Author Topic: EA hit with class action suit over 'Spore'  (Read 33525 times)

0 Members and 1 Guest are viewing this topic.

Offline Arachoid

  • Tempest Top Dog
  • ****
  • Posts: 883
  • A new musical revelation...
    • View Profile
Re: EA hit with class action suit over \'Spore\'
« Reply #75 on: October 04, 2008, 09:36:51 am »
... Or if someone could write a \'virus\' that stopped SecuROM processes...
I say NO! to all limits.
Unfortunately, I don't think we're far enough into the Civ stage to have deveoped into the 'Infinite-ghz processing' research tree yet...

Offline Yokto

  • Street Fighter
  • *****
  • Posts: 6238
  • Do not feed the Giant Gnawling.
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #76 on: October 04, 2008, 10:12:42 am »
You do not need to write a virus for that. You just need a process management program. Windows have a simple in build one know as the systems manage. Only problem is that is not that great. Processes may be protect so you can not shut them down for example. For good reasons sometimes as turnings some of them off WILL crash your system. The sad things is that Worms and viruses also use the same trick sometimes to become untouchable. There are tools that are more powerful however that you can get giving you more features and more access.

One thing you may want to get right now is a processor guard. It does not really stop process that is running but can stop processes form starting or changing other processes. This is a great safety measure and can be protect you form password sniffing.

Now that may not solve the problem. If fact it will most likely not. Most DRM scheme are integrated to the program. You could say is a virus in the main program  running at the same time as the main process . Though is not really correct as many times is rather the opposite. The main program is actually encrypted and you run the unlock program to run the main program. But then again there are several different solutions. And that is how the cracking works. It separate the main program form the lock. Lifts it out in the unencrypted form and make a regular exe file of it.

Or at least that is what i have learn form a bit of study. I may be wrong and again i know there are several methods for this. I also know that DRM programs may have other underlying structures running looking for emulators or whatnot but in general you can not disable and still run the unlock program. But there are methods to trick programs like this in to believing that system is set up as the unlock program wants it to be.
Check out my Creatures.
The Æthirans
The Echin
The Jinnivons
Star Citizen Ref code: STAR-JLJP-LRTC
When you singing up use code and get 5000 credits for free ;)

Offline superstartran

  • Fire Truck Driver
  • *
  • Posts: 36
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #77 on: October 04, 2008, 10:15:50 am »
Would not just be able to run or terminate processes using the program be enough? If you write a virus that starts up other processes or shut them down then you would gain this access right?


It's a little more complicated then that.


Also, you can't just "terminate" the emulation. If you did that, Windows would go haywire and crash due to the way it recognizes drives. Emulated drives are recognized as actual hard drives or cd/dvd drives. When you terminate them, then Windows all of a sudden can't see it, and it's recognition of drives goes crazy and BOOM, crash.

Offline Yokto

  • Street Fighter
  • *****
  • Posts: 6238
  • Do not feed the Giant Gnawling.
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #78 on: October 04, 2008, 10:21:49 am »
Well i was not talking about a special case. Just the general case. Of course if you terminate a process that is vital for the system then the system will crash. (As mentioned in the post i made after.) But that is not really the issue. The issue is if you can use a unprotected programs or processes that has more access they should to gain control over the system. (And so be able to crash the system if one wanted to.)

My discussion was more in the lines of how hard it would be to do it rather then what you can do with it.
Check out my Creatures.
The Æthirans
The Echin
The Jinnivons
Star Citizen Ref code: STAR-JLJP-LRTC
When you singing up use code and get 5000 credits for free ;)

Offline superstartran

  • Fire Truck Driver
  • *
  • Posts: 36
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #79 on: October 04, 2008, 10:34:15 am »
Well i was not talking about a special case. Just the general case. Of course if you terminate a process that is vital for the system then the system will crash. (As mentioned in the post i made after.) But that is not really the issue. The issue is if you can use a unprotected programs or processes that has more access they should to gain control over the system. (And so be able to crash the system if one wanted to.)

