   _________SWAT MAGAZINE ISSUE TWENTY FOUR: DECEMBER 1999_________
  /         \___________________________________________/          \
 /	   Commercial CD protection and how to bypass it            \
/                      by -=The Firestarter=-                        \
-----------------------------------------------------------------------

Chances are that some of you will hope to get a CD-R or a CD-RW this
christmas in the hope of making a fortune bootlegging CD's to friends
and such like, well i figured that i will share some of my pirating
knowledge with you and explain some of the protection methods used
by many companies in the hope of keeping us from copying there precious
software that they insist on selling for astronomical ammounts of cash
to th general public, i will also be describing some ways in which to
bypass these copy protection methods!

SecuROM:

This was developed by sony, in the root directory of the CD there will
be the following files: CMS16.DLL CMS_95.DLL and/or CMS_NT.DLL
SecuROM is used to identify genuine CD's using some special 
autentification method, but like most copy protection methods, us
pirates are one step ahead of them and a number of patches for all
versions of SecuROM e.g

Version      Patch
SecuROM R1:  Generic SecuROM R2
SecuROM R2:  Generic SecuROM R3
SecuROM R3:  Generic SecuROM R4 v1.1
SecuROM R4:  Generic SecuROM R5 v5.1
SecuROM R5:  Generic SecuROM R5 v6.0

SafeDisc:

Developed by C-Dilla and Macrovision Corpotation, the following files
will exisit on every original CD: 00000001.TMP, CLCD16.DLL, CLCD32.DLL
and most important CLOKSPL.EXE there will always be files called 
game.exe and game.icd the .icd file is the original game and the .exe 
is a loader containing bits of the SafeDisc protection.
SafeDisc technology is a software based protection solution that 
doesn't involve fucking around with the actual CD (e.g by using
Physical Errors - see below) or the CD-R hardware, it uses a 
combination of authenticating digital signature embedded on the disk
as well as an encryption wrapper that secures the contents of the CD.
The signature can't be copied by CD-R's.
There are a few CD-R's out there that will allow you to do 1:1 copy's
of the CD's without using a patch to play the game, but once again
there is a patch out there (Generic SafeDisc Patch) that will strip the
protection from the program!

SafeCast:

Once again this was developed by those people at C-Dilla and 
Macrovision, there is no known method to currently detect this method
of protection (since it's quite new), there is also no known way to
copy CD's using this protection method! it was developed to help 
companies protect there pre-release software, once again this method
uses software based rotection rather than arseing around with the disk
and hardware. SafeCast allows the software developers compleate control
over the encryption process, once a publisher encrypts a disk they
can distribute the CD's and people have to contact them for a CD key
to play with teh program.
No doubt this protection method will be bypassed within the next few
months!

LaserLock:

This very hightech sounding protection method is a total bitch, while
it is possible to bypass it is still a pain in the arse, there will be
a directory on the orignial CD called LASERLOK that contains files with
shitloads of unreadable errors, since there is no generic patch for
this ita a case of searching the net for your particular CD patch,
on some occations using the "Ignore Read Error" on Nero can bypass this
error, you can also copy the unreadable files using a HexEditor, this
way all readable parts of the file are copied.

ProtectCD:

Currently this is a very rare protection method, and thusly i don't
have much information on it, all i do know is that it works togeather
wil CD-Wizard (gold and pro) and creates pre masters, CD's that are
created from these master disks can't be copied with your bog standard
CD-R's.

CD-Cops:

When you run the main exe files a window will appear with the words
"CD and COPS" in the title, the instalation directory will have files
that have the extention .GZ_ and .W_Z as well as a file called 
CDCOPS.DLL, in some cases the CD-Copts Decrypter will allow you to copy
the CD. Fortunatly most of the software that uses this method is
Italian which is good news if you live here in the UK! (mainly because
i don't erally know much about cracking it).

DiscGuard:

The following files will exist on the original CD or installation
directory: ISOLINK.VXD and ISOLINK.SYS, unfortunatly there is no
generic patch for this, so like LaserLock it's a case of searching the
net for a patch.

