Results 1 to 5 of 5

Thread: What is Themida

  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    What is Themida

    Themida


    Themida is a powerful software protection system designed for software developers who wish to protect their applications against advanced reverse engineering and software cracking. Themida uses the SecureEngine protection system to achieve its goals, making it really difficult to break using the traditional and newest cracking tools.
    Themida has been designed to completely stop novice and advanced crackers from cracking an application. That will avoid a considerable revenue loss from the distribution of cracked applications. Developers do not need any source code changes or programming experience to protect their applications with Themida.


    Why use Themida?
    Themida has been designed with the newest and most powerful technology in software protections, SecureEngine. From the attacker point of view, Themida is completely different to traditional software protectors, due to its complex protection engine and its high priority code that allows supervising the whole system against possible attackers. From the software developer's point of view, Themida is quite easy to use and easily adapts its protection techniques to suit a developer's needs.

    Scenarios for using Themida
    Themida uses the SecureEngine protection system to cover a wide range of scenarios. SecureEngine is the ideal solution in the following situations:
    • Protecting an application against modifications and software piracy: SecureEngine protects the integrity of an application by encrypting and decrypting its code at runtime, using revolutionary techniques that defeats any of the traditional or newest cracking tools.
    • Protecting an application against reverse engineering: SecureEngine uses a wide range of techniques to prevent reverse engineering. An attacker will not be able to use cracking tools to analyze the code of a protected application.
    • Protecting an application against monitoring tools:* SecureEngine includes the most advanced techniques to detect registry and file monitoring tools. Developers choose the desired option to finish the execution of their applications upon the detection of monitoring tools.


    Vulnerabilities in software protectors
    Other software protectors have important vulnerabilities, which prevent them from being a perfect solution to protect an application against reverse engineering or cracking. The following section identifies some of those vulnerabilities and shows how Themida resolves them.

    Obsolete protection techniques
    Most modern software protection systems use already broken techniques that are quite easy to bypass. Normally, an attacker will reuse the same proven tools that have been used over years to break protection systems. Often the attacker will release a global technique to attack every application protected by a specific protection system. SecureEngine uses new technology in software protection to ensure each protected application is unique thus preventing any cracking tool from being used to create a universal crack to your application.

    Attackers are one step ahead of the protection system
    When a software protection system has been broken, their authors implement patches to avoid a specific attack from being used again on new versions. Typically attackers will inspect the new changes that have been applied in the new version and will easily bypass them again. In this common scenario, attackers are always one step ahead from the protection system because the new applied patches can easily be identified and defeated.
    SecureEngine has a different approach to avoid this. If vulnerability is found the vulnerable object is quickly changed (due to the mutable technology used in SecureEngine) instead of releasing a patch against the specific threat. The new object, joined with the rest of the SecureEngine objects, creates a completely new protection system. The benefits of this, when compared to common software protectors, is that attackers will have to reexamine the whole protection code to bypass the new changes.


    Understanding the risk

    When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Then the object files are linked together to create the final executable.


    Figure 1: Compilation of your source code

    In the same manner that the source code of an application is converted into machine code at compilation time, there are tools that can convert a compiled application into assembly language or a higher programming language. These tools are known as dissemblers and de-compilers.



    Figure 2: Decompilation of your application

    An attacker can use a dissembler or de-compiler to study how a specific application works and what a specific routine does. When the attacker has a good knowledge of the target application, he can modify the compiled application to alter his behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever or even worse, cause the application to behave as if it was registered.


    Software protectors

    Software protectors where created to keep an attacker from directly inspecting or modifying a compiled application. A software protector is like a shield that keeps an application encrypted and protected against possible attacks. When a protected application is going to be run by the operating system, the software protector will first take control of the CPU and check for possible cracking tools (dissemblers or de-compilers) that may be running on the system. If everything is safe the software protector will proceed to decrypting the protected application and giving it the control of the CPU to be executed as normal.

    The advantages of using a Software Protector are:
    1. Protect an application against piracy.
    2. Prevents attackers from studying how an application is implemented.
    3. Will not allow attackers to modify an application to change its behavior .



    The weakness

    Since software protectors were born, many attackers have centered most of their efforts on attacking the software protectors themselves instead of the applications. Many tools have been developed that aid in the attacking of software protectors. These attacks often result in the attacker obtaining the original application that is decrypted and has the protection wrapper removed.



    Figure 3: Common software protectors philosophy

    The main problem with software protectors is that they use protection techniques very well known by crackers, so they can be easily bypassed with traditional cracking tools.