My discussion was more in the lines of how hard it would be to do it rather then what you can do with it.


It depends on how well written the program is. Anti-Virus and Firewalls which have Ring 0 Access are usually programmed with alot of safety checks, so they are much harder to exploit (although it has been done before). Emulation tools such as Daemon Tools, Alcohol 120, and a few other things can be exploited rather easily though. SecuRom has potential to be even worse, because you can send data to the computer with SecuRom installed to do a certain action (this was seen with BioShock, I'll have to look it up). They can disable/enable certain features of SecuRom on the fly essentially. You could potentially exploit it. Sure, it may be a pain in the ass, but SecuRom has access to pretty much everything (with the ability to kill processes, prevent them from running, among many other things).



I highly doubt however that Sony thought anyone would discover that SecuRom had Ring 0 access (god knows why, hackers are plentiful, especially script kiddies). They probably didn't put any protection on the exploitation of SecuRom. I'm sure someone's already developing a way of abusing it as we speak (just to prove a point to EA, Sony, etc.)
« Last Edit: October 04, 2008, 10:39:25 am by superstartran »

Offline Yokto

  • Street Fighter
  • *****
  • Posts: 6238
  • Do not feed the Giant Gnawling.
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #80 on: October 04, 2008, 10:46:29 am »
I am pretty sure that security was not a issue for them. At least not the security of you systems integrity. For a Firewall or a Anti-Virus program this is the main issue.
Check out my Creatures.
The Æthirans
The Echin
The Jinnivons
Star Citizen Ref code: STAR-JLJP-LRTC
When you singing up use code and get 5000 credits for free ;)

Offline Bellum

  • Pac-Man Maniac
  • ***
  • Posts: 273
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #81 on: October 04, 2008, 02:51:47 pm »
Quote
I'm sure someone's already developing a way of abusing it as we speak (just to prove a point to EA, Sony, etc.)

I can't stand people who are willing to screw up my system to play games with somebody else.  :(

Offline SL

  • Missile Commander
  • **
  • Posts: 245
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #82 on: October 04, 2008, 06:14:14 pm »
You seem to be an EA supporter, so no sense in arguing with you.
Eh, no, not really. I like Spore, but I'm not any kind of rabid EA fan. I've just gotten fed up with people (not necessarily you) elsewhere making wild unfounded claims (like saying Spore came with a rootkit), or omitting facts to make better FUD (stating the 3 install limit but omitting that EA has said that they will give you more if you ask). The one-month-until-presidential-election here probably doesn't help either, especially since I've been following it closely. :P

But I would rather see some kind of proof than something effectively saying "I don't need to show proof because you wouldn't believe it." Mind you, often I'd err on the side of "if it MIGHT be harmful, I'd rather avoid it," but ... Eh. I don't know. How do you know so much about SecuROM? It's illegal, isn't it, to reverse-engineer it? Oh wait, you never agreed to an EULA on it because they installed it surreptitiously, eh? :P

Also, no one will show you how to conclusively show that SecuRom can be abused to gain access to Ring 0. That would be stupid. Anyone with half a brain would know you don't show how to destroy other people's property or gain unwanted access.
I did not ask you to show HOW to do it. I don't WANT to know how to do it (and I would hope that you don't know how to do it either). I just want a link to an article on a site which lists security bulletins or the like, or any reputable news site, which says that ring 3 programs can abuse SecuROM to obtain ring 0 access (which is what we were talking about, is it not?).

Personally, I know c++, and x86 assembly language, among several other programming languages, and you probably don't care about my unrelated experience, but have never looked into how device drivers are made, have no experience with how operating systems work, and have not poked securom or tried to dissect how it works (what with that probably being illegal), and have not tried to dissect spore's exe either (that being against the EULA).

