Well, don't know if this is the place, but i can also include something about gangland.
I'm really stranged that Jackass were missed here (and really a lot after the spath's tool colaboration...hehehe please correct me if i'm wrong)
Well, first i will show everybody what i have discover after a lot of tests, and something about the code itself.
I know this is not quite tech, but this is my point of view behind a future mining engineer....XDDDD
Well, first, SF uses searchs at some sectors at the beginning of the CD and at the end. I think this ones are not so special, but could look at a "ramdom" ones and then makes a simple checking operation.
Here we can doubt about some things:
IS really that sectors a fixed ones? or Can they be anyone?
Well, we must think now in the provided key. Now we know Starforce uses RSA ( a pretty well known encryption algorithm) and some people ( i will not say who provided such info but it is not from one source) says it could use a 128 bit key coding (128 key coding = 24 character key = starforce key) but i think this is false cause it can be coded in 64 base (for example), so it's key will not be 24.
Furthermore, i know starforce uses a couple of things to make its key effective, and just not only the angular measure.
We also know starforce checks the original Windows key as a part of the general proccess, so this way, trying to decrypt all the thing will be almost suicide.
In that way, the proccess is always the same.
The measure checks from one initial sector to another, and this could be not exactly the final one. The info about where to check is contained into the provided program key. This key will say starforce in which sector must begin and when must finish; then looks for certain sector, and finally looks for the last, counting the elapsed time in the process. Then codify such result in another key that, checked with the provided one, will decrypt the program, will ask you another valid key, or will refuse to play the copy. It's something like a public and a valid private key.
Then , we can say there is no special sector where we could look. Considering that a silver original CD lasts about 150 mS in searching for certain positions, we can cover a lot of positions with the starforce system. A burned CD always have a higher timing, even with same original positions, so checks always fails (and in a expected way cause there is "unexpected ways" that shows info that shouldn't appear).
When burning with BlindWrite and a usefull BWA at low speeds, we can "emulate" the physical track of the original CD, and checks will pass sometimes ( thats depends of the drive state when trying to launch (ie: a ripping process in a DVD drive will make our drive to be "overheated" and will give us an error in a SF game if we try to launch after that proccess, even with a good BWA)). In this way we have the same problems as we know with twinsectors and some drives.
Well, this is the first part of the physical part of the prot.
When trying to "reverse" we find a lot of problems.
Please, if anything here is forbidden, just clean it, cause i just only want to explain.
Well, at this point, it seems that a NEW version of Starforce have been released. The game that have this version is Gangland, and as some people found, it is quite more difficult not only to backup, but for reversing too. I think major changes is for anti-cracking issue (today there isn't any crack for this game, for now this game is uncrackeable, even for some people that had done it with previosly versions(...))
Don't know if this can be publish, but:
1.- Starforce uses int1 and int3, so softice is neutralized ( cause starforce uses in its proccess and sice cannot use it(any ring1/ring3 debbugger will not work).
2.- We must trace for a valid oep, and we cannot use the typical tracing, but home made ones.
3.- We cannot use some tools (Import rec for example) to find a correct IAT, we must made special ones.
4.- There is a big ramdom trigguers that makes sf to be a time strong protection (SecuROM is like the Safedisc Silent Alarm, and like a child comparing sf)
5.- The SF VM is strong enough to avoid home made tools to fix the resulting "dump".
Well, i don't know if i missed something, but i think i cover most important aspects. Well, i don't have more time so expect replies to that.
@Philamber, as you can see i have minimal tech knowledge, so this is the main reason i do not post here so much.
Well, sorry for my porr english again, and hope it can be understood.