PDA

View Full Version : Some facts about SecuROM v4.8x



NetSoerfer
16.12.2002, 15:09
Hi...

I've seen much confusion about Sony's newest creation, SecuROM v4.8x, so I'm going to try and unravel some of the legends about this.


Most copy protections are based on recognizing a copy from an original CD. E.g. Safedisc does this by checking for defect sectors on the disc that are hard to copy. But those defect sectors can already be copied, so Safedisc doesn't deliver full protection against copying anymore.

SecuROM v4.8x goes another way, and this way looks very promising right now. The spiral data track on the disc has a varying structure which causes the drive to take more or less time to read a sector. These delays between the delivery of two sectors are checked, and if the delays do not fit the right pattern, the CD is recognized as invalid.

Unfortunately it is impossible to copy this structure because the spiral data track is already pressed into a CDR when you buy it. Inside this track there is a substance that changes when it is hit by the writing laser, so the bits and bytes can be burnt into the track. But it is impossible to manipulate one sector so it takes longer to read it so a CDR will always be recognized as invalid.

However it is possible to monitor these delays and write them down in a file - and this is exactly what tools like Alcohol 120% and Blindread do. In Alcohol, this feature is called DPM - Data Positioning Measurement. The information gained from the DPM process is stored in the .mds-files (but not alone, there can be .mds-files without DPM information as well) (in Blindwrite, it is stored in .bwa-files which are exactly the same). With the virtual drives created by Alcohol (as well as with Daemon-Tools' virtual drives) it is now possible to emulate these delays when the image is mounted. And this will be the only working way to make backups as long as the spiral data track's structure cannot be manipulated.

Conclusion of the above-said:
It will not be able to make working 1:1 copies of SecuROM v4.8x-protected CDs anymore.
Mounting images and emulating the copy protection will be the way to go.


Now many of you may ask what about Blindwrite or Alcohol as they do make working copies of SecuROM v4.8x-protected CDs.
That is correct, but read exactly what I wrote: it is possible to make working copies, but NOT working 1:1 copies!

Blindwrite's Twinpeaks feature uses the information stored in the .bwa-files (which, as we remember, tells how long it takes to read a sector on the disc). Now it uses a trick to "fake" this reading delay - the same sector is burned twice onto the disc, with exactly the same information including the sector number. This is a violation of the CDR-standard (the so-called red book, if I recall correctly);

but as most CD-drives read both sectors but only deliver one, the delay of reading the second sector suffices to trick SecuROM v4.8x into recognizing the disc as valid. However some drives, e.g. some Plextors, report errors if the same sector is stored twice on the disc. As this is a violation of the standards, this is nothing negative, in fact this only happens with drives who strictly obey the standards.

The drawback of this method is that today's copyprotections (i.e. SecuROM) can easily be altered to check for these manipulations, too. So this ability to copy SecuROM v4.8x will most certainly not last very long, and if you're unlucky, your copy will become invalid with the next patch for the game because the patch will also update the copy protection (like No One Lives Forever 2 v1.2, Anno 1503 v1.02, Neverwinter Nights 1.21...)

The developers of Alcohol invented another way to make working copies of SecuROM v4.8x-protected CDs. When the DPM option, which allowed to read the structural information and store it in the .mds-files, was introduced, it was possible to mount the created images and emulate the delays caused by the varying track structure. So why not write the image to a CDR and somehow apply the structure (or, to be more precise, apply the delays caused by it) to the data that is just read by the drive? And this is what Alcohol does with the RMPS (Recordable Media Physical Signature) option. In addition to the data stream saved in the image, the structural information from the .mds-file is burned to the disc as well. Now this alone would be too obvious a difference between the CD-ROM and the CDR, so you need to install Daemon-Tools (version 3.29 or above) or Alcohol (version 1.3.6.1223 or above) and emulate their "RMPS emulation". This creates the necessary delays whenever they need to be applied to the data the drive just reads, and additionally it somehow hides the section of the CDR where the RMPS information is stored.
To help recognize RMPS-enabled discs, the actual label of the disc is always "NEEDS EMULATION", and when the emulation is enabled, this label will be replaced by the label of the original disc.
A tutorial on how to copy SecuROM v4.8x-protected CDs with Alcohol 120% using RMPS can be found in the Alcohol Support Forum (http://forum.alcohol-software.com/index.php?s=88774402f5785aa681c9ebdc8c38306b&act=ST&f=18&t=1531&st=0&#entry7509).

