Announcement

Collapse
No announcement yet.

Securom FAQ Updated, Big BS

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securom FAQ Updated, Big BS

    Hi there LocutusofBorg. Iґm Inspector Switchblade, better known as Sblade. Iґve helped thousand of gamers run Securom protected gamers for some years with my TECH FAQ

    I donґt mind DRMґs like TAGES, but Securom is built in a way that is invasive, risky and annoying to say the least....

    Iґm joining the lawsuit against EA for their use in Spore. Now short after the lawsuit, assh**es updated their FAQ:

    SecuROM


    2.2 Is SecuROM actually loaded onto my computer?
    SecuROM is a DRM system used by software publishers to protect their intellectual property. In the course of applying the solution, certain files are placed onto the computer for the system to work properly


    Cool, no prob with that.


    2.3 Does SecuROM install a driver or any other software at the kernel level ("Ring 0") of my PC?
    No, SecuROM does not install any components or perform any processes at the kernel or ring 0 level. All SecuROM components and processes occur at ring 3, the normal application level.



    Well hereґs my question LocutusofBorg. How they can find your DT application then?

    SecuROM

    Your software is legal, if I were you Iґll sue their butts ASAP, but that is entirely up to you....

    What I want to know is if thereґs any chance they can detect RING0 virtual drives by running at RING3? I highly doubt it....


    Looking forward to your answers
    Regards
    Sblade

  • #2
    They can detect several registry keys and also, of course, file names.
    Make something idiot proof, but then they just make a better idiot
    Peace Through Power

    Comment


    • #3
      I understand in my book that Securom doesnґt detect IDE drives emulation in DT PRO.... canґt they detect those keys you are talking about?

      Comment


      • #4
        They do in latest SecuROM version.
        Make something idiot proof, but then they just make a better idiot
        Peace Through Power

        Comment


        • #5
          How they Distinguish between legit and emulated IDE drives? I mean thereґs no way to tell... since emulating hardware is required to be at RING0 they canґt tell the difference...

          and blacklisting would be a baaaad idea...

          Comment


          • #6
            sure, theres ways to tell, however your limited (even then you dont admit it) knowledge and experience makes you guess (incorrectly)...

            to 'take on' an enemy, its usually a good idea to understand them first, not make guesses....
            my views are 100% personal views..

            Comment


            • #7
              OK, I found the post you donґt like evlcrn8...



              Foolish Chris. He is paranoid about DT, not paranoid about a Sony DRM similar to XCP...ignorant completely of the risks that implies running Securom games...

              So DT works now in Ring3? if DT virtual drives runs still in RING0, canґt you write a rutine that will always fool Securom RING3 access?

              Comment


              • #8
                dt agent and other program run in ring r3 (userland), the daemon tools device is handled by the ring 0 drivers (the daemon tools one.. and the sptd one)... there's no 100% way to hide ring 0 from ring 3 because registry keys, interfaces for ioctl and so on have to exist for communication purposes... if a ring 3 program crashes, it doesn't (usually) take out the system with it... if ring 0 crashes its game over.. typically a bugcheck -> bsod...

                as for writing a routine that blocks securom ring 3 access, look again.. what do you think yasu does, curerom does/did , seculauncher and various other utilities out there do/did?...

                not sure what you mean about the post i don't like.. the one you posted makes no sense or not, if i didn't like daemon tools i wouldn't have the customer tag now would i?

                nor (if i thought it was a rootkit) would i have bought it... sure, it uses some rootkit-like things (api hooking in ring 0 for example) which may make people feel paranoid but that all depends on your trust of the developers..
                my views are 100% personal views..

                Comment


                • #9
                  I trust DT. I donґt trust Securom using RING 0 countermeasures to flag/stop DT.

                  Sony has a history of invading systems. DT not.

