Starforce 3 - The gravestone?

[dyn!o]

I don't want to get into brawl, my friend. Also I don't want to get into endless discussion.

"They did modify the protected files, protect.dll has been patched. Where do you think the cd-check is?"
And you answered yourself. What for you need to reverse all the drivers if it can be done by reversing single file only?

"I don't believe in your psychological argument of "getting discouraged" by a post on a forum."
And that's ok for me .

"...if you really do get discouraged by what I said..."
Mate, please read my posts carefully. I only asked the question ("Are we here to learn or get discouraged?"). Did I told that you discouraged anyone? Probably you got offended, unnecessarily.

"e-mailing groups for help is never going to work.. "
I know that, that's why I have written about contacting tasks too.

"You did not understand what I said about the drivers. I am well aware of what they are doing, and they are playing an *ESSENTIAL* part in the protection. For example, they are responsible for (but not limited to): - heavy anti debugging - all ring3 and ring0 hooking (ex: S-F virtual file system, anti-emulation) - ..."
I just quoted your sentence and analysed your words, not mine - you would notice that if you read carefully instead of getting nervous. Starfoce drivers are pretty essential indeed. But let me tell you one thing pretty straight: reversing them won't allow you to run all Starforce games because it's simply impossible. Why? Because, as you know, the CD check is in protect.dll which changes in every version. You can change all drivers but they are not responsible for our problem (CD check). They are Starforce engine heart but not Starforce CD protection heart. I will make it even more clear: let's take Xtreme Protector as example. Its driver play almost the same role like Starforce drivers. By patching Xtreme Protector driver you can run all Xtreme Protected software? Never. So, general idea of drivers patching is useless (so far).

"If you really know how the driver works, then tell me how the ring-0 anti- NTice works."
Man, I am just an lamer without serious cracking knowledge. Calm down and realise that even if I would own so cosmic knowledge I don't have any obligation to answer your unkind order.

"*From the assumption that the crack was driver-based*"
How could you had such assumption if the previous posts made it clear? (protect.dll was modified)

"You can't just cut what I say in the middle and then draw bogus conclusions."
Did I call any of your post "a bougus conclusion"? Aren't you a little nervous?

"the protection is going to change now that the information is available."
And it will (if Starforce developers are wise... so far they are). I don't see any problem here. It's endless game, like ASProtect or Armadillo cracking. They are fixing holes and crackers reveal another ones.

Regards.

In my opinion the EXE file isn't an important Starforce file, I think it's only a loader to load the crypted EXE inside the protect.dll. The protect.dll is the real crypted EXE.

You can test this by taking other Starforce files from other games.

I think the protect.dll isn't the Starforce driver...


Best Regards, DeeYeah

[dyn!o]

Yes, protect.dll is heavily protected with Starforce virtual machine but... what's interesting... some game exe/dll files can be protected with virtual machine too, making it really hard to crack. That's why it's wiser to find a generic hole.

Of course, as you said, protect.dll itself is not a driver, but takes hardocore usage of them . It's the place responisble for the critical task: the CD check.

Regards.

[JMI]

And guys, let's ALL play nice in the sand box or someone is going to have to go stand in the corner.

Let's keep the conversation about the topic and not about eachother. It should be relatively easy for everyone to talk about their views without mentioning it in comparison to someone else's opinion. All it takes is a simple declarative statement, such as "I believe," followed by the opinion.

1.) Back and forth about the subject at hand is acceptable.

2.) Back and forth about an individual and/or that person's opinions is not acceptable.

3.) This is NOT an option. It is a requirement I WILL enforce, and the penalty will not be pleasant nor temporary.

4.) I hope I have made this very clear to whomever the advise might be appropriate.

Regards,

Quote:

Originally Posted by dyn!o

protect.dll itself is not a driver, but takes hardocore usage of them . It's the place responisble for the critical task: the CD check.

As far as I know (from about a dozen of SF-protected apps), protect.dll contains _all_ code of original EXE.
Try to analyze "main" executable of protected app with hiew or any other PE editor. There is code section inside but it is initialized to zero!
Moreover, OEP of main EXE points inside zero-initialized section!
Actually Windows loads protect.dll before passing control to OEP, protect.dll checks presence of original CD and either terminates application or decrypts code section of main EXE (which stored in protect.dll) and places it in right position in memory. But some part of processor instructions are converted to pseudo-code which interpreted by SF engine (drivers + protect.dll).

