A list CD cracking uncovered protection against unsanctioned CD copying
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.01 MB, 661 trang )
CDCracking
Uncovered:
ProtectionAgainst
UnsanctionedCD
Copying
byKrisKaspersky
A-List©2004(300pages)
ISBN:1931769338
Aimedatshareware
andcommercial
software
programmers,aswell
asusersinterestedin
CDprotection,this
bookwillhelpreaders
defeathackersand
crackerswhotryto
copyCDswithout
authorization.
TableofContents
CDCrackingUncovered—Protectionagainst
UnsanctionedCDCopying
Preface
Introduction
OntheCD
PartI-CDAnathomy
Chapter1 - CDOrganization
Chapter2 - PowerofReed-SolomonCodes
PartII-Low-LevelControloverHardware
Chapter3 - PracticalAdviceonUrgentSystem
Recovery
Chapter4 - InterfacesforInteractionwiththe
Hardware
Chapter5 - MethodsofRevealingProtection
Mechanisms
PartIII-ProtectionagainstUnauthorizedCopyingand
DataRecovery
Chapter6 - Anti-CopyingMechanisms
Chapter7 - ProtectionMechanismsforPreventing
PlaybackinPCCD-ROM
Chapter8 - ProtectionagainstFile-by-FileDisc
Copying
Chapter9 - ProtectionMechanismsBasedonBinding
toStorageMedia
Chapter10 - DataRecoveryfromCDs
ListofFigures
ListofTables
ListofCodeExamples
CDContent
CDCrackingUncovered:Protection
AgainstUnsanctionedCDCopying
byKrisKaspersky
A-LISTPublishing©2004(432pages)
ISBN:1931769338
Aimedatsharewareandcommercialsoftware
programmers,aswellasusersinterestedin
CDprotection,thisbookwillhelpreaders
defeathackersandcrackerswhotrytocopy
CDswithoutauthorization.
BackCover
AmanualonprotectingCDsagainstillegalcopying,
thisbookshowshowcrackerscopyCDsusingvarious
accessmethods.Themethodscoveredincludethe
CDFSdriver,cookedmode,SPTI,ASPI,theSCSIport,
andtheMSCDEXdriver.Explainedishowtoprevent
crackerbreak-insusingprotectionsbasedon
nonstandardCDformatssuchastheCDdriverand
weakCDsectors.InformationonCDfunctioning
fundamentalsandtipsrelatedtoCDprotectionina
formatfreeofmathandassembling-suchasdata
formats,thescrambler,theReed-Solomon
coder/encoder,theCIRCcoder/encoder,andaweaksectorsgenerator-arealsoprovided.Themainprogram
interfaces,whichprovidedirectcontrolviaperipheral
devicesontheapplicationlevelinUNIX,Novell,and
Windows9x/NT/2000/XP,areconsidered,asishowto
readandwriteRAWsectors.
Afterreadingthisbook,readerswillknowhowto
changetheformatofaCDtomakeitaccessiblefor
readingand/orwritingonmostCDdrives,butnot
accessibleforcopying.
Aimedatsharewareandcommercialsoftware
programmers,aswellasusersinterestedinCD
protection,thisbookwillhelpreadersdefeathackers
andcrackerswhotrytocopyCDswithout
authorization.Itistargetedatadvancedusersaswell
asapplicationsystemprogrammers.
AbouttheAuthor
KrisKasperskyisanITconsultantworkinginsecurity
andsystemprogramming.Hespecializesinissuessuch
ascompilerdevelopment,optimizationtechniques,
securitymechanismresearch,real-timeOSkernel
creation,softwareprotection,andthecreationof
antivirusprograms.HeistheauthorofHacker
DisassemblingUncoveredandCodeOptimization:
EffectiveMemoryUsage.
CDCrackingUncovered—Protectionagainst
UnsanctionedCDCopying
KRISKASPERSKY
alist
©2004byA-LIST,LLC
Allrightsreserved.
Nopartofthispublicationmaybereproducedinanyway,storedina
retrievalsystemofanytype,ortransmittedbyanymeansormedia,
electronicormechanical,including,butnotlimitedto,photocopying,
recording,orscanning,withoutpriorpermissioninwritingfromthe
publisher.
A-LIST,LLC
295EastSwedesfordRd.
PMB#285
Wayne,PA19087
702-977-5377(FAX)
Thisbookisprintedonacid-freepaper.