From what I learned about x86 assembly language and such, I know that ring 0 has more permissions (except that I've forgotten what they are, heh) than the other rings. Again, if the user is running as an administrator, I don't see how being able to get to ring 0 is a risk considering whatever's abusing SecuROM already has to be on their computer anyways. If they're running as a user, however, and if SecuROM has a security flaw that allows an escalation to ring 0 from user-mode which enables doing admin-level stuff then that's a serious problem, no? (I'm picturing it going from a limited user on ring 3 to SYSTEM on ring 0, rather)

How much do you know about rings and operating system stuff and so on?

Again, you seem to blindly believe that SecuRom can't access anything and do any harm to your computer
I don't believe I said that. It can access pretty much anything it wants, if it installs device-driver-level crap. Kindly try not to put words in my mouth.

when you don't know a lick of programming
You are forgiven since I don't know anything about programming device drivers or anything else which would run in ring 0, or about undocumented functions or how to find them, or about hardware with updateable BIOSes, or about cracking, or about where to look if I were to want to find out more about those.

My belief about what SecuROM actually does chiefly comes from reasoning and hoping that EA isn't lying about what they say it does, as opposed to FUD, e.g. would it do such and such? "They say that it won't do a CD check, therefore it shouldn't wreck DVD drives! I hope! D:" Of course Sony could have made it do something bizarre and stupid (like still checking the drives for the DVD), that wouldn't necessarily be unlikely, companies (and people) do bizarre and stupid things all the time. But I'd rather not just believe the first person to make a wild claim. What I have to go on, since I haven't done any illegal disassembling or analysis of SecuROM or Spore's exe or the paul.dll included with it, is only what Sony and EA has said, and what evidence people have presented that I've seen (and if there are sporum threads on it, I've generally not read them because they move too fast).

But even so, I've been believing what people (such as yourself) have been saying, that it has both a ring 0 component and a ring 3 component, and so on - although I just found out (see the end of this post) that the SecuROM website specifically says that it does NOT have anything running in ring 0, and that it only runs in ring 3. Hmmm. I don't particularly like Sony, but that FAQ basically denies that all of the problems that have ever been blamed on SecuROM have existed, when it's pretty likely that some of them were due to it at one point, yes?

Anyways, if someone HAD figured out that there was a security flaw in it, I would expect them to, first, try to notify sony so they could fix it, and then submit a report to whoever takes those kinds of things after a while if there wasn't any action. I kind of expect sony would ignore it until the public noticed. (Do you know if SecuROM is auto-updated surreptitiously in addition to being installed surreptitiously?)

Also, it would be against law to show how to gain access to Ring 0 to somebody's computer (without their knowledge and compliance) through this forum, and GamingSteve board admins would have to report whoever did it to the authorities (most likely the FBI / Local Police). No one wants to go to jail.
I never asked for anything like that, you know, and you're almost making it sound like you could magically surf through the intertron to h4x into someone's boxen because they have spore installed, and gain ring 0 access from your living room, and use it to give them a wedgie.</sarcasm and words that I would normally never use :P> If you can't tell, I'm a bit incredulous at this point.

I mean... So far it's been "SecuROM's ring 3 component can talk to its ring 0 component, therefore other programs can get ring 0 access D:" but nobody's shown a link to an article reporting a security flaw like that. (Except that you posted something more detailed after I started writing this post)

I did a bit of googling, by the way, and found a couple articles (not security bulletins):

One said that there was an undocumented function in windows NT 3.51 and 4 which could be used to get ring 0 access, and provided source code and example code and such.

Another was about windows XP and was more of a hacking/cracking site, wherein the author of the post basically said "okay so you've gotten into ring 0 and anything you try to do crashes because you don't have access to ring 3 API functions now! haha." and blabbed for a bit and then exclaimed some advice to resolve that.

Didn't find any security bulletins, but I don't know the names of websites where those would be.

P.S. I'm of the opinion that there are some kinds of knowledge that are dangerous to have. I have refrained from learning them (I don't mean operating system and device driver stuff - I've just never been able to find documentation for them online) - specifically hacking or cracking things.

SecuRom has potential to be even worse, because you can send data to the computer with SecuRom installed to do a certain action (this was seen with BioShock, I'll have to look it up).

