SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-04 05:35:49 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Begin SafeDisc 4 documentation (#354)

Browse Source 
* Begin SafeDisc 4 documentation

Starting off with just 4.00.000 since this needed a bit more groundwork to establish with the AuthServ checks.

* Add SafeDisc 4.00.001

* Add SafeDisc 4.00.002+4.00.003

* Add SafeDisc 4.50.000 notes

* Document SafeDisc 4.60.000-4.80.000

Also add new comment about the unknown version of SecDrv.

* Document SafeDisc 4.81.000

Found a new clcd16 file, which hasn't happened in a long time

* Document SafeDisc 4.85.000 and 4.90.000

Improve some comments and detections for other versions as well.

* Document the remaining SafeDisc 4 versions

Still needs some mild cleanup

* Add SafeDisc 4.91.000 clcd32 hash

* Add SD4/Lite notes
This commit is contained in:
TheRogueArchivist
2025-03-25 08:05:04 -06:00
committed by GitHub
parent 60a3a74862
commit c9194f18ef
2 changed files with 252 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
View File

@@ -33,6 +33,13 @@ namespace BinaryObjectScanner.Protection
///
/// SafeDisc Lite/LT is an alternate version of SafeDisc available that was based on SafeDisc 1 (https://web.archive.org/web/20030421023647/http://www.macrovision.com:80/solutions/software/cdrom/SafeDisc_WhitePaper_4-17-02-web.pdf).
/// Although seemingly only officially referred to as "SafeDisc LT", a multitude of sources, including one that seemingly worked directly with Macrovision, call it "SafeDisc Lite" (http://www.eclipsedata.com/insidepages.asp?pageID=149).
/// It doesn't typically require the disc after installation (unless game files are left on the disc in a minimal installation).
/// However, according to the white paper, Mac products can still choose to authenticate on each run.
/// According to the same white paper, it only uses some protection methods of normal SafeDisc without specifying which.
/// CDs still contain errors, though typically less (in the ballpark of ~100), and the white paper admits that DVDs with Lite are less secure due to not having this signature.
/// It's currently unknown if Lite actually uses an active disc check, or if it just relies on the errors to prevent copying of the disc.
/// SafeDisc Lite games are able to be installed and played in situations where bad sectors are not emulated (such as 86box v.4.2.1), meaning it likely doesn't actually check the signature.
///
/// Other protections in the Macrovision "Safe-" family of protections that need further investigation:
/// SafeScan (https://cdn.loc.gov/copyright/1201/2003/reply/029.pdf).
/// SafeDisc HD (https://web.archive.org/web/20000129100449/http://www.macrovision.com/scp_hd.html).
@@ -96,6 +103,12 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase))
return "Macrovision SecDrv Update Installer";
// Present in "AuthServ.exe" files from SafeDisc 4+.
// This filename is confirmed by the file properties in SafeDisc 4+ (such as Redump entry 35382).
// It is only found extracted into the Windows Temp directory when a protected application is run, and is renamed to begin with a "~" and have the ".tmp" extension.
else if (name.OptionalEquals("SafeDisc AuthServ APP", StringComparison.OrdinalIgnoreCase))
return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(pex)}";
// Present on all "CLOKSPL.EXE" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
// Only found so far on SafeDisc 1.00.025-1.01.044, but the report is currently left generic due to the generic nature of the check.
name = pex.FileDescription;
@@ -261,7 +274,8 @@ namespace BinaryObjectScanner.Protection
new(new FilePathMatch("SafeDiscLT.bundle"), "SafeDiscLT for Macintosh"),
new(new FilePathMatch("SafeDiscLT"), "SafeDiscLT for Macintosh"),
// TODO: Add SafeDisc detection for Redump entry 63769 once Mac executables are supported for scanning. It appears to contain the same "BoG_" string and version detection logic.
// TODO: Add SafeDisc detection for Redump entry 63769 once Mac executables are supported for scanning.
