Page 3 of 4 FirstFirst 1234 LastLast
Showing results 21 to 30 of 33

Thread: Securom FAQ Updated, Big BS

  1. #21

    Default

    Quote Originally Posted by evlncrn8 View Post

    i can't see how securom or safedisc could be worse than starforce or tages, simply because starforce and tages are heavily reliant on their ring 0 stuff
    and so on..)...
    In 3 years of my forum DRM activity, I´ve never ever criticized Safedisc. I personally consider this DRM so harmless its not worth my time discussing it...

    Aside from my previous post question. I would like some kind of justification, proof and documentation why you have put Starforce and Tages in the same sack...

    Its like comparing a minidevil with Diablo....

  2. #22
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    Quote Originally Posted by Sblade View Post
    Or perform any processes... that would include the virtual device in the definition?

    The Virtual communications device is on lawsuit, donґt ask for details... you are the one who take the aggresive path now...

    Iґm here to speak about the verification application, not about the virtual communications device used for online authentications, as this device isnґt used in disk checks.....

    Well your theory is fine but it has a weak point....

    When Securom detects something "fishy" youґll get the 5024 message " A required security module can not be activated. This program can not be executed" Thatґs what you get when something like Process Explorer is running....

    Now if Securom detects DT or any other emulation you get the Conflict with Emulation Software Detected

    Can you enlighten us how Securom distinguishes between fish A and fish B?
    erm, well perhaps you explain about this virtual device, then maybe i'll talk about distinguising about fish a and fish b...

    the security module needed has many many more error codes, simply scan the site here and you'll see some of them or click the securom url part and play with the numbers.. hardly rocket science..

    some are debugger detected, some emulation, some loader, if you actually bothered to research this you'd have known about it.. which further makes me believe that you don't know what you're talking about and are relying on people believing your comments (most people on this board are pretty experienced and not that stupid)..

    as for distinguishing things, its all about coding.. and how much you know the system...

    i saw nothing about the 'virtual communications device' in the lawsuit, i saw the lawsuit was about product activation, no virtual anything... unless this is some lawsuit i havent seen..

    as for being defensive/agressive or whatever.. thats simply explained.. i hate misinformation, i hate people who build up a reputation on misinformation and gossip.. im one of those people who prefer to see truthful information...

    so please, 'virtual device / virtual communication device'... explain..

    also 'application verifier', too

    because last time i checked securom wrapped the executable, there are no other 'verifiers' or whatnot there... also no drivers loaded...

    comparing starforce and tages in the same sack was simply because both use drivers, which the vast majority of the public don't like too much..

    3 years of discussing / studying drm stuff should have gotten you more information than what you're citing now (which is mostly inaccurate and pure guesswork with no foundation).. i've been doing it ~20 years easily, so i do actually know what im talking about...
    my views are 100% personal views..

  3. #23

    Default

    Quote Originally Posted by evlncrn8 View Post
    erm, well perhaps you explain about this virtual device, then maybe i'll talk about distinguising about fish a and fish b...
    .
    We have a Non-Disclosure Agreement, we canґt speak about the virtual communications device, Iґll be able to speak about it only after Spore lawsuit, not before.... I canґt risk to jeopardize it...

    Iґve used the search button, only to find more support to my point of view....

    http://www.daemon-tools.cc/dtcc/f19/...ptd-sys-22354/

    Alert: fear.exe wants to elevate its privileges to include Debug permission.


    *cough *cough* Ring0 *cough*

    Iґm open minded, and I donґt presume of being perfect... I would like to know how Securom distinguishes between fish A and fish B. All from userland...

    Securom Messages as in my TECH FAQ:

    "Emulation Found"

    "Disc not found"

    "Original disc could not be authenticated in the required time"

    "A required security module could not be activated, this program cannot be run" (5024)

    latest message "Conflict with emulation Software Detected"

    The DMA/Stepdown message... I donґt remember the exact one...

    SecuROM

    Am I missing something?

  4. #24
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    non disclosure agreement with virtual communications device.. great, i can't wait until i see this information come to light when the court case happens, because i've checked through some recent securom games, it doesnt make any devices... i think you're talking crap to be honest... non disclosure with who? the court people?

    elevating privileges is nothing new other programs do it too, the main problem you're going to have is proving malicious intent.. what happens if the privileges are not granted for example...

    debug privileges do NOT mean ring 0 access, just means other things like accessing other processes, could even be a debugger detection... you're making a lot of assumptions about things like i said before.. but im glad you now see there's plenty other message codes than the ones you're citing...
    my views are 100% personal views..