Allbrandnamesandproductnamesmentionedinthisbookare
trademarksorservicemarksoftheirrespectivecompanies.Anyomission
ormisuse(ofanykind)ofservicemarksortrademarksshouldnotbe
regardedasintenttoinfringeonthepropertyofothers.Thepublisher
recognizesandrespectsallmarksusedbycompanies,manufacturers,
anddevelopersasameanstodistinguishtheirproducts.
CDCrackingUncovered:ProtectionagainstUnsanctionedCDCopying
ByKrisKaspersky
ISBN:1931769338
04057654321
A-LIST,LLC,titlesareavailableforsitelicenseorbulkpurchaseby
institutions,usergroups,corporations,etc.
BookEditor:ThomasRymer
LIMITEDWARRANTYANDDISCLAIMEROFLIABILITY
A-LIST,LLC,AND/ORANYONEWHOHASBEENINVOLVEDINTHE
WRITING,CREATION,ORPRODUCTIONOFTHEACCOMPANYING
CODE(ONTHECD-ROM)ORTEXTUALMATERIALINTHISBOOK
CANNOTANDDONOTGUARANTEETHEPERFORMANCEOR
RESULTSTHATMAYBEOBTAINEDBYUSINGTHECODEOR
CONTENTSOFTHEBOOK.THEAUTHORSANDPUBLISHERSHAVE
WORKEDTOENSURETHEACCURACYANDFUNCTIONALITYOF
THETEXTUALMATERIALANDPROGRAMSCONTAINEDHEREIN;
HOWEVER,WEGIVENOWARRANTYOFANYKIND,EXPRESSED
ORIMPLIED,REGARDINGTHEPERFORMANCEOFTHESE
PROGRAMSORCONTENTS.
THEAUTHORS,PUBLISHER,DEVELOPERSOFTHIRD-PARTY
SOFTWARE,ANDANYONEINVOLVEDINTHEPRODUCTIONAND
MANUFACTURINGOFTHISWORKSHALLNOTBELIABLEFORANY
DAMAGESARISINGFROMTHEUSEOF(ORTHEINABILITYTO
USE)THEPROGRAMS,SOURCECODE,ORTEXTUALMATERIAL
CONTAINEDINTHISPUBLICATION.THISINCLUDES,BUTISNOT
LIMITEDTO,LOSSOFREVENUEORPROFIT,OROTHER
INCIDENTALORCONSEQUENTIALDAMAGESARISINGFROMTHE
USEOFTHEPRODUCT.
THECD-ROM,WHICHACCOMPANIESTHEBOOK,MAYBEUSEDON
ASINGLEPCONLY.THELICENSEDOESNOTPERMITITSUSEON
ANETWORK(OFANYKIND).THISLICENSEGRANTSYOU
PERMISSIONTOUSETHEPRODUCTSCONTAINEDHEREIN,BUTIT
DOESNOTGIVEYOURIGHTOFOWNERSHIPTOANYOFTHE
SOURCECODEORPRODUCTS.YOUARESUBJECTTOLICENSING
TERMSFORTHECONTENTORPRODUCTCONTAINEDONTHIS
CD-ROM.THEUSEOFTHIRD-PARTYSOFTWARECONTAINEDON
THISCD-ROMISLIMITEDTHERESPECTIVEPRODUCTS.
THEUSEOF“IMPLIEDWARRANTY”ANDCERTAIN“EXCLUSIONS”
VARYFROMSTATETOSTATE,ANDMAYNOTAPPLYTOTHE
PURCHASEROFTHISPRODUCT.
Preface
ThisbookisapracticalguidetoprotectingCDsagainstunauthorized
copying.Itisorientedtowardawidereaderaudience,includingadvanced
usersandapplicationandsystemprogrammers.
Itisnotnecessarytohaveexpensivespecializedequipmentorbea
securityexperttocreatestrong,inexpensive,andreliableprotection.All
thatyouneedtoachievethisisalow-endCDrecorderandacoupleof
eveningsfreefromotherwork.Thisbookprovidesadetaileddescription
ofCDstructureandwillletyouintoalotofsecretsknownonlyto
securityexperts(andnoteventheyknowthemall),explainingallthisin
simplelanguage,withouthighermathematicsandpracticallywithout
Assemblerlanguage.Thisisthebook’smainuniquefeature!
