SafeCast

From Wikipedia, the free encyclopedia

SafeCast is a registered trademark for Macrovision's legacy software protection system. Safecast features product activation (via telephone, or through internet), and executable wrapping technology. SafeCast can be easily defeated with a keygen.

Contents 1 Controversy 2 Removing SafeCast 2.1 Cleaning the Registry 2.2 Cleaning the physical hard disk data 2.3 Cleaning SafeCast files 3 Protection Level 4 References 5 External links

[edit] Controversy

SafeCast overrides operating-system security and safeguards and writes directly to the boot track of the local disk as part of its operation. TurboTax, Intuit's tax-preparation software product, uses SafeCast in some versions, and the protection scheme has been blamed for a wide variety of problems with product activation and use, leading Intuit to partially remove the technology. Adobe also uses a version of SafeCast for its CS products, and has had similar but less frequent problems, particularly with certain types of disk configurations (RAID, multiple-boot), but continues to use the technology for copy protection.

[edit] Removing SafeCast

Removing SafeCast from one's system involves multiple steps. Note that the SafeCast is changing, and so the information below may no longer be accurate or complete.

[edit] Cleaning the Registry

You need a registry browser that supports displaying the last access date.

The registry plugin for the Total Commander will do the job.

Sort entries for date and delete the newest (or search for "Local"="EN") in:

[HKCR\CLSID\*]

Not needed:

[HKCR\*]

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\*]

[edit] Cleaning the physical hard disk data

Get some Hexeditor like Winhex that supports raw hard disc access.

Zero data at current physical harddisk sector 32(offset 0x4000)

Notes:

• physical harddisk is not C: <- which is only a logical drive
• Data at this sector should look like random data
• Improper 'editing' will do much damage. Backups/copy sector before filling

[edit] Cleaning SafeCast files

Find and delete:

%ALLUSERSPROFILE%\Applicationdata\*\Product licenses\*.dat

(in some older releases can be located at %ALLUSERSPROFILE%\Applicationdata\*\Software licenses\*.dat)

[edit] Protection Level

Manual unpacking is possible but may require averaged~elevated debugging skills.
Safecast uses some common known debugger detection tricks like:

Kernel32.IsDebuggerPresent()

Kernel32.CreateFileA ("\\.\NTICE")

ntdll.ZwQueryInformationProcess(...InfoClass = ProcessDebugPort(0x7)...)

Dll-Import-Redirection makes it somehow harder to produce a running exe. With common reverse engineering tools like Import REConstrutor it is possible to locate all redirectioned API ('Get API Calls') and call them ('level2 hook tracer'). Safecast removes the redirection on first call of a redirectioned API, so after all are done, target can be dumped as usual.^[1]

[edit] References

[edit] External links

This article or section includes a list of references or external links, but its sources remain unclear because it lacks in-text citations. You can improve this article by introducing more precise citations.

• Intuit to use kinder, gentler version of SafeCast - May, 2003
• Intuit Soothes DRM Fears with TurboTax Uninstaller - January, 2003
• Intuit press release on independent testing - press release, February 24, 2003
• Intuit licenses SafeCast - press release, September 5, 2002
• Intuit continues use of SafeCast - press release, May 15, 2003
• Intuit scrambles to ease TurboTax woes - January, 2003
• Intuit pours oil on TurboTax troubles - January, 2003
• Adobe tries out DRM in Photoshop - July, 2003