SecuROM discussion

Here I go to Explain SecuRom NEW

Since lots of people can’t get certain titles “Backed UP”

Since The release of the Now Infamous NWN Patch, It looks like SecureRom is the new contender for CDR piracy prevention.

Here is a list of SecuROM Versions used in the past few games released:

The THING 4.77.00.0029

Emperor : Rise Of The Middle Kingdom 4.77.00.0050

Virtual Resort: Spring Break 4.82.01.0004

Empire Earth: Art of Conquest 4.82.01.0027

As you can see that THE THING is the last game to be SUCCESSFULLY copied by many people.

After that it has been a no go for burning a WORKING Back-up.

All the titles above past The THING, DO work mounted in D-Tools.
But when you try and Burn your CCD image and try and load it, it will not load the game and here is why:

When the cd is being checked to see if it is a cdr media the following things happen in windows XP:

The following files are Dumped into your c:\Documents and Settings\User\Local Settings\Temp Dir

SINTF32.DLL
SINTF16.DLL
SINTFNT.DLL

There is also a Registry entry Placed in the registry when the cdr is being checked which is:

HKEY_LOCAL_MACHINE\Software\HKEY_LOCAL_MACHINE\SOFTWARE\SecuROM

Then a folder, which is a value assigned to your Drive accessing the Media.

so for ex.)

You use a Liteon-ltd163 there will be a folder called ERd257J5

Its 8 digits long.

inside of that folder is another folder called 001

and inside of that Folder is a KEY called: BinData

Within that KEY is the binary Data.

All this is being done WHILE the cd is being checked.

If any of these Fail to pass, then the media will spin up and spin down.

Thats it.

Here is My THEORY of why the backups aren’t working at THIS point:

We will call it Securetip.

Its releated to Atip which is used in SafeDisc 2.

This new Securetip checks for the Media Type in ALL drives, yes ALL drives, not just Burners.

It creates a hash or value in the registry based on which device it is using to access the cd, and matches the Binary data reg key which is made in the Registry in that folder. If the binary doesn’t match the Media then it will NOT load.

Since it “Knows” if its on a burned CDR or Pressed Media.

This is why cloneCD CAN’T burn it correctly. Since there is Binary Data NOT being copied from the images to the CDR correctly to a 1:1 copy.

Since all the games work mounted, we know the images are fine, cause the protection is beaten.

But once the game image is Copied it detects the CDR and will not boot.

To Sum it up:

All games released AFTER The THING… CANNOT Be Backed UP with any amount of success, on a large scale.

The odd one or 2 people may be able to.

The backups WILL work mounted since the copy protection is broken on the Writing of the image to the CDR.

This is My theory, belive me or not.

I made this so Ollie may look at the way this NEW Securom Works and be able to Defeat it.

Hi Dazog, that’s an interesting theory you got there.

I have not been able to mount and successfully run an image of ee-aoc with D-Tools or any of the other popular such type programs.

Have YOU personally been able to successfully mount and run an image of Empire Earth - Art of Conquest using D-Tools?

If you have been successful, I am very interested to know what hw/sw combo you used and the settings for the same, etc.

Interesting theory but I have my doubts. Unfortunately, only Emperor: Rise of the Middle Kingdom has been released so far downunder (and since I don’t go in for on-line multi-player, I’m not going to buy it) so I’ve got nothing to test your theory on.

(Yes noyb1, I did look for the Empire Earth expansion today but it hasn’t been released here yet.)

However, to date, every supposedly uncopiable new securerom new protected title (except NWN 1.21, noyby1 being the exception to prove the rule) has proven to be copiable, though not by everyone with the same make and model of writer.

A week ago there were a number of posts to the effect that The Thing wasn’t copiable. Not so, it took me less than 2 1/4 mins to produce a perfect copy and others have also succeeded.