                  Comment


                  • #10
                    Originally Posted by evlncrn8 View Post
                    dt agent and other program run in ring r3 (userland), the daemon tools device is handled by the ring 0 drivers (the daemon tools one.. and the sptd one)... there's no 100% way to hide ring 0 from ring 3 because registry keys, interfaces for ioctl and so on have to exist for communication purposes... if a ring 3 program crashes, it doesn't (usually) take out the system with it... if ring 0 crashes its game over.. typically a bugcheck -> bsod...

                    as for writing a routine that blocks securom ring 3 access, look again.. what do you think yasu does, curerom does/did , seculauncher and various other utilities out there do/did?...

                    We know that the utilities that you have mentioned don´t work with latest Securom version if they aren´t updated....

                    Ring 3 detection routines still have to go into Ring 0 if the program is in stealth mode. It already hides itself in the registry in that mode otherwise it would have been easy for DRM's to circumvent the circumvention.

                    Securom starts in RING3 and monitors the RING0... otherwise nothing will prevent DT stealth to false registry data and fool Securom.... when I say registry data.... what data CAN´T be falsified from RING0 to the naive RING3?

                    Ring0 overrule Ring3, that´s a simple fact no one can deny...
                    Last edited by Sblade; 10.11.2008, 00:45. Reason: quoting

                    Comment


                    • #11
                      Originally Posted by Sblade View Post
                      Ring 3 detection routines still have to go into Ring 0 if the program is in stealth mode. It already hides itself in the registry in that mode otherwise it would have been easy for DRM's to circumvent the circumvention.

                      Securom starts in RING3 and monitors the RING0... otherwise nothing will prevent DT stealth to false registry data and fool Securom.... when I say registry data.... what data CANґT be falsified from RING0 to the naive RING3?

                      Ring0 overrule Ring3, thatґs a simple fact no one can deny...
                      the only accurate thing about your post is the last bit,, as for the 'monitoring ring 0'.. total nonsense, and 'having to go into ring 0 if the program is in stealth mode'.. that really shows your lack of checking.. have you even tried to enter ring 0 from ring 3?...

                      as for 'registry data.. what data cant be falsified from ring 0 to the native ring 3'.. ring 0 is native.. so you got that the wrong way around, and data is data.. data in the registry does not magically turn into ring 0 data or ring 3 data.. its identical...

                      so please, do some research, test your theories before you post them and look foolish when the information you claim is right turns out to be wrong..
                      my views are 100% personal views..

                      Comment


                      • #12
                        Stop the social engineering...

                        Originally Posted by evlncrn8 View Post
                        the only accurate thing about your post is the last bit,, as for the 'monitoring ring 0'.. total nonsense, and 'having to go into ring 0 if the program is in stealth mode'.. that really shows your lack of checking.. have you even tried to enter ring 0 from ring 3?....
                        There´s something called Call Gates....


                        Originally Posted by evlncrn8 View Post

                        as for 'registry data.. what data cant be falsified from ring 0 to the native ring 3'.. ring 0 is native.. so you got that the wrong way around, and data is data.. data in the registry does not magically turn into ring 0 data or ring 3 data.. its identical...

                        so please, do some research, test your theories before you post them and look foolish when the information you claim is right turns out to be wrong..
                        I can smell some social engineering here. I said naive, which means innocent. But you understood what you wanted. My sentence is from RING0 to naive Ring3, which is accurate. Honest, I´m not here to be hero or be a candidate for general elections so once again leave the trolling about.

                        I´m here looking for LocutusofBorg´s opinion. I´m not interested in a macho demonstration of any type. Computer Science isn´t an exact one... many people say Vista is crap, and we know it has bugs....
                        and we don´t see people saying "that´s not scientific"...
                        Last edited by Blazkowicz; 10.11.2008, 14:41.

                        Comment


                        • #13
                          social engineering? not quite my thing...

