Updated on: September 3, 2024
In a recent interview with SafetyDetectives, Bartosz Wójcik, the founder of PELock, shared insights into his extensive experience in software security and the innovative approaches his company takes to protect software against cracking and reverse engineering. Bartosz’s journey in the software industry began at a young age, developing a passion for programming on a Commodore64. Over the years, he has honed his skills in low-level programming, reverse engineering, and developing tools to protect software from unauthorized access and manipulation. His expertise led him to create PELock, a unique application protection system that has become a cornerstone for developers looking to secure their software in a rapidly evolving digital landscape.
PELock stands out in the competitive field of software protection tools, offering a suite of advanced features designed to combat modern challenges in software piracy and unauthorized access. What sets PELock apart is its use of proprietary code mutation and polymorphic encryption engines, along with an extensive SDK that allows seamless integration of protection layers into existing applications. Bartosz emphasized that PELock’s robust capabilities make it a formidable tool for developers, providing over 100 options for securing applications without needing the original source code, all while maintaining a user-friendly experience with a free perpetual license and lifetime updates.
Can you introduce yourself and tell us a bit about your role at PELock and your background in software security?
Hi, my name is Bartosz Wójcik. Thank you so much for having me. Long time fan. I am the author of, among others, the PELock application protection system against cracking (so-called exe-protector) and many other tools that make reverse engineering difficult, such as Java source code obfuscators, AutoIt and assembler, polymorphic encryption libraries.
My adventure began at the age of 12 (I am currently 42) by learning BASIC programming on Commodore64, then Visual Basic and Delphi, but my real adventure with the world of security began at the age of 16, when I learned assembler for 16-bit processors. I was so absorbed by it that I quickly learned programming for 32-bit processors and Windows systems.
From programming in low-level assembler to debugging applications and decompilation was just a small step. I quickly started participating in the crack scene, creating cracks and keygens. In the meantime, I worked for a Polish game publisher on localization of many titles without access to source codes. However, I was more absorbed in creating tools for encrypting and compressing binary executable files and quickly began experimenting by creating so-called exe-packers and exe-protectors. I quickly managed to turn my passion into a business by creating the only Polish commercial exe-protector PELock so far.
My involvement in reverse engineering also meant that I worked in two antivirus companies, ArcaBit and Prevx. In ArcaBit, I created systems for automatic unpacking of binary files compressed with exe-packers and exe-protectors for their future analysis in terms of malware signatures.
In Prevx, I created algorithms for detecting and removing infections of binary files infected with polymorphic infectors. However, I quickly got bored with these projects and began a five-year job expanding and modifying software installed in slot machines in casinos. I was also a consultant in the analysis of government projects related to the public insurance system, responsible for the technical analysis of these systems in terms of good programming practices and security related to potential problems. Software created for the security industry over the years, as well as more trivial ones such as a bot for social media or radio code decoders, allow me to currently pursue my newly discovered passions closer to nature, such as gardening and woodworking.
What are the key features that differentiate PELock from other software protection tools in the market?
PELock is the only tool for securing 32-bit applications written entirely in 32-bit assembler. It is distinguished by the use of proprietary code mutation systems (it can turn a single x86 instruction into a block of code with functions, logic, jumps etc. doing exactly the same thing as this single one instruction), the so-called metamorphic engine, an advanced polymorphic encryption engine (it generates random encryption & decryption code for each encrypted data block) and a very extensive SDK allowing for tight integration of the application code with the binary security layer.
PELock has over 100 options allowing for very advanced control and protection of any application, even without its source code. We are also distinguished by a free perpetual license and free lifetime updates.
How does PELock address the challenges of reverse engineering and cracking in modern software environments?
- Application code mutation using metamorphic engine
- Application code encryption using polymorphic engine
- Unseen SDK features (go visit our GitHub page)
- Active application monitoring for any binary changes (on disk and when run in memory)
- Active detection of multiple cracking tools, debuggers, system monitors etc.
- Binding software DLL libraries and application file into a single EXE file
What are some of the most significant trends you’re seeing in the field of software protection and anti-piracy?
- Software virtualization – turning x86/x64 code into the VM code (hard to analyze, hard to rebuild back to the original x86/x64 code)
- More advanced obfuscations based on rewriting entire binary application image
- Cloud based & SaaS software
What are some of the most common concerns your clients have when it comes to protecting their software?
Antiviruses and antivirus companies. Currently, almost 100% of solutions that encrypt binary files in any way are marked by antivirus software as so-called false-positive detections. This is a huge problem, customers have to be explained that encryption is the cause, because detection is not based on behavioral methods but only on the basis of, for example, the entropy of the binary file. Trying to reach an agreement or reach the antivirus company and the people responsible for this is practically impossible. The only company I can praise about a cooperation is Kaspersky. As for the others, the only solution that comes to my mind is to sue. If you know a lawyer who would like to take on this, I am ready to talk 🙂
What advice would you give to software developers and companies looking to protect their applications from piracy and unauthorized access?
Honestly? Make your software web based and if you can’t or don’t want to – move your software logic into the cloud. Put the algorithms on the server side, leave the software UI but when it comes to actual software working, execute the API call to the server, send the parameters, calculate whatever you need on the server side (even some simple calculations nobody could guess), receive results. Use the licensing key for each API call. In that way you can control and block any refunded payment or dishonest customers. If you do this you can forget about cracks for your software. This is the future.