  5. #25

    Default

    Quote Originally Posted by evlncrn8 View Post
    non disclosure agreement with virtual communications device.. great, i can't wait until i see this information come to light when the court case happens, because i've checked through some recent securom games, it doesnt make any devices... i think you're talking crap to be honest... non disclosure with who? the court people?
    You haven´t checked neither Mass Effect, Spore, or Farcry 2 retail versions...

    You can provoke all you want, but we´ll speak no more about this device sorry


    Quote Originally Posted by evlncrn8 View Post
    elevating privileges is nothing new other programs do it too, the main problem you're going to have is proving malicious intent.. what happens if the privileges are not granted for example...

    debug privileges do NOT mean ring 0 access, just means other things like accessing other processes, could even be a debugger detection... you're making a lot of assumptions about things like i said before.. but im glad you now see there's plenty other message codes than the ones you're citing...
    Alert: fear.exe wants to access the service control manager.
    Comment: This is a high-level privilege that lets the process or user to stop, start, and delete services. Obviously something a game wouldn't need to do but something maybe a dynamically loaded service might want to do, like a copy protection program trying to get itself started.
    Action: Allow (temporary)


    Still no ring0? uff tell me which program allow to stop and delete process from userland, I´ll buy it

    I then retested the above but denied Debug privilege to the game. I also blocked its access to one alert about trying to access one of the instances of svchost.exe and then later blocked its access to services.exe and service control manager. All the alerts about the game trying to gain access to System and all the running processes did not appear. Now there were alerts about the game trying to access the Internet. I chose to block those. The game started much faster (I only bothered to get past the intro movies and to the menu inside the game).

    So no malicious intent if you are using a program that blocks it? but if you are the Average Joe basically fear.exe can get whatever it wants from your system? nice

    About the messages... This Securom TECH FAQ has around 2-3 years old.. So I knew from start that Securom has lot of variety of messages....

    So you make fun of me like if I didn´t knew this messages... well.. that´s just mean... but I don´t care... I´m used to it..

    This thread seems more like a TV show... and to be honest, if I wanted a show, I´ll join the World Wrestling Entertainment


    I call Securom the Chameleon, because it changes forms, and processes.

    Well, this so many messages aside from the Service Control Manager.... if this access comes from userland it is time you to enlighten us and show us how...

    Or are you going to play cat & mouse all the time? Because in common sense, my friend, you are the one talking crap. Ring0 owns ring3..

    I´m open minded, but so far I´ve only seen social engineering criticize to me and weakly discussing my points without exposing your owns aka detecting DT from userland...
    Last edited by Sblade : 12.11.2008 at 19:25

  6. #26

    Default

    SBlade, don't get drawn into disclosing matters which are not for disclosure at the moment.

    That said, my belief was that this discussion is really about DT tools and SecuROM.

    The VCD is related to authentication (and other issues) which in about 98% of the case does not directly relate to DT.

    Just out of interest, how to people think SecuROM communicates with the outside world?

    If you think it uses Windows own protocols. Then I suggest you go read the hidden readme file in your user accounts securom directory on your drive. As well as Sony's own promotional material about SecuROM.

    It's not supposed to be hidden, but that is a legal argument between Sony and the OpenSSL team concerning their apache style license and it's requirements of open disclosure for usage of their code.



    What puzzles me about all this is that both DT and Alcohol 120% use Ring 0. if you use the capabilities available to you within Ring 0, for personal backup or Virtual Drive usage SecuROM is remarkably easy to defeat . So where exactly is the problem here ? In respect of DT I mean.

    Or am I attributing too much working knowledge of Ring 0 and SecuROM to DT's development team?


    Maybe it is time that R-Force release our DRM onto the market. A DRM for this transition between Draconian intervention and that of full push technology of Web 2.0

    Electronic Analog Tracing Multilevel Elements

    Unlike conventional DRM's it requires no modification of the media and in fact it can be applied to existing media already in the market place.

    The application need only be run for verification of the disc and then it can be 100% removed from the end users system.

    The application just creates a simple image value based upon information that is unique in every single disk.

    So No draconian DRM's, you can make backups but each backup will have to be verified and you will have to transfer your previous verification for usage to the backup. This is at the publishers discretion, but we will insist upon more flexibility on this, than seen in the Usage of SecuROM and EA games.

    Verification, gives you access to online content, updates, patches, online gaming etc. Basically anything the the publisher wishes to offer.