                          callgates.. sure they exist and sure they're an interface, last time i checked though i didnt see callgate usage in recent safedisc titles, or securom either... callgates are also dependant on the user privileges, if the user wasn't admin or whatever then they probably wouldnt work, which then leads to back to the same question of how do they detect xyz when the user is not a admin (which you'd have found out if you actually checked your theories)...

                          as for native - >naive, simple misreading... and i know what it means, but it could also have been a typo, considering you spelt routine wrongly anyway

                          proof (especially for a legal case, which you claim you've joined) does need to be scientific, the results do need to be reproduceable.. at least, they did last time i checked...

                          regardless however, its entirely possible to detect ring 0 drivers from userland (ring 3) without the need to 'drop down' to ring 0 at all... which was the whole point of this thread i believe.. the 'no way to tell' is simply inaccurate
                          my views are 100% personal views..

                          Comment


                          • #14
                            It's a SONY

                            Here is what they say about their own registry entries. It's not exactly about the inner workings as attempted to be discussed here, but still relevant nevertheless. ...or something like that.

                            What is the SecuROM entry in the registry?

                            The Windows registry is a directory that stores settings and options for the operating system for Microsoft Windows. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. As part of SecuROM, certain license information as well as information used to optimize the authentication of the SecuROM disc signature is stored within the registry keys.
                            The SecuROM registry keys can be found in one or both of the following locations:
                            • HKEY_CURRENT_USER\Software\SecuROM
                            • HKEY_LOCAL_MACHINE\SOFTWARE\SecuROM

                            Additionally the similar keys can be found in the following location:
                            • HKEY_USERS\"Your SID"\Software\SecuROM

                            Example given HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\Software\SecuROM
                            Please note that the SID is different on each machine.
                            Due to the registry management of Windows, you have separate HKEY_USERS\"SID" keys for each Windows user account. Depending on how many user accounts the protected application was executed, the SecuROM key might be stored in various HKEY_USERS\"SID" keys.
                            What is it for?

                            SecuROM registry keys are solely used for storage of drive authentication information and license information.
                            The purpose of the registry keys labelled "!CAUTION! NEVER DELETE OR CHANGE ANY KEY" and/or "License information" is to enable SecuROM to perform its Digital Rights Management function properly (license data is stored beneath this key) and prevent users from inadvertently deleting keys and or values stored beneath this key. Other than the license data, there is no code, EXE, DLL, or driver stored in the registry key.
                            The "WL" registry folder contains drive calibration values and recognition times. This information is used to optimize the authentication of the SecuROM disc signature.
                            It is not recommended to remove any of the registry keys. If the "Keys" or "WL" folders are removed, these values will be rebuilt with further SecuROM disc authentications. It is highly recommended to not tamper with the "UserData", " !CAUTION! NEVER DELETE OR CHANGE ANY KEY" or "License Information" registry key folders.
                            General Information

                            All information stored is solely used by SecuROM, as explained in this statement. No other code, EXE, DLL, service, driver or similar is invoked, neither directly nor indirectly, neither via SecuROM nor via Windows OS or other applications. It simply does not contain any information related to the execution of additional code, except SecuROM's internal Digital Rights Management enforcing functionality.

                            Comment


                            • #15
                              @evlncrn8

                              Well, common sense says to me that Ring0 can feed ring3 whatever ir wants, and when the Ring0 stealth device is hidden in the registry how it is possible to detect it from userland?

                              I invite you to enlighten me and many others... proof that Iґm wrong. Thanks

                              EDIT:
                              Originally Posted by Blazkowicz View Post
                              There is no need for YASU when mounting into latest DT Lite/Pro. Also game doesn't use any copy protection for starting the game - only the addon for installation.
                              Now If you wonґt mind Blazkowicz... if DT has its own Ring0stealth functionality, how Securom detects it? You can give your personal opinion leaving aside the teamґs one...
                              Last edited by Blazkowicz; 10.11.2008, 21:26. Reason: Full post quote

                              Comment

                              Working...
                              X