We do not participate in this whole discussion, as we do not
think that here is a win-win situation for the commenting parties
nor securom.

With all respect, please stick to FACTS that you can write down
and show everyone before make such claims - at least here
at our forum. It's total different if you dislike Securom or love
it OR to write informations that are not based on facts.

What concerns evlncrn8, rest assured that this guy knows what
he wrote, even if you dislike it.

The same is valid for us. We know what we're doing. And we
also know what doesnt work.

I know that this statement annoys some of you, while others
take it for what it is: we do not disclose here anything, not
our propertys nor others (it isnt even allowed in specific details anyway). We run this here on a professional level.

Apart from this: when it comes to severe system-damaging,
security-risks etc. you can inform Securoms guys directly,
they surely appreciate it.

btw:
You are entitled to write better vdrive-system of course.
Every now and then some guy here want to tell us that he
can give us lessons it seems - much appreciated. Please
write complete life career and some samples of your knowledge
(development examples, codework, ring0-experiences etc)
to: jobs@daemon-tools.cc
We're waiting for your solicitation.

PS: This is not some advertising message board here

CLOSED

i have no interest in defending anyone, and from what i saw the lawsuit was against ea for using drm, not against sony.. or is there some other lawsuit?

as i said before, my only issue is the misinformation that is being put out by him on this forum and various other ones.. thats my argument, im simply asking to see the proof that you are building your theories from because, in my tests i see nothing that even closely matches your results...

the openscmanager thing for example, its an antidebug check, if he/you actually bothered to debug it, its not a load/stop/whatever driver thing, nor is it ring 0... so that 'information' presented is clearly inaccurate..

my reason for not pasting my information is quite simply that its my information, i choose what i want to do with it, i did the work, but it seems the information that both of you are pumping out is inaccurate and you haven't even tested / tried to debunk your theories.. like i said, i simply hate misinformation...

like hmm

Securom ring-3 smoke screen explained (RUNS AT RING-0) [Archive] - 2K Forums

those files don't exist on my system, or even on a clean vmware virtual machine, after just installing a securom game and running it... and there's other posts from other people saying the same thing....

so, my main issue is.. that it appears you guys didn't really do your research properly and are spreading misinformation, no other ulterior or secret motive... i know the protections, pretty much all of them, i've debugged them, i've cracked them in the past.. and nothing you've posted so far matches up

evlncrn8 I am trying to see where Sblade is supposed to be disclosing anything.

OK so some of this information is not available to the General Public as of yet, but do you really think the case is so weak to rely on that basic information.

Come on dude, let's be serious here.

You know Sblades standpoint on this, You know mine. So where do you stand?

As in what is your vested interest in trying to prove the case for Sony?

If there is no vested interest, then what exactly is your point in this argument that you are trying to incite.

No offence but several times now, you have come forward with comments that seem like.

'Tell me your case or I will throw my toys out of the stroller'.


The same applies to you, as you keep presenting to Sblade, show solid evidence that your counter arguments are correct.

Sblade has a very obvious and legitimate reason for not going into detail on certain things (Legal requirements). So what is your reason for not supporting your arguments with factual content for peer review?

again, no proof that it stops, pauses, deletes, whatever, infact what i saw was that it listed it, then again i actually debugged it.. did you?

again.. proof? oh yeah the non disclosure agreement, funny, it doesnt stop you posting your theory, but it stops you posting your proof/research... odd

ah, so now 'if some coder finds an exploit', thats TOTALLY different than your previous claim that securom runs at ring 0 (thus it has to load a driver if your theory is right... which it isnt)..

erm, how about you show your work/research then i might give examples, i'm not doing your work for you...

obviously not, because i don't live in a dreamworld... as for ignorance i don't think you know me at all thus you can't make second guesses about me, what i can say is i know CONSIERABLY more about securom (and other protections) than you... and other people on this board know that too...

total nonsense... cite your proof... coming up with catchy names is all fair and good, but its nothing.. you will be laughed out of court with such 'evidence' and conjecture.. i know the legal system a fair bit..

name ONE securom game that was an n-cd...

Securom aka the Chameleon

A ring3 application that stop, pauses, deletes processes and services? yeah right....