// It appears to contain the same "BoG_" string and version detection logic.
};
return MatchUtil.GetAllMatches(files, matchers, any: false);
@@ -365,12 +379,89 @@ namespace BinaryObjectScanner.Protection
new(new FilePathMatch("SafeDiscLT.bundle"), "SafeDiscLT for Macintosh"),
new(new FilePathMatch("SafeDiscLT"), "SafeDiscLT for Macintosh"),
// TODO: Add SafeDisc detection for Redump entry 63769 once Mac executables are supported for scanning. It appears to contain the same "BoG_" string and version detection logic.
// TODO: Add SafeDisc detection for Redump entry 63769 once Mac executables are supported for scanning.
// It appears to contain the same "BoG_" string and version detection logic.
};
return MatchUtil.GetFirstMatch(path, matchers, any: true);
}
private static string GetSafeDiscAuthServVersion(PortableExecutable pex)
{
// Different versions of this executable correspond to different SafeDisc versions.
var version = pex.FileVersion;
if (!string.IsNullOrEmpty(version))
{
return version switch
{
// Found in Redump entries 35382, 36024, 74520, and 79729.
// The product version is "4.00.00.0092 2004/09/02".
"4.00.00.0092" => "4.00.00.0092 / SafeDisc 4.00.000",
// Found in Redump entries 8842-8844, 15614, 38143, 67927, 70504, 74390-74391, and 83017.
// The product version is "4.00.01.0004 2004/09/30".
"4.00.01.0004" => "4.00.01.0004 / SafeDisc 4.00.001",
// Found in Redump entries 33326, 42034, 71646, 78980, 85345-85347, 86196, and 105716.
// The product version is "4.00.02.0000 2004/12/15".
"4.00.02.0000" => "4.00.02.0000 / SafeDisc 4.00.002",
// Found in Redump entries 40595-40597, 51597, 68551-68552, 83408, and 83410.
// The product version is "4.00.03.0000 2005/05/11".
"4.00.03.0000" => "4.00.03.0000 / SafeDisc 4.00.003",
// Found in Redump entries 58073-58074, 58455-58459, 58990-58992, 65569, 74206, 74564 + 74579-74581, 76813, 77440,
// 80776-80777, 85384, and 101261.
// The product version is "4.50.00.1619 2005/06/08".
"4.50.00.1619" => "4.50.00.1619 / SafeDisc 4.50.000",
// Found in Redump entries 20092, 31824, 45407-45409, 45469, 45684-45686, 46764-46769, 50682, 57721, 73786, 85859, and 104503.
// The product version is "4.60.00.1702 2005/08/03".
"4.60.00.1702" => "4.60.00.1702 / SafeDisc 4.60.000",
// Found in Redump entries 34783, 56320-56323, and 66403.
// The product version is "4.70.00.1941 2006/04/26".
"4.70.00.1941" => "4.70.00.1941 / SafeDisc 4.70.000",
// Found in Redump entries 64144-64146 + 78543, and 98589-98590.
// The product version is "4.80.00.2074 2006/09/06".
"4.80.00.2074" => "4.80.00.2074 / SafeDisc 4.80.000",
// Found in Redump entries 13014, 52523, 74366, 76346, 83290, 115764, and 116381.
// The product version is "4.81.00.2284 2007/04/04".
"4.81.00.2284" => "4.81.00.2284 / SafeDisc 4.81.000",
// Found in Redump entries 65417
// The product version is "4.85.00.2422 2007/08/20".
"4.85.00.2422" => "4.85.00.2422 / SafeDisc 4.85.000",
// Found in Redump entries 20434, 31766, and 79113.
// The product version is "4.85.00.2489 2007/10/26".
"4.85.00.2489" => "4.85.00.2489 / SafeDisc 4.85.000",
// Found in Redump entries 56319, and 66333.
// The product version is "4.90.00.2613 2008/02/27".
"4.90.00.2613" => "4.90.00.2613 / SafeDisc 4.90.000",
// Found in Redump entry 38142.
// The product version is "4.90.10.2747 2008/07/10".
"4.90.10.2747" => "4.90.10.2747 / SafeDisc 4.90.000",
// Found in Redump entries 11347, 29069, 58573-58575, 78976, and 120303.
// The product version is "4.90.10.2781 2008/08/13".
"4.90.10.2781" => "4.90.10.2781 / SafeDisc 4.90.010",
// Found in Redump entry 120213.
// The product version is "4.91.00.2832 2008/10/03".
"4.91.00.2832" => "4.91.00.2832 / SafeDisc 4.91.000",
_ => $"Unknown Version {version} (Report this to us on GitHub)",
};
}
return "Unknown Version (Report this to us on GitHub)";
}
internal static string GetSafeDiscCLCD16Version(string firstMatchedString, IEnumerable<string>? files)
{
if (string.IsNullOrEmpty(firstMatchedString) || !File.Exists(firstMatchedString))
@@ -384,14 +475,22 @@ namespace BinaryObjectScanner.Protection
"C13493AB753891B8BEE9E4E014896B026C01AC92" => "1.00.025-1.01.044",
// Found in Redump entries 1882 and 30049.
// It is currently unknown why the previous hash covers both the version before this one, and several afterwards, with this one being a consistent outlier between these versions.
// It is currently unknown why the previous hash covers both the version before this one, and most afterwards, with this one being a consistent outlier between these versions.
"2418D791C7B9D4F05BCB01FAF98F770CDF798464" => "1.00.026",
// Found in Redump entries 31149 and 28810.
// It can also be found in the Windows Temp directory when running SafeDisc 2+ games on Windows 9x, but not on XP or newer.
// For SafeDisc 1 programs, it can be found bundled together with the rest of the drivers and protected application files.
// For SafeDisc 2+ programs, it can be found in the Windows Temp directory when running protected programs on Windows 9x, but not on XP or newer.
// Examples of it in SafeDisc 2+ can be found in Redump entries 2022 and 38541.
// It can also be found in SafeDisc 4.85.000, as seen in Redump entry 20434.
"848EDF9F45A8437438B7289BB4D2D1BCF752FD4A" => "1.06.000+/Lite",
// The following versions can only be found in the Windows Temp directory when running protected programs on Windows 9x, but not on XP or newer.
// It is unknown why there is such a large gap between updates, or why this file was updated at all, as the majority of programs at this point didn't tend to support 9x.
// Found in Redump entries 115764 and 116381.
"12491C7C3A6778A02511F2632F5CFBC535D4E47A" => "4.81.000",
_ => "Unknown Version (Report this to us on GitHub)",
};
}
@@ -442,7 +541,8 @@ namespace BinaryObjectScanner.Protection
"B5503E2222B3DA387BB5D7150A4A32A47824988F" => "1.07.000",
// Found in Redump entries 12885 and 66210.
"7D33EA7B241245182FFB7A392873079B6183050B" => "1.09.000",
// SafeDisc Lite found in Redump entries 32751.
"7D33EA7B241245182FFB7A392873079B6183050B" => "1.09.000/Lite",
// Found in Redump entries 37523 and 66586.
"61A4A5A758A5CFFB226CE2AE96E55A40AB073AC6" => "1.11.000",
@@ -478,7 +578,8 @@ namespace BinaryObjectScanner.Protection
"85A92DC1D9CCBA6349D70F489043E649A8C21F2B" => "Lite",
// The following versions of the file are only found in the Windows Temp directory when running a SafeDisc 2+ program on Windows 9x.
// They aren't found when running the same program on Windows XP or newer. These also aren't currently automatically extracted, and would have to be manually recovered and scanned.
// They aren't found when running the same program on Windows 2k or newer.
// These also aren't currently automatically extracted, and would have to be manually recovered and scanned.
// Found in Redump entries 2022, 72195, and 73502.
"3F46BA4BB6D0D725F8BC5BFD374025853D0F8D10" => "2.05.030",
@@ -496,7 +597,8 @@ namespace BinaryObjectScanner.Protection
"1499FC17B7565FC4B47F029412928FCA076D1838" => "2.30.033",
// Found in Redump entries 9846, 65642, and 68206.
"FF4DF7AE5252EF38A69F165A6A180F51DCCA0438" => "2.40.010",
// Found in SafeDisc Lite in Redump entry 99126.
"FF4DF7AE5252EF38A69F165A6A180F51DCCA0438" => "2.40.010/Lite",
// Found in Redump entries 23786 and 110603.
"0D52948CDC6562EEBB5D078C9C0C7E9D1EDB00CE" => "2.40.011",
@@ -525,7 +627,7 @@ namespace BinaryObjectScanner.Protection
// Found in Redump entries 11638/11639, 52606, 62505, 85338/85339, 95322/95324, 119414, and 119415.
"6492B6164D40633C7AAAC882EF1BA55E6931DBDC" => "2.90.040",
// Found in Redump entry 116357.
// Found in Redump entries 116357 and 121411.
"CC1818B15AD1D0510602D556AB0AFFB8011ECF4F" => "2.90.045",
// Found in Redump entries 13230 and 68204.
@@ -546,6 +648,47 @@ namespace BinaryObjectScanner.Protection
// Found in Redump entries 20729, 28257, 54268-5427, 63810-63813, and 86177.
"E931EEC20B4A7032BDAD5DC1D76E740A08A6321B" => "3.20.024",
// Found in Redump entries 35382, 36024, 74520, and 79729.