There have also been posts to the effect that Industry Giant II is uncopiable yet FutureProof has indicated that Sheepfriend has succeeded in copying it with his Litey (and if Sven has succeeded that’s sufficient confirmation for me).

Personally, I’ll believe that an uncopiable version of securerom (other than the commercially disastrous NWN 1.21) has been released when I encounter a securerom protected game that defeats my reader/writer combination. However, to date nothing has even come close.

Of course, the fact that I’ve not encountered any problems in duplicating new securerom new protected cds doesn’t mean that it’s necessarily easy or, for that matter, even possible for everyone to do so.

If your theory is correct, success or failure will depend on how accurately your equipment reads and writes the binary data (and this doesn’t represent any real change).

I don’t get any sense into that theory…there’s no step included which could distinguish a cd-r(w) from a cd-rom.

and if all these games work mounted, than it’s really simple to make a backup: create the image, and if it is too large for a cd-r, take about 5 images of such games and store them to a dvd-r.

This is no perfect backup, but it would be enough to have a backup.

Did anyone check the sub files of these images for bad CRC values?

Where did you get your information from?

Intersting theories from Dazog however step one before making working back ups burned on CD’s is to make 1:1 copy that work from HDD.
Deamon tools supports new securom they claim however i imaged Beach Life (aka Spring Break in the US from Eidos)
using Fantom CD and i mounted it in the latest deamon tool and it does NOT work. Something more needs to be done.
05/09/2002 15:24 793_147_104 bl.mdf
05/09/2002 15:20 491 bl.mds
the mds which is like a cue needs some patching (so much for native clone support of MDF images :p) and if you download the ‘patched’ cue from DT site like for neverwinter night or industry giant II you’ll see that DT author added a few bytes himself… So it’s not THAT easy to make 1:1 copy that are running from HDD.
As for this thoery maybe then something like hide cdr media will be possible or maybe someone from the internet scene will figure out how to make a ‘cracked’ or ‘patched’ clone cd image like it happened with Moto Racer 3 and the Tagés protection.

This theory don’t make sense to me either.

I think that he’s trying to say that it checks the ATIP on all drives, which still is impossible.

It seems to me that since the release of WCIII and NWN with the new securerom new (securerom 3) protection, there are complaints that each and every securerom protected game released is uncopiable until someone actually does so.

Last week it was “The Thing”, which, I personally can verify is copiable. Industry Giant II is claimed by some to be uncopiable but see the post by Paradox here .

I remain to be convinced that there is anything really new.

philamber : the code didn’t change to crack it / dump it nothing really changed that’s why group such as myth or class could do the games featuring the new securom without problems.
(the new seucrom games are : Frontline attack war over europe from eidos, beach life from eidos as well and Rise of the Middle Kingdom from Sierra and Empire Earth mission pack).
BUT the new thing is that it can’t be cloned cause they added some kind of physical check of the CD (probably like anti clone protec like CD Cops Starforce or VOB Protect CD 5 have).
i think it’s easier to make a working 1:1 back up on HDD than burning an actual 1:1 image. Supposedly you can run MDF images of new securom games (created with fantom CD) from Deamon Tools BUT you need to download a ‘patched’ MDS file (which is like a cue for MDF images) from DT site. So i was wondering did anyone figure out how did the deamon tools author patched the MDF file that’s probably part of understanding the protection scheme. maybe to begin with it’s possible to make a tool that patch MDF and add those weird 24x bytes that venom386 added so everyone can make hdd backups of securom products then second step would be to see how it’s possible to burn those:)

Whether dazog’s theory is correct or not, I’ve no idea. However, regrettably, I am able to say that for the first time I have been unable to make a working back-up of a securerom protected cd with Emperor: Rise of the Middle Kingdom.

Not only have all my efforts failed but I have been unable to get an image that will work when mounted on a virtual drive whether or not securerom emulation (or securerom and safedisc emulation) is enabled.

The original cd, however, runs correctly irrespective of any programs running in the background so I do not believe it is a case of program blacklisting.

I hesitate to say that these cds can’t be copied with existing software but that appears to be the case with my hardware (which has never failed previously in duplicating securerom protected cds).

PS: dazog, if you’ve got any of these titles to run from an image with dt, please post details of the manner in which you created the working image (since a partial solution is clearly better than none).

[Update: For my test results see here ]

Try renaming your D-tools Drive something like umm

“liteon”

and it all the titles work for me mounted, with 1 drive emulated.

And yes my theory stands true.

I would like to see Ollie get around this problem ASAP!

Since its been awhile that something has been “Uncopyable”

And YES this form of ATIP in Securom CHECKS ALL DRIVES

its NOT Impossible.

OHHH and here is

Unreal Tournament 2003 's Securom Version:

4.83.11.0005

Way newer than anything out on any other game.

Originally posted by Dazog
[B]Try renaming your D-tools Drive something like umm

“liteon”

and it all the titles work for me mounted, with 1 drive emulated.
[/B]

I did. Called it “shadow” and called it “practical”. No go either way. However, I’ll give it one more try with a fresh image.

And YES this form of ATIP in Securom CHECKS ALL DRIVES

No it doesn’t. Most cd/dvd rom drives can’t read atip. They simply don’t support that command, so they won’t do it.

I hope you don’t mean “distinguish cd-r and dvd-rom” when speaking of “read atip”, because it this case you should first find out what atip is…reading atip is one way to easily identify a cd-r/w if the drive used supports it, nothing more.

I believe it has something to do with the new registry keys installed (no previous securom cd has installed separate securom keys). A sample is below:

"REGEDIT4

[HKEY_LOCAL_MACHINE\Software\SecuROM]

[HKEY_LOCAL_MACHINE\Software\SecuROM\Keys]

[HKEY_LOCAL_MACHINE\Software\SecuROM\Keys\EC7D079C]

[HKEY_LOCAL_MACHINE\Software\SecuROM\Keys\EC7D079C\0001]
“BinData”=hex:01,00,00,00,00,01,00,00,1d,00,00,00,0a,00,00,00,05,00,00,00,0a,
00,00,00,17,6c,41,3f,85,eb,51,3f,f5,49,1f,3f,a5,4f,7a,3f,c1,79,9f,46,2d,e8,
92,45,df,13,1c,45,c1,79,9f,46,73,76,bd,45,d2,07,09,00,00,00,1d,00,0c,00,25,
00,0b,00,22,01,06,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,04,00,00,00,
01,00,00,00,1a,19,00,19,1e,00,30,00,01,00,00,00,05,1d,11,0a,01,6e,00,20,12,
12,69,7f,1d,02,6d,6c,18,10,75,07,05,13,00,20,0f,7d,7e,4b,04,0a,00,c0,00,05,
05,30,00,00,00,00,00,00,00,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,5b,74,ca,26,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00"

(Alexnoe, spath, if you wish I can post the other keys under the “SecuROM” key or pm or email them to you if you prefer.)

In any event, I don’t think that whatever is now being used to distinguish between an original cd and a copy (or even a mounted image) is anything as simple as a mere atip check.

> And yes my theory stands true.
>
> I would like to see Ollie get around this problem ASAP!
>
> Since its been awhile that something has been “Uncopyable”
>
> And YES this form of ATIP in Securom CHECKS ALL DRIVES
>
> its NOT Impossible.

Look Dazog, the explanations you posted don’t make sense,
so if you want to convince people with your theory try
explaining it better : how does the protection work, what
happens with the original disc and what happens with a copy ?
Oh, and stop SHOUTING.

Philamber: registry keys alone are not enough
to find out how the protections works.

Hmm…

Reading the ATIP is not possible on many CDROM drives and such a suggestion is probably incorrect. Why? Because we know that NWN 1.21 sometimes identified original discs as copies. Pressed CDs don’t have any ATIP whatsoever.