Whilereadingthisbook,youwilllearnhowtoinvalidatethediscformatin
ordertomakeitreadable(thatis,playable)onmostCD-ROMdrives,but
practicallyimpossibleforanycopiertocopy,andhowtobindtothe
physicaldiscstructuresothatcopiersareunableeithertoreproduceor
imitateit.You’llalsolearnaboutthephysicalandtechnicallimitationsof
low-endrecordersandhowtousethesetoachieveyourgoals.
AlsocoveredwillbethecontroloverCDdrivesandrecordersatalow
levelandhowtogetthemaximumcontrolallowedbyspecificdrive
modelsoverCDs.Allcircumstancesbeingequal,adiscprotectedusing
high-techdrivecannotbecopiedbyallotherdrives.Thebookprovides
detailedinformationonthedifferencesbetweendrivemodelsandwhich
characteristicsdeservethemostattentionwhenchoosingadrive.
ThebookalsodiscussespracticallyallcommercialCDprotectionpackets
availabletoday.Itliststheirimplementationerrors,“thanks”towhichthe
copyingofprotecteddiscsisstillpossible.Theauthoralsosuggests
severalprotectionmechanismsthattakeintoaccounthisownbitter
experienceandthatofhisfriendsandcolleagues.Theseprotection
mechanismscannotbecopiedusinganyofthecopiersthatexisttoday.
Withregardtocopiers,hereyou’llfinddetaileddescriptionofthemost
popularprotectedCDcopiers:CloneCDandAlcohol120%,which,
accordingtotheirdevelopers,“cancopypracticallyanyprotecteddisc,
providedthattherightcombinationofCD-ROMandCDrecorderis
chosen.”Theauthordemonstrates,usingpracticalexamples,thatthisis
notactuallythecase,andsuggestssomeprotectionmechanismsthat
cannotbecopiedbyCloneCDand/orbyAlcohol120%.
Finally,thebookexplainshowtocreateaprotectedCDcopieronyour
own,makingthereplicationofprotecteddiscsamucheasiertask.
Introduction
CDprotectionisimportanttodayasneverbefore.Thewidespreaduseof
low-endrecordersallowedanyusertoduplicatediscsinalmostmassproductionquantities.Thelion’sshareofexistingdiscshasnotbeen
purchasedbecauseuserssimplyborrowthemfromtheirfriendsor
colleagues.Atthesametime,mostsharewareprogrammersdistribute
theirproductsonCD-Rdiscsbymail,whichconsiderablycomplicatesthe
hacker’stask.Iftheprogramisnotfreelyavailable,howcanitbe
cracked?
Asaresult,usersareinterestedincrackingprotecteddiscs,while
developershavetheoppositegoal,namely,protectingCDsagainst
cracking.Thisbooksatisfiestheneedsofbothgroups.Itexplainshowto
crackpracticallyanycurrentlyexistingprotectionsoftwareandsuggests
arangeofnewprotectionmechanismsthatvirtuallycannotbecracked.
CDprotectionagainstcopyingcontainsalargeamountofmaterialthat
hasneverbeenpublishedbefore.Itprovidesthereaderwithdetailed
informationonCDstructureanddiscloseslotsofsecretsknownonlyto
professionals(andnoteventoeveryprofessional).Atthesametime,the
authortriestopresentthismaterialinanaccessibleform,without
excessiveuseofhighermathematicsandpracticallywithouttheuseof
Assemblerlanguage.
Havingreadthisbook,thereader(evenwithnospecialtraining)willlearn
howtocreatediscsthat,inprinciple,cannotbecopiedbecauseofthe
hardwarelimitationsofcontemporaryCD-R/CD-RWrecorders.Besides
this,thereaderwilllearnhowtoavoidconflictswithnon-standard
equipment,asaresultofwhichprotectionmechanismsrefusetoworkor,
evenworse,damagetheuser’sequipment.
Thebookisorientedtothewidespectrumofreaders,sothereader
doesn’thavetohaveanypreviousexperienceorbackgroundknowledge.
ThereadermightevenlackknowledgeofthesectorstructureofaCDROM(bytheway,99percentofprogrammersdon’tknowmuchabout
thiseither).Alloftheinformationnecessaryforunderstandingthe
principlesofCDoperationisprovideddirectlyinthebook,andreferences
tothird-partysourcesareminimal.Thereaderdoesn’tneedtobea
programmer,becausealloftherequiredutilitiesfortheanalysis,
protectionandcrackingofCDsaresuppliedalongwiththebook.These
copiers,developedbytheauthor,willmakeallworkautomaticallyforthe
reader.Thus,thebookisworthpurchasing,ifonlyforofthecontentsof
thecompanionCDalone.