Wait, WHAT? You're saying you really CAN exploit SecuROM remotely? D:


.. Okay, hmm, one last thing then.

I went to the SecuROM website, and they have a FAQ at http://www.securom.com/support_faq.asp

Besides denying that it touches your emulators or disables any of your hardware, and saying that they took pains to make it very compatible with everything, it says that it does not install anything or run any processes at the kernel or ring 0 level, all its stuff runs in ring 3, and after that, it says...
Quote
35. Does SecuROM™ install anything at the kernel level or Ring 0 of my PC?

SecuROM™ does not install any components or perform any processes at the kernel or ring 0 level. All SecuROM™ components and processes occur at the normal application level or ring 3.

...

37. How do I remove SecuROM™ from my machine?
To remove all SecuROM™ related files please follow the instructions below. Before you start the uninstallation, close all programs which are running in the background.


The link below contains a tool which removes SecuROM:

http://www.securom.com/support/SecuROM_Uninstaller.zip

Please follow these steps:


    * Download the ZIP file
    * Extract the application into a temporary folder
    * Launch the application and follow the instructions.
      A dialog box will appear. To start the SecuROM uninstallation, press the <Yes> button.
      Note that you need administrator rights to run this uninstallation utility.



This uninstallation process will not remove the SecuROM DRM license information. Removing the license information would result in a lost activation. This uninstall process allows you to remove SecuROM-related files without losing a purchased software activation.

Good news for folks who want to get rid of it, eh?
« Last Edit: October 04, 2008, 06:20:56 pm by SL »

Offline Yokto

  • Street Fighter
  • *****
  • Posts: 6238
  • Do not feed the Giant Gnawling.
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #83 on: October 04, 2008, 06:32:05 pm »
Well is it not illegal in American law (The DMCA) to circumvent or reverser engineer or decrypt copy protection?
Check out my Creatures.
The Æthirans
The Echin
The Jinnivons
Star Citizen Ref code: STAR-JLJP-LRTC
When you singing up use code and get 5000 credits for free ;)

Offline superstartran

  • Fire Truck Driver
  • *
  • Posts: 36
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #84 on: October 05, 2008, 11:12:04 pm »
SL, SecuRom runs with Ring 0 Access. Daemon Tools and Alcohol all run within Ring 0. I think you of all people should know that emulation of a drive cannot be killed / prevented in Stealth Mode (which is pretty good might I add) unless you have Ring 0 Access (on a consistent basis anyways). Try making a 1:1 Copy and trying to run the game that has SecuRom in it. It'll prevent you from running it. If you want more information, I suggest you look around on the R-Force forums. There are plenty of knowledgeable "hackers" (or computer geeks with no lives if you want to call them that) that can tell you what SecuRom is capable of at R-Force.


Since you have some knowledge about programming, sorry. But, I will have to admit I have argued with non-programming people who don't know what Ring 0/1/2/3 are.



Yes, SecuRom autoupdates without telling you. That means it sends it does (secretly without telling the user) information back and forth between Sony. Now tell me that cannot be exploited. It uses OpenSSL (conveniently tucked away in the corner of the manual me thinks)



Here are a few issues with SecuRom (provided by R-Force.org)

SecuROM issues include:

- long disc authentication checks with each new gaming session
- black screen, lasting several minutes in some cases
- conflicts with virtual drives; blacklisting
- conflicts with Process Explorer (Microsoft Tool)
- issues with Nero Drive Image (Nero 6)
- defective discs cause authentication errors, making the game unplayable
- unexpected game crashes, freezes, lockups
- some Microsoft patches cause conflicts, additional patching is needed
- UAService7 installed without authorization (not used anymore?)
- leaves behind registry entries, which require special tools to remove
- also leaves hidden folders in the User's account
- probing your hardware and Windows software before each gaming session
- not all issues can be resolved
- unconfirmed reports of BIOS resets


If it was a Ring 3 program, it would cause serious conflicts when trying to prevent emulation (a.k.a. starting the game up with a emulated ISO). Windows Security wouldn't even let you do that as far as I remember, as a Ring 3 Program does not have the authority to access Hardware. Also, it has been known to see and blacklist older versions of Daemon Tools when detected. A normal Ring 3 program does not have access to do such a thing. A Ring 3 program can SEE what is going on (well, it shouldn't be able to see a Ring 0 Program like Daemon Tools running in Stealth Mode), but it cannot terminate or prevent a program from running. That is an administrative or higher user privilege, and that of course is Ring 0 Access (Which SecuRom has).
« Last Edit: October 05, 2008, 11:29:03 pm by superstartran »

Offline superstartran

  • Fire Truck Driver
  • *
  • Posts: 36
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #85 on: October 05, 2008, 11:32:36 pm »
This is from 13thHour from R-Force Forums for convenience since we're discussing it here.


Mid just sent me a copy if the readme that can be found in a hidden directory under your username.

On XP C:\Documents and Settings\XXXXX\Application Data\Roaming\SecuROM , where XXXXX is your username.


readme.txt

-----------------------------------------------------------------------------------------------------------------------------
PLEASE DO NOT DELETE THE FILES IN THIS FOLDER BECAUSE YOU MIGHT LOOSE ESSENTIAL DIGITAL RIGHTS.
READ BELOW
-----------------------------------------------------------------------------------------------------------------------------

Technical Information for the PC Administrator:

The files securom_v7_01.dat and securom_v7_01.bak have been created during the installation of a SecuROM protected application.
It guarantees more user convenience because the original disc does not have to be in the local drive at all times anymore.
It is necessary for copy protected CDs, demo versions and protected software downloaded from the Internet.
The file contains your licences for all products which are SecuROM protected, therefore it will not be deleted automatically.

-----------------------------------------------------------------------------------------------------------------------------
PLEASE DO NOT DELETE THE FILE BECAUSE YOU MIGHT LOOSE ESSENTIAL DIGITAL RIGHTS.
-----------------------------------------------------------------------------------------------------------------------------

The information contained in securom_v7_01.dat will not be transferred to any other computer without your permission.

This security system is connected with a MS Windows Service called "SecuROM User Access Service".
This module is started automatically when launching a protected application if the user is logged in with Windows administrator rights.
In case users do not have administrator rights we recommend to keep it running.

See www.securom.com for further information

-----------------------------------------------------------------------------------------------------------------------------

The following text is reproduced here to comply with OpenSSL license terms:

====================================================================
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.

3. All advertising materials mentioning features or use of this
software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
endorse or promote products derived from this software without
prior written permission. For written permission, please contact
openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL"
nor may "OpenSSL" appear in their names without prior written
permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
====================================================================

This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com). This product includes software written by Tim
Hudson (tjh@cryptsoft.com).
====================================================================


Basically they have remote access to SecuRom on your computer.
« Last Edit: October 05, 2008, 11:36:21 pm by superstartran »

Offline superstartran

  • Fire Truck Driver
  • *
  • Posts: 36
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #86 on: October 05, 2008, 11:35:02 pm »
Well is it not illegal in American law (The DMCA) to circumvent or reverser engineer or decrypt copy protection?


Yes but it's not illegal to see what a program is doing to your computer. That is perfectly within your rights. Plenty of programs will allow you to see what SecuRom does (although it takes some programming knowledge).


Of course, having knowledge about how the copy protection scheme works isn't illegal. I mean, they can't exactly prove how you got the information. :) That's one way of circumventing it.



As far as I know how the law works, there are a few things that help prevent abuses like this happening. You can somewhat apply the FTC Telemarketing Laws to this.

Basically the jist is you cannot misrepresent the product you are selling, you have to disclose EVERYTHING CLEARLY, and you cannot misrepresent the cost. This not only applies to Telemarketing, but it also applies to pretty much everything else that is sold, whether it is a video game, clothes, etc.


