What about St*rforce ?

Hi all !
I just wonder if anyone has ever looked further into commercial protection called Starf*rce ?
Just because I'm curious about that protection scheme, and in which ways it defeats / detects Soft1ce.

So, if you've got interresting informations, please let us know about them.

thanks,
bye.

[Sky]

Use IceExt? i think it'll help you with SIce hiding from StarForce...

[peleon]

fripouille: Starforce has been discussed here a lot. You should use the search button first.

Sky: About using IceExt, i doubt it will help against Starforce because own redirection of debugging interrupts that make Sice to crash.

Regards.

Hi all .
Thanx, but in fact, IceExt is no use against starf0rce. It detects 2 Meltice tricks, but this can be easily made by hand... not a big deal.
Peleon : I tried to use 'search' option before, but I can't see any 'search' button in this forum.
Sure, I need new glasses.

thanx a lot... more informations are of course welcome.
bye.

[niom]

you should use windbg instead of softice, because its not that 'intrusive' as softice and you'll need only one simple trick to prevent detection

once you can use a debugger to view interesting parts (like the prodrv06) you'll see a very simple code-decryption, api loading at runtime and a little vm

[Cobi]

You could implement your own Ring0 Debugger bypassing the Windows/Processor Debugging Features by adding a new Interrupt to the IDT which invokes cli and jumps into your Code.
So its
-nearly Undetectable (except by selfchecking Code)
-useable for StarForce Apps

If anyone wants to start such a Project, i will join

[elephant]

It seems there is no too much information about Staforce cracking, but someting obvious is that the protection is being cracked. We have some examples like Xpand Rally (StarForce 3.3) cracked by Ultima or the more recent Will Of Steel (Starforce 3.4.67.7) cracked by Hoodlum.

Unfortunately there are no tutorials or know tools to help in the cracking of SF, at least for the public masses. The best information I have found is the tutorial of yates called "StarForce 3 - Brief insight into a hidden world" that explains how the mov instruction works in the SF Virtual Machine. You can get it from: http://www.yates2k.net/cd/starforce.rtf

Does anyone have got more technical information about this protection?

[infern0]

afaik SF hooks int1/in3 to his own use and in this case iceext cant help you.

Hi !
Dyn!io... I'm neither so kind... nor trying to increment my post counter. I just try to be polite and thank people who are kind enough to reply my answers (just like you in fact... ). If moderator finds this reply not interresting at all, he (she ?) could just reset my post counter : I'm not gonna jump through the window for that.

So, apparently, S.F. reminds me an old protection scheme from the apple II scene called MCODE. It was a sort of interpreted language used to fool crackers. This scheme was present with Electr0nic Arts games in the early 80's. It was a simple version of P-Code from UCSD Pascal (1979) (using 8 registers, dozens of opcodes ....).
The goal was creating an unknown language to turn the protection routine into a sort of maze inpossible to trace by crackers. A kind of virtual machine in fact, where executed code is unreadable.
Considering the fact I'm not a 'Crackhoolic' psycho, I'll follow your advise and try to look at Xprotector first.
I can code my own tools, but for me it's just a hobby, I've also got a social life, and I'm of course *not* a cracking god, I'm just curious about this 'nightmare' called 'StarF0rce'.
Even if the goal is too far away for me to reach, I'm still being curious about it.

So, once again, thanx all !
bye bye.

[dyn!o]

"I'm neither so kind... nor trying to increment my post counter."
I was joking . I tried to say that it's always nice to meet kind people. No matter where.

"So, apparently, S.F. reminds me an old protection scheme from the apple II scene called MCODE"
Ehh... good old times. I remember C64 games where tight CPU architecture allowed to build sometimes amazing protections (e.g. calculating the jump offset from clock cycles).

"The goal was creating an unknown language to turn the protection routine into a sort of maze inpossible to trace by crackers. A kind of virtual machine in fact, where executed code is unreadable."
That's a very good description of the most powerful protection.

"can code my own tools, but for me it's just a hobby, I've also got a social life,"
We are not different (other members). We all are similar .

"I'm of course *not* a cracking god,"
There is no such one.

"Even if the goal is too far away for me to reach, I'm still being curious about it."
That's the point.

Good luck.