Controversial StarForce Copy Protection Creators Quizzed 952
Thanks to FiringSquad for its interview with the creators of the StarForce copy protection scheme for PC videogames. The author explains: "In recent months there's been an increasing awareness and alarm over StarForce copy protection. It's actually a driver that installs itself with the [Windows] games that come shipped with it, and originally it didn't uninstall when the game was uninstalled." StarForce's Abbie Sommer argues the advantages of "driver-level copy protection", explaining: "The drivers are what prevents the use of kernel debugger utilities such as SoftICE, Cool Debugger, Soft Snoop etc. Also the drivers prevent emulators from spoofing a drive, and thwart burning tools such as Alcohol 120%." The author concludes by injecting a little personal opinion into the mix, arguing: "PC games will never go away, but if the market keeps shrinking due to the increasing ease of piracy... then the number and quality of games will almost certainly decrease."
The guy who wrote this is a retard (Score:2, Informative)
so... linux is theft!?
>"Games are crap so often I don't want to get ripped off" - try reading reviews and playing demos. Besides, good luck getting a car dealership to refund you your money after you so much as signed the contract, never mind drove the car. Not all that many goods can be used and returned for your money back.
good luck getting a demo for many modern games. good luck getting a review that hasn't been bought, if not with money then "exclusive access" deals. in the UK at least, almost ALL non-perishable goods can be returned. exceptions are things like pierced earings due to hygiene. the rest comes under STATUTORY RIGHTS. a nice but unknown one is anything you buy on the internet can be returned within 30 days ("cooling off period") for ANY REASON WHATSOEVER.
(I'm not saying reasons for piracy are valid/invalid, just that the author is factually wrong)
note: most Doom 3 piracy was fans in non-US wanting ir right away instead of delayed release, just like all the films I've downloaded are ones I've seen in the cinema but the DVD isn't out yet.
Re:missed something (Score:5, Informative)
Read the StarForce webpage. Their goal isn't to stop determined experts, since that's impossible to do when the code runs on the adversary's computer. Their goals are to stop "industrial software piracy" (read: businesses buying one CD for all the computers in the office) and "casual copying" (read: Joe Teenager giving a copy to his friend Fred Teenager).
If these people are thwarted then their mission is accomplished.
Re:Brad Wardell's thoughts (Score:5, Informative)
And for the lazy (or those behind an abusive proxy server):
Safedisk (Score:5, Informative)
Safedisk is a PAIN to implement.
It works by changing the geometry of the disc - the tracks are actally spread out more (it makes it look a bit like the gaps between songs on old vinyl disks)
Then it measures the TIME it takes the drive to seek across these areas compared to the time it takes to seek across normal areas.
Their driver is very flaky, due to the large numbers of strange drives it has to cope with. This in turn makes it very difficult to build a drive which co-operates with it reliably.
Most disks produced with safedisk are within the spec - the spec just says that the track density must lie within such and such limits (I'd have to look them up) - they are expected to vary due to quality of disk and so forth. They AREN'T expected to vary on a single disk (much) - but nothing says that they can't. So they are in the CD/DVD spec.
The audio protections usually used fall into two camps. The polite camp simply has an audio session and a data session, and relies upon windows preferring to show the user the data session. These are within the redbook spec, and easy to break.
The slightly dodgier protection issues the same track number to tracks in both sessions, and relies upon data drives mounting the last session first and audio drives mounting the first session first. This DOES break the redbook spec. Quite horribly.
Re:do-not-buy list (Score:1, Informative)
http://boycottstarforce.org/games/ [boycottstarforce.org]
Re:And punish legitimate users? (Score:5, Informative)
There's an entire website devoted to that now; It's here [boycottstarforce.org].
Re:Games List ? (Score:3, Informative)
Re:Games List ? (Score:5, Informative)
According to google, cracks appear to exist for:
Breed
Cycling Manager 3
Dead to Rights
Fire Department
Gangland
Korea Fogotten Conflict
Prince of Persia Sands of Time
Rally Championship Xtreme
Restaurant Empire
Runaway A Road Adventure
Soldiers Heroes of World War 2
Track Mania
XIII
X2 The Threat
Now, being that I don't want to get my system all infected with virus laden garbage, I'm not going to download any of the cracks I found. I wonder how many work? Perhaps none of them. Or perhaps they all do. In that case, We have a 58% success record. That's not worthy of saying your protection is crack proof, IMHO.
Not (always) the developers... (Score:3, Informative)
Re:Yay, let's piss off consumers for no purpose. (Score:2, Informative)
That's only if they go through the 'accepted' API for adding new hardware. Just adding it to the registry and then asking the user to reboot when the install finishes is enough to install it 'stealthily'.
Beware anything that asks for a reboot.
