SecuROM – The PC CD-ROM DRM that broke games | MVG
The early days of PC gaming on DOS and Windows were great. Most games took up less than a single megabyte and could fit on a floppy disk. By the time DOOM came out in 1993, VGA graphics were standard and game storage had increased. Games would come on multiple discs, as much as five or six for some of the larger games. Floppy disks were the main source of media storage that is until 1993 when Brøderbund released Myst. Initially a Mac only title, but it was a game that sparked sales of CD-ROM drives. And on the PC, the game 7th Guest by Trilobite was regarded as the killer app and was responsible for kick-starting the sale of PC CD-ROM drives and making it a standard. It was a multimedia experience like no other and the CD revolution was among us. By the time Windows 95 was released, PC CD-ROM drives were standard on every computer that you would purchase in stores. But just like the consoles games on the PC were no stranger to software piracy. Floppy disk games were simple to copy even with unreadable sectors on the disc. Games were cracked in a matter of hours and spread around the world on FTP sites and bulletin boards. With CD-ROM games taking over as the standard, software publishers came up with different ways to stop end-users attempting to duplicate or make copies of the discs. During the first few years, this wasn’t a problem. But as CD burners were first revealed in the mid-90s, although initially expensive and slow it wasn’t long before they became affordable and a part of any standard PC setup. One of the earliest forms of CD-ROM copy protection was to press CDs with more data than a regular CD-R could hold. A standard CD holds around 700 megabytes of data but some games came on discs that held more data. This meant that you couldn’t copy the entire disc. This approach was flawed for two reasons. The first is that usually that the extra data found on the disk was just filler and could have just been removed and a normal sized CD was burnt anyway. The second was that CD burner technology was improving at a rapid pace and was capable of what was known as over-burning the additional data and made a copy of the disk anyway. Another approach was to use what was known as a fake table of contents. Like floppy disks CDs contain metadata about the size of the disk, the files contained on it, how large they are, their time stamps and more. This information is known as the TOC or table of contents. Some games introduced a fake table of contents to trick Windows into believing that the disk contained over 1 gigabyte of data and confuse the CD writer into believing that it couldn’t copy the disk. Tomb Raider 3 was one such game. But these methods were crude implementations to stop casual copying. But dedicated cracking groups were able to circumvent these protection methods pretty easily. So companies started to innovate and get more advanced in copy protection and one of the most infamous forms of copy protection that was released in the late 90s was known as SecuROM. SecuROM was the next generation of CD disk protection under Windows and was originally introduced in the late 90s. It was one of the most well known copy-protection methods and was developed by Sony which had a fabrication plant in Austria where they had technology that pressed CDs with data that could not be copied by CD-Rs. The security itself is straightforward. The mastering process assigns a unique key to each individual CD which is stored in the sub channel data. This key cannot be copied by a CD burner. When a game has started it attempts to retrieve the key and use it to decrypt parts of the executable. If the key cannot be located or any other condition then the SecuROM check fails, the disc must have been copied It’s also worth noting that the CD must be kept in the CD drive to launch the game even though you installed it onto the PCs hard disk. While the method sounds simple and easy to bypass SecuROM was a much more sophisticated system than anything else before it. The way that it was ultimately cracked is as follows: Remember, when you put a copy of a SecuROM game into a CD drive and boot it, it simply exits. It just won’t boot. SecurROM, it doesn’t actually use the Windows API function to access the CD-ROM drive it triggers an interrupt from the Microsoft CD-ROM extensions or MSC Dex. The executable contains encrypted code and when launched this code is decrypted with the unique key on the disk and modifies itself into memory, but how do you modify code that’s already running? Self-modifying code is something that some games use in order to confuse and mitigate cracking attempts. With earlier operating systems like Windows 95, it was possible to modify any code resident in memory which can be achieved by a simple Windows API call such as WriteProcessMemory. A typical early SecuROM game calls WriteProcessMemory four times on an original CD but running a copy will only call it three times and fail. The earliest cracks essentially captured and decrypted output from these self modifying calls and by essentially replicating the decrypted output of the game by using a tool known as SoftIce the executable could be patched to return a zero on WriteProcessMemory. In other words, success on every single call and just apply the decrypted output inside the executable This meant that the game could start without a CD in the drive. These were known as the No CD Cracks and because a SecuROM CD contains no unreadable tracks on the disk it meant that you could make a copy of the disk and then download a No CD Crack for the game and play it that way. As with all anti-tamper methods SecuROM had problems, sometimes even with an original disc inserted it would not detect that the disc was in the drive, and in the worst case it would just flat-out not work at all with certain CD drive brands. There was really no way of knowing. it didn’t take long for SecuROM cracks to start coming out, and while each game required its own crack otherwise known as a No CD Crack, SecuROM itself was far from done. In fact, the company really doubled down on its product and started to introduce online authentication on top of the existing SecuROM CD checks. By the early 2000s many people had internet access. SecuROM began introducing online activation DRM on top of existing CD checks. These early versions were simply to validate that a legitimate key was being applied to the game but by the mid-2000s all that was about to change with one of the biggest PC releases to date. Will Wright was the developer of SimCity and The Sims. In 2005, he announced Spore, a real-time strategy guide game that allowed the player to begin life as a microscopic organism and journey all the way through interstellar exploration and beyond. Its massive scope, procedural generation, and open-ended sandbox style appealed to many especially strategy game enthusiasts. The game was a life simulation and Will Wright was at the helm. It even included music and sound produced by the legendary Brian Eno. The game suffered multiple delays during its development cycle. Perhaps it was too ambitious but was ultimately released in 2008 to generally positive reviews. Although the consensus was it may not have lived up to the hype, it was still a good game. Not so good however was the SecuROM. Spore had one of the most heavy-handed and frustrating online activation DRMs that left many users unable to play the game. And keep in mind that spore is a single-player game. Publisher Electronic Arts proudly announced that Spore would earn more in revenue by reducing piracy of the game and stopping the second-hand market. When the game was released, it required online validation every ten days. But due to the massive outcry this re-authentication was quickly dropped. Each legitimate copy of the game used a key that could only be authenticated on up to three computers. So even if you uninstall the game on all of your computers attempting to install a fourth time would fail, and it was also noted that the game needed to re-authenticate on the same system if some hardware was changed. For example, if you were replace to a graphics card or RAM it would constitute a different computer. In response to these complaints the cap was raised to five computers and after five activations then you would need to contact customer service who may or may not have granted further activations based on your situation. SecuROM was also not disclosed on the box and in September of 2008 a class-action lawsuit was filed against EA regarding the disclosure of the DRM which at this point ran just like a rootkit and remained on the hard drive and was very difficult to remove even when the game was uninstalled. In the end the DRM was cracked and Spore ended up as one of the most pirated PC games to date. Within the first week of release it was already downloaded over half a million times on torrent sites. Maxis developer Chris Harris labeled SecuROM on Spore a totally avoidable disaster. EA had learned their lesson from the whole situation and began selling the game with the SecuROM completely removed. But four months after the release of the game is a lifetime and sales by this point had slowed down to a trickle. The DRM completely killed off the game; it never stood a chance But Spore was not the only game. SecuROM with online activations were also used in popular EA titles including Mass Effect, Dragon Age, and Command & Conquer: Red Alert 3 and fast forward even to the last 5 years with the release of Windows 10 which still causes headaches for SecuROM games. Microsoft considers early DRM like SecuROM a security flaw and will not allow the games to be read from CD. Recall earlier that we said that the code modifies itself by attaching to its process and patching bytes. That’s something that’s a big no-no in Windows 10. So any SecuROM disk will simply not run without a no CD patch. Microsoft themselves consider SecuROM a vulnerability but the game publishers seem okay with providing customers with an unhappy experience in the short term to ensure that the first week of sales aren’t affected, but don’t consider the legacy of a game that you may want to reply ten years later. It just may not even work anymore thanks to their heavy-handed DRM measures, and I guess the last word should be if you bought and own a SecuROM game, you’ll always continue to have issues and you have my condolences. Thank God for GOG and no CD cracks. So there you have it guys. That’s the story of SecuROM the very heavy-handed DRM protection that started out as a CD copy protection mechanism and kind of transformed into this online activation DRM that really backfired for EA when Spore was released, and it really hurt their sales more than it helped and it was something that provided a poor user experience. And in the end it was just easier just to download a crack of the game and run it and enjoy it that way versus having to deal with customer support, activations and things like that and as we have seen, you know Electronic Arts still continues to use online activation DRMs although not SecuROM because SecuROM is no longer around as a company. But those techniques and methods are still with us even to this day. So if you are looking at buying PC games in this era, I would suggest checking out sites like GOG.com that offer DRM free versions of the same games like for example Cyberpunk 2077 will be on GOG.com next year completely DRM free. The Witcher 3 you can download as well so there’s many examples of DRM free games that I personally would recommend that you guys check out if you are interested in getting into PC gaming. Well guys, we’re going to leave it here for this video. Let me know what you thought about it in the comments below if you like this video, you know what to do. Leave me a thumbs up. And as always don’t forget to like and subscribe and I’ll catch you guys in the next video. Bye for now.