Atthemost,thereadermustbefamiliarwithmathematicsatthe
Universitylevel,knowhowtousedisassembler,andbeabletoworkwith
CandAssemblerprogramminglanguages.Ofcourse,readingthisbook
won’tmakeyouaguru,butyou’llstillacquirealmostunlimitedpower
overCDsandbeabletodowhateveryoulikewiththem.
NotationConventions
Topreventconfusionandatthesametimeavoidunnecessaryverbosity,
thebookwilluseseveralnotationconventions,whicharebrieflyoutlined
below:
NECdrive—_NECCD-RWNR-9100A,firmwareversion1.4
ASUSdrive—ASUSCD-S500/A,firmwareversion1.4
TEACdrive—TEACCD-W552E,firmwareversion1.09
PHILIPSdrive—PHILIPSCDRW2412A,firmwareversion1.5
Alcohol120%—anexcellentcopierofprotectedCDs,ashareware
versionofwhichcanbedownloadedfrom />Thisautomaticallycracksmorethanhalfofallcurrentlyexistinganticopyingmechanismsandallowsyoutomountimagesofprotecteddiscs
dynamicallytoavirtualCD-ROMdrive,whichisveryconvenientforthe
purposeofexperimentation.Unfortunately,only“correct”imagescanbe
mounted,andmostimagesinprotecteddiscscannotbeclassifiedas
such.
CloneCD—agoodcopierofprotecteddiscs,asharewareversionof
whichcanbedownloadedfromCopyingprotected
discsincompletelyautomaticmodeis,ofcourse,notthestrongestpoint
ofCloneCD.Itcouldbemoreaccuratetosaythatitcopeswiththistask
poorly.However,aftermanuallytweakingtheprogramsettingsandthe
imageoftheprotecteddisc,italsocancopyoverhalfofallexisting
examplesofprotectionmechanisms.ButtosaythatCloneCDcan
“crack”practicallyanytypesofprotectionwouldbefarfromaccurate.
HistoricalAspect
ThefirstattemptstoprotectCDsagainstcopyingwereundertakenin
early1990s.CDrecordersdidn’texistatthattime,anddevelopersmainly
hadtopreventunauthorizedcopyingofCDcontentstoharddisk.But
whataboutpirates?youmayask.Yes,piracyalwayshasbeenand
remainsaseriousproblem.However,attemptsatstoppingpiracyby
softwareprotectionare,atleast,naive.Thosewhoreplicatediscsin
commercialquantitiesalwaysemployateamofexperiencedhackers
whocracktheseprotectionmechanismswithoutanyrealeffort.The
intellectualpotentialof“cracking”teamsintheseclandestineenterprises
ispracticallyunlimited.Theyalwaystrytoemploytheverybest(Iknow
thisfrompersonalexperience,becausesomeyearsago,beforethe
adoptionofappropriatelaws,Ialsoworkedonateamlikethis).The
financialfactor,bytheway,isnottheprimaryonehere.Hackerswerenot
paidlargemoney,andhadtoworklikeslaves.Theworkitselfwaswhat
attractedthem.Whereelsecouldyougetacquaintedwithsuchalarge
numberofvariousprotectionmechanismsandlearnhowtocrackthem?
Tobehonest,Ihaveexaggeratedabitindiscussingthevarietyof
protectionmechanismsavailable.Atthattime,the“variety”includedtwo
maintypesofprotection:LaserLockand“codewheel”.Withthearrivalof
CDrecorders,theimportanceofprotectionagainstcopyinggrew
considerably.Asaresult,theybegantogrowlikemushroomsaftera
warmrain.Bythebeginningof2003,therewerealreadymorethan50
variousprotectionmechanismsavailableonthemarket.Themajorityof
theseweremarketedonthebasisofthe“know-how”oftheirdevelopers.
However,mosthackers,havinganalyzedoneoftheseprotectionsusing
adisassembler,begantofeelnostalgicfordaysgoneby,whensoftware
cameondiskettesandoneoutofeverytwoexampleswasprotected.
ContemporaryCDs,ofcourse,aredifferentfromold-fashioneddiskettes.
However,thetechniquesoftheirprotectionare,inprinciple,thesame!
Contemporaryprotectionmechanismsusethemainlyfollowingmethods:
non-standardformatting,theintroductionofkeymarks,bindingtothe
discsurface,andweaksectors.Letusconsidereachmemberofthis
familyinmoredetail.
Non-standardformatting,ingeneral,consistsofintentionallyintroducing
specificerrorstopreventthenormalprocessingofinformation.For
example,ifweartificiallyincreasethelengthofeveryprotectedfileto
~666GBbycorrectingthelengthfield,anyattemptatcopyingsuchafile
toaharddiskwillfail.Atthesametime,theprotectionmechanismthat
knowsexactlywhereeachspecificfilestartsandendscanworkwith
themwithoutanyproblems.Naturally,suchaprotectionmechanismcan
behackedeasilybycopyingthediscatthesectorlevel.However,todo
this,thecopiermustknowtheexactnumberofsectorsavailableonthe
disc.Thedeveloperofaprotectionmechanismcaneasilytweakthedisc
structuressothatthedisclookseitherabsolutelyblankor,onthe
contrary,growsbeyondanyconceivablesize.Recordersthat
mechanicallyreadthediscTOCandblindlyrelyonthecorrectnessof
eachbyteofcontroldatawillfailimmediately.Moreadvancedexamples
willmanagetodeterminetheactualsizeofthediscthroughsomeimplicit
indications.Recordersofthistypewillmovetheopticalheaduntilthe
sectorsunderitremainreadablewhileitisbeingmoved.Let’sassume
thattheprotectionisusingacunningmechanismand“digsahole”
consistingofabunchofbadsectorsneartheendofthedisc.Some
recorderswillfallintothatpit,thinkingthattheyhavereachedtheend.
Somerecorderswon’tbedeceivedbythistrick,becausetheycarefully
analyzetheinformationreturnedbythedrive,whichshouldknowthe
causeofthereaderror—beittheactualendofthediscorsimplyabad
sector.
Someprotectionmechanismsplayevendirtiertricks,boldlywriting
irrecoverableerrorstotheoriginaldisc(whichmeansthattheseerrors
cannotbeeliminatedbythespecialerror-correctioncodesplacedonthe
CD).IfthisapproachisusedforprotectinganaudioCD,thismeansthat
itsplaybackwillbeaccompaniedbyendlessclicks.Thisdoesn’thappen
inpracticebecausethedevelopersofaudioplayershavemadethe
provisionofaspecialfilterthatdiscardsdatathataresuretobe
erroneousandusesinterpolationwhennecessary(inthiscase,the
currentsampleisrecreatedonthebasisoftheaveragedvaluesofthose
thatprecedeandfollowit).Naturally,thisdegradestheplaybackquality.
Mediamagnates,however,don’tgivemuchofadamnaboutthis,and,
realistically,thedegradationisn’tsignificant.However,thesituationis
differentwithregardtodigitalplayback.Earlyversionsofthestandard
instructedthedrivetoreportonlyoccasionswhereoneormore
irrecoverableerrorswereencountered,butdidn’tprovideany
mechanismsfor“marking”thefaultybytes.Sothedrivehasread2,352
bytesofdataanddetectedthatabouthundredofthemwereinvalid!What
next?Useinterpolation?Iftheanswerisyes,whatshouldweinterpolate
—whichbytebywhich?!Analyzethesignalmanually,searchingfor
“outbreaks?”Thisistoodifficultand,anyway,thequalityofthe“restored”
audiowillbeveryfarfromperfect.Itis,ofcourse,possibletotrygrabbing
theaudioflowfromthedigitalaudiooutput.However,mostlow-end
soundadaptersdonotsupportthiscapability.Evenifthiskindofsupport
isprovided,itisimplementedsopoorlythatmusicloverswouldbebetter
offsimplyshootingthemselves.Putsimply,darkcloudswithoutthe
slightesttraceofasunshinebegantogatheroverhackers.However,
everythingchangedaftermanufacturersbegantoofferCDdrives
capablenotonlyofsimplyreportingreaderrors,butalsoofreportingthe
positionsoferroneousbyteswithinthesector.Now,fullyfunctional
interpolationbecamepossibleattheinterfacelevel!Afterthis,software
grabbersexploitingnewpossibilitiesarrivedquickly.