MusicGuard:

Well it was gonna happen sooner or later, they developed things to
protect Music CD's, luckily this method has not been used, but when it
does i have the confidence that CD rippers will be developed to bypass
this protection method.

The Bongle:

Don't ask! you need specific patches for this one. The Bongle is used
for networks and requires additional hardware attached to the computer
to actually run the CD.

CopyLok:

Another rare copy protection method, that is a good thing since i don't
think i know anyone how can crack this protection method. It took 16
years to develop and from a publishers point of view, well worth it,
hopefully as it begins to get used more it will be bypassed!

Overburn:

This is a technique used to burn more data to a CD than it is capable
of holding, example, a CD might contain 660mb of data, but a 74 minute,
650mb CD can't hold that much data, of course using 80 minute 700mb CDs
you are able to get around this, but what about CD's that contain 710mb
of data? OMG whatever shall we do? Well luckily there is a wide range
of software out there taht can overburn CD's, but ofcourse does your
CD-R support Overburn? most newer models do, so i wouldn't worry about
it too much. Software that can overbun is: Nero, CDRWIN, CD Wizard or
DiskJuggler, my prefered is Nero. A good example of Overburning CD's
is when i had to copy a 715mb CD, i overburned it using Nero to a 650mb
CD (no joke, i used 650mb Imitation CD's). Overburn is not a very
effective method of protecting CD's!

Illegal Table of Contents (TOC):

This method used to return errors to CD-R software, this would usually
waste the CD that you where using to copy to (has happened to me a few
times in the past). If you look at a CD and there apprears to be a
second data track on the CD-ROM (it's normally after audio tracks),
since CD ISO standards don't allow this, hece the Illegal TOC, most of
the time the second data track points to the first data track or parts
of another track.
So how do we bypass this nasty piece of copy protection? well when
copying it with Nero select the "Ignore illegal TOC error" and hit the
burn button, it will happily bypass this error and run off a nice copy
for you!

CD Lock:

Fucking huge files (over 600mb) in the root of the CD. I don't know who
the hell thought of this type of protecton, normally it's used along
with Illegal TOC. Now this huge file (or several files) will point to
random parts of the CD, the parts it points to are usually being used
by other files on the disk, when you try to copy the CD to your hard
drive or making an attempt to burn the CD, it will apprear that the CD
image is a lot bigger than it really is (trust me, NOBODY can fit 2gb
on a CD, and it looks kinda strange when the CD's image is that big!)

So how do we bypass this problem? Overburn and 80 minute CD's does the
trick!

Physical Errors:

I really do hate this kind of protection, CD's are physically damaged
in order to make a copy since mosr CD-R's are not able to copy them
and will stop reading the CD and waste the one you where copying
(yes i'm one of the unfortunate bsadards who's CD-R can't read them),
the few CD-R's that can actually copy them will take a long time (1 to
8 hours, no joke!). 
There is a program out there called BlindRead that will VERY helpful
in copying CD's with physical errors, this can aid those of us who's
CD-RW's can't copy such CD's, Blindread won't however support File Lock
so just hope that they aren't used that method as well to protect there
CD's!

Playstation CD's:

These use Bad Blocks and Country-Code Lockout, this kind of protection
is obsolete now, simply get some PSX copying software (or use Nero!),
run off a copy, slap it in a chipped playstation and away you go!

Sega Dreamcast GD-ROM:

Don't get your hopes up here, these are bitch, they can hold up to a
gigabyte of information because the pits are packed closer togeather
to store more data, GD-ROMS have 2 data tracks, the first is between
10 and 50mb big and can be read with normal CD-R's, the second is a
hell of a lot bigger and can't be read, i have heard that it is
possible to copy GD-ROMS using packet writing software, but this will
only be possible until the GD-ROMS start using the second high density
track. So for the time being GD-ROMS are farily safe!

As a rule, if it can't be cracked - it's only a matter of time!