EA did not fully disclose SecuRom, how it works, etc. They tacked on very vaguely in the EULA that they have a protection scheme (DRM) near the end (meaning you would have to read over 30-40 pages to even find it). The OpenSSL is in there, but it's hidden away where most people wouldn't find it, and the method which SecuRom uses to install itself (and the protection methods it uses) are borderline illegal. There's alot of things going against EA, and you cannot simply say that just because you agreed to the EULA, that EA is bulletproof.


The EULA is a Civil Contract between the Company and the Consumer. Yes the Company has rights, but if the Judge feels that the Company misrepresented or used illegal methods, they can declare the EULA null and void, and thus declare the case in favor of the plaintiff. It will be a tough one of course, but even high paying lawyers have it cut out for them. I'm sure there are many disgruntled programmers in the United States willing to testify against EA, about how SecuRom works, etc.
« Last Edit: October 05, 2008, 11:55:23 pm by superstartran »

Offline Yokto

  • Street Fighter
  • *****
  • Posts: 6238
  • Do not feed the Giant Gnawling.
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #87 on: October 06, 2008, 05:49:34 am »
Yeah well. Just be careful if you live in USA. the DMCA have been used for all sorts of wacky stuff. I know many Cryptography researchers ether refuse to publish there work or refuse to travel to USA due to the DMCA.
Check out my Creatures.
The Æthirans
The Echin
The Jinnivons
Star Citizen Ref code: STAR-JLJP-LRTC
When you singing up use code and get 5000 credits for free ;)

Offline SL

  • Missile Commander
  • **
  • Posts: 245
    • View Profile
Re: EA hit with class action suit over 'Spore'
« Reply #88 on: October 06, 2008, 09:31:56 pm »
SL, SecuRom runs with Ring 0 Access. Daemon Tools and Alcohol all run within Ring 0. I think you of all people should know that emulation of a drive cannot be killed / prevented in Stealth Mode (which is pretty good might I add) unless you have Ring 0 Access (on a consistent basis anyways). Try making a 1:1 Copy and trying to run the game that has SecuRom in it. It'll prevent you from running it. If you want more information, I suggest you look around on the R-Force forums. There are plenty of knowledgeable "hackers" (or computer geeks with no lives if you want to call them that) that can tell you what SecuRom is capable of at R-Force.

I looked at some of the posts on those forums today, and the first couple pages of the securom issues thread, and the last page or two, so far.

The emulation of the drive doesn't need to be killed/prevented, it just needs to be detected, and then SecuROM would refuse to run the game like it does whenever it detects anything else it doesn't like. (What version of Daemon Tools has a "Stealth Mode?" I have 4.06HE, and there doesn't appear to be a "Stealth Mode" option - But SecuROM doesn't notice it anyways, so you'd think maybe it's always on and that's why, except that really there are at least half a dozen obvious places where it could be detected by a ring 3 program (more later in the post). It has a "Secure Mode" though.)

SecuROM issues include:

- conflicts with Process Explorer (Microsoft Tool)

On Process Explorer, Process Monitor, FileMon, etc, what happens is that if you run those, once you have run them, even if you close them after you are done with them, (and even if you open them, close them, and only then try to run Spore) you won't be able to start Spore or any other SecuROM-protected program anymore (you get a cryptic "protection failed to initialize" or somesuch error) until you restart your computer. I tried those personally myself. Basically these load something that SecuROM thinks could be used to spy on it. I read about it a month or two ago also when I tried to use Process Monitor to see whether it was trying to open a nonexistant .txt file that one of the txt files inside the game data package referred to, but I've forgotten whether it was a dll or a sys file (ring 0, da?).

It doesn't seem to kill Process Explorer or anything, just... refuses to run anything protected.

- conflicts with virtual drives; blacklisting
- issues with Nero Drive Image (Nero 6)

So as I said, SecuRom seems to be completely unable to detect Daemon Tools on my computer. Wikipedia's entry says DT uses a rootkit, the Daemon Tools developers are not happy with that kind of statement but have used registry key hiding techniques, and not put their uninstaller in add/remove programs (I don't know if they've used any other rootkit-like techniques) - a thread where they've posted about this in response to a blog post elsewhere is here: linky. The blog post that's in response to no longer seems to exist. I'm still using Daemon Tools 4.06 HE, myself, and I don't know when they began using the rootkit-like measures.

Also, I just tried Nero ImageDrive with Spore, since I've got Nero 6. I fired up Nero and made a DVD image of some mp4s and then loaded Nero ImageDrive, enabled one virtual drive in it, and loaded said new DVD image and began playing the mp4s in VLC. I let them play for a while and then started Spore, and it continued to work fine. SecuROM had no complaints.

Also, it has been known to see and blacklist older versions of Daemon Tools when detected. A normal Ring 3 program does not have access to do such a thing. A Ring 3 program can SEE what is going on (well, it shouldn't be able to see a Ring 0 Program like Daemon Tools running in Stealth Mode), but it cannot terminate or prevent a program from running. That is an administrative or higher user privilege, and that of course is Ring 0 Access (Which SecuRom has).

By blacklist, would you mean stop SecuRom-protected games from running, or something else?

I can come up with several ways to detect a program from ring 3 off the top of my head. For instance, there are a variety of places in the registry which can point at a program or its DLLs, especially if it installs device drivers. Or, look for the uninstall entry. Daemon Tools' developers stated that they had to remove the add/remove programs uninstall entry because some DRMs were actually looking for the uninstall entries as a sign of DT's presence. You can look around in the registry with windows API functions as a normal administrator, which is just ring 3, has nothing to do with ring 0.

Or... This is brilliant. Daemon Tools added itself to the file associations for .cue, .iso files, .mds files, etc. NICE WAY TO STAY STEALTHY, GUYS.

And there's HKEY_CURRENT_USER/Software/Microsoft/Windows/ShellNoRoam/MUICache, which likes to remember what programs you've run.

And the entry that makes the system tray icon start when windows starts, and so on.

Another on that note, in order to have a system tray icon, a program has to have a window. You can't see it, but it still has to exist. If the DT programmers had been completely paranoid they'd probably give it a random class name and a random window title every time the computer booted up. I guess they weren't (at least not *completely*) because it stands out with the version of DT I have installed (Daemon Tools 4.06 HE), although maybe that's changed with the newer versions, who knows. I'm seeing a title of "Virtual DAEMON Manager V4.06HE" and class of "19659239224e364682fa4baf72c53ea4", and the class name I'm getting is still the same after restarting the computer a couple times.

If they've got a service running and can talk to it from a user level account, they could be piping registry checks or file checks or other administrator-level crap that you don't want them doing through that service, if it exists and if it's running (I haven't checked to see if it gets installed if I try running spore as a limited user, or if it just refuses to run, or what), but that doesn't mean they're doing anything in ring 0 - administrator isn't inherently ring 0. (And services would be running as SYSTEM, IIRC)

I wonder if SecuROM's developers gave up for some reason, because by all rights SecuROM should have been able to find Daemon Tools (at least this version) in any number of ways with normal ring 3 windows API functions. Daemon Tools wasn't hiding registry keys referring to its exe from regedit, although I didn't try accessing them with API functions, and it had a very obvious text string on its window which SecuROM could have picked up despite not having a human-readable string for its class name.

Or maybe they were ordered by their bosses to NOT go any further? Other DRMs, like StarForce, may still have been a worsening problem that Daemon Tools' developers may have felt the need to combat... Of course I'm just speculating.

If DT plugged all the things I saw by using rootkit-like techniques to hide the registry keys, and disguising the window, and hiding the other things I didn't mention that aren't in the registry, then a hypothetical uber-DRM would indeed need ring 0 to detect it. But considering it isn't even detecting it with these visible signs... unless it's actually polite and will only complain if it realizes someone's trying to use a secuROM protected disc in an emulator? I was assuming it would just be rude and say NO EMULATOR FOR YOU if it saw an emulator, but what if they decided to take a slightly softer approach to alienate less people? (if that's what they were trying to do, it was completely missed since nobody believes their FAQ or anything :P)