    You can even buy a game online, burn it to disk as the full version, then verify that disc (Make as many copies as you like, but only the amount of licenses/verified that are allowed will have access to the other content).

    In this way, the full offline game can be offered for free, if you want the extended online game. You can buy it and have unique key which does not require re-verification unless it starts turning up from multiple IP's on an online gaming server.

    SecuROM is trying this with n-CD but we go even further, we do not require you to have a complex draconian DRM. The unique nature of our DRM is that any disk is the Key, a key which can be updated or revoked at any time, but if the game and DRM is abandoned by the company. You can still install and use it in 20 years time if you want (That's assuming you still have the hardware and an independent gaming server still exists).

    btw, you did read correctly, our DRM is called E.A.T.M.E

    E.A.T.M.E can also be used as a unique key system for anything from financial transactions to website login's.

    Use an Eat me supported site and any pre verified disk, and you have a unique key that you can take anywhere with you.

    So let the Internet E.A.T.M.E

  7. #27
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    accessing the service control manager is another form of anti debug, other protections do it (not just the iso game protection based ones), unless you can prove it turns off drivers / services then its actions would be passive, this is also a ring 3 api level, no ring 0..

    pretty much all programs communicate with the system, or have to in some way.. (this is what im guessing you meant by 'outside world').. even daemon tools does - how else would the images get mounted...

    oh, and i did actually check spore, i have the digital download version ,saw 0 drivers in it...

    some of your arguments seem based from the 'information' from some firewall / process monitoring software, and from the looks of it it was on paranoid level.. which explains many false alarms..

    Alert: fear.exe wants to access the service control manager.
    Comment: This is a high-level privilege that lets the process or user to stop, start, and delete services. Obviously something a game wouldn't need to do but something maybe a dynamically loaded service might want to do, like a copy protection program trying to get itself started.
    Action: Allow (temporary)
    and what happens if its denied.. securom still goes on doesn't it? therefore its not critical and its definately no proof that securom is trying to start a driver, the api can also be used to LIST current drivers loaded.. like oh, lets take for example ntice.sys (softice driver) which would be an 'innocent' anti debug check...

    you can't just rely on some program reporting *possible* risks, if it shows one you must investigate it and see whats actually happening...

    if this is the sort of information you're going to supply for the court case, it'll be laughed out of court...
    my views are 100% personal views..

  8. #28

    Default

    Ring 0 devices can be passive as well, being passive is not proof of runlevel. However.

    Let's be clear here, the Current version of SecuROM exists both in Ring 0 and Runlevel 3.

    As I keep saying, most people make the mistake of monitoring the runlevel 3 program, which is relatively passive as you say.

    It is the the Ring 0 virtual communications device you should be looking at (That is all I can really say about that, as the serious issues it raises are part of litigation matters and the security issues still remain unpatched).

    There is one simple fact though, DT in stealth mode could bypass SecuROM (offline usage) with very little effort on the part of the DT Team. If it only did as claimed.

    No amount of squabbling over specifics if which where and when will change that issue.

    The matter concerning the court specific items in which SecuROM places the end users systems at risk will not be announced until due process within the proceedings. Even then it may not be made public as the issues still remain un-patched.

    This is a SecuROM FAQ, not a place to prove the case to all comers.

    Sorry guys..

  9. #29

    Default Securom aka the Chameleon

    Quote Originally Posted by evlncrn8 View Post
    accessing the service control manager is another form of anti debug, other protections do it (not just the iso game protection based ones), unless you can prove it turns off drivers / services then its actions would be passive, this is also a ring 3 api level, no ring 0..
    A ring3 application that stop, pauses, deletes processes and services? yeah right....

    Quote Originally Posted by evlncrn8 View Post
    oh, and i did actually check spore, i have the digital download version ,saw 0 drivers in it...

    ...
    Yes, we come to the main Securom trick now... the Chameleon trick (copyright Sbladeґs industries :P)

    All those Securom messages/checks all not always available. Securom switches triggers ON/OFF at will, sometimes depending on the region it will do one thing or another...

    One of Securom reasons of existence is to track the code if it has been cracked to tell where it was patched, if the pirate didnґt patch it on a low level....

    They put features ON/OFF at demand. Those features arenґt critical, as Comodo reports, because Securom tries his nasty things and continues to do its job like nothing has happened...

