Into our days companies CD protection methods are increasing and try to
be always 1 step ahead from people who try to make copies of it. Here you will
find out the latest news about CD protection methods and if they really work.
What is copy protection?
The binary information can always be copied, so the manufacturer makes
the operation of his program dependent on the presence of some physical key
which cannot be copied. He does this by changing his software so that it cannot
run unless some sort of initialization is performed, adds additional program
code, called the guard module, which carries out the necessary initialization
if and only if it detects the presence of the physical key. In a few words :
"Copy Protection is a modification to the original code to make it dependent
on some external action, a guard module to provide the necessary action when
it detects the key & the key itself."
How does it work?
All copy protection schemes must have these three parts in order to work.
If any part is missing, the scheme fails :
Dependency on External Action
The original software must be changed in some way so that it will not run without
the action of the guard module. This could consist of merely including calls
to the guard module in the software. However, the best way of making the software
initialization dependent is to encrypt it. Encryption means taking the code
and scrambling it so that it cannot run and is no longer recognizable.
The Guard Module
This is the code that restores the software to executable form or in some other
way initializes the software and allows it to run. It must do this only when
the key is present. When the guard module is satisfied that the key is authentic,
it initializes the software and executes it. Besides the function of recognizing
the key and restoring the software to executable form, the guard module must
do its job in complete secrecy.
It must be impossible to see what it does, impossible to imitate
what it does and impossible to trick it into doing its job when the key is not
really present. This is called code security. Unless, the guard module itself
is protected in some way, usually by encryption and debug-trapping, the protection
can be disabled, and the software made to run without the key.
The Physical Key
This is the actual physical device or object that must be present as proof of
ownership and the right to use the protected program. The key can take on many
forms: an original CD, a key diskette, a dongle or a "smart card".
What makes the software dependent on Guard Module?
There are various ways to do this, though techniques which do not include
encryption cannot be considered very safe : Building in Calls to the Key Check,
Which are the Guard Module functions?
What are the various kinds of physical keys?
Other Hardware ( plug-in board,smart cards)
Personal Characteristics (finger prints, voice prints or retinal images)
So how do people manage to break it? What they do?
- Reverse Engineering
By disassembling the program and finding out how it works, another programmer
might use the principles involved to write his own program without actually
copying the program itself. This process is time consuming and difficult.
- Creating a "Cracked Copy"
If the protection can be disabled, the software will run without the key. The
idea is to either peel off the guard module or find some other way to defeat
it, so that the protection check is never made, but the initialization is made
anyway. This is very easy now since CloneCD can copy most of current CD Protections.
- Copying the key
If this can be done easily, it is almost as good as creating a cracked version.
Dongles and diskettes with physical holes are extremely difficult to copy; for
all practical purposes they cannot be copied. Key diskettes made from normal
diskettes can or cannot be copied depending on the degree of sophistication
of the diskette and of the equipment attempting to copy it.
Commercially available copying boards can defeat many protection
schemes. For the serious pirate, there is the synchronized bit copier which
moves every bit directly from one diskette to another, using electronically
synchronized drives. This can copy all but the very best key diskettes.
- Fooling the Protection
A memory-resident program can be installed which makes the guard module "think"
the key is present. If, for example, the guard module checks the key diskette
or dongle by way of the system BIOS, a filter can be set up to watch the interrupt
and intervene when the key check is made, feeding false input to the guard module
and simulating the expected signals.