AkiProtect
Try it free

What AkiProtect does for your binary

Eight protection layers, each individually configurable.

Hover any item to see what it stops and how it works.

BEFORE AFTER ~60% smaller
LZ

Compression

Ship smaller, harder-to-fingerprint binaries.

Antivirus engines and reverse-engineering tools maintain databases of known software signatures — recognizable byte patterns that betray what your file is. AkiProtect runs your binary through multiple compression codecs that rearrange every byte of the on-disk image. The result: your shipped product no longer matches any pattern in those databases. Casual scanners give up, and serious reverse engineers lose their first easy foothold.

What this stops
  • Antivirus signature matching against known patterns
  • Static byte-pattern fingerprinting of your binary
  • Easy orientation in IDA, Ghidra and other tools
Under the hood Four codecs: LZ77, LZ4, LZNT1, LZMS. Decoding runs in the runtime stub before your code starts.
BUILD #1 BUILD #2 0x07 LDI r3, 0x1A 0x12 XOR r3, r1 0x04 ADD r3, r2 0x19 ROL r3, 8 0x0B MUL r3, r4 0x15 STB r3, [r0] 0x03 RET opmap A 0x1F LDI r3, 0x1A 0x08 XOR r3, r1 0x0C ADD r3, r2 0x02 ROL r3, 8 0x17 MUL r3, r4 0x1A STB r3, [r0] 0x11 RET opmap B (random) same source · different bytecode
VM

Code virtualization

Make every copy of your binary unique.

Without code virtualization, an attacker who reverses one copy of your software has reversed every copy. AkiProtect's virtual machine replaces your code with custom bytecode that runs on a tiny CPU baked into the runtime — and the instruction set is randomized for every single build. A patch that works against one copy fails against the next. Cracking groups can't release "a working keygen for your product" — they have to crack each shipment from scratch.

What this stops
  • Universal patches that work across all copies
  • Keygen and crack distribution by piracy groups
  • Reverse-engineering effort that pays off long-term
Under the hood Custom 9-register VM with 28 opcodes. Per-build opcode mapping via Windows CSPRNG. Up to 8 independent passes.
ENCRYPTED BLOCKS · SPIRAL ORDER 1 byte modified → SHA-256 group fails → no boot
UL

Ulam block layout

Make tampering with your binary impossible.

Even if an attacker manages to extract your protected payload, AkiProtect's block layout prevents them from reassembling it into a working file. Encrypted blocks are scattered via a mathematical spiral and bound with cryptographic hashes — change a single byte and the runtime refuses to start. This blocks the standard cracking workflow of dump, patch, repack. The pirate's "modified version" simply does not run.

What this stops
  • The dump-patch-repack cracking workflow
  • In-place modification of the packed file on disk
  • Redistribution of cracked or pirated copies
Under the hood Block permutation derived from an Ulam spiral. Per-group SHA-256 integrity verification before unpacking.
6 INDEPENDENT PROBES · ALL MUST PASS IsDebuggerPresentPEB NtGlobalFlagDr0–Dr3 scanRDTSC timingException filterHide thread DEBUGGER DETECTED ExitProcess(2) silent · no log
DB

Anti-debug

Stop reverse engineers before they get started.

Every serious reverse engineer reaches for a debugger first — it's the tool that lets them step through your code line by line and understand what makes your product valuable. AkiProtect runs six independent checks before any of your code executes. When a debugger is detected, your software exits silently with no error message, no diagnostic information, no clue what triggered it. The attacker is left guessing whether they hit a bug or a defence.

What this stops
  • x64dbg, OllyDbg, WinDbg and IDA attachment
  • Hardware breakpoint scanning of your code
  • Single-step tracing through your logic
Under the hood IsDebuggerPresent, PEB NtGlobalFlag, Dr0–Dr3 hardware breakpoint scan, RDTSC timing, exception filter trick, NtSetInformationThread thread hiding.
STARTUP SELF-CHECK EMBEDDED HASH 2f9a4b…d3e7 RUNTIME .text HASH 2f9a4b…d3e7 ✓ MATCH · run IF ATTACKER PATCHES .text: hash mismatch → silent ExitProcess
AT

Anti-tamper

Detect any modification to your binary.

Crackers don't just read your software — they modify it. They patch out license checks, bypass activation, remove trial limits. AkiProtect's runtime checks itself for modification on every start-up by comparing a cryptographic hash of its own code against a value embedded at build time. If anything has changed — even a single byte — the binary terminates silently before your code ever runs. The patched copy looks identical to a working one until the user double-clicks it.

What this stops
  • License-check removal patches
  • Activation and trial-limit bypasses
  • Silent modification of your distributed binary
Under the hood FNV-1a + SHA-256 over the runtime stub's .text section, verified against a value embedded next to a 16-byte anchor.
PROCESS MEMORY AFTER UNPACK ← PE headers wiped Memory dump captured here: not a loadable executable
AD

Anti-dump

Stop attackers from extracting your running code.

A common reverse-engineering shortcut is to wait until your software unpacks itself in memory, then dump the running process to disk and analyse the clean code that's now exposed. AkiProtect wipes the most useful parts of your binary out of memory immediately after the runtime hands control to your code. A memory dump captured at that point is no longer a directly-loadable executable — the attacker has to reconstruct the missing structures themselves before they can disassemble anything.

What this stops
  • Memory dumps that yield a working PE
  • Process snapshot reuse and analysis
  • Mid-execution code extraction
Under the hood Payload PE headers wiped from the mapped image after relocations and TLS callbacks complete.
WITHOUT PROTECTION License key invalid https://licenses.acme.com/v2 Trial expires in 30 days Decryption failed ↓ XOR · per-build seed WITH AKIPROTECT ~q9!2bM…ëÆ7 ▒ òÑ‹ø3Ωœ¬…ä∆»h F†º∆Ωœ¬ƒ´ç§ π©§ºwƒç®¬
SO

String obfuscation

Strip every readable clue from your binary.

Reverse engineering often starts by reading the strings inside a binary — error messages, debug labels, license URLs, API endpoints. They are the breadcrumbs that tell an attacker what your software does and where to look first. AkiProtect encodes every string at compile time with a different mask for every build. Anyone running the standard 'strings' tool on your file sees nothing but garbage. The attacker loses the easiest source of orientation.

What this stops
  • The 'strings' tool revealing your code's intent
  • License-server URL extraction
  • Error-message tracing back to your logic
Under the hood Constexpr XOR with __DATE__/__TIME__ + __COUNTER__ seed. Strings decoded into transient buffers at the use site only.
TYPICAL EXECUTABLE IMPORT TABLE kernel32.VirtualAlloc kernel32.LoadLibraryA ws2_32.connect advapi32.RegOpenKey shell32.ShellExecute user32.CreateWindow ↑ attacker reads first AKIPROTECT IMPORT TABLE — empty — resolved at runtime via PEB walking nothing to predict, nothing to grep
IL

Import-less stub

Hide what your binary will do before it runs.

Every Windows executable normally lists the operating-system functions it intends to call — its 'import table'. Reverse engineers read this list first to predict what your software is about to do. AkiProtect's runtime stub has no import table at all. An attacker who opens your packed file in a disassembler sees a tiny, empty import directory and has no idea whether your code will read files, talk to the network, draw a window, or do something else entirely.

What this stops
  • Import table inspection in PE viewers
  • Prediction of which APIs your code calls
  • Behavioural analysis before execution
Under the hood Win32 API pointers resolved at runtime via PEB Ldr walking. No static import directory in the on-disk binary.