On Mon, 13 Oct 2003, Jerrold Leichter wrote: > different forms. It's been broken repeatedly. The one advantage they have > this time around is that CD readers - and, even more, DVD readers; there is > mention of applying the same trick to DVD's - is, compared to the floppy > readers of yesteryear, sealed boxes. It's considerably harder to get at the > raw datastream and play games. Of course, this cuts both ways - there are > limits to what the guys writing the protection code can do, too.
>From the POV of a coder for this kind of protection, there's probably some API you can use to get at the error correction info somewhere -- or you can use timing info... i.e. ask for a bad sector, and see how long it takes to return the sector vs one that's supposed to be good... You can't stray too far from published API's, since if you do, you'll potentially break your game when future OS's, patches, service packs, hotfixes, or devices come out... I.E. if you don't support anything but IDE CDROM's, will you fuck users that use SATA, scsi, FireWire, or USB cdroms? etc... What happens under Windblows 2005? Does your business model say that they can't play on future OS's/hardware? You won't be in business very long if you do that. >From the POV of the cracker, you can write a driver that looks like a CDROM driver to the OS, and run the game. It would act as a proxy to the real CDROM, but also log any unusual activity (errors, odd timing, etc...) So then, the cracker can write a second virtual cdrom driver, one that passes through the usual data off the CDR copy, but for those "unusual" sectors that it captured earlier, replay the action. Might even want to do this with two machines so you lessen the chance that the game will find the original CD and ignore the virtual. :) Of course the game could somehow figure out if a CD is virtual - by getting driver information? But if you're sneaky enough you can make your virtual CDROM driver look like a second IDE controller, etc.. (see above about SATA, USB, etc...) Doing a search on google for "virtual cdrom" I see quite a few such beasts... It's possible one of these even has source code, but I don't much care to bother searching further as I've no interested in this except from the theoretical. :) (In terms of things like Linux/*BSD you don't need no stinkin' driver, you can directly mount an ISO file, but you could very easily write a block device driver that added the errors/delays or whatever these things depend on.) That said, the scheme isn't without merit provided that it tells the luser that he should purchase a real one.... maybe after it stops working pop up an ad and say "Now that you've played your friend's copy, and saw the demo, you can continue if you buy the full version..." I seem to remember lots of old Macintosh software doing this. You were allowed and even encouraged to copy the floppy it came on and give it to your friends. When your friend installed the software, it would ask for the serial #, (which you weren't supposed to give out.) At that point, it would go into demo mode and run for a week, or two, and then refuse to run. So if your friend wanted the cool program you recommended, they'd buy their own copy. I'm not sure how successful that was, but I'm assuming it did quite well... The difference between that and this, is that if you put the floppy on your fridge door with a magnet, you could always get your backup (or ask your friend for her copy.) With this, even if you have a legally purchased copy, one or two scratches and it's literraly "Game Over Man!" :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net ------------ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]