Quote:
|
The VM steps you enlisted up are for a VirtualPC emulator, and they needs not to be 'explicit'
|
VPC stuff indeed needs these points, also explicit control flow must occur. That's the part I agree. Now let's make the topic harder and erase the following points: 7-11. The first six are left and are still needed for a "real" virtual machine in the meaning of any
protector. If they will not occur then I call it not a virtual machine but pure interpreter. Summarizing: IMHO the first six points should appear in order to call an engine a virtual machine.
Quote:
|
A VM can be shaped in many forms, with implicit or explicit flow and myriads of variants, you would agree that the bulk of a scrambler and a (not complex) VM might have syntactic similarities.
|
Yes, syntatic similarities.
Quote:
|
You can reverse a VM in little time if you know what you are looking, or just go mad for indefinite time. From a coding point of view, the result can be similar. There lies Markus assumption, i suppose.
|
You can reverse VM in little time,
that is right. SafeDisc, SecuROM, new ASProtect - do they contain virtual machine? The discussion would start from the beginning.... "Syntatic similarities" - this name is a good solution for our topic. I would not say they contain vm but I agree they have "syntatic similarities" in the meaning of virtual machine. I also agree they can be reversed in a reasonable amount of time.
Quote:
|
we could go on theory with Church/Turing theorem, goedel incompleteness etc. etc. but it's boring
|
That is the point - boring. Church-Turing vm related solutions are very good but IMHO not here. IMHO they are too weak to implement in protections because of
systematic logic.
Why do I think so?
It will be hard to understand/imagine for some of us since we are jumping from logical discussion into abstract level. According to Church conjecture we can perform (recalculate) any possible algorithm with a computer. In software protection we need a kind of reverse thesis IMHO. Turing dream was to replicate the human mind but if we want to achieve the highest level of security, in the meaning of software protection, then all we have to do is erase
logic word from the dictionary. This is the place where I see the chance of disabling/confusing human mind. The thesis could look like this
"
A function, which would be computable inside X engine, cannot be computed outside its environment without intelligent behavior and learning process."
So what it changes in the meaning of cracking? Nothing, the software will always be crackable. Proposed thesis extends the time needed for analysis.
It extends it a lot. StarForce follows a logic and it is still the very best protection, requiring a minimum of two weeks for analysis and cracking. So far
there is no proof of anyone who managed to rebuild its virtual machine code (if properly implemented). Now, imagine that StarForce goes into the level I propose. How many people could be able worldwide to crack such a protection? 2, 5? How many of them will get the protection in hands? How many of them will have any interest of continous painfull analysis/cracking? Even if one cracks such a protection then, assuming
dynamic structure, another cracking attempt will require similar amount of time to crack one title.
A dream? No, a matter of time. The one who develop such a solution will definitely win the race on security market, leaving competitors few years behind. StarForce is a very good protection, I would say: "definition". But it still can be a lot better. Just like us.
Regards.