Best Way to Image a Protected CD?

[LaBBa]

I'm trying to understand somthing about CD protection.

If i copy a CD ( that it is protected in some way ) can't i just read every chunk of data in the CD (like blindWrite does) without care if it an Error sector or not because i'm assuming that all data i read is correct.
even if i do this kind of Image to the CD there is (some how ) data missing
can some one please explaing me how can i make a perfect CD Image?

Regards,
LaBBa

[oVERfLOW]

Are you going to write your own code or looking for an app to do this for you?

If you mean an app
Then there are many programs to work with

One of best choices is PreGap Image Builder which is introduced here before
and also Alcohol 120%, CloneCD, and BlindWrite

Reading CD Image in ISO format is not a complete way
while it doesn't support multi-session CDs, Weak Sectors, and bad sectors.

This is what did I knew.

[taos]

Interesting, I love this old subject. You have 2 kinds of protected CDs (you have more but it's to be short and simple)
A-Music CD
B-Data CD

A- Altered TOC: You can copy everything (not bit losses) with oVERfLOW tools u others. Mixed Audio-data: The same, uninstalling rootkit stuff. etc...
In any way, that systems are not often used today.
B- There are a lot of schemes but they can not hide usefull information, only fake information, error gaps, etc... and then you must debug exe loader to stop checking it. The main idea is to jump "check original CD" routine. There are heavy systems, Starforce, and others. I know one DVD that has not been copied yet and have several years in the market, do you have got a PS2?
You must supply more information about the CD, data? audio?, what data exactly is missing?, is a setup CD? video?,etc...

Regards,

[LaBBa]

well it's a data CD it's an application and i don't see any loader it's build in the exe so it's not packed or somthing like that ..

this application comes with 2 CDs :
CD1- is installation. (no protection)
CD2- data CD of all DataBase of application - protected

in the protected CD there are 3 files with a XXX extension in root:
file00.xxx - 563,438 KB
file08.xxx - 850 KB
file09.xxx - 3KB

there is 2 more folders

MA folder files:
file08.MA - 1,054 KB
file09.MA - 36 KB

YZ folder files:
file08.yz - 361KB
file09.yz - 11KB


from what i have saw when i try to crack this when i'm running with an image of the CD i get an error from the application that this is not the original CD . it check first to see if there is a debugger present and then it check a black list of virtual dirves to see if it run from a virtual CD after that it try to load the CD ...
I have patch the CD check with error message "not original CD" so it will continue to load from the image CD but application crashes when it try to run.

I don't understand (yet) why it fails to run from image.
I guess there is a signed key in the CD and it try to read and decrypt with that key the files from the CD so i need to digg deeper.
I just don't understand why i can't copy in the CD image the signature like the code of the original CD does ..

I have maked all possible images with Alcohol 120% at speed x1 and still it fails.

Regards,
LaBBa

[taos]

Quote:

Originally Posted by LaBBa

well it's a data CD it's an application
I have maked all possible images with Alcohol 120% at speed x1 and still it fails.

Ok, You must first make a copy with another copy prog or with alcohol and setting on securerom ,etc... emulation. Mount the iso and compare the iso mounted with original CD (there're lot of programs to do it). You must analyze 2 things, a) There is not error copying original CD (can be fake sectors like I said in last post and then you must change your procedure) b) Are exactly ISO and original CD. Then mount ISO and debug. Before to work debugging ensure steps a) and b).
You can use gamejack better than alcohol, play with the settings in both progs.

Byes

[LaBBa]

Code:

Mount the iso and compare the iso mounted with original CD (there're lot of programs to do it).

welll if there was one i think that every app of burning would have done it for you and then fix the image .. i don't know any application that can tell me this info

Code:

Then mount ISO and debug

if the iso is a perfect image and fixed so why i need to debug it ? it should run like the original... (meaning : won't ask for original CD)

[SOLAR]

I hope you figured out something. I would like to know the solution to this.

[TechLord]

Why don't you try :
1.Making an image file with blindwrite.
2.Then physically burning the image to a CD.
3.Then check if the newly burnt CD works...

If the newly burnt CD works, then the problem maybe that the prog checks for Virtual Drives and give problems if drive is virtual...

Its also possible I think that the prog checks for an unique ID of the CD before running or uses it to decrpyt the prog using the ID as a key. If so, then the CD's ID must be hardcoded somewhere in the program. I remember that Crypkey v6 uses the ID of the CD to check whether the prog has been running from some other cd, and if so, it gives error message.

I don't exactly remember where I got this e-book but it maybe of help. Kindly go through the e-book :

Code:

The name of e-book is : CD Cracking Uncovered-Protection Against Unsanctioned CD Copying.

