Starforce 3 - The gravestone?

Quote:

Originally Posted by dyn!o

protect.dll itself is not a driver, but takes hardocore usage of them . It's the place responisble for the critical task: the CD check.

As far as I know (from about a dozen of SF-protected apps), protect.dll contains _all_ code of original EXE.
Try to analyze "main" executable of protected app with hiew or any other PE editor. There is code section inside but it is initialized to zero!
Moreover, OEP of main EXE points inside zero-initialized section!
Actually Windows loads protect.dll before passing control to OEP, protect.dll checks presence of original CD and either terminates application or decrypts code section of main EXE (which stored in protect.dll) and places it in right position in memory. But some part of processor instructions are converted to pseudo-code which interpreted by SF engine (drivers + protect.dll).

So, modifying protect.dll does not means patching of SF engine only or application data only. Most probably both SF engine and application data where modified.

[dyn!o]

Nice information you gave us

I didn't call protect.dll an engine but the critical place responsible for CD check. Furthermore, I suggested that it could be a good idea to crack Starforce that way because it requires the modification of single file only (protect.dll). And if you ask if Starforce engine was modified together with game exe/dlls, then no. Only protect.dll was modified. If you put xpandrally.bin (protect.dll) into original game - it will be cracked .

Regards.

Backdoor in StarForce driver, really?
Read more about:
h**p://www.freewebs.com/starforcemeat/index.htm

Quote:

Originally Posted by RideX

Backdoor in StarForce driver, really?
Read more about:
h**p://www.freewebs.com/starforcemeat/index.htm

looks authentic. funny

Hmm,sounds very suspicious...

Russians are evil, they will attack us with nuclear bombs!
Let's make our own drivers ! with backdoors...

Actually , this is not a good information about this kind of backdoor
because i've played games protected with StarForce, and now i am
filling like an idiot , reading that there is a backdoor...
But ok, everyone of us can UnInstall the SF Driver...(after playing the game)

Quote:

Originally Posted by VD76

Russians are evil, they will attack us with nuclear bombs!

AFAIK there is only one nation that has used nuclear bombs for attack. And that was not Russians...

Quote:

Originally Posted by VD76

Let's make our own drivers ! with backdoors...

Why not nuclear bombs with backdoors?

Quote:

Originally Posted by VD76

Actually , this is not a good information about this kind of backdoor because i've played games protected with StarForce, and now i am
filling like an idiot , reading that there is a backdoor...
But ok, everyone of us can UnInstall the SF Driver...(after playing the game)

AFAIK more than one year ago author of IceExt has detected that SF drivers could be used to execute arbitrary code in Ring0. At Sept. 2003 during ISDEF conference in Russia some representative of Protection Technology (development company for StarForce) reported that vilnerability existed, but patched in new versions - all used-level code should be signed before driver accept it to be loaded in Ring0.

Probably starforcemeat describes the same vilnerability or its variation.

[dyn!o]

Ok guys. Let's hold the panic for the moment and try to concentrate on the problem.

Starforce - we already know it's a problem for us, but we should dare to admit that it's, so far, also the strongest protection available today (and that's probably the reason of hate).

In my opinion such a sensible suspicions like backdoors and investigation related indictments should be proved by at least one serious proof, neverthless of the target. Discussed link is interesting, but not completely credible for me. I suppose the author, with all respect, is a cracker or represents competetive company (competetive to Starforce). Of course I don't say that's wrong - similar "games" were, are and will be played as long as a human race will exist. But let's concentrate on the link content.

Most of visitors won't understand the point of that message, not because of thoughtless style but, probably, because of shuffled statements. I wouldn't be so brave to call it a serious progress in fighting Starforce (come on guys, let's talk frankly, at least for a while... it's a fight) because I still can't find clean facts. Do you think I don't want? Wrong, I would like to read/hear professional statements with serious facts from both sides. Okey, they are using drivers and somewhere the problem exist, but guys, not this way. I mean don't start the battle if you can't win the war.

Someone had an interesting idea and serious technical details but, in my humble opinion, chosed the worst way to announce it. If he (let's assume "he") want to defeat Starforce, or any other protection, then he should carefully decide whom he is targetting. Who, from all the visitors, will count in the game, who has an influence on the IT games market strongh enough to decrease the software publishers usage of Starforce protection. I think the author missed his main intention. Personally I see it rather as a kind of fuzzy logic than clear and irrefutable proof.

I don't vindicate Starforce. I have my own, private opinion concerning the same subject (Starforce legality) but since I started this "exotic" thread as kind of informative only, I would like not to play "polytic games" (at least not in this thread).

Regards.