Is secdrv.sys a "Protection Mechanisim"

[Subhobroto Sinha]

Greets

Jonathan has started discussion on a VERY delicate
topic.

IMHO, 'secdrv.sys' is a vital DLL for a Win32 copy
protection system called SafeDisc by Macrovision.
I am not really into this kinda stuff, but I know a
friend who does, he's Kamal Shankar <kbshankar2000 at
yahoo.com> and I had an IRC meet with him.

As far as I came to know from a discussion with him,
it's really more than just something to detect SoftICE
or TRW2000 - it can detect disk cloning, compromise of
the SafeDisc protection system, function redirection
through Detours or even Ordinal overrides!
It also appears that 'secdrv.sys' is encrypted (like
other parts of Safeisc) using TEAK and I do not think
that implementing it in WINE will be possible at all !

So really you can neither 'stub out' nor 're-write'
nor 'clone' the functions in there, and may you never
try it (at least publicly!)

Also, the SafeDisc system is a copyrighted work and
Macrovision OR atleast TransGaming should be contacted
before we get our hands dirty.

Obviously, if we get the green signal, we will have to
use Hardware Debuggers anyways, and the costs invloved
is .....

Also,as SafeDisc is more of a 'copy protection' than
'execution locking', once we know how the decryption
keys are generated, we even do NOT need to implement
SafeDisc! We can easily unwrap the exe!

I refrain from discussing the methods (if I know at
all) which can get us at that direction, but let me
tell you - the code to do this already has been
released in assembly (hint, hint !)

I sincerely hope that we divert our efforts to other
causes than play Win32 games, Transgaming has a
specialization towards that field, though it's really
unfortunate that thet refrain from sharing that
knowledge.

Regards

Subhobroto Sinha

P.S: "The war has come to an end, but the movie was
very disappointing"


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree