Best Way to Image a Protected CD?
 

I'm trying to understand somthing about CD protection.

If i copy a CD ( that it is protected in some way ) can't i just read every chunk of data in the CD (like blindWrite does) without care if it an Error sector or not because i'm assuming that all data i read is correct.
even if i do this kind of Image to the CD there is (some how ) data missing
can some one please explaing me how can i make a perfect CD Image?

Regards,
LaBBa

Are you going to write your own code or looking for an app to do this for you?

If you mean an app
Then there are many programs to work with

One of best choices is PreGap Image Builder which is introduced here before
and also Alcohol 120%, CloneCD, and BlindWrite

Reading CD Image in ISO format is not a complete way
while it doesn't support multi-session CDs, Weak Sectors, and bad sectors.

This is what did I knew.

Interesting, I love this old subject. You have 2 kinds of protected CDs (you have more but it's to be short and simple)
A-Music CD
B-Data CD

A- Altered TOC: You can copy everything (not bit losses) with oVERfLOW tools u others. Mixed Audio-data: The same, uninstalling rootkit stuff. etc...
In any way, that systems are not often used today.
B- There are a lot of schemes but they can not hide usefull information, only fake information, error gaps, etc... and then you must debug exe loader to stop checking it. The main idea is to jump "check original CD" routine. There are heavy systems, Starforce, and others. I know one DVD that has not been copied yet and have several years in the market, do you have got a PS2? ;)
You must supply more information about the CD, data? audio?, what data exactly is missing?, is a setup CD? video?,etc...

Regards,

well it's a data CD it's an application and i don't see any loader it's build in the exe so it's not packed or somthing like that ..

this application comes with 2 CDs :
CD1- is installation. (no protection)
CD2- data CD of all DataBase of application - protected

in the protected CD there are 3 files with a XXX extension in root:
file00.xxx - 563,438 KB
file08.xxx - 850 KB
file09.xxx - 3KB

there is 2 more folders

MA folder files:
file08.MA - 1,054 KB
file09.MA - 36 KB

YZ folder files:
file08.yz - 361KB
file09.yz - 11KB


from what i have saw when i try to crack this when i'm running with an image of the CD i get an error from the application that this is not the original CD . it check first to see if there is a debugger present and then it check a black list of virtual dirves to see if it run from a virtual CD after that it try to load the CD ...
I have patch the CD check with error message "not original CD" so it will continue to load from the image CD but application crashes when it try to run.

I don't understand (yet) why it fails to run from image.
I guess there is a signed key in the CD and it try to read and decrypt with that key the files from the CD so i need to digg deeper.
I just don't understand why i can't copy in the CD image the signature like the code of the original CD does ..

I have maked all possible images with Alcohol 120% at speed x1 and still it fails.

Regards,
LaBBa

I hope you figured out something. I would like to know the solution to this.

Ok, You must first make a copy with another copy prog or with alcohol and setting on securerom ,etc... emulation. Mount the iso and compare the iso mounted with original CD (there're lot of programs to do it). You must analyze 2 things, a) There is not error copying original CD (can be fake sectors like I said in last post and then you must change your procedure) b) Are exactly ISO and original CD. Then mount ISO and debug. Before to work debugging ensure steps a) and b).
You can use gamejack better than alcohol, play with the settings in both progs.

Byes

welll if there was one i think that every app of burning would have done it for you and then fix the image .. i don't know any application that can tell me this info

if the iso is a perfect image and fixed so why i need to debug it ? it should run like the original... (meaning : won't ask for original CD)

Why don't you try :
1.Making an image file with blindwrite.
2.Then physically burning the image to a CD.
3.Then check if the newly burnt CD works...

If the newly burnt CD works, then the problem maybe that the prog checks for Virtual Drives and give problems if drive is virtual...

Its also possible I think that the prog checks for an unique ID of the CD before running or uses it to decrpyt the prog using the ID as a key. If so, then the CD's ID must be hardcoded somewhere in the program. I remember that Crypkey v6 uses the ID of the CD to check whether the prog has been running from some other cd, and if so, it gives error message.

I don't exactly remember where I got this e-book but it maybe of help. Kindly go through the e-book :

The rar contains several examples etc also... :cool:

That is not right ;) If you have a LiteOn drive you can use a very low level verify app. There're specialized apps to check CD integrity with its own low level driver. Some drives let you read hidden tracks. It's better to compare (generate a checksum, etc...) using Nero Disk Speed than putting verify on setting in your burning soft.
http://www.cdfreaks.com/software/Diagnostic_-Utility/

If the iso is perfect then your app reads CD manufacturer ID and other fields. Then you must debug CD API. :)

ok ...i didn't thought about this.....
i will look closer about this .. what do you recommend api to hook and trace?
DevicIoControl?

but still
If the Image is perfect, when app reads CD manufacturer ID it should emulate also the manufacturer ID no ?

DeviceIOcontrol & Createfilea. Like I said in a old post, use CDR Identifier or Nero's CD-DVD Speed/Disk Info and compare manufacturer ID with original and emulation CD. Another reason is that your app checks emulation soft and then refuse to run.
Can you upload to rapid or mega to take a view?

thanks for trying and help me
i'm not home and will return only next week so i will do it when i return and PM you

regards,
LaBBa

Hi all

I Have made some google search and found that more ppl have same issues
with same protection

http://club.cdfreaks.com/f18/defekte-sektoren-ab-316687-a-72880/

BTW i have made a image and compare the md5 of the mounted image againts the original CD and they are the same..

I'm currently uploading the CDs images will update you all soon..


regards,
LaBBa

trace logs
 

Hi
I have made a trace log with CD and with Image CD from the start of the loops on the DeviceIoControl , i use beyond compare to view them and i'm still debugging it to see the places where things goes wrong.
see attached files

the image was created with blindWrite with a liteOn CDRW with profile of "Bad Sectors"

the CD files and the Mounted CD file where compared with MD5 and verify
the CD and Image data matches when comparing with InfoTool.

ps: i have already patched the places of JNZ and JZ and the application crashes if i do it so i need to find out why the values are deffrent when it runs from the Image CD

from what i'm seeing in the trace log there is a diffrent behavior when returning from the DeviceIoControl when using the CD and when using the CD Image :

With CD:

and with Image CD:

the DeviceIoControl uses : IOCTL_SCSI_PASS_THROUGH_DIRECT
as we can see with CD
004B4196 Main MOV AL,BYTE PTR DS:[ECX+2] ; EAX=00000000

and without CD but with CD Image
004B4196 Main MOV AL,BYTE PTR DS:[ECX+2] ; EAX=00000002

we get diffrent values...
i'm currently debugging it to see what is the cause for this deffrent values

any help will be appreciated.

Regards,
LaBBa