Yes, we come to the main Securom trick now... the Chameleon trick (copyright Sbladeґs industries :P)

All those Securom messages/checks all not always available. Securom switches triggers ON/OFF at will, sometimes depending on the region it will do one thing or another...

One of Securom reasons of existence is to track the code if it has been cracked to tell where it was patched, if the pirate didnґt patch it on a low level....

They put features ON/OFF at demand. Those features arenґt critical, as Comodo reports, because Securom tries his nasty things and continues to do its job like nothing has happened...

Well that is like if I go to a store and I stole a book or DVD and I get caught and I put in on the shelf. Did I stole? no. Did I have the intention of stealing? YES



The Chameleon for be effective must be not critical. I donґt have to proof that Securom STARTS a driver, I have to proof that Securom CAN start a driver.. therefore the Ring0 risk if some coder finds an exploit....



Perhaps you can show some examples of whats actually happening... and enlighten us...


No, maybe I can laugh at your ignorance... did you know about the Securom Chameleon trick? Iґm sure you didnґt...

Chameleon trick has some purposes...

a)locate where Securom has been cracked

b)Keep the Antiґs divided, because Securom does things in some countries and it doesnґt do in another.... and yes speaking of the same game.

c)Gives ammo for Blackhats/DRM supporters to accuse both groups of b) of being foolish, pirates and ignorants. See Mr, John Ritticello for this

I would like to point one final lie from the Securom FAQ: They are going to fire someone

SecuROM

Collect valuable customer data for 1 : 1 marketing activities

SecuROM

Is Securom Spying on me?

See message above, fools

Ring 0 devices can be passive as well, being passive is not proof of runlevel. However.

Let's be clear here, the Current version of SecuROM exists both in Ring 0 and Runlevel 3.

As I keep saying, most people make the mistake of monitoring the runlevel 3 program, which is relatively passive as you say.

It is the the Ring 0 virtual communications device you should be looking at (That is all I can really say about that, as the serious issues it raises are part of litigation matters and the security issues still remain unpatched).

There is one simple fact though, DT in stealth mode could bypass SecuROM (offline usage) with very little effort on the part of the DT Team. If it only did as claimed.

No amount of squabbling over specifics if which where and when will change that issue.

The matter concerning the court specific items in which SecuROM places the end users systems at risk will not be announced until due process within the proceedings. Even then it may not be made public as the issues still remain un-patched.

This is a SecuROM FAQ, not a place to prove the case to all comers.

Sorry guys..

accessing the service control manager is another form of anti debug, other protections do it (not just the iso game protection based ones), unless you can prove it turns off drivers / services then its actions would be passive, this is also a ring 3 api level, no ring 0..

pretty much all programs communicate with the system, or have to in some way.. (this is what im guessing you meant by 'outside world').. even daemon tools does - how else would the images get mounted...

oh, and i did actually check spore, i have the digital download version ,saw 0 drivers in it...

some of your arguments seem based from the 'information' from some firewall / process monitoring software, and from the looks of it it was on paranoid level.. which explains many false alarms..

and what happens if its denied.. securom still goes on doesn't it? therefore its not critical and its definately no proof that securom is trying to start a driver, the api can also be used to LIST current drivers loaded.. like oh, lets take for example ntice.sys (softice driver) which would be an 'innocent' anti debug check...

you can't just rely on some program reporting *possible* risks, if it shows one you must investigate it and see whats actually happening...

if this is the sort of information you're going to supply for the court case, it'll be laughed out of court...

SBlade, don't get drawn into disclosing matters which are not for disclosure at the moment.

That said, my belief was that this discussion is really about DT tools and SecuROM.

The VCD is related to authentication (and other issues) which in about 98% of the case does not directly relate to DT.

Just out of interest, how to people think SecuROM communicates with the outside world?

If you think it uses Windows own protocols. Then I suggest you go read the hidden readme file in your user accounts securom directory on your drive. As well as Sony's own promotional material about SecuROM.

It's not supposed to be hidden, but that is a legal argument between Sony and the OpenSSL team concerning their apache style license and it's requirements of open disclosure for usage of their code.



What puzzles me about all this is that both DT and Alcohol 120% use Ring 0. if you use the capabilities available to you within Ring 0, for personal backup or Virtual Drive usage SecuROM is remarkably easy to defeat . So where exactly is the problem here ? In respect of DT I mean.

Or am I attributing too much working knowledge of Ring 0 and SecuROM to DT's development team?


Maybe it is time that R-Force release our DRM onto the market. A DRM for this transition between Draconian intervention and that of full push technology of Web 2.0

Electronic Analog Tracing Multilevel Elements

Unlike conventional DRM's it requires no modification of the media and in fact it can be applied to existing media already in the market place.

The application need only be run for verification of the disc and then it can be 100% removed from the end users system.

The application just creates a simple image value based upon information that is unique in every single disk.

So No draconian DRM's, you can make backups but each backup will have to be verified and you will have to transfer your previous verification for usage to the backup. This is at the publishers discretion, but we will insist upon more flexibility on this, than seen in the Usage of SecuROM and EA games.

Verification, gives you access to online content, updates, patches, online gaming etc. Basically anything the the publisher wishes to offer.

You can even buy a game online, burn it to disk as the full version, then verify that disc (Make as many copies as you like, but only the amount of licenses/verified that are allowed will have access to the other content).

In this way, the full offline game can be offered for free, if you want the extended online game. You can buy it and have unique key which does not require re-verification unless it starts turning up from multiple IP's on an online gaming server.

SecuROM is trying this with n-CD but we go even further, we do not require you to have a complex draconian DRM. The unique nature of our DRM is that any disk is the Key, a key which can be updated or revoked at any time, but if the game and DRM is abandoned by the company. You can still install and use it in 20 years time if you want (That's assuming you still have the hardware and an independent gaming server still exists).

btw, you did read correctly, our DRM is called E.A.T.M.E

E.A.T.M.E can also be used as a unique key system for anything from financial transactions to website login's.

Use an Eat me supported site and any pre verified disk, and you have a unique key that you can take anywhere with you.

So let the Internet E.A.T.M.E

You haven´t checked neither Mass Effect, Spore, or Farcry 2 retail versions...

You can provoke all you want, but we´ll speak no more about this device sorry


Alert: fear.exe wants to access the service control manager.
Comment: This is a high-level privilege that lets the process or user to stop, start, and delete services. Obviously something a game wouldn't need to do but something maybe a dynamically loaded service might want to do, like a copy protection program trying to get itself started.
Action: Allow (temporary)

Still no ring0? uff tell me which program allow to stop and delete process from userland, I´ll buy it

I then retested the above but denied Debug privilege to the game. I also blocked its access to one alert about trying to access one of the instances of svchost.exe and then later blocked its access to services.exe and service control manager. All the alerts about the game trying to gain access to System and all the running processes did not appear. Now there were alerts about the game trying to access the Internet. I chose to block those. The game started much faster (I only bothered to get past the intro movies and to the menu inside the game).

So no malicious intent if you are using a program that blocks it? but if you are the Average Joe basically fear.exe can get whatever it wants from your system? nice

About the messages... This Securom TECH FAQ has around 2-3 years old.. So I knew from start that Securom has lot of variety of messages....

So you make fun of me like if I didn´t knew this messages... well.. that´s just mean... but I don´t care... I´m used to it..

This thread seems more like a TV show... and to be honest, if I wanted a show, I´ll join the World Wrestling Entertainment


I call Securom the Chameleon, because it changes forms, and processes.

Well, this so many messages aside from the Service Control Manager.... if this access comes from userland it is time you to enlighten us and show us how...

Or are you going to play cat & mouse all the time? Because in common sense, my friend, you are the one talking crap. Ring0 owns ring3..

I´m open minded, but so far I´ve only seen social engineering criticize to me and weakly discussing my points without exposing your owns aka detecting DT from userland...

non disclosure agreement with virtual communications device.. great, i can't wait until i see this information come to light when the court case happens, because i've checked through some recent securom games, it doesnt make any devices... i think you're talking crap to be honest... non disclosure with who? the court people?

elevating privileges is nothing new other programs do it too, the main problem you're going to have is proving malicious intent.. what happens if the privileges are not granted for example...

debug privileges do NOT mean ring 0 access, just means other things like accessing other processes, could even be a debugger detection... you're making a lot of assumptions about things like i said before.. but im glad you now see there's plenty other message codes than the ones you're citing...

We have a Non-Disclosure Agreement, we canґt speak about the virtual communications device, Iґll be able to speak about it only after Spore lawsuit, not before.... I canґt risk to jeopardize it...

Iґve used the search button, only to find more support to my point of view....



Alert: fear.exe wants to elevate its privileges to include Debug permission.


*cough *cough* Ring0 *cough*

Iґm open minded, and I donґt presume of being perfect... I would like to know how Securom distinguishes between fish A and fish B. All from userland...

Securom Messages as in my TECH FAQ:

"Emulation Found"

"Disc not found"

"Original disc could not be authenticated in the required time"

"A required security module could not be activated, this program cannot be run" (5024)

latest message "Conflict with emulation Software Detected"

The DMA/Stepdown message... I donґt remember the exact one...

SecuROM

Am I missing something?

erm, well perhaps you explain about this virtual device, then maybe i'll talk about distinguising about fish a and fish b...

the security module needed has many many more error codes, simply scan the site here and you'll see some of them or click the securom url part and play with the numbers.. hardly rocket science..

some are debugger detected, some emulation, some loader, if you actually bothered to research this you'd have known about it.. which further makes me believe that you don't know what you're talking about and are relying on people believing your comments (most people on this board are pretty experienced and not that stupid)..

as for distinguishing things, its all about coding.. and how much you know the system...

i saw nothing about the 'virtual communications device' in the lawsuit, i saw the lawsuit was about product activation, no virtual anything... unless this is some lawsuit i havent seen..

as for being defensive/agressive or whatever.. thats simply explained.. i hate misinformation, i hate people who build up a reputation on misinformation and gossip.. im one of those people who prefer to see truthful information...

so please, 'virtual device / virtual communication device'... explain..

also 'application verifier', too

because last time i checked securom wrapped the executable, there are no other 'verifiers' or whatnot there... also no drivers loaded...

comparing starforce and tages in the same sack was simply because both use drivers, which the vast majority of the public don't like too much..

3 years of discussing / studying drm stuff should have gotten you more information than what you're citing now (which is mostly inaccurate and pure guesswork with no foundation).. i've been doing it ~20 years easily, so i do actually know what im talking about...

In 3 years of my forum DRM activity, I´ve never ever criticized Safedisc. I personally consider this DRM so harmless its not worth my time discussing it...

Aside from my previous post question. I would like some kind of justification, proof and documentation why you have put Starforce and Tages in the same sack...

Its like comparing a minidevil with Diablo....

Well dude, I don´t understand entirely what they are saying

SecuROM

2.3 Does SecuROM™ install a driver or any other software at the kernel level ("Ring 0") of my PC?
No, SecuROM™ does not install any components or perform any processes at the kernel or ring 0 level. All SecuROM™ components and processes occur at ring 3, the normal application level.

Or perform any processes... that would include the virtual device in the definition?

The Virtual communications device is on lawsuit, don´t ask for details... you are the one who take the aggresive path now...

I´m here to speak about the verification application, not about the virtual communications device used for online authentications, as this device isn´t used in disk checks.....

Well your theory is fine but it has a weak point....

When Securom detects something "fishy" you´ll get the 5024 message " A required security module can not be activated. This program can not be executed" That´s what you get when something like Process Explorer is running....


Now if Securom detects DT or any other emulation you get the Conflict with Emulation Software Detected

Can you enlighten us how Securom distinguishes between fish A and fish B?

ring 0 is ring 0 - kernel land, the place where drivers and the kernel live.. you can't redefine it..

virtual communications device? what virtual device?.. please explain this one as its totally new to me, i have many securom games installed and i've seen no 'virtual communication devices or virtual devices of any kind' created by it... and 'verification application', whats that too... because none of this i've seen and i've grown quite accustomed to securom since v5 right up to now and know it very very well... and i know bullshit when i smell it...