    Another important problem in software protectors is that they have restricted execution by the operating system, that is, they run with normal application privileges. Because of this attackers can use cracking tools that run at the same priority level as the operating system allowing them to fully supervise what a software protector is doing at a certain time and attack it in specific places.


    Solution

    With Themida , we have centered in the main weakness that software protectors have thus providing a complete solution to overcome those problems. Themida uses the SecureEngine protection technology that, when running in the highest priority level, implements never seen before protection techniques to protect applications against advanced software cracking.



    Figure 4: Themida protection procedure

    These are the key features of Themida:
    • Anti-debugger techniques that detect/fool any kind of debugger
    • Anti-memory dumpers techniques for any Ring3 and Ring0 dumpers
    • Different encryption algorithms and keys in each protected application
    • Anti-API scanners techniques that avoids reconstruction of original import table
    • Automatic decompilation and scrambling techniques in target application
    • Virtual Machine emulation in specific blocks of code
    • Advanced Mutator engine
    • SDK communication with protection layer
    • Anti-disassember techniques for any static and interactive disassemblers
    • Multiple polymorphic layers with more than 50.000 permutations
    • Advanced API-Wrapping techniques
    • Anti-monitors techniques against file and registry monitors
    • Random garbage code insertion between real instructions
    • Specialized protection threads
    • Advanced Threads network communication
    • Anti-Memory patching and CRC techniques in target application
    • Metamorphic engine to scramble original instructions
    • Advanced Entry point protection
    • Dynamic encryption in target application
    • Anti-tracing code insertion between real instructions
    • Advanced Anti-breakpoint manager
    • Real time protection in target application
    • Compression of target application, resources and protection code
    • Anti-“debugger hiders” techniques
    • Full mutation in protection code to avoid pattern recognition
    • Real-time simulation in target application
    • Intelligent protection code insertion inside target application
    • Random internal data relocation
    • Possibility to customize dialogs in protected application
    • Support of command line
    • Many many more...


    SecureEngine defeats all current cracking tools that can be used against protected applications and it will make sure that your protected applications are only run in safe environments.


    Figure 5: SecureEngine technology adds more strength to the existing protection
    from official site

    Official site: Oreans Technology : Software Security Defined.
    Themida help file
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following 6 Users Say Thank You to Dwar For This Useful Post:


  3. #2
    rodoxfnx
    rodoxfnx is offline
    Banned
    Join Date
    2011 Dec
    Posts
    281
    Thanks Thanks Given 
    48
    Thanks Thanks Received 
    745
    Thanked in
    77 Posts
    Rep Power
    0
    I would say "HOW TO F*** DISABLE THEMIDA! HAHAHA" just joking.
    Good job and thanks for the info, reading it.
    But still thanx advanced.

  4. #3
    cassiopeia12
    cassiopeia12 is offline
    New member
    Join Date
    2012 Jan
    Posts
    6
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    lol, I agree with tpam, how the f did you manage to disable Themida? More power to dwar.

  5. #4
    DarkSider
    DarkSider is offline
    New member DarkSider's Avatar
    Join Date
    2012 Feb
    Location
    Fortaleza,Brazil
    Posts
    9
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    How i unpack Xtrap.xt thats protected with THEMIDA or WinLicense?i tried UnThemida but failed.

  6. #5
    Sirmabus
    Sirmabus is offline
    New member
    Join Date
    2010 Jul
    Posts
    20
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    10
    Thanked in
    4 Posts
    Rep Power
    0
    Something new to decode virtualized code.
    Usually these sections are important enough that the game developer wants to hide in the client so they are probably important for at least something; client authentication, etc.

    Now you can decode these sections with an IDA Plug-in this guy made:
    DeCV — a decompiler for Code Virtualizer by Oreans
    https://github.com/pakt/decv

Similar Threads

  1. [Dev] Weapons of War Themida Unpacked
    By h4x0r in forum Other MMO
    Replies: 3
    Last Post: 2015-11-03, 01:00 AM
  2. [Release] Aika Online Themida unpacked
    By Dwar in forum Aika Bots, Hacks, Cheats
    Replies: 114
    Last Post: 2014-01-28, 09:54 PM
  3. [Help] aika unpacked themida
    By possotesta in forum Aika Online
    Replies: 0
    Last Post: 2012-01-04, 04:51 PM
  4. unpack themida
    By bboydav in forum General Game Research
    Replies: 4
    Last Post: 2012-01-03, 11:49 AM
  5. i need aika themida unpacked
    By necromaniaco in forum Trash Bin
    Replies: 0
    Last Post: 2011-09-27, 03:20 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •