More Awesome Than You!
Welcome, Guest. Please login or register.
2024 November 22, 22:04:58

Login with username, password and session length
Search:     Advanced search
540287 Posts in 18067 Topics by 6545 Members
Latest Member: cincinancy
* Home Help Search Login Register
+  More Awesome Than You!
|-+  TS3/TSM: The Pudding
| |-+  The World Of Pudding
| | |-+  Securom string found in Process Explorer dump of TheSims3.exe
0 Members and 2 Chinese Bots are viewing this topic. « previous next »
Pages: [1] 2 THANKS THIS IS GREAT Print
Author Topic: Securom string found in Process Explorer dump of TheSims3.exe  (Read 17266 times)
Nightmare
Asinine Airhead

Posts: 36



View Profile
Securom string found in Process Explorer dump of TheSims3.exe
« on: 2009 June 15, 09:44:02 »
THANKS THIS IS GREAT

Hereīs the way to reproduce it:

1. Launch Sims 3.

2. ALT+TAB

3. Launch Process Explorer.

4. Right click on "thesims3.exe" >properties

5.Click on Strings

6. Save

7. Open the file you have saved with wordpad or MSword.

8. Search for Securom

9. Blame yourself for trusting EA
« Last Edit: 2009 June 15, 10:04:04 by Nightmare » Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump
« Reply #1 on: 2009 June 15, 09:53:24 »
THANKS THIS IS GREAT

Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump
« Reply #2 on: 2009 June 15, 09:59:33 »
THANKS THIS IS GREAT

Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.

IT is a typo. Now it is corrected. You should look at  "thesiums3.exe"
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #3 on: 2009 June 15, 10:09:53 »
THANKS THIS IS GREAT

While slightly less fatally flawed, the mere inclusion of the string "SecuROM" does not signify the presence of SecuROM in and of itself. However, EAxis has already admitted their present system is "designed by SecuROM". However, if it *IS* the same beast, it is almost laughably weak and ineffective, and I can't actually see it DOING anything, given that can be disabled entirely from the equivalent of BHAV code. Whether it is or isn't SecuROM, it is my expert opinion that it is Mostly Harmless.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #4 on: 2009 June 15, 10:29:05 »
THANKS THIS IS GREAT

For being harmless... are there any crack on the disc version? there isnīt any on trusted sites like GCW. Or could it be that the protection is harmless and good?( I doubt it)
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #5 on: 2009 June 15, 10:35:26 »
THANKS THIS IS GREAT

No protection is ever "good". However, the present protection used, based on my analysis of its behavior and "rootedness", is far weaker than even the old Safedisc protection used in TS2: It exhibits absolutely no reaction to, for instance, your use of Process Explorer (SecuROM would produce a mysterious "Security Module" error under such conditions), does not care about being watched in Registry Monitor (SecuROM would whine about the security module again), and does not react to the presence of Daemon Tools, even without YASU (SecuROM would whine, even Safedisc blacklists). It lacks any of the traditional SecuROM-EA DLLs, like "paul.dll". Furthermore, it can be trivially crippled using circa-1990s cracking techniques. As far as I can tell, it is a half-assed effort thrown together on short notice after the people rioted against SecuROM, and is basically a low-grade anti-idiot copy protection that has zero effect on anyone with half a brain...which, frankly, is about as much as you can expect out of a copy protection: It's just as useless as far more expensive and difficult protections, but at least it probably didn't cost much to make. As far as I can tell, it is either extremely sophisticated at hiding its activities and yet totally ineffective at doing its actual job, or it is simply harmless.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #6 on: 2009 June 15, 10:45:29 »
THANKS THIS IS GREAT

But I have seen similar Securom issues in the sims 3 forum. No recognized DVD. Emulation errors. Are these fake? Could it be we are dealing again with Sony paid users to post on forums?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #7 on: 2009 June 15, 10:47:47 »
THANKS THIS IS GREAT

It is possible that different regions may carry different protections, but I've dissected this thing throughly. I know exactly WHEN the copy protection check fires (it's far too late for it to be producing DVD errors), and exactly what messages it is capable of printing out. None of those messages are even *IN* there! Those people are probably running either the Online version (which reportedly does contain SecuROM), or the prereleases (which also contained SecuROM).
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #8 on: 2009 June 15, 12:57:59 »
THANKS THIS IS GREAT

I donīt understand EA then. They should have dropped Securom earlier. They still have suffered from Securom scandals and bad PR. It is clear that this option is better than keeping SecuMierda, but they should have done earlier.
Logged
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #9 on: 2009 June 15, 13:34:28 »
THANKS THIS IS GREAT


Ubisoft dropped DRM for the last PoP which did not sell well, and apparently faced harsh criticism from the industry 'tards over this. Their future games will be infested again.



Soruce please?

Pes, what is your opinion about Securom running, performing processes, or communicating with the RING0 to detect V-drives in stealth mode? Securom runs in RING3 to perform its detection, but some of my sources tell that it communicates with the RING0.

Is that true?
Logged
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #10 on: 2009 June 15, 14:29:39 »
THANKS THIS IS GREAT

Unfortunately I already know that and the industry believes it is a bug of Rootkit Revealer. Any more indicators of Kernel code use?
Logged
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #11 on: 2009 June 15, 17:54:55 »
THANKS THIS IS GREAT

"The industry"? Care to expand?

