More Awesome Than You!

TS3/TSM: The Pudding => The World Of Pudding => Topic started by: Nightmare on 2009 June 15, 09:44:02



Title: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 09:44:02
Hereīs the way to reproduce it:

1. Launch Sims 3.

2. ALT+TAB

3. Launch Process Explorer.

4. Right click on "thesims3.exe" >properties

5.Click on Strings

6. Save

7. Open the file you have saved with wordpad or MSword.

8. Search for Securom

9. Blame yourself for trusting EA


Title: Re: Securom string found in Process Explorer dump
Post by: J. M. Pescado on 2009 June 15, 09:53:24
Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.


Title: Re: Securom string found in Process Explorer dump
Post by: Nightmare on 2009 June 15, 09:59:33
Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.

IT is a typo. Now it is corrected. You should look at  "thesiums3.exe"


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 15, 10:09:53
While slightly less fatally flawed, the mere inclusion of the string "SecuROM" does not signify the presence of SecuROM in and of itself. However, EAxis has already admitted their present system is "designed by SecuROM". However, if it *IS* the same beast, it is almost laughably weak and ineffective, and I can't actually see it DOING anything, given that can be disabled entirely from the equivalent of BHAV code. Whether it is or isn't SecuROM, it is my expert opinion that it is Mostly Harmless.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 10:29:05
For being harmless... are there any crack on the disc version? there isnīt any on trusted sites like GCW. Or could it be that the protection is harmless and good?( I doubt it)


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 15, 10:35:26
No protection is ever "good". However, the present protection used, based on my analysis of its behavior and "rootedness", is far weaker than even the old Safedisc protection used in TS2: It exhibits absolutely no reaction to, for instance, your use of Process Explorer (SecuROM would produce a mysterious "Security Module" error under such conditions), does not care about being watched in Registry Monitor (SecuROM would whine about the security module again), and does not react to the presence of Daemon Tools, even without YASU (SecuROM would whine, even Safedisc blacklists). It lacks any of the traditional SecuROM-EA DLLs, like "paul.dll". Furthermore, it can be trivially crippled using circa-1990s cracking techniques. As far as I can tell, it is a half-assed effort thrown together on short notice after the people rioted against SecuROM, and is basically a low-grade anti-idiot copy protection that has zero effect on anyone with half a brain...which, frankly, is about as much as you can expect out of a copy protection: It's just as useless as far more expensive and difficult protections, but at least it probably didn't cost much to make. As far as I can tell, it is either extremely sophisticated at hiding its activities and yet totally ineffective at doing its actual job, or it is simply harmless.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 10:45:29
But I have seen similar Securom issues in the sims 3 forum. No recognized DVD. Emulation errors. Are these fake? Could it be we are dealing again with Sony paid users to post on forums?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 15, 10:47:47
It is possible that different regions may carry different protections, but I've dissected this thing throughly. I know exactly WHEN the copy protection check fires (it's far too late for it to be producing DVD errors), and exactly what messages it is capable of printing out. None of those messages are even *IN* there! Those people are probably running either the Online version (which reportedly does contain SecuROM), or the prereleases (which also contained SecuROM).


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 12:57:59
I donīt understand EA then. They should have dropped Securom earlier. They still have suffered from Securom scandals and bad PR. It is clear that this option is better than keeping SecuMierda, but they should have done earlier.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 13:34:28

Ubisoft dropped DRM for the last PoP which did not sell well, and apparently faced harsh criticism from the industry 'tards over this. Their future games will be infested again.



Soruce please?

Pes, what is your opinion about Securom running, performing processes, or communicating with the RING0 to detect V-drives in stealth mode? Securom runs in RING3 to perform its detection, but some of my sources tell that it communicates with the RING0.

Is that true?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 14:29:39
Unfortunately I already know that and the industry believes it is a bug of Rootkit Revealer. Any more indicators of Kernel code use?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 15, 17:54:55
"The industry"? Care to expand?

The major publishers


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Doc Doofus on 2009 June 16, 00:25:25
Quote
What the big companies fail to see is that all DRM can be bypassed.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 16, 00:48:09
Can't disclose my source there as I haven't heard it from official sources either. My source is a "friend". I have found no facts that counter this though -- consider that Ubi refused to release the DLC with the real ending to PoP, citing only "business reasons". The "grapevine" translations of these "reasons" is investor/stockholder pressure to not spend any money at all on PoP since Ubi "invited" the pirates to steal it by not using any DRM.
Hah. The real reason PoP flopped is purely because it was terrible. As a veteran pirate cat, the lack of DRM never even entered consideration: I ignored it entirely because it was simply a bad game. It just goes to show: If you want to avoid piracy entirely, just make shitty games. No one really tries to pirate dogdoody.

As for your question for Pes
I didn't ask a question. I already know SecuROM is evil.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.
I can see that, yes. And that pretty much looks like what this current attempt is: A low-budget attempt that carries no real chance of success, just like all the more expensive efforts, but is just there as a token effort that costs little to nothing to make. It works just as well as expensive efforts (I.E., not at all), but it sure as hell doesn't cost as much and doesn't piss people off.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 16, 09:01:35
Pes, whatīs your opinion as an expert about kernel code use in Securom?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 16, 11:30:16
SecuROM is evil malware. Period.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 16, 11:35:22
SecuROM is evil malware. Period.

Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 16, 11:37:19
Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.
Yes, but how does stating the obvious change anything?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 16, 12:29:23
Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.
Yes, but how does stating the obvious change anything?

I want indicators to the Average Joe users that can be understood by bureaucrat CEOīs. I know a few men on the industry, but they want reliable data. If you give me indicators of Kernel code use/low-level operations of Securom I will appreciate it.

I found some interesting string dumping Securom executables strings on latest versions.

\Device\sony_ssm.sys
\DosDevices\sony_ssm.sys
VS_VERSION_INFO
StringFileInfo
Comments
SecuROM Security Module.
CompanyName
Sony DADC Austria AG.
FileDescription
SecuROM Security Module.
FileVersion
LegalCopyright
Copyright (C) 2004/05 Sony DADC Austria AG
OriginalFilename
sony_ssm.sys

A .sys file would be some kind of indicator of low level operation, just as the Aries.sys in XCP

Thoughts


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 16, 12:32:13
Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 16, 12:59:02
Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.

But now Iīm not speaking about  TS3, but latest TS2 games versions dump. I donīt think those file names are no longer used


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: LMahesa on 2009 June 16, 15:57:23
Hereīs the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA

OR

1. Launch Notepad
2. Open TS3.exe
3. Hit F3 and search for Securom


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 17, 13:45:36
No conclusive indicators of RING0/low level operations  of Securom then?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: J. M. Pescado on 2009 June 17, 14:25:23
I have not found anything of the sort. However, the entire point of RING0 operation *IS* to be able to hide from any form of detection, which is why it is used by other programs that you probably have installed...but you know they're doing, and they're doing it because you told them to.

On the other hand, putting an elaborate RING0 hider on a copy protection system like the one in TS3 is like slapping an enormous padlock on a knee-high fence gate.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 17, 18:44:56
Yep, but what about the past? What about BV and later games? The most experienced programmers say that indeed it is possible to run in RING3 to prevent emulation. But that protection would be weak.

Securom paranoia against emulation is well known on TS2, Farcry 2 and Falllout 3 http://www.securom.com/message.asp?m=emu&c=2500

I think the emulation is strong, so by common sense, they are not running in RING3.

A pity no one has found any conclusive RING0 operation until now....  :(


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: wes_h on 2009 June 18, 04:06:35
We know that SecuRom is used in the downloadable version of the program, EA told us so. It is likely that all or most of of the code needed to do perform such a feat is in the executable, it would be unlike any software developer to have multiple versions of a program source, but rather they would do two compilations on the same source with a changed preprocessor variable.

I see no evidence that anything other than a disk check is being done on the retail package. No phone homes, except the expected launcher connections, using an external firewall log to verify that. So far, in memory editing of the program has not been disabled, and the best mods to date depend on subverting a windows function call by using an imposter .dll file.

So while the code is in there (Ragu?), I don't see any evidence that it is actually being called by any functions.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 18, 12:54:54
Does Securom on the download version or The disk DRM has any direct hardware access?

Does Direct Hardware Access means RING0 communication?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Mendota on 2009 June 18, 19:02:31
 
Does Securom on the download version or The disk DRM has any direct hardware access?

Does Direct Hardware Access means RING0 communication?

A question; Why are you so obsessed with the SucUrom issue now? That show is not playing currently on the "Horror". You have been told by the best that the disc version of Sims 3 contains an inept version of the so called DRM. Did you have so much fun at the last SucUrom Fight that you want to start another one?

It is time to move onto other issues contained in this not ready for "Prime Time" game.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 18, 20:16:10
Does Securom on the download version or The disk DRM has any direct hardware access?

Does Direct Hardware Access means RING0 communication?

A question; Why are you so obsessed with the SucUrom issue now? That show is not playing currently on the "Horror". You have been told by the best that the disc version of Sims 3 contains an inept version of the so called DRM. Did you have so much fun at the last SucUrom Fight that you want to start another one?

It is time to move onto other issues contained in this not ready for "Prime Time" game.

It is still on the Download version of "the Horror", muffinhead.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Mendota on 2009 June 18, 22:44:41
Does Securom on the download version or The disk DRM has any direct hardware access?

Does Direct Hardware Access means RING0 communication?

A question; Why are you so obsessed with the SucUrom issue now? That show is not playing currently on the "Horror". You have been told by the best that the disc version of Sims 3 contains an inept version of the so called DRM. Did you have so much fun at the last SucUrom Fight that you want to start another one?

It is time to move onto other issues contained in this not ready for "Prime Time" game.

It is still on the Download version of "the Horror", muffinhead.


Now lets not get into name calling. I know from reading the thread you started and from other sources that SecUrom is on the downloaded version as well as having been on the pre released versions in various forms or another. What are you going to do about SucUrom, no matter where it is? You either take steps to avoid it such as a no CD crack, or you live with it. In the Sims 2, I took steps to avoid it. In the Sims 3 the research indicated that it was a non issue. Pescado himself has said it, what more do you want?


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 19, 01:00:06
If TS3 really does include SecuROM (I have the EA downloader version), it is a really benign version compared to the crap that comes with Spore.

It doesn't even mind me having Process Explorer running, which real versions of SecuROM (the ones that use a Ring0 driver) refuse to work with.

Thanks Jordi.

IT seems we have a decaffeinated Securom here. Moving along. Jordi you have my mail by PM. I will appreciate if you can attach me a Process Explorer dump (both memory and image) Thanks.

Thread is over. At least for me


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Rhayden on 2009 June 19, 04:11:00
I'm almost amused by watching you try to be smarter than Pescado. Almost.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Zazazu on 2009 June 19, 04:27:09
I'm incredibly amused by it. And now that Nightmare/SBlade has nothing to take back to the BBS and be their hero for, he's crawled back into his corner.


Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: Nightmare on 2009 June 19, 09:41:22
I'm incredibly amused by it. And now that Nightmare/SBlade has nothing to take back to the BBS and be their hero for, he's crawled back into his corner.

You are a wanker with a very limited scope of view if you think my goal is to surf the BBS and be "a hero", unlike some senator who apparently has no life and spent his time here because every time he goes to the street they make fun of him.



Title: Re: Securom string found in Process Explorer dump of TheSims3.exe
Post by: DJKID on 2009 June 19, 09:49:44
Well that was mature.

Good job trying to come off as someone of a reasonably intelligent IQ.