"AF437372045AF7D5F74A876581FE2E76D2CEC80A" => "4.00.000",
// Found in Redump entries 8842-8844, 38143, 67927, 74390-74391, 83017, 15614.
"CF1BF960995040AB7DA103F95E7C0A2B69DA094C" => "4.00.001",
// Found in Redump entries 33326, 42034, 71646, 78980, 85345-85347, 86196, and 105716.
"BD373AE0A919349A5C3270C74AD990E11A836C60" => "4.00.002",
// Found in Redump entries 40595-40597, 51597, 68551-68552, 83408, and 83410.
"47A729C462186615DA2B8C6038535B884E7D10BC" => "4.00.003",
// After this point, games that support 9x are inconsistent, but hashes for all known versions have manged to be acquired.
// Found in Redump entries 74564 + 74579-74581, 76813, and 101261.
"FD6A99FEF6AA551A71F4BD683E0334E92CFA546F" => "4.50.000",
// Found in Redump entries 31824, 45684-45686, 50682, and 104503.
"86923EE2618814ABDA285C2EB50EA26635479C7A" => "4.60.000",
// Found in Redump entries 56320-56323.
"5E26D831981841B4D36EF0B4A195CD073C513544" => "4.70.000",
// Found in Redump entries 64144-64146 + 78543.
"1AF42A52234EF989E099C0EB05906A939C7B98EA" => "4.80.000",
// Found in Redump entries 115764 and 116381.
"844D1876BD92DEBBA9B529DC5EE9B22CC3F317C2" => "4.81.000",
// Found in Redump entry 20434.
"48CAA84CEACFDCB6CEE8C85701A5A85EDC83F0A9" => "4.85.000",
// Found in Redump entry 56319.
"98508487638694450B0361B53C1159745A767D72" => "4.90.000",
// Found in Redump entry 120303.
"E16551A94B43358401368787E21840AE23137BE7" => "4.90.010",
// Found in Redump entry 120213.
"C2F6A1A558946053171037C2A640F3ECEE017FA0" => "4.91.000",
_ => "Unknown Version (Report this to us on GitHub)",
};
}
@@ -680,24 +823,33 @@ namespace BinaryObjectScanner.Protection
155_648 => "1.06.000",
// Found in Redump entries 9718, 12885, and 37523.
156_160 => "1.07.000-1.11.000",
// SafeDisc Lite found in Redump entries 32751.
156_160 => "1.07.000-1.11.000/Lite",
// File size checks for versions 1.2X+ are superseded by executable string checks, which are more accurate. For reference, the previously used file sizes are kept as comments.
// 157,184 bytes corresponds to SafeDisc 1.20.000-1.20.001 (Redump entries 21154 and 37920).
// 163,382 bytes corresponds to SafeDisc 1.30.010 (Redump entries 31526 and 55080).
// 165,888 bytes corresponds to SafeDisc 1.35.000 (Redump entries 9617 and 49552).
// 172,544 bytes corresponds to SafeDisc 1.40.004 (Redump entries 2595 and 30121).
// 173,568 bytes corresponds to SafeDisc 1.41.000-1.41.001 (Redump entries 37832, and 44350).
// 136,704 bytes corresponds to SafeDisc 1.45.011 (Redump entries 30555 and 55078).
// 138,752 bytes corresponds to SafeDisc 1.50.020 (Redump entries 28810 and 62935).
// File size checks for versions 1.2X+ are superseded by executable string checks, which are more accurate.
// For reference, the previously used file sizes are kept below as comments:
/*
157,184 bytes corresponds to SafeDisc 1.20.000-1.20.001 (Redump entries 21154 and 37920).
163,382 bytes corresponds to SafeDisc 1.30.010 (Redump entries 31526 and 55080).
165,888 bytes corresponds to SafeDisc 1.35.000 (Redump entries 9617 and 49552).
172,544 bytes corresponds to SafeDisc 1.40.004 (Redump entries 2595 and 30121).
173,568 bytes corresponds to SafeDisc 1.41.000-1.41.001 (Redump entries 37832, and 44350).
136,704 bytes corresponds to SafeDisc 1.45.011 (Redump entries 30555 and 55078).
138,752 bytes corresponds to SafeDisc 1.50.020 (Redump entries 28810 and 62935).
*/
_ => "1",
// Hashes have not been found to be a reliable indicator for these files, and likely differ on a game-to-game basis. Some hashes were previously collected and are collected below:
// Hashes have not been found to be a reliable indicator for these files, and likely differ on a game-to-game basis.
// Some hashes were previously collected and are collected below:
// Found in Redump entry 41923.
// F7A57F83BDC29040E20FD37CD0C6D7E6B2984180" => "1.00.030",
// Found in Redump entries 3569 and 3570.
// "A8ED1613D47D1B5064300FF070484528EBB20A3B" => "1.11.000",
// It is not known which games these files are from.
// "ED680E9A13F593E7A80A69EE1035D956AB62212B" => "1.3x",
// "66D8589343E00FA3E11BBF462E38C6F502515BEA" => "1.30.010",
@@ -710,10 +862,19 @@ namespace BinaryObjectScanner.Protection
if (string.IsNullOrEmpty(firstMatchedString) || !File.Exists(firstMatchedString))
return string.Empty;
// The file "drvmgt.dll" has been found to be incredibly consistent between versions, with the vast majority of files based on hash corresponding 1:1 with the SafeDisc version used according to the EXE.
// There are occasionaly inconsistencies, even within the well detected version range. This seems to me to mostly happen with later (3.20+) games, and seems to me to be an example of the SafeDisc distribution becoming more disorganized with time.
// The file "drvmgt.dll" has been found to be incredibly consistent between versions,
// with the vast majority of files based on hash corresponding 1:1 with the SafeDisc version used according to the EXE.
// There are occasionally inconsistencies, even within the well detected version range.
// This seems to me to mostly happen with later (3.20+) games, and may be an example of the SafeDisc distribution becoming more disorganized with time.
// Particularly interesting inconsistencies will be noted below:
// Redump entry 73786 has an EXE with a scrubbed version, a DIAG.exe with a version of 4.60.000, and a copy of drvmgt.dll belonging to version 3.10.020. This seems like an accidental(?) distribution of older drivers, as this game was released 3 years after the use of 3.10.020.
// Redump entry 73786 has an EXE with a scrubbed version, a DIAG.exe associated with SD 4.60.000, a copy of drvmgt.dll belonging to 3.10.020,
// and a copy of secdrv.sys belonging to version 3.10.020-3.15.011.
// This may be an accidental distribution of older drivers, as this game was released 3 years after the use of 3.10.020.
// Redump entry 40337 has an EXE with a scrubbed version, an AuthServ.exe associated with SD 4.60.000, and copies of drvmgt.dll and secdrv.sys belonging to version 2.90.040.
// This also seems like an accidental distribution of older drivers, as this game was released about 3 years after the use of 2.90.040.
var sha1 = HashTool.GetFileHash(firstMatchedString, HashType.SHA1);
return sha1?.ToUpperInvariant() switch
{
@@ -730,7 +891,8 @@ namespace BinaryObjectScanner.Protection
"D5E4C99CDCA8091EC8010FCB96C5534A8BE35B43" => "1.07.000",
// Found in Redump entries 12885 and 66210.
"412067F80F6B644EDFB25932EA34A7E92AD4FC21" => "1.09.000",
// SafeDisc Lite found in Redump entries 32751.
"412067F80F6B644EDFB25932EA34A7E92AD4FC21" => "1.09.000/Lite",
// Found in Redump entries 37523 and 66586.
"87C0DA1B52681FA8052A915E85699738993BEA72" => "1.11.000",
@@ -848,9 +1010,15 @@ namespace BinaryObjectScanner.Protection
// Found in Redump entry 56320.
"84480ABCE4676EEB9C43DFF7C5C49F0D574FAC25" => "4.70.000",
// There are no known uses of drvmgt.dll (or secdrv.sys) after 4.70.000.
// Found distributed in https://web.archive.org/web/20040614184055/http://www.macrovision.com:80/products/safedisc/safedisc.exe and https://web.archive.org/web/20010707163339/http://www.macrovision.com:80/demos/safedisc.exe, but unknown what version it is associated with.
"8426690FA43076EE466FD1B2D1F2F1267F9CC3EC" => "Unknown Version (Report this to us on GitHub)",
// Found in Redump entry 121132.
// The game itself is protected with SecuROM, and contains a secdrv.sys associated with SafeDisc 2.90.040, despite that version not having been used with DVDs.
"18AD11E1B8D6A644989E12C12258B548996C1C96" => "Unknown Version (DVD) (Report this to us on GitHub)",
_ => "Unknown Version (Report this to us on GitHub)",
};
}
@@ -1011,7 +1179,7 @@ namespace BinaryObjectScanner.Protection
// The product version is "4.50.00.1619 2005/06/08".
"4.50.00.1619" => "4.50.0.1619 / SafeDisc 4.50.000",
// Found to be in Redump entry 20092.
// Found to be in Redump entries 20092 and 73786.
// The product version is "4.60.00.1702 2005/08/03".
"4.60.00.1702" => "4.60.0.1702 / SafeDisc 4.60.000",

66
BinaryObjectScanner/Protection/Macrovision.cs
View File

@@ -56,13 +56,15 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalEquals("Macrovision SECURITY Driver", StringComparison.OrdinalIgnoreCase))
resultsList.Add($"Macrovision Security Driver {GetSecDrvExecutableVersion(pex)}");
// Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)".
// Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Windows (2.00R)(Intuit)(2002)(352282)".
// Known versions:
// 4.16.050 Windows NT 2002/04/24
if (name.OptionalEquals("Macrovision RTS Service", StringComparison.OrdinalIgnoreCase))
resultsList.Add($"Macrovision RTS Service {pex.FileVersion}");
// The stxt371 and stxt774 sections are found in various newer Macrovision products, including various versions of CDS-300, SafeCast, and SafeDisc.
// A stxt381 section has also been found in the "~df89e9.tmp" file, which is extracted into the Windows temp directory when running Redump entry 42034 on Windows 9x.
// This file serves an unknown function, as it's only roughly 12 KB in size and consists of mostly empty (00) data.
// They may indicate SafeWrap, but this hasn't been confirmed yet.
// Almost every single sample known has both sections, though one only contains the "stxt371" section. It is unknown if this is intentional, or if the game functions without it.
// It is present in the "Texas HoldEm!" game in "boontybox_PCGamer_DVD.exe" in IA items PC_Gamer_Disc_7.55_July_2005 and cdrom-pcgamercd7.58.
@@ -362,6 +364,7 @@ namespace BinaryObjectScanner.Protection
// Found distributed online, but so far not in a game release. May be a final driver version never released with a game. TODO: Discover original source.
// Can be found at https://github.com/ericwj/PsSecDrv/blob/master/tools/SECDRV/SECDRV.sys, and the file is confirmed to be distributed officially by Microsoft: https://www.virustotal.com/gui/file/34bbb0459c96b3de94ccb0d73461562935c583d7bf93828da4e20a6bc9b7301d/.
// Further confirmed to have been distributed in a Windows Server Trial in IA item pcworld-0410 (PCWorld0410.iso/WindowsServerTrial/server.iso/sources/install.wim/3/Windows/System32/drivers).
23_040 => "4.03.086 / Product Unknown",
// Found in https://web.archive.org/web/20010417215205/http://www.macrovision.com:80/demos/Trialware.exe.
@@ -440,9 +443,23 @@ namespace BinaryObjectScanner.Protection
if (!sectionStrings.Exists(s => s.Contains("BoG_")))
return null;
// If we have the "BoG_" string but not the full "BoG_ *90.0&!! Yy>" string, the section has had the portion of the section that included the version number removed or obfuscated (Redump entry 40337).
// If we have the "BoG_" string but not the full "BoG_ *90.0&!! Yy>" string,
// the section has had the portion of the section that included the version number removed or obfuscated (Redump entry 40337).
if (!sectionStrings.Exists(s => s.Contains("BoG_ *90.0&!! Yy>")))
return newVersion ? "Macrovision Protected Application [Version Expunged]" : null;
// So far, every executable with an expunged version has been able to be identified via other means,
// most consistently by scanning files extracted to the Temp folder when the program is run.