Still,wearerunningaheadofourselves.Let’sreturntothatdistantpast
whentherewerenoCDdrives,evenintheprojectphase.Allsoftware
wasdistributedondiskettes(bothcopyrightandcopyleft).Bythattime,
everyonewhowantedtoprotecttheirdiskettesscratchedthemusingany
meansavailable:thosewhohadthenecessaryfinancialresourcesburnt
themagneticlayerusingalaser,whileotherssimplyscratcheditwitha
needleorrustynail.Allthatremainedtoensureprotectionwastocheck
whetherthesurfacedefectwaspresentinthepredefinedposition.
Copyingsuchadiskettewithoutspecialequipmentwasnotarealistic
task,becausenoonecouldplacethescratchesfromtheoriginalinthe
samepositiononthecopy.However,hackersunderstandingcontroller
portsquicklycameupwiththeideathat,iftheymodifiedthechecksumof
thekeysectors,thediskettewouldbereadwitherrors,despitethefact
thatitssurfacewasphysicallyintact!CDprotectionisbasedonthesame
method,andCDscanbecrackedusingthesameapproach.The
manufacturercanstuffthediscwithbadsectorsandchecktheir
presenceanytimetheprotectedsoftwarestarted.Thisgeneratedthe
followingproblems:first,noteverycopierwouldagreetocopyadisk
bearingphysicaldefects.Evenifitagreedtodowhatyouaskedit,you
wouldhavetowaitaverylongtimeforthecopyingprocesstobe
completed(everyoneisfamiliarwiththesnail’spaceofreadingdefective
sectors).Further,theresultingcopywouldbeunusable,becauseitdidn’t
containthedefectsinpredefinedpositions.
Lessthanintelligenthackerssimplyinvalidatethechecksumofthe
sector,thusmakingthedrivereturnanerror(naturally,therecording
drivemustallowustowritesectorswithachecksumerror,whichisnot
alwaysthecase).This,however,doesn’tsolvetheproblem.Afterall,the
disfiguredsectorisreadpracticallyimmediately,andtheprotection
mechanism,providedthatitisn’tabsolutelyuseless,candetecteasily
thatsomethingiswronghere.Or,asavariant,itcancarryoutlongsector
reading,meaningthatthesectorwithmodifiedchecksumwillbecome
readable.
Whatshouldacunninghackerdo?Thisquestioncan’tbeanswered
immediatelyorinsimplelanguage.Simplyspeaking,theCDformatis
suchthatthehigh-frequencysignalthatresultswhenreadingasequence
ofpitsandlandsunderanopticalheadhasnoreferencelevel.Forthe
drivetobeabletodetectwherethereisaminusandwherethereisa
plus,thenumberoflandsmustbeapproximatelyequaltothenumberof
pits.Ifsomespecificsectionofasectorcontainsonlypits,itwillbe
catastrophicallydark,andanautomaticamplifierwilltrytoincreasethe
laser-raypower,erroneouslyassumingthatthereissomethingwrong
eitherwiththediscorwiththeoptics.Inthiscase,anumberofthepits
willbeturnedintolandsandthedrivewillbeconfusedineveryrespect.
First,itwilltrytocarryoutrecalibration,dragtheopticalheadforsome
time,andonlythenwillitsadlyreportthatthissectorisunreadable.From
theprotectionmechanism’spointofview,thissectorwillappeartobe
damaged,although,atthephysicallevel,itssurfaceisintact.
Now,let’sreturntothemainaspect:Becausethedrivemustbeableto
recordanyimaginable(andevenunimaginable)datacorrectly,the
developersmustmakeprovisionsforamethodthatcanbypasssuch
unfavorablesituations.Infact,suchamechanismdoesexist!Toputit
simply,thereareseveralpossiblemethodsofencodingthedatabeing
writtentothedisc,andthedrivemustchoosethemostfavorableoptions.
Fortunately(orunfortunately),noteverydriveissoscrupulous.Sincethe
possibilityoftheunintentionaloccurrenceofunfavorablesequencesis
infinitelysmall,some(infact,many)drivesencodethedatausinga
singlepredefinedmethod.Consequently,thereisthepossibilityfor
simulatingfaultysectorsthatpracticallydonotdifferfromactualfaulty
examples.
