Slashdot Mirror
The Problems With Game Copy Protection
Next Generation has a piece looking at the sometimes overly enthusiastic copy protection schemes used in PC games. From the article: "In the late '80s and early '90s, the games industry could do little more than ask nicely that you not pirate their wares. These days, however, copy-protection software is ubiquitous, and any PC game bought at retail is going to have it embedded on the game disc(s) in one form or another. I'm okay with that in theory, but some of these anti-piracy software programs are so potent that they cause issues for legitimate game buyers. One of the leading brands, StarForce, is notorious for not only making it difficult for a small percentage of legitimate users to load up StarForce-protected games, but also for leaving potentially problem-causing StarForce software behind on your PC, even after you've deleted the game it was protecting."
In the late '80s and early '90s, the games industry could do little more than ask nicely that you not pirate their wares.
No, they did do some things. Rumors of bad sectors on floppies burned in by lasers. Certainly floppies that had sectors marked as bad where the installer/runtime had code to force the disc controller to check for the errors and overlook them if they were found (i.e., intentionally put there), which prevented casual disk to disk copying.
Then HD's came out, and many forms of copy protection that were to stop floppy-floppy copying did not play well with those who wanted to run their games off of the HD. Eventually it was business software that had the worst problems with this, and they were the first ones to give up on it, lower prices to the point where the "fun" of copying programs was reduced, etc. Games came along shortly after. The least obtrusive game copy protections, IMHO, were those that required the manuals. But they were easy enough to defeat programmatically (SoftICE...), too.
Now with CloneCD, DaemonTools, the Internet (availability to NOCD cracks), etc., it seems like the industry should just realize that $50/game in the US probably wouldn't be as profitable as $19.00 and minimal CD protection. Requiring the CD to play a game, if only to keep SecureRom happy (all the media content gets d/l to the HD usually anyways...) sucks. And to think that some of the no-copy stuff is getting pretty sneaky (installing device drivers?) with little/no concern for user's computer, etc.
If they're that paranoid about it, they should just license MS' activation technology and methods, or go full on-line (where they can control the servers).
Here's a pretty damn complete list of protections
t ections.shtml
http://www.cdmediaworld.com/hardware/cdrom/cd_pro
It includes how to detect the protection, how to back 'em up and usually a bit about how each one works
I remember that many years ago, I based my cd-burner purchasing decision on it's ability to rip/burn copy protected discs.
[Fuck Beta]
o0t!
I don't know if anyone but me has noticed this, but Galactic Civilizations II (a recently released game), has absolutely no copy protection, and it's wonderful. No worries about losing my CD key, any sort of online authentication, or anything else. A great game, and a great set of developers.
Vandemar.org
Dude, instead of unplugging the drives, there is another way:
1. On BIOS, change the IDE detection to "No Drive Connected" or "Disabled"
2. Boot WinXP. It'll ignore the BIOS report of drives and do it's own detection. WinXP will find the CDROM.
3. Install Daemon tools.
4. Install your pirated game from the image you downloaded.
5. Open up your Device Manager and disable the physical CDROM.
6. Run the SFCrack or SFFuck tools to remove SF.
7. Play the game.
It works in almost every case. If you have a NForce3 mobo, you don't need to do anything. SF can't determone which drives are real and which are fake on NF3 chipsets.
BTW, X3 was a shitty game anyway.
I'd rather you do it wrong, than for me to have to do it at all.
From what I understand, Starforce actually converts the executable, or parts of it, to a bytecode format which is encrypted and only usable with Starforce installed and functional. The developer can choose how much or how little to protect, generally leaving the high performance areas unprotected and a few well chosen pieces heavily protected. This effectively means that one needs to reverse engineer the Starforce bytecode or acquire the source for the executable.
This is also why a popular method for defeating SF in the past was to use the demo binaries with the full version data, which has now led to demos being infected with this crap.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
I recently purchased Battlefield 2 from EA. After a Lengthy install, the game refused to run stating I had CDRom emulators on my system (I didn't). I verified in my device manager that there was a single CDRom and it was the physical one in the machine. I opened a support ticket with EA and got many canned answers that had nothing to do with my problems. When I finally got the attention of a tech there that had some insight, I was basically told I'm screwed. They didn't know why and weren't willing to refund my money. Compusa was also inwilling to provide a refund as the box had been opened. So I'm stuck with a $50 game I cannot run legitmately. I did however finally get it to run using pirate mechanisms.
Once again, this shows their copy protection only hurts those that buy the game.
I started with nothing and have most of it left.
Too bad Linux doesn't do any of this...
No, it's really not. The whole point of dynamic (shared) libraries is that they are shared. Windows may be terrible at dealing with different versions of the same shared library, but Unix is not. There is no "ideal mechanism for software management"; there are pros and cons to any approach.
Windows likes to have each program confined to a neat little space, except for DLLs, which are utterly inconsistent, and the registry, which is a terrible idea for many reasons. Honestly, I'm not sure how this approach is beneficial, other than aesthetically.
Then there's Unix. Executable binaries go in a /bin, shared libraries go in a /lib (tagged with their version, so incompatible versions of a library can happily coexist), configuration goes directly on the filesystem in /etc, documentation goes in /usr/man, et cetera. A good package manager has no trouble keeping track of this for when you want to remove the package, it makes your PATH easy to manage, you know where to go when you want to reconfigure something, and so on. If you're running "rogue applications", you've got bigger problems.
LOAD "SIG",8,1
To find the intrusive Starforce device, look in Windows Device Manager, select Show Hidden Devices, and look for Starforce in the Non-Plug and Play tree.
Now that's something an application program should not be doing.
There's a StarForce removal tool, but it's from the Starforce people, and probably should not be trusted.
Starforce is threatening to sue Cory Doctorow for calling their product "malware". That would be amusing if they went through with it.
In recent months, there were numerous threads on the Bethesda Softworks message boards regarding whether TES: Oblivion would be released with Starforce as its copy protection scheme. Most people posting to these threads were steadfastly against the use of Starforce, and many stated that they would outright refuse to buy the product if it included Starforce.
Not too long ago, Neowin.net published a podcast interview with Pete Hines, the PR guy for the Elder Scrolls series. He was asked about the antipiracy scheme that Bethesda and Take Two planned to use on the PC version of Oblivion, and more pointedly, he was asked about Starforce.
He said (paraphrased) that while they couldn't comment on what antipiracy scheme they were going to use, they were not going to use Starforce.
Score one for the consumer.
This one's quite a bit more devious though than a silly little shareware game. There's many layers to it. When you first run the game executable, it checks to see if you have the starforce drivers installed. If not, it installs them and you have to reboot before the game will work.
Once the drivers are loaded, the game will start up and make numerous calls though them which includes a load of debug-hostile code (standard anti-debug checks plus things like using the single-step and breakpoint interrupts as part of their own code). They manually load portions of the ntdll code into memory and call those functions via their own routines rather than making standard system calls. Pretty much the entire cd-check process is not written in x86 assembly. It's a CPU emulator with a virtual CPU of their own design. Reads the pseudo-code and their interpreter translates it instruction by instruction. So you have to figure out their opcodes and any associated decryption that takes place inside their virtual machine. Once you pass all this, the game itself might have entire functions removed and replaced with their virtual machine code as well. These would have to be figured out and replaced with x86 instructions so that the code is not dependent on their VM to run.
In some cases, they also encrypt a number of the game resource files (audio, textures, etc) into one large file instead, then redirect game calls for these files into it like an ISO image. This is the starforce file system (in newer versions, the first four bytes of these files is "SFFS"). You'll have to decrypt and extract all of these files as well.
Plus there's all sorts of other nasty tricks to make performing the above steps even more difficult..
Despite all of this, games with this protection HAVE been cracked completely... It just takes a lot of time and dedication by people with the right knowledge and inclination to do so.
If it were as simple as you think, this protection would have been tossed aside long ago, like so many others.