Investigation of Real Programs

Overview

This chapter covers the organization of various mechanisms for protection against the unauthorized copying of CDs and provides explanations of the principles, by which they operate , as well as examples of how these mechanisms are implemented in different software. It also demonstrates how these protection mechanisms can be neutralized.

Classification of protection mechanisms: Methods of protection against unauthorized copying can be classified in relation to a number of criteria, the most important among which are the following:

  • The strength of the protection mechanism (can the protected CD be copied by a standard copier; by a specialized copier capable of emulating protected media; or can it simply not be copied at all).

  • Principle by which the protection operates (non-standard disc formatting; binding to physical characteristics of a specific media).

  • Compatibility with hardware and software (the protection mechanism is fully compliant with the standard and is compatible with all standard equipment; the protection mechanism doesn t formally violate the standard but, however, relies on undocumented features of hardware implementation that aren t guaranteed to be supported; or the protection mechanism clearly violates the standard and relies on a specific equipment line).

  • Implementation level (software level ”the creation of the master disc is carried out using standard equipment; hardware level ”the creation of the master disc requires special equipment).

  • Interface of communication with the CD drive (standard C and/or Pascal library; OS API; low-level hardware access.

  • Object of protection (protection of the entire disc; protection against file-by-file copying; protection against digital grabbing of audio content.

The strength of the protection mechanism against cracking: There is no absolute protection against copying for optical media. Such a mechanism is, in principle, impossible to design, because, if the disc can be read, this means that it can also be copied. Naturally, if hardware protection is effectively built into the drive chipset, the procedure for cracking it can be extremely difficult, if not impossible , using standard equipment. However, what prevents a hacker from modifying the firmware for the drive at his or her disposal, or from introducing certain constructive modifications, thus blocking the protection mechanism? It is enough to recall the sensational story of MOD chips to make all of the illusions of copyright holders disappear like smoke.

Struggling against professional crackers is absolutely pointless. No one has ever won this battle. The faster the process of improving protection mechanisms evolves, the more promising are the prospects for cracking them. Even the most perfect protection mechanisms can be cracked. Realistically, this is merely a question of time, motivation, and financial resources (bear in mind that, in this case, the financial potential is almost infinite).

Therefore, it is necessary to protect against qualified users instead of protecting against hackers. Standard copiers (Ahead Nero, Roxio Easy CD Creator), at minimum, must not be able to copy the disc. Maximum protection assumes that it is impossible to copy the protected CD using specialized copiers designed for protected discs (Alcohol 120%, Clone CD). Nevertheless, protection against copying can be very different. Physical defects on the surface cannot, in principle, be copied using standard equipment. However, they can easily be simulated by corrupting the sector checksum. Naturally, this can be detected easily by a more intelligent protection mechanism. For this purpose, however, the protection must delve to lower levels, in comparison with API, in order to get direct access to the hardware. Note that this is not positive from the point of view of compatibility and security.

Emulation of the original media is even more difficult to overcome . Some advanced copiers (such as Alcohol 120%) create a virtual drive that behaves exactly in the same manner as the protected disc. Software of this type carefully reproduces practically all of the physical characteristics of the disc s surface. Hence, the difficulties involved in copying the original disc depend not so much on the complications associated with imitating the specific features of the disc, but, rather, by their hidden location.

In other words, it is necessary to find a set of specific distinguishing features, the presence of which would be extremely difficult to detect. Good candidates for this role are the subcode channels of unreadable sectors. Because of the specific features of CD-drive design, the precision of positioning for subchannel data is low, and, consequently, the result of the READ SUBCHANNEL SCSI/ATAPI command is not only unpredictable, but also impossible to reproduce! Each time this command is executed it returns the subchannel data for sector N ± +k, where N is the address of the requested sector, is the random drive error, and k the systematic drive error. Thus, grabbing the subchannel data of all sectors will take too long. If the subchannel data are intentionally mixed and/or corrupted, the problem posed by their copying will become practically unsolvable . Copying such a disc is practically impossible, whether using existing copiers or any of the advanced models that will certainly appear in the future.

The strength of the protection mechanism against a bit-hack is, generally , not critical. Even the most advanced and sophisticated protection mechanism will be cracked, provided that the hacker has enough motivation! Therefore, the only attainable goal that that is considered here is the complication of the process for copying original CDs using standard or hacker tools. What methods allow us to complicate this copying?

When MS-DOS and 3,5 /5,25 floppy drives were still dominant, the most popular protection methods were non-standard disc formatting and creation of extremely difficult to reproduce surface defects. These protection mechanisms could be implemented at both the hardware and software levels. In this context, the hardware level is understood as non-standard equipment used for recording a protected disc (for example, a device for creating laser marks by means of vaporizing the magnetic layer at a strictly defined location, or even a commonplace variable capacitor , connected in parallel to quartz in order to change its frequency and, consequently, its track length. Software methods of protection were limited to the use of standard equipment. This considerably reduced the expense involved in duplicating original discs (when it was only necessary to reproduce a small number of items, this was very important). Curiously enough, the strength of hardware protection was no higher than that ensured by the protection at the software level. All kinds of protection mechanisms could be cracked using software methods, and, most often, this could be achieved in a completely automatic mode.

Generally speaking, all of the existing methods of CD protection can be divided into the following two types: non-standard disc formatting and binding to the physical characteristics of the media surface. Protection mechanisms of the first type can be implemented by means of aberration from the standard. On the other hand, the vast majority of loyal programs attempt to comply with standards. As a result, the protected disc cannot be copied using standard methods, and this is exactly the result that copyright holders were looking for. The idea of non-standard formatting is not new. It was widely used even in the times of Amiga, Spectrum, and other ancient computers. This type of protection couldn t withstand an attack carried out by a reasonably intelligent individual. However, the problems that it caused to legal users became legend long ago. Any deviation ”even the slightest ”from the standard would void any guarantee that the disc would be readable at all! Because of the wide variety of the equipment available on the market, it is impossible to test protected discs on all existing drive models. Consequently, there is the risk that owners of untested models will encounter serious problems. The more significant are the deviations from the standard, the higher this risk will be.

image from book
Fig. 6.1: Classification of protection mechanisms

Disc protection against playback in computer CD-ROM drives, also called protection against digital playback, is the most infamous of all protection mechanisms. The main goal of this type of protection is the prevention of unauthorized copying the disc and grabbing its contents into MP3 format, without preventing normal playback. Obviously, the requirements of the protection here are mutually exclusive, because the playback of an audio disc is, in itself, an example of grabbing. Whether the grabbed data are supplied to the DAC input or to the input of an MP3-compressor is not important, because the drive doesn t inform the disc which circuitry it will use to read it (why should a crocodile chat with its breakfast ).

In practice, however, the situation is somewhat different. Low-end audio players and computer CD-ROM drives differ significantly in their design and interpret the same information written on a CD differently. With regard to computer CD-ROM drives, they most frequently play audio discs through a special audio channel, which differs significantly from the digital data channel. Thus, the creation of a protection mechanism is reduced to the intentional introduction of errors into the disc structure that will manifest themselves only in the digital grabbing mode, while remaining unnoticeable in all other situations.

As has already been mentioned, any modification of the disc structure going beyond the limitations implied by the standard renders this disc non-standard. The behavior of non-standard discs on arbitrary-selected equipment is unpredictable! At the same time, the processing of non-standard audio discs is significantly different from the processing of non-standard data discs. A protection mechanism built into an executable file is, in fact, a program. Consequently, it knows everything about the format corruption of the protected disc and knows how to process it. Just one thing is required of the CD-ROM drive ”to read the data and do what, and only what, it is instructed to do. The situation is completely different when an audio disc is processed by CD-ROM firmware. In this case, an external program (CD-ROM firmware) that corresponds to the standard is used for processing of the corrupted data. As a result, CD-ROM drive firmware can interpret any deviations from the standard as a situation where there is a non-audio disk or there is no disk present. The large variety of digital equipment considerably complicates the problem of testing protection mechanisms for compatibility.

Actually, the protection of audio CDs against copying turns into protection against playback. Often, these discs can not even be played on standard audio players, let alone CD-ROM drives. On CD-ROM drives, they can only be played if they can be played at all, through an audio channel, which gradually dies away. Windows 2000 and Windows XP, for example, use digital playback of audio discs actively. On Macs, according to rumors I ve heard , this is the main playback mode. Since the discussion of the advantages of digital playback in comparison to analog playback is a topic for another book, we won t concentrate on this topic here. It is enough to note that every user has the right to choose his or her preferred playback method. Consequently, cracking this kind of protection is justifiable ”if not a noble deed!

The PHILIPS Corporation, which is one of the inventors of CD technology, strongly opposes any deviations from the standard and insists on that protected discs including anti-copying technology should not use the Compact Disc logo. Legislation in many countries supports this stance. Any disc protected by a non-standard format must be marked with an unequivocal warning that, although the piece of plastic you are purchasing bears a resemblance to a CD, in reality, it is not a proper CD.

Nostalgic reminiscence

Long ago, when Spectrum computers were quite popular, one publisher of an e-zine (after so many years , the name of the company escapes me) invented a protection system in the following form. The controller chip for the drive is supplied with a specific clock frequency, which forms the basis for its operation. Because, in this case, the MFM recording method is used, the track length depends on the frequency. Normally (if my memory serves me well), the track length was in the range of 6,200 bytes (unformatted). Well, this company, or, more likely, one bunch of guys :), created a shorter track on the disc, of about 5,000 bytes. Thanks to the PLL in controller, it could be read quite normally. However, the length of 5,000 bytes was preserved. This protection was impossible to overcome on a standard computer (obviously). However, hackers immediately came up with the idea to connect a variable capacitor in parallel to the quartz. By tuning this variable capacitor, it was possible to obtain a track of the desired length. For the moment, it was difficult to say for sure who was the first to invent this method, because it was invented and reinvented many times. However, Bob Johns, who was writing a copier for discs protected in this manner exactly by that time, was the first to provide information on this method to the wide user community.



CD Cracking Uncovered. Protection against Unsanctioned CD Copying
CD Cracking Uncovered: Protection Against Unsanctioned CD Copying (Uncovered series)
ISBN: 1931769338
EAN: 2147483647
Year: 2003
Pages: 60

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net