The major publishers
Logged
Doc Doofus
Garrulous Gimp
**
Posts: 310



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #12 on: 2009 June 16, 00:25:25 »
THANKS THIS IS GREAT

Quote
What the big companies fail to see is that all DRM can be bypassed.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.
Logged

Medusa stared at the two creatures approaching her across the Piazza and, instantly recognizing them as Spanish Gorgons, attempted to stall them by greeting them in their native tongue, "Gorgons, Hola!"
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #13 on: 2009 June 16, 00:48:09 »
THANKS THIS IS GREAT

Can't disclose my source there as I haven't heard it from official sources either. My source is a "friend". I have found no facts that counter this though -- consider that Ubi refused to release the DLC with the real ending to PoP, citing only "business reasons". The "grapevine" translations of these "reasons" is investor/stockholder pressure to not spend any money at all on PoP since Ubi "invited" the pirates to steal it by not using any DRM.
Hah. The real reason PoP flopped is purely because it was terrible. As a veteran pirate cat, the lack of DRM never even entered consideration: I ignored it entirely because it was simply a bad game. It just goes to show: If you want to avoid piracy entirely, just make shitty games. No one really tries to pirate dogdoody.

As for your question for Pes
I didn't ask a question. I already know SecuROM is evil.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.
I can see that, yes. And that pretty much looks like what this current attempt is: A low-budget attempt that carries no real chance of success, just like all the more expensive efforts, but is just there as a token effort that costs little to nothing to make. It works just as well as expensive efforts (I.E., not at all), but it sure as hell doesn't cost as much and doesn't piss people off.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #14 on: 2009 June 16, 09:01:35 »
THANKS THIS IS GREAT

Pes, whatīs your opinion as an expert about kernel code use in Securom?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #15 on: 2009 June 16, 11:30:16 »
THANKS THIS IS GREAT

SecuROM is evil malware. Period.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #16 on: 2009 June 16, 11:35:22 »
THANKS THIS IS GREAT

SecuROM is evil malware. Period.

Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #17 on: 2009 June 16, 11:37:19 »
THANKS THIS IS GREAT

Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.
Yes, but how does stating the obvious change anything?
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #18 on: 2009 June 16, 12:29:23 »
THANKS THIS IS GREAT

Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.
Yes, but how does stating the obvious change anything?

I want indicators to the Average Joe users that can be understood by bureaucrat CEOīs. I know a few men on the industry, but they want reliable data. If you give me indicators of Kernel code use/low-level operations of Securom I will appreciate it.

I found some interesting string dumping Securom executables strings on latest versions.

\Device\sony_ssm.sys
\DosDevices\sony_ssm.sys
VS_VERSION_INFO
StringFileInfo
Comments
SecuROM Security Module.
CompanyName
Sony DADC Austria AG.
FileDescription
SecuROM Security Module.
FileVersion
LegalCopyright
Copyright (C) 2004/05 Sony DADC Austria AG
OriginalFilename
sony_ssm.sys

A .sys file would be some kind of indicator of low level operation, just as the Aries.sys in XCP

Thoughts
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #19 on: 2009 June 16, 12:32:13 »
THANKS THIS IS GREAT

Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #20 on: 2009 June 16, 12:59:02 »
THANKS THIS IS GREAT

Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.

But now Iīm not speaking about  TS3, but latest TS2 games versions dump. I donīt think those file names are no longer used
Logged
LMahesa
Asinine Airhead

Posts: 13


View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #21 on: 2009 June 16, 15:57:23 »
THANKS THIS IS GREAT

Hereīs the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA

OR

1. Launch Notepad
2. Open TS3.exe
3. Hit F3 and search for Securom
Logged
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #22 on: 2009 June 17, 13:45:36 »
THANKS THIS IS GREAT

No conclusive indicators of RING0/low level operations  of Securom then?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
*****
Posts: 26288



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #23 on: 2009 June 17, 14:25:23 »
THANKS THIS IS GREAT

I have not found anything of the sort. However, the entire point of RING0 operation *IS* to be able to hide from any form of detection, which is why it is used by other programs that you probably have installed...but you know they're doing, and they're doing it because you told them to.

On the other hand, putting an elaborate RING0 hider on a copy protection system like the one in TS3 is like slapping an enormous padlock on a knee-high fence gate.
Logged

Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead

Posts: 36



View Profile
Re: Securom string found in Process Explorer dump of TheSims3.exe
« Reply #24 on: 2009 June 17, 18:44:56 »
THANKS THIS IS GREAT

Yep, but what about the past? What about BV and later games? The most experienced programmers say that indeed it is possible to run in RING3 to prevent emulation. But that protection would be weak.

Securom paranoia against emulation is well known on TS2, Farcry 2 and Falllout 3 http://www.securom.com/message.asp?m=emu&c=2500

I think the emulation is strong, so by common sense, they are not running in RING3.

A pity no one has found any conclusive RING0 operation until now....  Sad
Logged
Pages: [1] 2 Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.082 seconds with 20 queries.