SecuROM
From Wikipedia, the free encyclopedia
This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (August 2007) |
SecuROM is a CD/DVD copy protection product, most often used for computer games running under Microsoft Windows, developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and reverse engineering attempts. The newest versions (v4 and up) prevent 1:1 CD-R copies from being made. Certain programs can circumvent its protection, but can't duplicate it[citation needed]. The use of SecuROM is very controversial.[1] It installs a shell extension that prevents Windows Explorer from deleting 16-bit executables. SecuROM, like almost all copy protection systems, is often cracked within days of release.
Contents |
[edit] Versions, detection and technology of SecuROM
[edit] SecuROM v1.x–v3.x
One of the following files should exist in the installed directory (Depending on the operating system) or in the root of the original CDs:
- CMS16.DLL
- CMS_95.DLL
- CMS_NT.DLL.
The protection can also be recognized by DADC on the inside ring of the CD. DADC is a CD manufacturing plant; the more recent SecuROM protected games are also pressed in other plants. Open the main executable using a hex editor and search for the following ASCII text (it should appear twice): CMS
[edit] SecuROM v4.6
The protection modifies a CD-ROM's q-channel in order to make a protected original distinguishable from a copy.
A set of nine locations where the Q-Channel is purposely destroyed is computed by the following function (demonstrated as python-code), using a vendor specific key.
BadSQ = 0x0 VendorKey = [0,0,0,0,0,0,0,0,0] Seed = [0,0,0,0,0,0,0,0,0] BadSQTable = [0,0,0,0,0,0,0,0,0] round = 0 for a in range (0,256): BadSQ = BadSQ + (VendorKey[a % 9] & 0x1F) + 0x20 for b in range (0,9): if (Seed[b] == a): BadSQTable[round] = BadSQ round += 1 VendorKey[], Seed[] and BadSQ are initialized to secret values. Possible optimizations were omitted to reflect the original implementation.
The function calculates nine sector numbers; if the corresponding Q-channel is not readable at these locations, the CD is considered being original. Note that the key is always the same for all titles issued by a specific vendor, resulting in identical Q-channel patterns. Also note that every key has 134,217,727 "twins" that will produce an identical BadSQTable.
[edit] SecuROM v4.7 and above
After development on SecuROM had apparently been stopped, SecuROM v4.7 had been the first updated version for months. The new SecuROM brought several major changes about how the protection works and how it is integrated into the target program.
Unlike SecuROM v4.6, which relied on illegal SubQ-Information, the new scheme utilises "data density measurement" (not to be confused with "data position measurement" as being used by other protections). While the data density on normal CD/DVD-ROMs constantly degrades from the most inner to the most outer sector, data density on SecuROM v4.7 (and up) protected CD/DVD-ROMs is diversified by a certain, vendor specific pattern. This pattern can be reconstructed by high-precision time measurement during software<->CD/DVD-drive interaction and reflects the vendor-key as mentioned above.
To do so the protection defines a set of locations spread over the disc and issue two SCSI-read-commands per location to the drive. As the disc spins, the time it takes for the second command to return depends on the time it takes the disc to do a full round and thus depends on the data-density. To achieve the required timing-precision, the RDTSC command is used, which has a resolution of about 0.28 microseconds on x86-CPUs.
The pattern is made up from 72 locations, each either with normal or higher than normal density and thus reflects a binary pattern which assembles to the vendor specific key mentioned above.
SecuROM v4.84 and beyond includes "Trigger Functions" which allow the developer to program multiple and fully customizable authentication checks throughout the entire application. As the protection places itself between the application's code and the OS, it can alter the behaviour of selected system functions.
Consider the following example (Pseudocode)
if (GetCurrentDate() == '13-32-2999') then WorkCorrectly() else PreventProgramUse() end if
Obviously, a "normal" GetCurrentDate() function will never return '13-32-2999'. However, as SecuROM can modify the function's result, the application can check for the protection's presence during runtime; if the protection has been removed, the function will return with some other valid value, giving the application the opportunity to display an error message or render the application unusable (e.g. provoking a crash to desktop, making enemies invincible).
There are many different ways how "triggers" can be integrated into a program, making it much more complicated to universally circumvent the protection.
[edit] SecuROM v 7.x
Latest SecuROM Versions are all 7.x versions which are released and updated continuously[citation needed].
SecuROM 7.x, if run under a non-admin user account, installs its own service called UAService7.exe, which works in ring 3 of the computer's operating system.
Securom has said: "it has been developed to enable users without Windows administrator rights the ability to access all SecuROM features"[2] This has been called malware, and users must use 3rd party tools to remove 'protection' after uninstall of product.
[edit] Known problems
The version of SecuROM that comes with Armed Assault, S.T.A.L.K.E.R (European release only), Neverwinter Nights 2, Command & Conquer 3: Tiberium Wars (patched to v1.04), Tomb Raider Anniversary (demo and full version), Overlord, BioShock (demo and full version), Hellgate: London (single player mode), Rayman Raving Rabbids (PC version), and World in Conflict (single-player campaign only) prevents the game from running at all if older versions (before v11) of Process Explorer, a free tool by Sysinternals/Microsoft, has been run since the previous reboot, however a workaround for this SecuROM detection bug (v9.25 is not affected) can be found here.[3] Microsoft has worked around this particular bug with Process Explorer v11.0.
[edit] BioShock game and Rootkit controversies
BioShock has been accused of installing a rootkit. An official announcement was made denying that a rootkit is installed.[4] [5] The detection of a possible rootkit is due to limitation in rootkit detection tools. Use of a common Microsoft rootkit detection tool known as RootkitRevealer flags issues related to Bioshock's copy protection which indicate a need for additional scrutiny. In this case, the flag is raised on account of a null byte in a string of characters in one of the related registry entries. Null bytes in value strings are generally interpreted by common registry visualization tools as end-of-string characters; such tools tend to fail to display the whole string. This is caused by the limitations of those tools and can be used by malicious parties to conceal data.
[edit] The Sims controversy
The Sims 2 and some of its add-ons have previously been using SafeDisc for copy protection until April 2007. However, Electronic Arts has replaced SafeDisc with SecuROM v 7.x software protection ever since. That is, starting with The Sims Pet Stories, all Sims-related products since employ SecuROM. This includes The Sims Castaway Stories, The Sims 2 Deluxe, The Sims 2: H&M Fashion Stuff, The Sims 2: Bon Voyage, The Sims 2: Teen Style Stuff, The Sims 2 Double Deluxe, The Sims 2: FreeTime, and The Sims 2: Kitchen & Bath Interior Design Stuff. Out of these releases, The Sims 2: Bon Voyage was the most problematic. Problems relating to SecuROM include prevention of proper launching of games, disablement of CD/DVD/Blu-ray disc burners, and disruption of antivirus programs. Some users have reported severe damage caused by SecuROM, resulting in system failures that required complete system reformats to fix. EA attempted to address some of these concerns on the official website. Despite user complaints, EA plans to continue employing SecuROM and its future versions in their future releases. It has reported that future versions of SecuROM will use increasingly pervasive methods to enforce copy protection.
[edit] Mass Effect controversy
In May 2008 EA announced that Mass Effect for the PC would be using securom 7.x requiring a reactivation of the software every 10 days [6]. Due to a massive outpouring of complaints EA removed the 10 day activation while keeping secuROM tied to the installation[7] The retraction did not stop the influx of complaints from Bioware fans who felt as if EA had not listened to the massive number of complaints. Further angering their fanbase was the revelation that Mass Effect will be sold without SecuROM in Russia while other territories where piracy is not as rampant will still have to deal with secuROM 7.x.
[edit] See also
- SafeDisc
- StarForce
- XCP
- TAGES
- Yet Another Securom Utility, a means to avoid blacklisting of virtual drives
- Rootkit
[edit] References
- ^ Backlash against DRM in Bioshock mounting
- ^ SecuROM
- ^ Sysinternals Forums: Fix for SecuROM bug
- ^ The Cult of Rapture FAQ. 2k Games (2007-08-23). Retrieved on 2007-09-08.
- ^ Fisher, Ken (2007-08-26). Clearing the air: Bioshock does not contain a rootkit. Ars Technica. Retrieved on 2007-08-26.
- ^ Mass Effect, Spore To Use Recurring Validation. Retrieved on June 03, 2008.
- ^ Electronic Arts Responds to Copy Protection Outcry, Removes 10-day SecuROM Check for the Troops. Retrieved on June 03, 2008.