SecuROM

From Ruud Koot

SecuROM is a CD/DVD copy protection product, most often used for computer games running under Microsoft Windows, developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and attempts at reverse engineering the game. The use of SecuROM has generated controversy due to the fact that it is not uninstalled upon removal of the game. In 2008, consumers filed a class-action lawsuit against Electronic Arts for its use of SecuROM in the video game Spore.<ref>Template:Cite web</ref>

[edit] Software

SecuROM 7.x was the first version to come with SecuROM Removal Tool, which claims to help users remove it after the software with which it was installed has been removed<ref>SecuROM™ Removal Tool Information from the SecuROM website</ref>, although it has been known to leave SecuROM files behind.<ref>SecuROM removal tutorial.</ref>

[edit] Known problems

Under Windows Vista, SecuROM will prevent the game from running if Explicit Congestion Notification is enabled in Vista's networking configuration.<ref>Template:Cite web</ref>

Disk Drive emulator and some debugging software will also cause the launch of the game to fail and a security module error to be generated.<ref>Template:Cite web</ref> In fact a reboot of the entire system was required if Process Explorer prior to version 11 was used before an attempt to run the protected software. That problem was caused by a driver that was kept in memory after Process Explorer was closed.<ref>Template:Cite web</ref>

[edit] Controversies

[edit] BioShock

Consumers have accused BioShock of installing a rootkit. An official announcement was made denying the use of any type of rootkit.<ref>Template:Cite web</ref><ref>Template:Cite web</ref>

The game required consumers to activate the game online and originally set a maximum of two activations before they would have to call to get more activations. This was raised to five activations because an incorrect phone number had been printed on the manual and call centers were only in the United States. Users also found that the game had to be activated for each user on the same machine.<ref name="maxconsole_user_act">Template:Cite web</ref><ref name="neoseeker_user_act">Template:Cite web</ref>

In 2008, 2K Games removed the activation limit, although users are still required to activate it online.<ref>Template:Cite web</ref>

[edit] Mass Effect

In May 2008 EA announced that Mass Effect for the PC would be using SecuROM 7.x requiring a reactivation of the software every 10 days.<ref name="me">Template:Cite web</ref> Due to complaints, EA removed the 10-day activation while keeping SecuROM tied to the installation. SecuROM's product activation facility was still used to impose a limit of three times that a customer is allowed to activate the copy of Mass Effect they purchased. The game becomes unplayable "as is" after the activations are used up, until EA's customer support is contacted to reset the activation limit, or until activation is bypassed using one of a number of available tools. Unlike BioShock, uninstalling the game does not refund a previously used activation.<ref name="response">Template:Cite web</ref>

[edit] Spore

On September 7, 2008 EA released Spore, which uses SecuROM. Despite EA's efforts, Spore has seen relatively substantial rates of illegal piracy among peer-to-peer groups, and with a reported 1.7 million downloads over BitTorrent networks, it was the most-pirated game of 2008.<ref>Template:Cite news</ref><ref>http://torrentfreak.com/top-10-most-pirated-games-of-2008-081204/</ref> EA requires the player to authenticate the game online upon installation.<ref>Template:Cite news</ref> This system was announced after the originally planned system met some opposition from the public, as it would have required authentication every ten days.<ref>Template:Cite web</ref> The product key of an individual copy of the game would only be authenticated on up to three computers.<ref>Template:Cite web</ref> In response to customer complaints, this limit was raised to five computers.<ref>Template:Cite web</ref>

As a result of its inclusion with Spore, a class-action lawsuit was filed by Maryland resident Melissa Thomas within U.S. District Court against Electronic Arts.<ref>EA Faces Class Action Lawsuit Over Spore DRM gamepolitics.com</ref><ref name="court">PDF copy of the court file against EA's use of SecuROM DRM in the game Spore.</ref> The lawsuit has been followed up by several others.

[edit] Versions

[edit] SecuROM v1.x–v3.x

One of the following files should exist in the installed directory (Depending on the operating system) or in the root of the original CDs:

• CMS16.DLL
• CMS_95.DLL
• CMS_NT.DLL.

The protection can also be recognized by DADC on the inside ring of the CD. DADC is a CD manufacturing plant; the more recent SecuROM protected games are also pressed in other plants. Open the main executable using a hex editor and search for the following ASCII text (it should appear twice): CMS

[edit] SecuROM v4.6

The protection modifies a CD-ROM's q-channel in order to make a protected original distinguishable from a copy.

A set of nine locations where the Q-Channel is purposely destroyed is computed by the following function (demonstrated as Python code), using a vendor specific key.

VendorKey =  [0,0,0,0,0,0,0,0,0]
Seed =       [0,0,0,0,0,0,0,0,0]
BadSQTable = [0,0,0,0,0,0,0,0,0]
BadSQ = 0
round = 0
for a in xrange(256):
    BadSQ += (VendorKey[a % 9] & 0x1F) + 0x20
    for b in xrange(9):
        if Seed[b] == a:
            BadSQTable[round] = BadSQ
            round += 1
 
# VendorKey[], Seed[] and BadSQ are initialized to secret values.

The function calculates nine sector numbers; if the corresponding Q-channel is not readable at these locations, the CD is considered being original. Note that the key is always the same for all titles issued by a specific vendor, resulting in identical Q-channel patterns. Also note that every key has 134,217,727 "twins" that will produce an identical BadSQTable.

[edit] SecuROM v4.7 and above

After development on SecuROM had apparently been stopped, SecuROM v4.7 was the first updated version for months. The new SecuROM brought several major changes in the way the protection works and how it is integrated into the target program.

Unlike SecuROM v4.6, which relied on non-compliant SubQ-Information, the new scheme utilizes "data density measurement" (not to be confused with "data position measurement" as being used by other protections). While the data density on normal CD/DVD-ROMs constantly degrades from the most inner to the most outer sector, data density on SecuROM v4.7 (and up) protected CD/DVD-ROMs is diversified by a certain, vendor specific pattern. This pattern can be reconstructed by high-precision time measurement during software<->CD/DVD-drive interaction and reflects the vendor-key as mentioned above.

To do so the protection defines a set of locations spread over the disc and issue two SCSI-read-commands per location to the drive. As the disc spins, the time it takes for the second command to return depends on the time it takes the disc to do a full round and thus depends on the data-density. To achieve the required timing-precision, the RDTSC instruction is used, which typically has a resolution better than 0.01 microseconds. The pattern is made up from 72 locations, each either with normal or higher than normal density and thus reflects a binary pattern which assembles to the vendor specific key mentioned above.

SecuROM v4.84 and beyond includes "Trigger Functions" which allow the developer to program multiple and fully customizable authentication checks throughout the entire application. As the protection places itself between the application's code and the OS, it can alter the behaviour of selected system functions.

Consider the following pseudocode:

if (GetCurrentDate() == '13-32-2999') then 
    WorkCorrectly()
else
    PreventProgramUse()
end if

Obviously, a "normal" GetCurrentDate() function will never return '13-32-2999'. However, as SecuROM can modify the function's result, the application can check for the protection's presence during runtime; if the protection has been removed, the function will return with some other valid value, giving the application the opportunity to display an error message or render the application unusable (e.g. provoking a crash to desktop or making enemies invincible).

There are many different ways how "triggers" can be integrated into a program, making it much more complicated to universally circumvent the protection.

[edit] SecuROM v7.x

Latest SecuROM Versions are all 7.x versions which are released and updated continuously.Template:Fact

SecuROM 7.x, if run under a non-admin user account, installs its own service called UAService7.exe, which works in ring 3 of the computer's operating system.Template:Fact

Securom has said: "it has been developed to enable users without Windows administrator rights the ability to access all SecuROM features."<ref>SecuROM</ref>

SecuROM 7.x was also the first version of the software to come with an uninstall utility, created to satisfy customer demands on the issue.<ref>[1]]</ref>

[edit] See also

• Digital rights management
• Extended Copy Protection
• Rootkit
• SafeDisc
• Sony BMG CD copy prevention scandal
• StarForce
• TAGES

[edit] References

Template:Reflist

[edit] External links

• SecuROM
• Sony DADC