I heard that the new BlindWrite offers a similar option (I think it is the so-called Autoplay feature) but unfortunately I don't know anything about that as I don't use BlindWrite, so I cannot say anything about that. If somebody could supply me with the basics about BlindWrite's RMPS equivalent, I would be glad to add it to this summary.


Well, I guess that pretty much sums up my knowledge about SecuROM v4.8x. Most of the credits go to VeNoM386 and LocutusofBorg without whom I would never have gathered so much information about all this. Thank you guys, you are amazing! Keep up the incredible work!


Hope it helps... :)


NetSoerfer (formerly known as Sergei.Gradski)

Sloopy_DE
16.12.2002, 16:44
A very neat and complete description od Securom 4.8x, nice work!

Sloopy_DE

OlivierFromFrance
16.12.2002, 21:09
Yes very good explanation,

I would like to say that Neverwinter Nights French patch (last one) doesn't detect BW backups (twin sectors based) and so still work .

But you are write twin sector method should be not too hard to detect (for example the size of the cd is bigger) .

LocutusofBorg
16.12.2002, 21:35
No, the size of the CD is NOT bigger. The Image is increased in Space and there are more Sectors on the BW-Copy than on the Original-CD but the size MUST be the same - remember: sectors are numbered TWICE but count as ONE

NetSoerfer
23.12.2002, 22:08
updated the post with alcohol's RMPS feature. see above.

NetSoerfer
26.12.2002, 21:09
once again updated the article with some more information on RMPS (see last paragraph).

Sergei

NetSoerfer
25.01.2003, 14:29
...and another update, the RMPS information has been integrated into the article instead of being added beneath it.
sG

Lasher
19.04.2003, 11:32
There's something I don't understand. In this thread is said that it is impossible to make a 1:1 copy of a SecuROM v4.8X protected CDs and in the thread about protection of the games I read that Baldur's Gate II is SecuROM v4.82.00.0139 protected. So here is the problem: I have a running copy of this game and I have no problems with it. Is it possible that US located and european located versions use different version of SecuROM?

OlivierFromFrance
21.04.2003, 18:42
Is it possible that US located and european located versions use different version of SecuROM?
I don't know specificaly for this game but Protections might be different when you cross boundaries ...

Use ClonyXL to check the protection .

Olivier

TerryHau
04.08.2003, 11:42
Just want to ask a question.

Is RMPS emulation always on for the virtual drives in Alcohol 120% ??

LocutusofBorg
04.08.2003, 18:02
RMPS is only needed for Real Drives, not for the virtual ones.

Or in other words, a image created with Alcohol120% of a Securom V4.8x-protected Game, which is stored on hdd and mounted with Alcohol120% or Daemon Tools, don't need RMPS. RMPS is only needed, if you want to burn such images back to CD-R.

shinji
29.11.2003, 00:18
Just some insight here. If you use BlindWrite5, it seems to work properly. Get the BlindWrite5 Image plugin so you can mount it. There is no BWA file but I was able to image and mount onto a virtual drive the play disc to Grand Theft Auto Vice City. It is protected with SecuROM 4.8x and I had tried numerous times with CloneCD images (and ones patched with a BWA file) without success. This was the first success that I can confirm. Just some information to those that want to make legal backups of their games.

here is some drive information
Reader Drive: Toshiba SD-M1612 w/ Firmware J806

NOTE: When I create images and mount them, I do NOT use emulation at all. Basically, if the game plays with the image mounted, then the image is considered GOOD. If it doesn't, the image is considered BAD.

NOTE: BlindWrite5 doesn't really give you much control over the settings. It autodetects what it determines to be the best settings to get a 1:1 copy going. It will not go through a step to create a BWA file. All information seems to be successfully copied into the image.

shinji
29.11.2003, 01:58
Forgot to mention in my earlier post.

This is the link to the page where you can get the BlindWrite5 Image Mount dll file for Daemon-Tools. Drop the file into the plugins directory where you installed Daemon-Tools so if you installed to "C:\Program Files\D-Tools" then you would put the file at "C:\Program Files\D-Tools\plugins". Restart Daemon-Tools to make sure the dll loads up.

http://club.cdfreaks.com/showthread.php?s=&threadid=76734

LocutusofBorg
29.11.2003, 13:08
maybe it's easier to simple download it from our website :mrgreen:
Check out ->Download -> 3rd Party Addons

Copytrooper
29.11.2003, 13:15
Or better check out the direct download link (http://www.daemon-tools.cc/portal/download.php?mode=Download&id=50) :mrgreen:

noi.chayank
07.01.2004, 03:48
:shock:

Good....., your article so helpfully.

dracodmz
17.02.2004, 09:33
hi guys, i'm totally new at this, especially when it comes to this new cd protection tool called SecureRom...Now i have a backup copy of War of the Ring that my cousin gave to me..I don't know if how he backed it up, so I just use DT to emulate and mount the image. I don't know if i'm doing it right or not. Does the original image need to go through DMP or whatever it is that copies everything for mounting to work or what? I don't even know if I'm asking the right question..basically, how do i get War of the Ring to play with DT, without knowing how it was backed up...Wat options do i need to select to make it playable?

