What about St*rforce ?

Hi all !
I just wonder if anyone has ever looked further into commercial protection called Starf*rce ?
Just because I'm curious about that protection scheme, and in which ways it defeats / detects Soft1ce.

So, if you've got interresting informations, please let us know about them.

thanks,
bye.

[Sky]

Use IceExt? i think it'll help you with SIce hiding from StarForce...

[infern0]

afaik SF hooks int1/in3 to his own use and in this case iceext cant help you.

[peleon]

fripouille: Starforce has been discussed here a lot. You should use the search button first.

Sky: About using IceExt, i doubt it will help against Starforce because own redirection of debugging interrupts that make Sice to crash.

Regards.

Hi all .
Thanx, but in fact, IceExt is no use against starf0rce. It detects 2 Meltice tricks, but this can be easily made by hand... not a big deal.
Peleon : I tried to use 'search' option before, but I can't see any 'search' button in this forum.
Sure, I need new glasses.

thanx a lot... more informations are of course welcome.
bye.

[niom]

you should use windbg instead of softice, because its not that 'intrusive' as softice and you'll need only one simple trick to prevent detection

once you can use a debugger to view interesting parts (like the prodrv06) you'll see a very simple code-decryption, api loading at runtime and a little vm

[Cobi]

You could implement your own Ring0 Debugger bypassing the Windows/Processor Debugging Features by adding a new Interrupt to the IDT which invokes cli and jumps into your Code.
So its
-nearly Undetectable (except by selfchecking Code)
-useable for StarForce Apps

If anyone wants to start such a Project, i will join

[elephant]

It seems there is no too much information about Staforce cracking, but someting obvious is that the protection is being cracked. We have some examples like Xpand Rally (StarForce 3.3) cracked by Ultima or the more recent Will Of Steel (Starforce 3.4.67.7) cracked by Hoodlum.

Unfortunately there are no tutorials or know tools to help in the cracking of SF, at least for the public masses. The best information I have found is the tutorial of yates called "StarForce 3 - Brief insight into a hidden world" that explains how the mov instruction works in the SF Virtual Machine. You can get it from: http://www.yates2k.net/cd/starforce.rtf

Does anyone have got more technical information about this protection?

[dyn!o]

Quote:

It seems there is no too much information about Staforce cracking

There is completely no useful information.

Quote:

the more recent Will Of Steel (Starforce 3.4.67.7) cracked by Hoodlum

It's a fake relased by Hoodlum's competition. So far Ultima is the only one who cracked SF with VM (Xpand Rally + Colin 2005).

Quote:

is the tutorial of yates called "StarForce 3 - Brief insight into a hidden world"

Unfortunately it's small and obsolete information concerning single SF VM instruction.

Good luck.

Hi !
Thank you all for your answers !... even if the last one doesn't sound pretty optimistic.

It seems to be a really hard target, but even if I'm almost sure of being unable to break it down, I'm just going to start a 'step by step' approach.
First, I'll follow niom's advice and try to use windbg instead of SI. Even if I'm not familiar with this proggy.
once again, thanx.

bye

[dyn!o]

Wow, you are a kind one (or just increment your posts counter? ).

Anyway, take my small advice: try to break XProtector first. If you will be not able to do it then do not touch Starforce. You will lose your time. If you will be able to break XProtector then you should be able to deal with Starforce.

Forget about anti-debug stuff, that's not the point.

Have you even wonder why XProtector or Starforce were cracked by 1-2 persons only? Look at all the information on the web. The funny thing is that people are fighing their (XP & SF)... anti-debug features. That is a serious mistake and it seems that it was the intention of authors (fool crackers by cracking their mind). Anti-debug features are for fun. It does not bring any serious shield because it has no logic inside. Do you want to defeat SF? Then first you have to write own logger, decompiler and the last one........ but hey.... you will know what after dealing with first two.

Good luck.

[Polaris]

Man, another reply like this and he will probably become a web-developer!!

[EDIT JMI: This was another example where use of the Quote Button, to quote the entirity of the previous post, was a complete waste of database resources. Please everyone use the small button on the far right, or the quick reply button WHEN A QUOTE IS NOT NECESSARY TO MAKE YOUR RESPONSE CLEAR.]

Hi !
Dyn!io... I'm neither so kind... nor trying to increment my post counter. I just try to be polite and thank people who are kind enough to reply my answers (just like you in fact... ). If moderator finds this reply not interresting at all, he (she ?) could just reset my post counter : I'm not gonna jump through the window for that.

So, apparently, S.F. reminds me an old protection scheme from the apple II scene called MCODE. It was a sort of interpreted language used to fool crackers. This scheme was present with Electr0nic Arts games in the early 80's. It was a simple version of P-Code from UCSD Pascal (1979) (using 8 registers, dozens of opcodes ....).
The goal was creating an unknown language to turn the protection routine into a sort of maze inpossible to trace by crackers. A kind of virtual machine in fact, where executed code is unreadable.
Considering the fact I'm not a 'Crackhoolic' psycho, I'll follow your advise and try to look at Xprotector first.
I can code my own tools, but for me it's just a hobby, I've also got a social life, and I'm of course *not* a cracking god, I'm just curious about this 'nightmare' called 'StarF0rce'.
Even if the goal is too far away for me to reach, I'm still being curious about it.

So, once again, thanx all !
bye bye.

[dyn!o]

"I'm neither so kind... nor trying to increment my post counter."
I was joking . I tried to say that it's always nice to meet kind people. No matter where.

"So, apparently, S.F. reminds me an old protection scheme from the apple II scene called MCODE"
Ehh... good old times. I remember C64 games where tight CPU architecture allowed to build sometimes amazing protections (e.g. calculating the jump offset from clock cycles).

"The goal was creating an unknown language to turn the protection routine into a sort of maze inpossible to trace by crackers. A kind of virtual machine in fact, where executed code is unreadable."
That's a very good description of the most powerful protection.

"can code my own tools, but for me it's just a hobby, I've also got a social life,"
We are not different (other members). We all are similar .

"I'm of course *not* a cracking god,"
There is no such one.

"Even if the goal is too far away for me to reach, I'm still being curious about it."
That's the point.

Good luck.