    Well that is like if I go to a store and I stole a book or DVD and I get caught and I put in on the shelf. Did I stole? no. Did I have the intention of stealing? YES



    Quote Originally Posted by evlncrn8 View Post

    and what happens if its denied.. securom still goes on doesn't it? therefore its not critical and its definately no proof that securom is trying to start a driver, the api can also be used to LIST current drivers loaded.. like oh, lets take for example ntice.sys (softice driver) which would be an 'innocent' anti debug check....
    The Chameleon for be effective must be not critical. I donґt have to proof that Securom STARTS a driver, I have to proof that Securom CAN start a driver.. therefore the Ring0 risk if some coder finds an exploit....


    Quote Originally Posted by evlncrn8 View Post
    you can't just rely on some program reporting *possible* risks, if it shows one you must investigate it and see whats actually happening...

    if this is the sort of information you're going to supply for the court case, it'll be laughed out of court...

    Perhaps you can show some examples of whats actually happening... and enlighten us...


    Quote Originally Posted by evlncrn8 View Post
    if this is the sort of information you're going to supply for the court case, it'll be laughed out of court...
    No, maybe I can laugh at your ignorance... did you know about the Securom Chameleon trick? Iґm sure you didnґt...

    Chameleon trick has some purposes...

    a)locate where Securom has been cracked

    b)Keep the Antiґs divided, because Securom does things in some countries and it doesnґt do in another.... and yes speaking of the same game.

    c)Gives ammo for Blackhats/DRM supporters to accuse both groups of b) of being foolish, pirates and ignorants. See Mr, John Ritticello for this

    I would like to point one final lie from the Securom FAQ: They are going to fire someone

    SecuROM

    Collect valuable customer data for 1 : 1 marketing activities

    SecuROM

    Is Securom Spying on me?

    See message above, fools

  10. #30
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    Quote Originally Posted by Sblade View Post
    A ring3 application that stop, pauses, deletes processes and services? yeah right....
    again, no proof that it stops, pauses, deletes, whatever, infact what i saw was that it listed it, then again i actually debugged it.. did you?

    Yes, we come to the main Securom trick now... the Chameleon trick (copyright Sblade´s industries :P)

    All those Securom messages/checks all not always available. Securom switches triggers ON/OFF at will, sometimes depending on the region it will do one thing or another...

    One of Securom reasons of existence is to track the code if it has been cracked to tell where it was patched, if the pirate didn´t patch it on a low level....

    They put features ON/OFF at demand. Those features aren´t critical, as Comodo reports, because Securom tries his nasty things and continues to do its job like nothing has happened...

    Well that is like if I go to a store and I stole a book or DVD and I get caught and I put in on the shelf. Did I stole? no. Did I have the intention of stealing? YES
    again.. proof? oh yeah the non disclosure agreement, funny, it doesnt stop you posting your theory, but it stops you posting your proof/research... odd

    The Chameleon for be effective must be not critical. I don´t have to proof that Securom STARTS a driver, I have to proof that Securom CAN start a driver.. therefore the Ring0 risk if some coder finds an exploit....
    ah, so now 'if some coder finds an exploit', thats TOTALLY different than your previous claim that securom runs at ring 0 (thus it has to load a driver if your theory is right... which it isnt)..

    Perhaps you can show some examples of whats actually happening... and enlighten us...
    erm, how about you show your work/research then i might give examples, i'm not doing your work for you...

    No, maybe I can laugh at your ignorance... did you know about the Securom Chameleon trick? I´m sure you didn´t...
    obviously not, because i don't live in a dreamworld... as for ignorance i don't think you know me at all thus you can't make second guesses about me, what i can say is i know CONSIERABLY more about securom (and other protections) than you... and other people on this board know that too...

    Chameleon trick has some purposes...

    a)locate where Securom has been cracked

    b)Keep the Anti´s divided, because Securom does things in some countries and it doesn´t do in another.... and yes speaking of the same game.

    c)Gives ammo for Blackhats/DRM supporters to accuse both groups of b) of being foolish, pirates and ignorants. See Mr, John Ritticello for this
    total nonsense... cite your proof... coming up with catchy names is all fair and good, but its nothing.. you will be laughed out of court with such 'evidence' and conjecture.. i know the legal system a fair bit..

    I would like to point one final lie from the Securom FAQ: They are going to fire someone

    SecuROM

    Collect valuable customer data for 1 : 1 marketing activities

    SecuROM

    Is Securom Spying on me?

    See message above, fools
    name ONE securom game that was an n-cd...
    my views are 100% personal views..

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •