Putting Marks vs. Dynamic Binding

Protection Mechanisms Based on the Read Timing Characteristics

A read timing diagram is probably the most easily measured but, at the same time, unique disc characteristic. It varies considerably from disc to disc. Let s carry out an easy experiment: Take any CD, create its copy, and then compare the read timing diagram of the copy to that of original. The result that the author obtained is illustrated by the two diagrams provided below (Fig. 9.2). (An Agatha Christie disc served as the test example and PHILIPS CDRW 24000 was the test burner . Disc copying and creating the graphs was carried out using Alcohol 120% and the copying was carried out on an IMATION 48x disc).

Fig. 9.2: Read timing diagrams of the original disc (a) and its copy (b)

Just look at the difference! All discs are not the same. They differ so significantly that this can be noticed with the naked eye! How can we use this difference for protecting programs? Identify some node points on the timing curve, which correspond to the peaks, dips ”or lack of either ”in the specified section. Then convert them into the characteristic code, bearing in mind that the curve profile will change in the course of using the disc (and, besides, that it will vary from drive to drive). Some ruptures might appear, while others might disappear. Therefore, for disc identification, it will be necessary to use the fuzzy comparison algorithm, which means that under conditions where several nodal points match, the disc is considered to be original. Of course, the softer the selection criteria, the greater is the probability that the copyleft will be considered to be copyright. Excessively stringent criteria will engender excessive complaints from those users who own older drives that distort the timing curve in such a way that an original and legally purchased CD suddenly ceases to be recognized as such. According to the author s experience, a good balance between reliability and stability is ensured by the 3:10 ratio, which means that if at least three nodal points out often are recognized, the disc must be considered original. In the long run, it would be much better if the protection doesn t notice its presence than to swear at legal users.

We should mention that, for building a timing diagram, it isn t necessary to work with the disc at the sector level. Measuring read-timing characteristics for individual files produces an equivalent result. For this purpose, you can read using any standard means, such as, for instance, the fread built-in C function. Naturally, the files chosen for testing must be large. They must be large enough to guarantee that they don t fit into the cache memory and make the operating system access the hard disk instead of retrieving these files from the RAM. The drawback of this approach is that for building the timing curve, you ll have to read at least half of the entire disc (and this takes time), because the resolution capability of the file measurer is too low. On the other hand, won t you have to read the data written to the hard disc anyway? If so, why not combine the useful with the pleasant?!

If you are going to write a couple of small utilities to the disc, it is much better to measure the reading time of individual sectors for binding to the disc. Since the sector lengths drift within a wide range because of technology imperfection, the time required for the drive to read them also drifts, because the disc rotation speed is constant! Well practically constant. CDs, being self-synchronizing devices by their nature, do not impose stringent requirements on the drive-rotation speed. The main thing here is that the speed gradient must be considerably lower than the frequency of changes from pits to lands (because the generator is self-tuning when crossing their boundaries). It isn t difficult to show that if the angular rotation speed of the disc is constant, its linear speed along the spiral track inevitably grows. If no additional measures are taken, the pits on the external sectors of the disc will sweep by with such speed that the laser head won t have time to read them. To prevent this, special mechanisms for dynamic regulation are used in CD-ROM drives to keep the linear-rotation speed within predefined limits . Besides, the specific values of linear and angular rotation speeds are unknown, and we cannot measure them with the necessary precision. If the disc-rotation speed is unknown, how can we measure the sector length?

Let s base our examination on the fact that for the short section of the spiral track disc rotation speed will remain more or less constant. By comparing the read times of the neighboring sectors, we ll be able to determine the approximate relation between their lengths. If there is a short sector between two long sectors, there will be a peak on the graph. On the other hand, if the lengths of three or more sectors are more or less identical, there will be a long plateau on the graph.

The results of investigating one of my own discs are shown in Fig. 9.3. This dull pattern, somewhat similar to a two-handled saw, is very capricious by its nature. Repeated runs of the program with the same disc will repeatedly produce different results. Nevertheless, most peaks and pits coincide, and it is still possible to identify the original disc.

Fig. 9.3: Nodal profiles obtained from two runs of the same disc

Now let s copy the disc and try to compare the obtained copy to the original. The pattern has changed! The relief has changed to a degree that makes it unrecognizable. First, the tops of peaks do not match. Second, the number of pits on the duplicate is surprisingly low (perhaps, it was a good disc specimen). Finally, instead of the large trident between the 14th and 22nd sectors that was present in the original, there is a large plateau sloping downward on the copy.

Thus, measuring relative sector read times allows us to distinguish the original disc from its replica unambiguously. At the same time, such measurements can be easily carried out using the operating system s built-in tools and is compatible with practically all drive models.

Fig. 9.4: Nodal profiles of two different discs

Measuring Angles between Sectors

Having heard that some protection mechanisms measure the angle between the first and the last logical blocks on the CD, I began to wonder how they actually do this? Because I didn t have programs protected using this method, and developers, naturally, do not disclose the technical details of its implementation, I had to use logical deduction and confirm them through practical experiments. Having ruined a pack of CD-R discs and spent an entire day, I managed to discover the secret method and created a functional protection system. Let s proceed step by step.

As a matter of fact, CDs are sequential-access devices with accelerated rewinding, which is carried out by means of radial movement of the optical head along the spiral track. Having moved along the track a certain distance, the head positions itself to a new track and waits for the arrival of the nearest sync group , which marks the start of each sector. Having read the address contained in its header, the head compares the current address with that which is required and, if necessary, moves forward or backward. This process is repeated until the head comes sufficiently close to the required sector (within the range of a single disc turn ). Now the head stops fussing about and waits until the sector reaches its field of sight.

Let s assume that searching for the required track always takes the same time. Although this is not exactly soo the case, this assumption will do as the starting point for our discussion, since the positioning of the head to sectors located on adjacent spiral turns is carried out by means of head deflection by a magnetic field. This means that it takes place practically instantly. The head is moved in slides by a special drive mechanism, which operates at snail speed only in cases of positioning the head to remote sectors. Based on our assumption, the full access time to the sector will depend directly on the angle between the current sector and the sector that was read last (Fig. 9.5). Accordingly, having measured the access time, we will be able to measure the angle. The only problem consists in determining the headpositioning time. Since it varies significantly from drive to drive, we cannot rely on the absolute access time. However, relative changes are clearly discernible. Sequentially moving the head between sector 0 and sectors X , X +1, X +2, X +3 we will observe wave-like fluctuations in the full access time. Wave crests correspond to the maximum angle between these sectors, while wave troughs correspond to the minimum angle (in this case, the required sector is encountered immediately after the positioning process is completed). Having registered sector combinations corresponding to the minimum and the maximum, let s try to compare this combination to the same combination obtained for the disc duplicate.

Fig. 9.5: Measuring the angle between sectors

Have we succeeded? Actually, different lots of CD-R discs are formatted differently, and the density of their spiral tracks is also different. Because of this, the angle between our sectors is also not the same, and these differences grow sharply with the growth of the distance between sectors. Let s assume that the difference between the average sector length on the original and duplicate is 0.01 percent. Then, provided that full disc capacity is about 350,000 sectors, the change of the angle between the first and the last disc sector will be 3.5%, which is a measurable value. In practice, the declared formatting precision is never observable. When copying a model disc to media from other manufacturers, angular differences sometimes are as high as 180 degrees!

Specially for this purpose, I have developed a program, which I called CD-physical pattern detector. Because of the limited volume of this book, I won t provide its listing here, because it is quite large, and, anyway, the source code of this program can be found on the companion CD. Two screenshots illustrating its operation are shown in Figs. 9.6 and 9.7. Having started it for execution and after allowing the CD-ROM drive to move its head for some time (the protection mechanism is actually recognized by these movements), we will discover that the access time to sectors with different numbers is measured in an interesting way (Fig. 9.6). Four or five neighboring sectors are read with approximately the same speed, then the curve bends sharply, almost doubling the access time. After one or more sectors, the access time changes stepwise once again. The alternation of peaks and pits is strictly periodical, deviating from the average position by only several sectors, which is probably caused by the variable time of the optical head s moves. Naturally, the older the drive is, the lower is the measurement precision. However, if we have a large sample of measurements (Fig. 9.7), the measurement error will be relatively low.

Fig. 9.6: CD-physical pattern detector: a ” unprotected disc, b ”disc protected by StarForce

Fig. 9.7: CD-physical pattern detector at work: a ”unprotected disc, b ”disc protected by StarForce. The program actually allows to see the pattern! Provided that we have a large sample of measurements, the measurement error will be relatively low

Fig. 9.8 shows profiles of spiral tracks created for two different discs. The first curve (1) corresponds to the disc produced by IMATION, while the second one (2) relates to a disc from TDK. Notice the difference between the two graphs!

Fig. 9.8: The spiral track profile for IMATION (1) and TDK (2) discs