hey guys,

the wibu-team (german producer of a dongle) organizes a contest to crack a software protected with wibu-key. you can win DM 10.000,00 (~5.000$). You can get the protected program on 22.03.2001 at the wibu-homepage: http://www.wibu.de or at the CeBit in Germany
The wibu-Protections works with encrypted Import-Tables and API-checks within the program... , really nice protection

DXL

Ercept from here: http://www.wibu.de/us/mpress2001.htm#contest

WIBU-SYSTEMS gives the source code and changes only one function that is protected by WIBU-KEY. The hacker has to crack this function and to specify the secret calculation result


This sounds to me like : "OK, we're encrypting only 1 function with PGP and you got to tell us our secret pass"

Or am I getting it wrong? And they give the executable & the source code?

hehe

if wibu will only give you the .exe and you have *no* access to the dongle, it could be really impossible to crack this file [but this situation is IMHO *not* realistic and does *not* proove the security of a dongle protection]. but if you´ve got the dongle (only for a short time, perhaps), you can crack IMHO *everything* dongle-protected application... i don´t know, if they will let you work at a PC with the dongle connected... if not, you´re right and then shit on this fucking contest and spend your time better somewhere in the sun

DXL

IMO what is going to happen is they are giving the exe itself, even with source,
but without the dongle. I think they will be doing that in order to test how easy
it would be to crack their protection without the dongle. After all, some dongle
protections can be cracked without the original dongle. Think about it, they
pay $5000 or so for a whole team of crackers that try to brute force their
protection.
I say, leave'm and let the apps be warezed when it's out
That's our revenge :-)

If they wanna use us, they ought to pay the price heheh

LS

again the same story :
a part of the code is contained inside the dongle, so if you don't have it, you just get lost. you expose yourself, loose a lot of time and teach protector how to improve their products and they don't have to pay anything.

I'll crack this only if they give the dongle, to produce a working copy of this, like every serious target.
pffff ;-)

tsehp

Press Releases 2007
08-01-2007

Wibu-Systems posts a chance of winning of 32,768 Euro via the Hacker’s Contest 2007
Hacker vs. software protection: for the first time, all contestants registered for the Hacker’s Contest 2007 will receive the encrypted competition software with the appropriate software protection hardware CM-Stick/M for the USB interface. The German company Wibu-Systems AG, a leading manufacturer of hardware based protection solutions for software, documents, access and media, challenges the international hacker community with this unique competition including its lifelike Conditions. The first contestant who can enable the protected demonstration software to run without a CM-Stick/M and describe the right solution will win the prize of 32,768 Euro.

Some of us here are old enough to remember the original 2001 Wibu challenge, in fact if I look hard enough I think I probably still have it archived somewhere ;-).

A few of us also remember that they didn't pay out on the challenge even when it was verifiably broken, (the break was achieved by socially engineering resources from Wibu themselves) so they decided that was a *violation* of the terms, even though the challenge as they offered it was simply an absurd black-box which proved absolutely nothing about Wibu security.

This might be a different kind of challenge or one at least offered in better faith, but I'm not holding my breath.

Regards

CrackZ.

maybe little ole me and the xor will check it out...

32 euro fee to buy the usb thingie though...

Anyone aware of any previous breaks of codemeter protected apps (rather than the older wibukey)? Just out of interest... ;-)

It says that they won't be providing a licence for one of the messages, so it seems very unlikely that that one will be broken..

Sorry to double post, but has anyone heard anything more about the contest? It was meant to start on Feb 1st, but I haven't had any contact from them...

Howdy,

Can anyone show me one instance where any of these "challenges" have paid any money ? The commercial bastards that put out these challenges almost always find a loophole to not pay the money.

If you want to "own" these fuckers, get access to everything.
Software and hardware. If they wont give/sell you the stuff, they are full of shit.

Dont get used by these bastards. They are only looking to add to their claims that their protection is superior.

Woodmann

It's the itch, Woodmann. The promise of money just adds to it, it's still a fun challenge (well, I hope it will be...) regardless of whether it pays up or not.

What do I lose by being used in a false claim? I'm not a shareware protector; I still get the fun of trying, and maybe even succeeding in my eyes, if not theirs.

Maybe there's some deeper moral reasoning here that I'm missing, but I'm happy to dance to this tune

Howdy,

wtbw, you sir have the most noble reason, the need to know .

Woodmann

Latest WIBU cipher have fealN (N=32) and 64 bit of the Feal key.

Set the wayback machine for ~1985. In the back of Byte magazine there was a small ad for a piece of software called "The Loan Ranger", in this ad they only mentioned the name of the application once, and the whole rest of the ad was talking about their protection, something called "Smartie Artie", and they offer of $10K for anyone who could crack it.

Does anyone here have any info on that? (Or maybe even a copy of The Loan Ranger?).

If now, I thought this might provide sort of a historical backdrop for how long this "cracking bounty program" has existed.