Information About

Securom
  CATEGORIES ABOUT SECUROM
   
digital rights management
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...




VERSIONS, DETECTION AND TECHNOLOGY OF SECUROM


SecuROM v1.x–v3.x

One of the following files should exist in the installed directory (Depending on the operating system) or in the root of the original CDs:
  • CMS16.DLL

  • CMS_95.DLL

  • CMS_NT.DLL.

    • The protection can also be recognized by DADC on the inside ring of the CD.

DADC is a CD manufacturing plant; the more recent SecuROM protected games are also pressed in other plants.
Open the main executable using a Hex Editor and search for the following ASCII text (it should appear twice): CMS


SecuROM v4.6


SecuROM v4.6 has been the underdog of commercial copy protection. The protection modifies a CD-ROM's ''q-channel'' in order to make a protected original distinguishable from a copy.

A set of nine locations where the Q-Channel is purposely destroyed is computed by the following function (demonstrated as Python -code), using a vendor specific key.



BadSQ = 0x0

VendorKey =  {Link without Title} 

Seed =  {Link without Title} 

BadSQTable =  {Link without Title} 

round = 0

for a in range (0,256):

    BadSQ = BadSQ + (VendorKey % 9  & 0x1F) + 0x20

    for b in range (0,9):

        if (Seed {Link without Title}  == a):

            BadSQTable {Link without Title}  = BadSQ

            round += 1



VendorKey Seed[  and BadSQ are initialized to secret values.

Possible optimizations were omitted to reflect the original implementation.


The function calculates nine sector numbers; if the corresponding ''Q-channel'' is not readable at these locations, the CD is considered being original. Note that the key is always the same for all titles issued by a specific vendor, resulting in identical ''Q-channel'' patterns. Also note that every key has 134,217,727 "twins" that will produce an identical BadSQTable.


SecuROM v4.7 and above


After development on SecuROM had apparently been stopped, SecuROM v4.7 had been the first updated version for months, obviously being a "public" beta. The new SecuROM brought several major changes about how the protection works and how it is integrated into the target program.


Unlike SecuROM v4.6, which relied on illegal SubQ-Information, the new scheme utilises "data density measurement" (not to be confused with "data position measurement" as being used by other protections). While the data density on normal CD/DVD-ROMs constantly degrades from the most inner to the most outer sector, data density on SecuROM v4.7 (and up) protected CD/DVD-ROMs is diversified by a certain, vendor specific pattern. This pattern can be reconstructed by high-precision time measurement during software<->CD/DVD-drive interaction and reflects the vendor-key as mentioned above.

To do so the protection defines a set of locations spread over the disc and issue two SCSI -read-commands per location to the drive. As the disc spins, the time it takes for the second command to return depends on the time it takes the disc to do a full round and thus depends on the data-density. To achieve the required timing-precision, the '' RDTSC '' command is used, which has a resolution of about 0.28 microseconds on X86 -CPUs.

The pattern is made up from 72 locations, each either with normal or higher than normal density and thus reflects a binary pattern which assembles to the vendor specific key mentioned above.

SecuROM v4.84 and beyond includes "Trigger Functions" which allow the developer to program multiple and fully customizable authentication checks throughout the entire application. As the protection places itself between the application's code and the OS, it can alter the behaviour of selected system functions.

Consider the following example ( Pseudocode )

if (GetCurrentDate() == '13-32-2999') then 

    WorkCorrectly()

else

    ScrewItUpSomehow()

end if


Obviously, a "normal" GetCurrentDate() function will never return '13-32-2999'. However, as SecuROM can modify the function's result, the application can check for the protection's presence during runtime; if the protection has been removed, the function will return with some other ''valid'' value, giving the application the opportunity to display an error message or render the application unusable (e.g. provoking a Crash To Desktop , making enemies invincible).

There are many different ways how "triggers" can be integrated into a program, making it much more complicated to universally circumvent the protection.


SecuROM v 7.x


Latest SecuROM Versions are all 7.x versions which are released and updated continuously.

SecuROM 7.x, if run under a non-admin user account, installs its own service called UAService7.exe — (ring 3), which works in Ring 3 of the computer's operating system.

Securom has said: "it has been developed to enable users without Windows™ administrator rights the ability to access all SecuROM™ features"http://www.securom.com/support_enduser.asp?t=3


Known problems

  • The version of SecuROM that comes with (patched to v1.04), Tomb Raider Anniversary (demo and full version), Overlord and BioShock (demo and full version) prevents the game from running at all if Process Explorer , a free tool offered by Microsoft, has been run since the previous reboot, however a workaround for this SecuROM detection bug (v9.25 is not affected) can be found herehttp://forum.sysinternals.com/forum_posts.asp?TID=11086. Microsoft has worked around this particular bug with Process Explorer v11.0.


  • Certain games installed using SecuROM will prevent other select games from working correctly, and will continue to do so even after game is uninstalled.



BioShock game and Rootkit controversy

as end-of-string characters; such tools tend to fail to display the whole string. This is caused by the limitations of those tools.

Bioshock/SecuROM also accesses the internet and attempts to bypass firewall permissions at some point during its installation, and installs files in a hidden directoryhttp://www.google.com/search?q=bioshock+hidden+files that cannot easily be deleted http://www.gamingbob.com/2007/08/23/bioshock-installs-rootkit-including-demo. Some users have stated that in order to install the game, their firewalls and antivirus programs needed to to be turned off and active virus monitoring services needed to be shut down with XP restarted with these programs and services properly disabled.http://forums.2kgames.com/forums/showthread.php?t=6633&highlight=virus


SEE ALSO



REFERENCES



EXTERNAL LINKS

  • http://www.securom.com