StarForce stole technology? (Score:5, Informative)
This is supposed to be one of the reasons the pricing of the StarForce3 systems does not reflect the perceived development costs for the technology.
The PC Game market is growing, not shrinking. (Score:3, Informative)
The PC game market is growing, not shrinking. Many companies are losing money, I don't doubt that and I don't question the rest of his assertions, but nevertheless, this doesn't change the fact that the PC market of legitimately purchased PC games is growing, not shrinking.
Re:And punish legitimate users? (Score:5, Informative)
sfdrvrem.zip [star-force.com]
Boycott Starforce Webpage (Score:2, Informative)
I think its also worth nothing that starforce drivers CAN mess up your system, and can only be safely removed with the starforce removal tool. (which they dont go out the way to advertise).
This program is, essentially, a virus. So why is it ok for corporations to spread virii that stop me legally using my own game, but crackers who create trojans and the like are hunted to the ends of the earth?
More info on Starforce protection (Score:5, Informative)
Im by no means a l33t hax0r but I know my way around icing/dumping procedures and messed around with SF3 a bit.
First of all, whenever someone writes SF3 uses physical fingerprints, STOP READING - it DOES NOT, and yes a lot of wannabe experts will say that. If you wanna know how the SF3 discs are produced I can write another post here, but for now I'll tell you about the protection itself;
The Devil (=StarForce3) is INSANELY coded to avoid debugging, and by INSANELY I mean NOTHING COMES CLOSE : you can find over 200 RDTSCs on a SINGLE procedure. WTF is a RDTSC? Its an instruction to read the time stamp on the CPU, that is, they use it to MEASURE the amount of time some routine takes to complete: if you debug+trace the operations, stopping them before they are complete, the reply from the CPU will tell the app they are taking a long time to finish - and you get rebooted while the SF3 creators laugh at you.
The most low-level interrupts cant be traced as well since the SF3 driver replaces them with their own evil, custom, devilish, encrypted drivers - and thats where the problems for LEGIT buyers start, drivers messing around with system resources = always dangerous. Theres even a INT 2E routine used into SF3, thats an undocumented but widely known backdoor to run COMMAND.COM-based programs!!
What happens then is, one would actually need to recreate the drivers removing all those ( hundreds of ) evil anti-debugging checks - that would take a *LOT* of time/work already, considering the drivers are encrypted as and when executing - to ONLY THEN start working on breaking the games' protection itself. And for every new SF3 version/update/whatever ( = another game) , you would have to do everything again. Of course after ending up with a working crack, you can remove the "custom driver" thing and just emulate everything with an
Truth is, it becomes much more of a challenge than a way to play the game for free, since its much (much much) easier - even cheaper considering the hours a cracker would spend starforcing - to simply buy the damn original.
Only punishing legitimate users (Score:1, Informative)
on the other hand my copy of half life, half life 2, ut2004 and doom3 are all legal, because of online key checking
and i crack all my games, legitimate or not, because its just annoying looking for disks, frankly.
Look at Spyro Year of the Dragon (Score:3, Informative)
Re:And punish legitimate users? (Score:3, Informative)
No it doesn't. If I buy a book/CD/DVD etc, from you, the copyright holder, I have the right to use it. I also have the right to sell or give it to someone else, transferring the "use" rights I had along with the physical media, without reference to you. I don't, in general, have the right to make copies of it and distribute them.
Re:missed something (Score:1, Informative)
for no cd cracks when I purchase a new pc game.
Re:Look at Spyro Year of the Dragon (Score:3, Informative)
I don't think you'll ever find a PC game copy protection scheme that stood up as long as Spyro and didn't have any problems on a wide range of machines.
Re:Games List ? (Score:2, Informative)
Re:list of applicable games (Score:2, Informative)
foolish hu-MANS (Score:2, Informative)
Re:Games List ? (Score:1, Informative)
I can personally attest that X2 crack works, StarForce is far from uncrackable. The sooner they realize there is no such thing as uncrackable the better, maybe they'd go back to simple copy protections and stop pestering paying customers.
Reboots are legitimate (Score:2, Informative)
Windows (EXPLORER.EXE) regularly holds application program files open for no reason at all (I suspect it's something to do with displaying icons), so a reboot is the only way to replace an out-of-date file.
Re:Games List ? (Score:3, Informative)
Re:And punish legitimate users? (Score:5, Informative)
Re:And punish legitimate users? (Score:2, Informative)
No "legit" pirate is going to risk damaging their reputation to stick some stupid trojan inside their rip of "The Sims..."
Re:And punish legitimate users? (Score:5, Informative)
That's because the travel agent is a service provider and not a store. They don't sell me any items there; they simply agree to do something for me (namely, arrang the aeroplane seat and hotel room) in exchange for money. Software store, on the other hand, sells software on nice, shiny, oversized cardboard boxes (or nice, shiny, small and handy plastic DVD packages).
