Comment Re:Bring it on, folks! (Score 1) 215
Sounds like all you need to analyze this, is a "fake" processor.
EG, running this inside something like BOCHS, which has a built in x86 debugger, and runs a lot like a hypervisor. This encryption would need to be able to detect living inside a fully emulated system and simply refuse to operate in order to be safe from this kind of analysis. BOCHs will let you step through exactly what instructions the emulated CPU is actually doing, regardless of the data that is stored in the memory allocated to the emulator's process.
Don't get me wrong-- this makes a nasty bump in the road for career data thieves, but forensic analysis of the encryption is not completely thwarted.
Not to mention that it is extremely hard for a program to detect that it is inside a VM like Bochs unless the VM exposes something that can be detected - e.g a BIOS string, hardware signature, etc. Even then, that's easy for a cracker to fix by modifying the VM to have a different string or hardware signature.