Jump to content
Tuts 4 You

Is Themida (WinLicense) x64 is most hard crackable protector ?


Recommended Posts

Is Themida (WinLicense) in it x64 version is most advance and hard to reversing (unpack + devirt) protector ? For last year i search help and people who just broke WL x64 and did not find decision.  So lets start poll (voting) is Themida (WinLicense) is most hard brokable exe protector you even know.

  • Like 1
Link to comment

Let's forget about the packing, is not saying anything nowadays the important protection is the virtualization.

And well having devirtualized both of the top protectors themida and vmprotect for me personally it took longer to devirtualize vmp than themida (basic vms).

Themida is harder to get the semantics for each handler which in vmp is easy peasy.

But on the other side to "restore" the original code I found it much harder with vmp than with themida as the code is transformed to a stack based virtual machine.

In Themida (at least the basic ones which I analyzed) the conversion from handler to original code is almost 1:1.

In VMP you will have to make your own "compiler" / optimization passes to get something close to the original code.

Ofc not always the goal is to restore the original code, but to understand it little bit and change some inner jcc inside for example in that case vmp debugging is simpler than a black oreans vm.

If you care about security and not so much about performance I would go more with a double-layered vm from Oreans and with the black variant (EAGLE, SHARK and PUMA).

The complexity of those virtual machines plus the obfuscation of black overcomes the complexity of VMProtect single vm.

Also there are lots of public documention for vmp meanwhile for new themida vms not so much.

Ofc you can always go with a not so well know protector like Obsidium / Enigma.

All of the above is supposing you want to protect some native code, if you want to protect some .NET program then forget all of the above and go for some modded Confuser / NETReactor or something similar.

Just my 2cents.

  • Like 5
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...