Gisle
01.09.2004, 14:25
mamma e homo... tror eg mn samma dt!!!! :D :mrgreen: :D

ChErdenebat
03.11.2004, 06:19
Hi Sergei. I'm from mongolia. I want to ask how to i calculate delays between two sectors are checked?



Hi...

SecuROM v4.8x goes another way, and this way looks very promising right now. The spiral data track on the disc has a varying structure which causes the drive to take more or less time to read a sector. These delays between the delivery of two sectors are checked, and if the delays do not fit the right pattern, the CD is recognized as invalid.

Unfortunately it is impossible to copy this structure because the spiral data track is already pressed into a CDR when you buy it. Inside this track there is a substance that changes when it is hit by the writing laser, so the bits and bytes can be burnt into the track. But it is impossible to manipulate one sector so it takes longer to read it so a CDR will always be recognized as invalid.

Sergei

Chiefnuts
12.10.2005, 02:51
Your report is partially correct, with the correct tools, you can make a 1:1 copy of a securom disc.

Something that has really impressed me with my plextor premium is the fact that I can make a 1:1 copy of securom that will be readable and pass the security checks in about 80-90% of the drives that i've tested.

http://club.cdfreaks.com/showthread.php?t=100849


So far it works on all of my securom CD's, because the premium is a CD only device. but the premium will read 100% of my disc and pass the security checks. it uses the giga-rec feature of the drive that will basically throw out the book specs and stuff the data closer, creating closer tracks, ect.

Underheaven
12.10.2005, 08:32
Should patching an image file with the twinpeak method and then burning it be considered as making a 1:1 copy?

Chiefnuts, do they still make the Plextor Premium or do you have to buy them used?

Copytrooper
12.10.2005, 09:07
Neither twinpeaks nor Plextor Premium method are 1:1 copy.
Plextor Premium drives should still be available? They're still really expensive though.

EDIT: Seems they're sold out now ... :cry:

Underheaven
12.10.2005, 09:25
Weren't they last made in 2002 or 2003?

Copytrooper
12.10.2005, 09:54
No, Plextor build them for sure in 2004 (TLA #0005), I'm not exactly sure about 2005, but I think I saw one ...

EDIT: Yes, TLA #0006, April 2005 (there's one on eBay.de atm with a nice pic)

Chiefnuts
12.10.2005, 23:43
Yes, Plextor still manufactures the Premium, it's just not at newegg. The Newest one I have has a manfucture date of July 2005.

And, yes, the Plextor Premium can use it's giga-rec feature with blindwrite & blindwrite tweaker to write the track density pattern. You don't use twinpeaks for this method.

Underheaven
13.10.2005, 01:18
Interesting

Chiefnuts
13.10.2005, 03:55
Try this thread if you want to copy it.

http://club.cdfreaks.com/showthread.php?t=100849

Now they use an older version of Blindwrite, you can use the newest one just fine.
Let me explain the explain the Premium option. Now depending on who you ask, either the vari-rec or the giga-rec option is responsible for the topology copying. Vari-rec: changes the strength of the laser (and making the tracks either wider or smaller) for use in older cd players. Giga-rec: bypasses some of the cd booktype specification to compact data more closely on the drive. VSO software made blindwrite so that it could adjust either/or setting on vari or giga so that it would 1. compact data closer, and upping access time, or 2. increasing the width of the track so it would be easier to read.

So far, I've been able to burn a copy or Sid Meiers Pirates!, Warcraft III Frozen Throne, and CIV III PTW and play them in a computer with a Samsung 352b (and no emulation software installed.) on the copy with pirates, the access disc does replace the mouse pointer for a moment, but quickly brings up the screen to play.

Copytrooper
13.10.2005, 09:37
We know the Plextor Premium feature ;) mine is TLA #0000 :mrgreen: anyway it works, but it's not 1:1 copy.