So, modifying protect.dll does not means patching of SF engine only or application data only. Most probably both SF engine and application data where modified.

[dyn!o]

Nice information you gave us

I didn't call protect.dll an engine but the critical place responsible for CD check. Furthermore, I suggested that it could be a good idea to crack Starforce that way because it requires the modification of single file only (protect.dll). And if you ask if Starforce engine was modified together with game exe/dlls, then no. Only protect.dll was modified. If you put xpandrally.bin (protect.dll) into original game - it will be cracked .

Regards.

Backdoor in StarForce driver, really?
Read more about:
h**p://www.freewebs.com/starforcemeat/index.htm

Quote:

Originally Posted by RideX

Backdoor in StarForce driver, really?
Read more about:
h**p://www.freewebs.com/starforcemeat/index.htm

looks authentic. funny

Hmm,sounds very suspicious...

Russians are evil, they will attack us with nuclear bombs!
Let's make our own drivers ! with backdoors...

Actually , this is not a good information about this kind of backdoor
because i've played games protected with StarForce, and now i am
filling like an idiot , reading that there is a backdoor...
But ok, everyone of us can UnInstall the SF Driver...(after playing the game)

Quote:

Originally Posted by VD76

Russians are evil, they will attack us with nuclear bombs!

AFAIK there is only one nation that has used nuclear bombs for attack. And that was not Russians...

Quote:

Originally Posted by VD76

Let's make our own drivers ! with backdoors...

Why not nuclear bombs with backdoors?

Quote:

Originally Posted by VD76

Actually , this is not a good information about this kind of backdoor because i've played games protected with StarForce, and now i am
filling like an idiot , reading that there is a backdoor...
But ok, everyone of us can UnInstall the SF Driver...(after playing the game)

AFAIK more than one year ago author of IceExt has detected that SF drivers could be used to execute arbitrary code in Ring0. At Sept. 2003 during ISDEF conference in Russia some representative of Protection Technology (development company for StarForce) reported that vilnerability existed, but patched in new versions - all used-level code should be signed before driver accept it to be loaded in Ring0.

Probably starforcemeat describes the same vilnerability or its variation.

[dyn!o]

Ok guys. Let's hold the panic for the moment and try to concentrate on the problem.

Starforce - we already know it's a problem for us, but we should dare to admit that it's, so far, also the strongest protection available today (and that's probably the reason of hate).

In my opinion such a sensible suspicions like backdoors and investigation related indictments should be proved by at least one serious proof, neverthless of the target. Discussed link is interesting, but not completely credible for me. I suppose the author, with all respect, is a cracker or represents competetive company (competetive to Starforce). Of course I don't say that's wrong - similar "games" were, are and will be played as long as a human race will exist. But let's concentrate on the link content.

Most of visitors won't understand the point of that message, not because of thoughtless style but, probably, because of shuffled statements. I wouldn't be so brave to call it a serious progress in fighting Starforce (come on guys, let's talk frankly, at least for a while... it's a fight) because I still can't find clean facts. Do you think I don't want? Wrong, I would like to read/hear professional statements with serious facts from both sides. Okey, they are using drivers and somewhere the problem exist, but guys, not this way. I mean don't start the battle if you can't win the war.

Someone had an interesting idea and serious technical details but, in my humble opinion, chosed the worst way to announce it. If he (let's assume "he") want to defeat Starforce, or any other protection, then he should carefully decide whom he is targetting. Who, from all the visitors, will count in the game, who has an influence on the IT games market strongh enough to decrease the software publishers usage of Starforce protection. I think the author missed his main intention. Personally I see it rather as a kind of fuzzy logic than clear and irrefutable proof.

I don't vindicate Starforce. I have my own, private opinion concerning the same subject (Starforce legality) but since I started this "exotic" thread as kind of informative only, I would like not to play "polytic games" (at least not in this thread).

Regards.