RYZENTH Protector

Advanced Windows software protection system designed for software developers who wish to protect their applications against advanced reverse engineering and software cracking.

Version 3.1.9.0 • Windows 32/64-bit • .NET Framework Support

Trusted by top-shelf companies around the world

Leading game developers rely on RYZENTH for their software protection needs

Overview

Understanding the Risk

When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Then the object files are linked together to create the final executable.

Source Code

Object File
(Machine Code)

Executable

Figure 1: Compilation of your source code

In the same manner that the source code of an application is converted into machine code at compilation time, there are tools that can convert a compiled application into assembly language or a higher programming language. These tools are known as disassemblers and de-compilers.

Your Software

Your Executable

Disassembler or
Decompiler

Source Code
(Assembly)

Figure 2: Decompilation of your application

An attacker can use a disassembler or de-compiler to study how a specific application works and what a specific routine does. When the attacker has a good knowledge of the target application, he can modify the compiled application to alter his behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever or even worse, cause the application to behave as if it was registered.

Revolutionary Solution

With Themida®, we have centered in the main weakness that software protectors have thus providing a complete solution to overcome those problems. Themida® uses the SecureEngine® protection technology that, when running in the highest priority level, implements never seen before protection techniques to protect applications against advanced software cracking.

Executable

Decompiles
Some Code Blocks

Each Code Block
is Protected

Overall Protection
Added (Themida)

Protected
Executable

Figure 4: Themida® protection procedure

SecureEngine® defeats all current cracking tools that can be used against protected applications and it will make sure that your protected applications are only run in safe environments.

Protected
Executable

SecureEngine

Advanced Anti-Cracking Techniques
Added to Executable

Final Protected
Executable

Figure 5: SecureEngine® technology adds more strength to the existing protection

Current Protectors Claim to be the Best!

Software protection programming is not a very well known field for most programmers. Software protection techniques are not like "visible" features that can be seen and compared. Because of this most software protection authors could talk about impressive techniques that are included deep inside the protection scheme, when many times most of these techniques hardly exist or they are much simpler than what they seem. Most software protectors reiterate a lot about using very strong cryptographic algorithms like RSA, Elliptic curves and AES hoping that the final user will believe that those protectors and the cryptographic algorithms are unbreakable. This is far from the truth as software protection is very different from data protection. Even if a software protector encrypts the protected application with the most robust cryptographic algorithm, sooner or later the protected application needs to be decrypted in order to be run by the CPU. It is in this phase when most attackers will start their work by dumping the decrypted application from memory to disk thus not having to deal with the cryptographic algorithm and reconstruction of the original application.

Software Protectors

Software protectors were created to keep an attacker from directly inspecting or modifying a compiled application. A software protector is like a shield that keeps an application encrypted and protected against possible attacks. When a protected application is going to be run by the operating system, the software protector will first take control of the CPU and check for possible cracking tools (disassemblers or de-compilers) that may be running on the system. If everything is safe, the software protector will proceed to decrypting the protected application and giving it the control of the CPU to be executed as normal.

The advantages of using a Software Protector are:

•Protect an application against piracy.
•Prevents attackers from studying how an application is implemented.
•Will not allow attackers to modify an application to change its behavior

The Weakness

Since software protectors were born, many attackers have centered most of their efforts on attacking the software protectors themselves instead of the applications. Many tools have been developed that aid in the attacking of software protectors. These attacks often result in the attacker obtaining the original application that is decrypted and has the protection wrapper removed.

Source Code

Object File
(Machine Code)

Executable

Protector
(Common)

Protected
Executable

Figure 3: Common software protectors philosophy

The main problem with software protectors is that they use protection techniques very well known by crackers, so they can be easily bypassed with traditional cracking tools. Another important problem in software protectors is that they have restricted execution by the operating system, that is, they run with normal application privileges. Because of this attackers can use cracking tools that run at the same priority level as the operating system allowing them to fully supervise what a software protector is doing at a certain time and attack it in specific places.

The Mission

In Themida® we want to be realistic about which weakness can be exploiting by attackers and what we really need to pay attention to protect an application with the highest security possible against software cracking.

Features

These are the key features of Themida®:

Anti-debugger techniques that detect/fool any kind of debugger

Different encryption algorithms and keys in each protected application

Anti-API scanners techniques that avoids reconstruction of original import table

Automatic decompilation and scrambling techniques in target application

Virtual Machine emulation in specific blocks of code

Advanced Mutator engine

SDK communication with protection layer

Anti-disassembly techniques for any static and interactive disassembler

Multiple polymorphic layers with more than 50,000 permutations

Advanced API-Wrapping techniques

Anti-monitors techniques against file and registry monitors

Random garbage code insertion between real instructions

Specialized protection threads

Advanced Threads network communication

Anti-Memory patching and CRC techniques in target application

Metamorphic engine to scramble original instructions

Advanced Entry point protection

Dynamic encryption in target application

Anti-tracing code insertion between real instructions

Advanced Anti-breakpoint manager

Real time protection in target application

Compression of target application, resources and protection code

Anti-"debugger hiders" techniques

Full mutation in protection code to avoid pattern recognition

Real-time simulation in target application

Intelligent protection code insertion inside target application

Random internal data relocation

Possibility to customize dialogs in protected application

Support of command line

Many many more...

Download

You can download and evaluate RYZENTH by downloading our DEMO version.

•Demo Release: 3.1.8.0

Date: 15-Jan-2024

Pricing

We offer two types of licenses for Themida, Developer License (249 EUR) and Company License (499 EUR).

If you are a solo developer, one-man company or a company with just one software developer, you just need to purchase the Developer License.

For companies with more than one software developer, you need to acquire the Company License.

You can purchase a license for Themida here.

Developer License

Perfect for individual developers

€249

Single Developer

Company License

For companies with multiple developers

€499

Multiple Developers

Frequently Asked Questions

Get answers to common questions about RYZENTH Protector and software protection

Still have questions?