Securom string found in Process Explorer dump of TheSims3.exe

[Nightmare]

Here´s the way to reproduce it:

1. Launch Sims 3.

2. ALT+TAB

3. Launch Process Explorer.

4. Right click on "thesims3.exe" >properties

5.Click on Strings

6. Save

7. Open the file you have saved with wordpad or MSword.

8. Search for Securom

9. Blame yourself for trusting EA

[J. M. Pescado]

Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.

[Nightmare]

Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims 3". I'm not sure I follow tihs line of reasoning.

IT is a typo. Now it is corrected. You should look at  "thesiums3.exe"

[J. M. Pescado]

While slightly less fatally flawed, the mere inclusion of the string "SecuROM" does not signify the presence of SecuROM in and of itself. However, EAxis has already admitted their present system is "designed by SecuROM". However, if it *IS* the same beast, it is almost laughably weak and ineffective, and I can't actually see it DOING anything, given that can be disabled entirely from the equivalent of BHAV code. Whether it is or isn't SecuROM, it is my expert opinion that it is Mostly Harmless.

[Nightmare]

For being harmless... are there any crack on the disc version? there isn´t any on trusted sites like GCW. Or could it be that the protection is harmless and good?( I doubt it)

[J. M. Pescado]

No protection is ever "good". However, the present protection used, based on my analysis of its behavior and "rootedness", is far weaker than even the old Safedisc protection used in TS2: It exhibits absolutely no reaction to, for instance, your use of Process Explorer (SecuROM would produce a mysterious "Security Module" error under such conditions), does not care about being watched in Registry Monitor (SecuROM would whine about the security module again), and does not react to the presence of Daemon Tools, even without YASU (SecuROM would whine, even Safedisc blacklists). It lacks any of the traditional SecuROM-EA DLLs, like "paul.dll". Furthermore, it can be trivially crippled using circa-1990s cracking techniques. As far as I can tell, it is a half-assed effort thrown together on short notice after the people rioted against SecuROM, and is basically a low-grade anti-idiot copy protection that has zero effect on anyone with half a brain...which, frankly, is about as much as you can expect out of a copy protection: It's just as useless as far more expensive and difficult protections, but at least it probably didn't cost much to make. As far as I can tell, it is either extremely sophisticated at hiding its activities and yet totally ineffective at doing its actual job, or it is simply harmless.

[Nightmare]

But I have seen similar Securom issues in the sims 3 forum. No recognized DVD. Emulation errors. Are these fake? Could it be we are dealing again with Sony paid users to post on forums?

[J. M. Pescado]

It is possible that different regions may carry different protections, but I've dissected this thing throughly. I know exactly WHEN the copy protection check fires (it's far too late for it to be producing DVD errors), and exactly what messages it is capable of printing out. None of those messages are even *IN* there! Those people are probably running either the Online version (which reportedly does contain SecuROM), or the prereleases (which also contained SecuROM).

[Nightmare]

I don´t understand EA then. They should have dropped Securom earlier. They still have suffered from Securom scandals and bad PR. It is clear that this option is better than keeping SecuMierda, but they should have done earlier.

[Nightmare]

Ubisoft dropped DRM for the last PoP which did not sell well, and apparently faced harsh criticism from the industry 'tards over this. Their future games will be infested again.

Soruce please?

Pes, what is your opinion about Securom running, performing processes, or communicating with the RING0 to detect V-drives in stealth mode? Securom runs in RING3 to perform its detection, but some of my sources tell that it communicates with the RING0.

Is that true?

[Nightmare]

Unfortunately I already know that and the industry believes it is a bug of Rootkit Revealer. Any more indicators of Kernel code use?

[Nightmare]

"The industry"? Care to expand?

The major publishers

[Doc Doofus]

What the big companies fail to see is that all DRM can be bypassed.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.

[J. M. Pescado]

Can't disclose my source there as I haven't heard it from official sources either. My source is a "friend". I have found no facts that counter this though -- consider that Ubi refused to release the DLC with the real ending to PoP, citing only "business reasons". The "grapevine" translations of these "reasons" is investor/stockholder pressure to not spend any money at all on PoP since Ubi "invited" the pirates to steal it by not using any DRM.

Hah. The real reason PoP flopped is purely because it was terrible. As a veteran pirate cat, the lack of DRM never even entered consideration: I ignored it entirely because it was simply a bad game. It just goes to show: If you want to avoid piracy entirely, just make shitty games. No one really tries to pirate dogdoody.

As for your question for Pes

I didn't ask a question. I already know SecuROM is evil.

That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.

I can see that, yes. And that pretty much looks like what this current attempt is: A low-budget attempt that carries no real chance of success, just like all the more expensive efforts, but is just there as a token effort that costs little to nothing to make. It works just as well as expensive efforts (I.E., not at all), but it sure as hell doesn't cost as much and doesn't piss people off.

[Nightmare]

Pes, what´s your opinion as an expert about kernel code use in Securom?

[J. M. Pescado]

SecuROM is evil malware. Period.

[Nightmare]

SecuROM is evil malware. Period.

Evil malware in RING3 doesn´t fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.

[J. M. Pescado]

Evil malware in RING3 doesn´t fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.

Yes, but how does stating the obvious change anything?

[Nightmare]

Evil malware in RING3 doesn´t fall in the same category as a possible low-level operation, RING0 malware.

The first one is an annoying bug, the second is a deadly compromising software. The distinction must be done.

Yes, but how does stating the obvious change anything?

I want indicators to the Average Joe users that can be understood by bureaucrat CEO´s. I know a few men on the industry, but they want reliable data. If you give me indicators of Kernel code use/low-level operations of Securom I will appreciate it.

I found some interesting string dumping Securom executables strings on latest versions.

\Device\sony_ssm.sys
\DosDevices\sony_ssm.sys
VS_VERSION_INFO
StringFileInfo
Comments
SecuROM Security Module.
CompanyName
Sony DADC Austria AG.
FileDescription
SecuROM Security Module.
FileVersion
LegalCopyright
Copyright (C) 2004/05 Sony DADC Austria AG
OriginalFilename
sony_ssm.sys

A .sys file would be some kind of indicator of low level operation, just as the Aries.sys in XCP

Thoughts

[J. M. Pescado]

Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.

[Nightmare]

Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.

But now I´m not speaking about  TS3, but latest TS2 games versions dump. I don´t think those file names are no longer used

[LMahesa]

Here´s the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA

OR

1. Launch Notepad
2. Open TS3.exe
3. Hit F3 and search for Securom

[Nightmare]

No conclusive indicators of RING0/low level operations  of Securom then?

[J. M. Pescado]

I have not found anything of the sort. However, the entire point of RING0 operation *IS* to be able to hide from any form of detection, which is why it is used by other programs that you probably have installed...but you know they're doing, and they're doing it because you told them to.

On the other hand, putting an elaborate RING0 hider on a copy protection system like the one in TS3 is like slapping an enormous padlock on a knee-high fence gate.

[Nightmare]

Yep, but what about the past? What about BV and later games? The most experienced programmers say that indeed it is possible to run in RING3 to prevent emulation. But that protection would be weak.

Securom paranoia against emulation is well known on TS2, Farcry 2 and Falllout 3 http://www.securom.com/message.asp?m=emu&c=2500

I think the emulation is strong, so by common sense, they are not running in RING3.

A pity no one has found any conclusive RING0 operation until now....