Virtualization in Commercial products
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivH7-bGvLj1w8VnERSu4mMxIEAoHl0zbM-x9z8rDrQ5nAedLo7LISkvBJ19zKMqLf0bmThCq46Z320SqwhxjK2rh2G8BTRXJbdpbVKS09rs4eO7BHt_x6dvn5tQiQthZNle2x7gHwn5y0/w640-h130/Themida.png)
Hi all. Last april, I looked to a commercial software to see how it was protected. It was using Themida 3.0, a very good virtualization with custom handles, optimized bitcode and stuff.. But after looking around it for one hour, I figured out that some very important parts of the code were not virtualized. In fact, the entier license system were clear x64 ! Today I will try to talk about it without revealing the software for obvious reasons. So how a good security like Themida could lead to this result ? How this security is applied during the release process ? Well in general software that are a little bit serious protect things that should be protected. But, if you look closly, you may notice that there is a problem. Some important parts of the code are not protected at all by the virtualization !!! It's could be resumed by the thing that some software providers wants to apply a security to protect their software without understanding the point of it. They just check security