PDA

View Full Version : blacklists



bob
01.04.2003, 00:29
With the frequent blacklist game Copy protection makers have been playing recently (esp. SecuROM);
INSERT INTO `portal_posts_text` VALUES
I was wondering if the following option would be possible (or worth the effort):

I noticed part of the newer securom blacklisting involved looking up the 'Driver' name (in HKLM\HARDWARE\DEVICEMAP\Scsi\....) for the target cdrom.
Here's what i was thinking:
At installation time, generate an X char string randomly; that would be used as the driver identifier for that particular machine (i.e: no need to have support for the user to specify one, as for the device name). The installer would then patch every instance of that name in the kernel driver/registry/etc..

Would that be worth the trouble? would they start looking up other detection methods? would they start denying scsi drives altogether (like star-force) when an IDE/ATAPI one is present?

Player1
03.04.2003, 15:14
I suppose its useless, even it would help, they would surely find something else to blacklist daemon-tools.

Andareed
03.04.2003, 15:56
To unintsall daemon tools, this random driver name must be known! Securom will simply find where it is stored. Even if it is encrypted, they will simlpy check if that string is present.

Player1
03.04.2003, 16:16
No, you could write an other deinstallation routine, simply store the uninstall information for example in a txt file and not in the registry if possible,

Andareed
03.04.2003, 16:45
And where would this txt file be stored?

Player1
03.04.2003, 17:07
In c:\daemon.txt or windows directory. I have seen other software that has such a simple and effictive deinstallation.

Andareed
03.04.2003, 17:13
Then securom just checks here! Besides, imo it is easier to handle blacklists after they occur, rather than trying to anticipate how they will blacklist.

Player1
03.04.2003, 21:18
Then just generate the name randomly and store the path directly in the exe file or something, or just make an option that the uninstall could be disabled that it couldn't be detectet. It could still be removed with System recovery or something. Updates could get a problem, but it could ask for the folder DT is installed. You could call it for advanced users only or something. Or maybe it could encrypted somehow, I don't know anything about it.

I'm sure they will do the best possible to defeat it, I just make suggestions, just make the best of my ideas. Could you tell us if that is the way blacklists work?

Andareed
03.04.2003, 21:57
There are a lot of different ways that protections can detect daemon tools.

This idea has been discussed in the past, but it was not used for many reasons.