in the software? Or how do you plan to make protection?

Of course there is exactly one crypto scheme which is provably secure against any attack (OTP) but I was just arguing against the claim of being able to break any instance of those problems. And that's obviously not true.

Yap, there's a reason why not "everything" just simply switches to (F)HE schemes. There are multiple reasons: a) it is slow as hell b) full HE isn't trivial, most libraries limit themselves to addition and/or multiplication as you said.
Take for example the use case that you want to compute something which must not be revealed to the public, still the computation has to be made on every consumer's device, and the consumers must not know how the computations inner workings look like.
Then again, the weak points of FHE are the input and output values: if these are to be used in other non-HE parts of the program, these clearly must be decrypted.

As always in security, you have to be aware of the "attacker model": FHE per se cannot be used to create any kind of "unbreakable" protection, and no sane person would ever claim that. On the other hand, I strongly disagree with the statement that "everything made by man can be broken". That's too broad of a statement and is simply not true in general.

Sure, it can be. But nobody guarantees it will work after that or even be valid. :D:p

Whilst I agree, I don't see how that is relevant to software protection. Your analogy is like saying I let anyone download the fully registered version and say its uncrackable as the executable is encrypted by a 4096-bit RSA private key. Sure, it will take many years (maybe longer) to 'crack'.

However, make a piece of software runnable only with a license file, protect the license file with an RSA 4096-bit private key and I guarantee you it will be broken and fully registered versions available within 24 hours.

Same goes for if the license checking is built into a dongle. If you have access to the dongle, the software be made to work without it. I have done this many times for people who worry about the security of their software dongles.

How about Senselock and other dongles which are built on smart card technology?

If you read my answer in the context of the original claim that "anything made by man can be broken by man", then my answer makes sense again. It was simply a counter example to that claim, not necessarily related to copy protections in generl.

Hi mates,
How would you rank latest SolidShield? Thanks!

What's some modern software that uses it? It pretty much faded into obscurity after AAA games dropped it sometime over a decade ago
Did they develop an x64 protection? Sometimes it's a huge step back

It's pretty lame protection compared to today's standards. Can be cracked quite easily.

I believe Safenet Sentinel LDK protection - its very hard to unpack files protected by this software and maybe few has ever to do it but I never know someone.

True. Only the paid ones post the solutions these days for the Sentinel LDK. No free tuts!

I think Wibu CodeMeter can also occupy a place，it can be the best one.

It is the worst one in dongle. See how many codemeter apps are cracked and released on regular basis. I agree that it could be implementation problem in some cases, but still...

FlexLM still number 1 when ranking “uncrackable” software protection

you are not right... one bytes patch and passed checkout license for long SIGN. or use fake public key for client/daemon

I agree.
There used to be a saying that FlexLM is for "honest" companies and people who want to honestly keep track of the licenses they purchased and use.

For crackers and pirates like us who do not care about licensing software, FlexLM is one of the easiest protections to crack! :D
This protection was always cracked right after release! :cool:

Oh ok, well I’ve got to learn about it then :) ; what do you think about Viper from back engineering ?

Tyro, you said in another thread just now how important license restrictions are and that you must follow them. Now you are saying you don't care at all. Are you teaching a masterclass in hypocrisy?

Properly implemented latest versions of Sentinel Pro dongle (AppOnChip, etc) have not been fully cracked yet.
Nearly all the other protections have been completely cracked.

Very little has change for flexlm the past few years.
You can start with darsy tuts. A good starting point.

Despite the claims made the vendor, the overall process to crack it has not changed much over the years.
All the required tools and techniques are available in this forum.
If you have any questions, I will be happy to help.

Never heard of viper. Any real-life examples?

Tyro, several things have changed, likely you should have a look at notably "New Obfuscation Mechanism for Client and Server Communication"

Tyro, I understand that you are unfamiliar with FlexLM.
See post 107 by master FoxB. It can be cracked very easily even today, if you know how. Whatever the vendor claims are all BS!

Tyro (and we can see from your registration date that you are the tyro, you dont seem to know what it means), the variety of cloud and web related security features are not clear as to whether anyone has found a target using them or defeated them. The underlying scheme being weak, maybe we don't expect much.