The download link is : http://rapidshare.com/files/120464076/06062008.rar.html

The password is : cdcopy

The rar contains several examples etc also...

[evlncrn8]

because, as i told you in the other forum where you got help... the gear software only made the image, the image was adjusted after this when the glass mastering / mass production was done....

sort of like you have a door with a lock, and a key, i then replace the lock... so the key you have is useless... clear?

[LaBBa]

loud and clear i understand now how it work ...

i just wanted to know if the application that runs from the original CD can read the Locked/Key data why can't any of the image makers (alcohol,BlindWrite,CloneCD) create an image that will contains the data that the application needs ?
i also have a good CD Burners Plextor and LiteOn so i can't be blamed that i'm using lame hardware to make CD images..

[TechLord]

I had a similar experience with a Video CD sometime back : I could play it on the computer AND on VCD players but I couldn't copy it...I tried to image it using various tools like Alcohol,Blindwrite etc but the images or the burnt CDs never worked. There was no special protection either immediately apparent by reading the directory on the CD etc.
Finally I found out that it was installing a driver in the background on the first run when played back on the computer, and this driver was extracting the relevant bytes from the .dat file and sending it to the media player, thus allowing the movie to play but not to allow copying directly.
The VCD players (set-top) merely ignored the irrelevant data in the .dat file and played the movie seamlessly.
Finally I could copy the movie by extracting using IsoBuster with the option "Extract but filter only M2F2 mpeg frames" , and then by re-burning it to another cd.

I would like to add a comment on this statement by evlncrn8:

Quote:

sort of like you have a door with a lock, and a key, i then replace the lock... so the key you have is useless... clear?

I would like to think i slightly different way... You have a room whose door is locked by a lock and you have the key...But this particular locked room is behind another door locked by a lock but whose key you don't have...Unless you open BOTH the locks you can't enter the room...I can liken the outer lock to the security measures put onto the CD Media at the time of mass production, sometimes on an individual basis...
Our imagers are able to see and read upto the level of the inner lock but can't emulate the outer lock or open it...The running application is probably programmed to look for the outer lock and then open it first...
I know the analogy is not exact but it fits to a certain extent I think...

[taos]

Quote:

Originally Posted by TechLord

Our imagers are able to see and read upto the level of the inner lock but can't emulate the outer lock or open it...The running application is probably programmed to look for the outer lock and then open it first...

I disagree with you. Running application has not more powerfull than Blinread, Alcohol, etc..., very very specialized burning soft a lot of years ago. If that app reads it, burning soft reads it too... Like I said in first post, take a view hidden rootkit,etc... Search original dump data in master cd and take note physical position. Edit ISO file and change bytes. IF you take this way, please send me where are data.
BTW: Gear soft has professional software for mastering machines & of course for burning home made.
Regards,

[LaBBa]

Quote:

Originally Posted by taos

take a view hidden rootkit,etc... Search original dump data in master cd and take note physical position. Edit ISO file and change bytes.
Regards,

I realy want to do what you say but :

Quote:

Originally Posted by taos

"take a view hidden rootkit,etc"

with what apps ?

Quote:

Originally Posted by taos

"Search original dump data in master cd and take note physical position."

again.. how do i search for the dump data that i have in the original CD so i will know it's position ??

sorry that i'm asking many questions but your requests are too general...

[taos]

Quote:

Originally Posted by LaBBa

sorry that i'm asking many questions but your requests are too general...

TechLord has made my work...

[TechLord]

Quote:

Originally Posted by taos

Running application has not more powerfull than Blinread, Alcohol, etc.

I agree with this but I want to mention that many cd drives and even some software incorporate Error Correction and sometimes ECC ( Error Correction Codes) with some redundant data (maybe in the form of PURPOSELY made unreadable sectors etc). So, sometimes the data may ALL be recoverable or an image can be made but the SECTOR TO SECTOR mapping may not be possible.
So its a VERY simple case wherein a prog can check whether a particular unreadable sector (of REDUNDANT data) is present on the CD or not. IF it is present, the prog runs. Else it exits or crashes. The Mass Burnt CDs can incorporate it. But our CD image, though it has ALL the data (and hence even the md5 checksum also maybe same in some cases), it still can't have the unreadable sectors etc ( I remember that alcohol etc can emulate bad sectors and sub-channel data, but still it sometimes fails...)

Quote:

Originally Posted by LaBBa

how do i search for the dump data that i have in the original CD so i will know it's position ??

I believe that WinHex 11 and above can do the direct sector reading and dumping quite well (though I haven't used it for quite some time)

Also I believe you can download and use the Rootkit Unhooker from this site:

http://www.antirootkit.com/software/RootKit-Unhooker.htm

to search for any suspicious processes and remove any hidden toolkits.