You mean an office of an insurance company ? Presumably I want to enter into a contract with them, in which I pay them money (usually in a monthly basis) and they pay me money in certain conditions (usually if something bad happens). Why you compare an office for signing contracts to a store that sells objects is beyond me.
I walked out with a mobile phone. It sits on my bookshelf currently. It's mine, all mine, to do with whatever I please.
Why ? What did you expect ?
As a side note, you shouldn't confuse the mobile phone that I bought from the mobile phone store with the contract I entered with a mobile phone service provider, which allows me to use the service providers network for a monthly fee. While I did sign the contract in the same place as I bought the phone (a matter of convenience), the two events are completely separate events.
No, I'm buying the box and everything it contains, including the physical media and whatever data it contains. Since I own said data, I don't need any license to use it in whatever way I please. The only limitation is that I can't distribute copies of it, since I'm not a copyright holder (but I can wallpaper the rooms of my own home with copies if I so wish - just as long as I don't give any away).
Do not confuse copyright with ownership; they are not the same thing. A writer might own the copyright to a book, but that doesn't change the fact that this particular copy is mine.
Now, there has been some typical lawyer tricks about needing a specific license to use computer programs since I'm making a temporary copy into the memory of the machine (which is absurd; if I read something, it gets copied to the back of my retinas and then to the back of my skull where the vision-related brain centers are, and presumably copied forward in some form to my thoughts, where it affacts my every action somewhat (meaning they contain some information about the book); so do I need a license to read a book ?), but, as I already said, the copyright law only forbids distribution of copies, not making of them. Furthermore, the Finnish law specifically grants me a permission to change the data I've purchased into whatever form is most convenient for me (in this case, from the packed installation files in the CD to the run-time data and code structure in the main memory).
Oh, you were talking about the US law ? Sucks to be American ;).
Re:I actually had to do just that earlier this yea (Score:2, Informative)
CoD is supposed to using SafeDisc 3 for it's copy protection.
(I have Nero installed, as well).
Re:And punish legitimate users? (Score:4, Informative)
Re:And punish legitimate users? (Score:3, Informative)
Uh, for all I care that is called a trojan with a backdoor as payload. It is about the tactic, not about what the tactic is used for.
ANd rreally, there have been enough trojans out there that did nothing of the sort because they existed in times before most computers were connected to any kind of network. They were programs that posed as being a usefull program while in fact they were destructive. Those have always been called, and are still called trojans. There is no remote intruder involved or even possible there.
Re:Forward to the past: use of cracked games (Score:1, Informative)
were COPYA-able, but the copy wouldn't run because of
timing checks. The p-code called a native 6502 routine to
do the check and returned the status in location $00,
which was returned to the higher-level code. Zero meant
success. So by turning the LDA (location 0) opcode ($29)
into a LDA (literal 0) opcode ($A9), it's cracked. Thus the
crack instructions are: change track t, sector s, byte b,
bit 7 from a zero to a one, and you're done!
Can't recall t, s, and b offhand, though...
Re:More info on Starforce protection (Score:2, Informative)
The TSCs don't work on VXM. That's why Pure-Stealth mode exists, because even for academic purposes, true encapsulation of a pure virtual machine requires time-domain decoupling, so the TSCs of the virtual processor are, of course, virtual, as is the actual timeline the emulated machine runs under.
And KINDFADE in fact does a nice job of decrypting all the referenced blocks for you, although you have to make sure it does actually reference all the blocks for the driver to have used all its keys.
If you're a good cracker, you'll have considered approaching the problem from the other direction - licensing StarForce 3 and reverse-engineering the wrapper. Or, to pose an interesting thought experiment, bypassing the whole damn thing, and stealing the source code, compiling it and releasing it.
By the way, the wrapper uses polymorphism. There aren't many actual updates, it just selects from tables of different routines to use. That's why it looks a bit different each time. They're not new versions (mostly).
The best approach, which I haven't actually released something based on (yet), is to use a VXC loader's stealth patches, fake out installing the driver and completely virtualise the driver and the trap hooks, feeding it the embedded timing data from the CD (just a few kilobytes). That idea really shows promise, because it would allow the creation of a generic workaround for it - not unwrapping it as such, but doing a Truman Show on it. And a program loaded with VXC will have a beauty of a time discovering that it has in fact done so, for only about 4-7% overhead, and that only for the code that actually needs complete virtualisation (i.e., only the driver - it's probably faster than the task switch!).
Re:And punish legitimate users? (Score:3, Informative)
Wrong.
A peice of software which claimed to be a solitare card game but in fact contained hidden code to cause a nuclear reactor to overload and explode would be a trojan. So yes, a trojan is exactly code with hidden functionality inside.
-