[Sblade]

Hi there LocutusofBorg. Iґm Inspector Switchblade, better known as Sblade. Iґve helped thousand of gamers run Securom protected gamers for some years with my TECH FAQ

I donґt mind DRMґs like TAGES, but Securom is built in a way that is invasive, risky and annoying to say the least....

Iґm joining the lawsuit against EA for their use in Spore. Now short after the lawsuit, assh**es updated their FAQ:

SecuROM


2.2 Is SecuROM actually loaded onto my computer?
SecuROM is a DRM system used by software publishers to protect their intellectual property. In the course of applying the solution, certain files are placed onto the computer for the system to work properly

Cool, no prob with that.


2.3 Does SecuROM install a driver or any other software at the kernel level ("Ring 0") of my PC?
No, SecuROM does not install any components or perform any processes at the kernel or ring 0 level. All SecuROM components and processes occur at ring 3, the normal application level.


Well hereґs my question LocutusofBorg. How they can find your DT application then?

SecuROM

Your software is legal, if I were you Iґll sue their butts ASAP, but that is entirely up to you....

What I want to know is if thereґs any chance they can detect RING0 virtual drives by running at RING3? I highly doubt it....


Looking forward to your answers
Regards
Sblade

[Blazkowicz]

They can detect several registry keys and also, of course, file names.

[Sblade]

I understand in my book that Securom doesnґt detect IDE drives emulation in DT PRO.... canґt they detect those keys you are talking about?

[Blazkowicz]

They do in latest SecuROM version.

[Sblade]

How they Distinguish between legit and emulated IDE drives? I mean thereґs no way to tell... since emulating hardware is required to be at RING0 they canґt tell the difference...

and blacklisting would be a baaaad idea...

[evlncrn8]

sure, theres ways to tell, however your limited (even then you dont admit it) knowledge and experience makes you guess (incorrectly)...

to 'take on' an enemy, its usually a good idea to understand them first, not make guesses....

[Sblade]

OK, I found the post you donґt like evlcrn8...

http://www.daemon-tools.cc/dtcc/f23/...html#post51276

Foolish Chris. He is paranoid about DT, not paranoid about a Sony DRM similar to XCP...ignorant completely of the risks that implies running Securom games...

So DT works now in Ring3? if DT virtual drives runs still in RING0, canґt you write a rutine that will always fool Securom RING3 access?

[evlncrn8]

dt agent and other program run in ring r3 (userland), the daemon tools device is handled by the ring 0 drivers (the daemon tools one.. and the sptd one)... there's no 100% way to hide ring 0 from ring 3 because registry keys, interfaces for ioctl and so on have to exist for communication purposes... if a ring 3 program crashes, it doesn't (usually) take out the system with it... if ring 0 crashes its game over.. typically a bugcheck -> bsod...

as for writing a routine that blocks securom ring 3 access, look again.. what do you think yasu does, curerom does/did , seculauncher and various other utilities out there do/did?...

not sure what you mean about the post i don't like.. the one you posted makes no sense or not, if i didn't like daemon tools i wouldn't have the customer tag now would i?

nor (if i thought it was a rootkit) would i have bought it... sure, it uses some rootkit-like things (api hooking in ring 0 for example) which may make people feel paranoid but that all depends on your trust of the developers..

[Sblade]

I trust DT. I donґt trust Securom using RING 0 countermeasures to flag/stop DT.

Sony has a history of invading systems. DT not.

[Sblade]

Quote:

Originally Posted by evlncrn8

dt agent and other program run in ring r3 (userland), the daemon tools device is handled by the ring 0 drivers (the daemon tools one.. and the sptd one)... there's no 100% way to hide ring 0 from ring 3 because registry keys, interfaces for ioctl and so on have to exist for communication purposes... if a ring 3 program crashes, it doesn't (usually) take out the system with it... if ring 0 crashes its game over.. typically a bugcheck -> bsod...

as for writing a routine that blocks securom ring 3 access, look again.. what do you think yasu does, curerom does/did , seculauncher and various other utilities out there do/did?...

We know that the utilities that you have mentioned don´t work with latest Securom version if they aren´t updated....

Ring 3 detection routines still have to go into Ring 0 if the program is in stealth mode. It already hides itself in the registry in that mode otherwise it would have been easy for DRM's to circumvent the circumvention.

Securom starts in RING3 and monitors the RING0... otherwise nothing will prevent DT stealth to false registry data and fool Securom.... when I say registry data.... what data CAN´T be falsified from RING0 to the naive RING3?

Ring0 overrule Ring3, that´s a simple fact no one can deny...