It is possible to read CERTAIN PARTS of the ATIP with an ordinary CD reader, but nothing that would enable a CloneCD copy to be identified from the original.

Given the non-100% reliable nature of SecuROM 3, I suggest that what the check actually does is find something / some aspect of the CDR which is affected by the ATIP or which only applies to CDR media, a very small variation somewhere. I am not sure what this might be, but the fact that SecuROM stores the binary data suggests that it either takes a series of measurements of some sort.

I know that for people who had problems with their original discs, deleting the registry value helped. This suggests that a lengthy check is performed on first run and then this data is kept to speed things up? (I may be wrong on this)

Alternatively… (theory #2)

The only interesting thing I note from the registry is that the key name EC7D079C is possibly an ECC value from a sector on the disc. Make an ISO of the image and search through it with a hex editor to see if you find this value.

The binary data looks as though it could be the data from a sector or part of a sector (how long is it in bytes)?

Originally posted by spath
[BPhilamber: registry keys alone are not enough
to find out how the protection works.
[/B]

I never thought they were, but I thought they might assist, at least a little, those with the technical ability to work out the way the protection works (not me) to do so.

ok, this theory i tought up of is probably going to sound like a pile of bs and is probably not true and will probably throw everyone in the wrong direction, but it really seems to fit in as to how it’s identifying the burnt versions. also i gotta mention is that i am not a total genius on copy protections, but i am also not a total newbie and i have been usin clonecd since it was around version 2.xx. before u read this theory please keep a open mind, it helps a lot.

[THEORY]
let’s say u bought ut2k3 (newest known version of securom) and u install it and play it. when u install it it puts 3 dll’s into the system folder and puts a bunch of reg entries (at least that’s what i understand from reading the forums). now let’s say u whip out ccd and tried to copy it, what if those dll’s are messing with clonecd and recording some “marker” on the fly?

ive heard of a program that was released a very long while back (prolly when sd2 first came out in red alert 2) that works like a very early version of betablocker. what u would do is run this program and then run clonecd, make your image and when u are burning the image, the program supposedly modifies the sectors when the burner has problems with it. sure the program didnt last long but it has been done (unless im reading the wrong information)

i heard a post earlier saying that the reg entries vary between the drives on the system and the type of os. what if the varies between the reg entries are identifiers on what burner is installed on this computer? thikn about this, what do those dll’s do? i think what happens is when u install ut2k3 it records a list of all the burning programs on ur comp, then what the dll’s do is they watch until u run one of the programs and try to burn a cd. WHILE the cd is burning, the dll puts in the binary data found in the registry on the cd. now when u try to run the game, all the game does is try to find the binary data recorded on sector whatever. if it finds this data, game wont run it’s a copy. if it doesnt find the data, game runs perfectly. now here’s somethign else that’s really scary, what is in the data being burned? could it be just what burner u got? could it be your computer name? we dont know. what if the data being placed on the cd is being placed on like every cd u burn? keep in mind how noob pirates soemtime work, they borrow the game form their friends in skool or something, they go home, play the game, drool over how much they wanna pirate it, since they installed the program it introduces those dlls into the computer and then BAM! clonecd becomes coastercd! (yes i know it’s corny but gotta at least try to lighten up a dark situation especially when it hurts those of us that try to back it up
[/theory]

yes i know this theory sounds like total bs but it does make sense in some really evil way and it really bothers me and i thoguht it would help to mention it. a good way to test this is to go on a CLEAN computer (clean meaning a computer that does not have ut2k3 installed) and burn ut and try it out.

also another point i would like to make is that test i mentioned may not even work coz what if the autorun slaps the dlls in? what if im close but it is modifying clonecd in a different way from what i said?

/me is starting to wonder if he should really install that copy of ut2k3 that ups is delivering tommorow.

btw if anyone has a idea why this wont work please tell me im willing to keep my mind open.