Blurry Box, the Unbreakable Software Protection Technology

A group of worldwide hackers could not crack Wibu-Systems' new encryption scheme

Blurry Box, the latest software encryption technology from Wibu-Systems, remains undefeated at the 2017 Global Hackers’ Contest
Blurry Box, the latest software technology from , remains undefeated at the 2017 Global Hackers’ Contest

Hundreds of participants from all corners of the globe have taken part in a hackers contest aimed at cracking a game protected with Blurry Box®, the pinnacle of encryption recently launched by Wibu-Systems. The outcome: No one could break the latest software protection technology introduced by the leading provider of license management in the industrial world.

The contestants tried frantically for three weeks; two of them submitted their results to the independent jury consisting of IT scientists from the Horst Goertz Institute (HGI) and the Institute for Internet Security - if(is). Their exploits were proven to be not correct, resulting in a voluntary award of €1,000 each against the total sum of €50,000 that was originally at stake for a complete hacking solution. Instead, it will go towards further research and development.

Wibu-Systems has been focusing on the protection of digital know-how for almost thirty years, leading to the birth of CodeMeter, its flagship solution for safeguarding software publishers and intelligent device manufacturers from intellectual property piracy, product counterfeiting, software reverse engineering, and code tampering. One of the essential components of CodeMeter is its encryption mechanism: The AxProtector module conveniently encrypts the compiled software in a fully automated fashion; the IxProtector module, later integrated in AxProtector, extracts and encrypts individual functions for higher protection against typical cracking techniques.

Still, some complex and software need stronger protections. In 2014, Wibu-Systems, the Karlsruhe Institute of Technology, and the research center FZI took the first prize at the German IT Security Awards for Blurry Box. Since then, the encryption scheme has been integrated into CodeMeter and is now publicly validated through the global challenge. It extracts, duplicates, modifies, and encrypts individual functions, selects variants, and takes the flow of the program into consideration. Traps and decryption delays stop brute force attacks. With such a robust design, hackers would have an easier time rebuilding the software protected with Blurry Box from scratch.

Oliver Winzenried, CEO and founder of Wibu-Systems, who was just named Top Embedded Innovator of 2017, shares his excitement: “In today’s world, wars are shifting towards a digital battlefield. Industrie 4.0, IoT applications, and digitized services will have to be hardened with the most stringent security measures. Our mission is to put our greatest business and private life values into safe hands”.

Prof. Dr. Norbert Pohlmann, one of the contest jurors and Director for Internet Security at if(is), adds "In my mind, it is a great idea that developers let ‘hackers’ take on their products in a public competition. It gives us transparency about how secure and trustworthy they are, and the contest is a great opportunity for the participants to learn about IT security."

Prof. Dr. Thorsten Holz, another of the contest jurors and Deputy Director of HGI and Professor for Systems Security, declares “In 2014, Blurry Box won the 1st prize in the German IT Security Awards, the most prestigious awards for IT security in Germany. Our constant work on refining the concept and the recent success in our hackers¹ contest are a perfect match with the mission of the awards, and it is great to see a concrete product coming out of it. The German IT Security Awards are entering their next round in autumn 2017, and I am very hopeful about repeating our performance in the future."

Prof. Dr. Jörn Müller-Quade, Head of the Institute for and Security at the Karlsruhe Institute of Technology and one of the partners that have organized the contest, states “It is great to see the results of the hackers’ contest, because however careful your analysis is beforehand, true security depends on whether the theoretical models can stand the test of actual reality. We can only know this by trial and observation, which is why even the theory needs a hackers’ contest. The IT security research done at the KASTEL center of competence sees systems holistically and includes many different disciplines and methods for the purpose. Blurry Box is a perfect example of this.”