• Steam recently changed the default privacy settings for all users. This may impact tracking. Ensure your profile has the correct settings by following the guide on our forums.

Anti-ISO measures in games (DJMax Black Square)

S

Sullivan

New Member
Slasher said:
Well lets just hope other ISOs don't implement this :)
It really doesn't surprise me though, if coders cared about their shit getting pirated they should have done this looooong ago. Sony should make a function in their SDK, 'sceProtectDeleteIso(ID)' that any game could easily call lol
Click to expand...

Well I am sure if the Devs have the option to and will benefit them, they will take full advantage.
 
Slasher

Slasher

Suck It
twelve said:
Wouldn't it be easy enough to have a UMD ripper that detects this protection and patches it when the game is ripped? Or is the patching process different for every game?
Click to expand...

Ehhh, depends on how the developers implement it I guess. Patching is one thing(simple things like text, colours, etc), but actually physically removing implemented protection code is a whole other story.
Sullivan said:
Well I am sure if the Devs have the option to and will benefit them, they will take full advantage.
Click to expand...

Oh definitely, though I doubt this is an sdk implementation by sony. It's probably just a makeshift attempt by the developers of DJ Max to prevent people from playing it as an ISO
 
LocutusEstBorg

LocutusEstBorg

Active Member
twelve said:
Wouldn't it be easy enough to have a UMD ripper that detects this protection and patches it when the game is ripped? Or is the patching process different for every game?
Click to expand...

This kind of protection has to be manually cracked for each executable.

If Sony wanted to do it, they could easily modify the firmware functions to check if a PSP format ISO is being opened etc. Though it would be patched in M33 firmware anyway....

Thus the only effective way is for devs to manually code their own (weak) protections within their user mode restrictions. If Sony allowed devs to use a custom kernel mode PRX, then that could be used to detect and counter ISO loading by various methods. Because the PRX would be different for each game, patching it would be a problem. But that would probably never happen.
 
C

-chw42-

Like a Boss
Slasher said:
Ehhh, depends on how the developers implement it I guess. Patching is one thing(simple things like text, colours, etc), but actually physically removing implemented protection code is a whole other story.


Oh definitely, though I doubt this is an sdk implementation by sony. It's probably just a makeshift attempt by the developers of DJ Max to prevent people from playing it as an ISO
Click to expand...

Maybe that's why they delayed the DJ Max Fever game for two months...
 
M

mohaas05

New Member
Perhaps the game tests the read speed of its data. If it's too fast, it knows its an iso. If it's too slow, it knows its a cso.
 
S

Sullivan

New Member
mohaas05 said:
Perhaps the game tests the read speed of its data. If it's too fast, it knows its an iso. If it's too slow, it knows its a cso.
Click to expand...

I doubt it, that would be hard. And on top of that, the Slim loads games slightly faster then the original models.
 
Hellcat

Hellcat

Contributor
They could check for loaded modules (I'd guess NP9660.PRX and the M33 one are not loaded when not beeing used, might be wrong here), they could check if and what UMD is in the drive by direct I/O calls (sceDevCtl() and such - could be easiely captured by future CFWs), measuring the speed could also be done, of course, could even work, querying the UMD driver and look for responses typical for UMD emulation....

And those are the ones comming to mind w/o thinking too much, there's more, WAY more ways to figure out if running from UMD, ISO, CSO or tape ;)
 
M

Moca

New Member
Hellcat said:
They could check for loaded modules (I'd guess NP9660.PRX and the M33 one are not loaded when not beeing used, might be wrong here), they could check if and what UMD is in the drive by direct I/O calls (sceDevCtl() and such - could be easiely captured by future CFWs), measuring the speed could also be done, of course, could even work, querying the UMD driver and look for responses typical for UMD emulation....

And those are the ones comming to mind w/o thinking too much, there's more, WAY more ways to figure out if running from UMD, ISO, CSO or tape ;)
Click to expand...

Slasher said:
Well lets just hope other ISOs don't implement this :)
It really doesn't surprise me though, if coders cared about their shit getting pirated they should have done this looooong ago. Sony should make a function in their SDK, 'sceProtectDeleteIso(ID)' that any game could easily call lol
Click to expand...

In either case, the protection can be bypassed via function hooking and renaming module names.
 
LocutusEstBorg

LocutusEstBorg

Active Member
These are the known protections in this game so far, with the uncracked executable:

1) It performs a read speed test as soon as it starts to determine if running from memory stick.

2) It searches the ISO folder for DJ Max Clazziquai Edition ISO and deletes it. It corrupts Clazziquai Edition save games. It is unable to detect a Clazziquai CSO.

3) It tries to delete its own ISO (Black Square), this doesn't happen consistently.

4) It scans the file names in the ms0:/SEPLUGINS folder. If any of the seplugins files have 'iso' in the file name, then it exits to XMB immediately. E.g. if you have a plugin called blablaiso.prx it will exit to XMB.

With the cracked executable, only check (4) is still active.
 
Hellcat

Hellcat

Contributor
In reply to Mocha, my Chino ;)

Yes, but only if the exact workings of the protection is known.
If they use a generic one, that'll be a FAIL, of course, CFW will counter that completely.

If they come up with new ideas and do it differently for each game, we're at least back to the oldschool days where games needed to be cracked :D


[EDIT]
@Torch:
Wow, that's some pretty easyish checks.... o_O
 
LocutusEstBorg

LocutusEstBorg

Active Member
The protection is custom. The asm instructions for the protection are compressed/deflated and encrypted, and hardcoded into the executable. They can be easily identified in a hex editor because it looks very odd next to the other code.

Its probable decrypted in place or something so that the instruction pointer can jump directly to it. In the cracked executable, these parts are simply nulled out. Dunno how that would work without crashing, unless some previous instructions were modified to jump over it.
 
M

mohaas05

New Member
Torch said:
These are the known protections in this game so far, with the uncracked executable:

1) It performs a read speed test as soon as it starts to determine if running from memory stick.

2) It searches the ISO folder for DJ Max Clazziquai Edition ISO and deletes it. It corrupts Clazziquai Edition save games. It is unable to detect a Clazziquai CSO.

3) It tries to delete its own ISO (Black Square), this doesn't happen consistently.

4) It scans the file names in the ms0:/SEPLUGINS folder. If any of the seplugins files have 'iso' in the file name, then it exits to XMB immediately. E.g. if you have a plugin called blablaiso.prx it will exit to XMB.

With the cracked executable, only check (4) is still active.
Click to expand...

Those are pretty shady tactics. I wonder if it is actually legal? Because then the game is acting sort of like a rootkit or a trojan.
 
eldiablov

eldiablov

Contributor
Im almost certain sony would have changed the terms and conditions of an update to accomodate these tactics.
 
Hellcat

Hellcat

Contributor
They shouldn't delete any files, that's a touch too far IMO.... for the rest, it's pretty neat, yet way too simple :p
 
Cryox

Cryox

Bro.
wow, that's good to know... but couldn't that be removed in something like UMDgen or can the game not run without it..?
 
You must log in or register to reply here.
Top