Theprotectiondeveloperssawthisasagoldrush!Iftheycouldonly
speciallygleananunfavorablesequenceofbytes,thenaspecialized
drivewouldberequiredtowriteitcorrectly.Whencopyingsuchdiscson
anormallow-enddrive,theoriginalwouldbereadwonderfully,butthere
wouldbealotofbadsectorsonthecopyandtheduplicateddiscwould
beunusable.Sectorswithunfavorablesequencesbecameknownas
weaksectors.Tocopysuchsectors,itisnecessarytohavehigh-end
sophisticateddrivesfromwell-knownbrandmanufacturers.Butwhatif
youdon’thavesuchadriveatyourdisposal?Doesthismeanthatyou
areunabletocopysuchadisc?Theanswerisno!Iftheprotection
doesn’ttakeadditionalmeasures,thecopiercancomputeerrorcorrectingcodesforatrueunfavorablesequenceandthencorrectit
slightlyandwritetothedisc.Atthephysicallevel,suchasectorwillbe
readablewithoutanyproblems.Atthelogicallevel,thedrivewillrestoreit
toitsinitialformusingredundantcodes.However,iftheprotectionreads
thesectorinRAWmode,itwillimmediatelyrecognizetheforgery.
Therefore,noteverydisccanbecopiedusingthismethod.
Tounderstandtheconceptbehindthenextprotectionmechanism,we
mustreturntodiskettesonceagain.Thephysicalsurfaceofthediskette
isdividedintoconcentricringsnamedcylinders,andcylinders,inturn,
aredividedintosectors.Whenthereadheadmovesfromthelastsector
ofonecylindertothefirstsectorofthenextcylinder,itismovedsome
distanceawayduetodisketterotation.Consequently,thedrivemustwait
foranentireturntomeetthatsectoragain.Thosewhospentdaysand
nightsincomputingcenterscametotheideathatifthesectorsofeachof
thenextcylinderswereshifted,thespeedofthesequentialreadingwould
growconsiderably,becausetherequiredsectorwouldimmediatelybe
underthehead.Ontheotherhand,byrotatingthesectorsofdifferent
cylindersbycertainangles,wewouldachievecertainfluctuationsofthe
data-exchangespeed.Accordingtothesefluctuations,theprotection
mechanismwouldbeabletodistinguishaduplicatefromtheoriginal,
becauseaduplicatewouldn’tproducesuchfluctuations.
Nowlet’sreturntoCDs.Thereare,ofcourse,nocylinders,andthe
sequenceofsectorshasaspiralform.Headpositioningtothesectorsof
theadjacentspiraltrackturnsiscarriedoutbymeansofdeviatingthe
laserheadbyamagneticsystem(whichmeansthatittakesplacealmost
instantly).Positioningtoremotesectorsinvolvesthemechanismof
movingtheheadalongspecial“sliders,”whichrequiresconsiderable
time.Knowingthespeedofdiscrotationandhavingmeasuredthetime
requiredforpositioningtheheadtothesectorsoftheadjacentturnsof
thetrack,wewillbeabletofindtheanglebetweenthem,whichdepends
directlyonthespiral’sswirl.DifferenttypesofCD-R/CD-RWdiscshave
differentspiralstructures.Evenworse,thisstructureiscreatedbythe
manufacturer,whichmeansthatthediscsaresuppliedtothemarketwith
preliminaryformattingrequiredfororientationoftheCDrecorder.
Copyingadiscprotectedinthismannerisunrealisticand,therefore,itis
necessarytoemulateit.Thecopiermustcarefullymeasuretheangles
betweendifferentsectorsandrecreatetheinitialstructureofthespiral.
Theprocessofscanningthediscrequiresamonstrousamountoftime
(sometimes,severaldays).Theresult,however,isworthit.
Thedisccanalsohaveacatastrophicallynon-standardformat.For
instance,itcanhavesectorsofvariablelengths.Asaresult,some
sectorswillbereadfasterthanothers.Becauseeverychangeofthe
sectorlengthisimmediatelyreflectedinthestructureofthespiraltrack,
thecopierhastodealwithtwounknownvalues—theunknownangleof
thespiralswirlandanunknownsectorlength.Fromthemathematical
pointofview,thisequationcanhavemanypossiblesolutions.Onlyone
ofthem,however,iscorrect.Thecopiercan(andmust!)presentseveral
variantsofcopiestoallowustodecideonourown,whichofthemcracks
theprotectionandwhichdoesn’t.Unfortunately,nocopier,ofwhichIam
aware,iscapableofdoingthis.
Nevertheless,longsectorsrepresentastand-aloneentity,andsome
discsusethesesectorsalonefortheprotection.Thedarksideisthatno
CDburneravailableonthemarketallowsustocontrolthelengthsofthe
sectorsbeingwritten.Thereisonecluethough.Althoughwecannot
increasethesectorlength,wecanstillcreatetwosectorswithidentical
headers.Havingsuccessfullyreadthefirstofthetwosectors,wewill
ignorethesecond,butthevisiblesectorlengthwillbeincreasedtwofold.
Theweakspotinthistechnologyisthatwecanonlyincreasethesector
lengthbyavaluethatisamultipleoftwo.Evenworse,noteverydrive
providesthispossibility.Somedrivessimplyrefusetowritetwinsectors.
Nowlet’sdiscusskeymarks.Besidestheuserdatasectorarea,whichis
copiedbypracticallyallcopiers,therearenumerouslocationsonCDs
whichhavebeenpoorlyinvestigated.First,therearesubcodechannels.
Thereareeightofthesechannelsintotal.Onestoresserviceinformation,
accordingtowhichthelaserheadisoriented,thesecondstores
informationaboutpauses,andtheremainingsixchannelsarefree.
Standardcopiersdonotcopythem,andnoteveryburnerprovidesthe
possibilitytowritethem.Thesechannelsareexactlywhereprotection
mechanismsinsertkeymarks!
Bytheway,subcodechannelsarestoredindependentlyonthemaindata
channel,andthereisnodirectcorrespondencebetweenthem.First,
whenreadingthesubcodechannelofsectorX,thedrivecanreturnthe
subchanneldatafromanyofneighboringsectorsatitsdiscretion.The
secondimportantfactoristhatmostdriveshaveverypoorstability
characteristics,and,whenreadingsubchanneldatafromsectorsX,Y,
andZ,canreturnthedatafromX,X,X,orY,Z,X,orY,Z,Z,oranyother
combination.Let’sassumethatthesubcodechannelofoneofthe
sectorscontainsakeymark,andwearetryingtoreadit.Willwe
succeed?Notnecessarily.Ifserviceinformationismodifiedatleast
slightly,wewon’tbeabletodetermine,towhichsectorsthesubchannel
datathatwehavereadactuallybelongsorwhetherornotoursector
belongstotheirlist.Theonlywayoutistouseahigh-qualityCD-ROM
drivethathasgoodstabilitycharacteristicswhenreadingsubchannel
data.
Finally,CD-R/CD-RWdiscsaresignificantlydifferentinsome
characteristicsfromthereplicatedmechanicallystampedCD-ROM.Is
thereanyneedtointroduceATIP?Asidefromthis,therealsoissuch
thingasTDB(TrackDescriptorBlock),where,amongotherinformation,
thereislaserpowerandothersimilardata.Naturally,CD-ROMdiscsdo
notcontainanythingofthesort.ItisimpossibletofalsifytheCD-ROM
discnaturedirectly.However,therearemanyutilitiesthatinterceptall
attemptsataccessingthedriveandreturnexactlywhatweneedinstead
oftheactualinformation.
Atthispoint,let’scompleteourbriefoverviewofprotectionmechanisms.
Furtheron,eachofthemwillbeconsideredanddiscussedinmoredetail.
NotethatbypassingtheprotectionagainstCDcopyingisnotthesame
thingascopyrightviolation!Thelawsofmanycountriesexplicitlyallow
thecreationofbackupcopiesoflicensedmedia.Atthesametime,there
isnoexistinglawthatprohibitsthe“cracking”oflegallypurchased
software.Licenseagreementscanprohibitwhateverthemanufacturers
like.Theyhave,however,nolegalstatus.Byviolatingalicense
agreement,youautomaticallycancelthecontractwiththesoftware
vendor,whichmeansthatyoumakevoidallwarrantiesandprivileges
thatthevendorpromisedyou.Thisisapproximatelythesamethingthat
overclockersdowhentheycutspecificprocessorpinstounlockits
frequencymultiplier.Youwon’tlandincourtifyourprocessordiesin
cloudsofsmoke.However,nooneisgoingtoreplaceyourburnt-out
specimen.Youcanonlybeprosecutedbylawifyoustarttodistributethe
crackedsoftware.Thisisarisk,therefore,thatIdon’tadviseyoutotake.