// The following versions have been found as expunged:
// 2.90.040: Found in Redump entries 11638+11639, 58510+58511, 58510+110103, 71617+71618, and 95322+95324.
// 3.20.020: Found in Redump entries 31621+31623 and 107085-107086.
// 3.20.024: Found in Redump entries 101449+101450.
// 4.00.001: Found in Redump entries 70504 and 74390-74391.
// 4.00.003: Found in Redump entry 83410.
// 4.50.000: Found in Redump entries 58990-58992, 74206, 77440, 76813, 85384, and 101261.
// 4.60.000: Found in Redump entries 40337, 57721, 65209-65212, 73786, and 85859.
}
// Get the section data, if it exists
@@ -662,7 +679,7 @@ namespace BinaryObjectScanner.Protection
// Found in Redump entries 11638/11639, 52606, 62505, 85338/85339, 95322/95324, 119414, and 119415.
or "2.90.040"
// Found in Redump entry 116357.
// Found in Redump entries 116357 and 121411.
// This version is particularly unusual, as it was in a game released in late 2007, when 2.90.040 was used from 2004/2005.
// It also doesn't appear to contain the SecDrv or DrvMgt drivers. It may be a Long Term Support release of SafeDisc 2 for customers unwilling or unable to use SafeDisc 3+.
or "2.90.045"
@@ -685,28 +702,67 @@ namespace BinaryObjectScanner.Protection
// Found in Redump entries 20729, 28257, 54268-5427, 63810-63813, and 86177.
or "3.20.024"
// Source not documented.
// Found in Redump entries 35382, 36024, 74520, and 79729.
or "4.00.000"
// Found in Redump entries 8842-8844, 15614, 38143, 67927, 70504, 74390-74391, and 83017.
or "4.00.001"
// Found in Redump entries 33326, 42034, 49677x, 71646, 78980, 85345-85347, 86196, and 105716.
or "4.00.002"
// Found in Redump entries 40595-40597, 51597, 68551-68552, 83408, and 83410.
or "4.00.003"
// Found in Redump entries 58073-58074, 58455-58459, 58990-58992, 65569, 74206, 74564 + 74579-74581, 76813, 77440, 80776-80777, 85384, and 101261.
or "4.50.000"
// Found in Redump entries 20092, 31824, 45407-45409, 45469, 45684-45686, 46764-46769, 50682, 57721, 73786, 85859, and 104503.
or "4.60.000"
// Found in Redump entries 34783, 56320-56323, and 66403.
or "4.70.000"
// Found in Redump entries 64144-64146 + 78543, and 98589-98590.
or "4.80.000"
// Found in Redump entries 13014, 52523, 74366, 76346, 83290, 115764, and 116381.
or "4.81.000"
// Found in Redump entries 20434, and 79113.
or "4.85.000"
// Found in Redump entries 38142, 56319, and 66333.
or "4.90.000"
or "4.90.010" => "SafeDisc",
// Found in Redump entries 11347, 29069, 58573-58575, 78976, and 120303.
or "4.90.010"
// Found in Redump entry 120213.
// This is a particularly odd version, as despite being the last known version of SafeDisc, it was not known to exist until recently.
// The copyright for "AuthServ.exe" in this version is set to RealNetworks, instead of Macrovision.
// RealNetworks presumably acquired SafeDisc when they purchased Trymedia from Macrovision (https://realnetworks.com/press/releases/2008/realnetworks-acquire-trymedia-macrovision).
// Due to this being the only known sample, it may be that they did a trial run of a new version of SafeDisc, before deciding against continuing its development.
or "4.91.000"
=> "SafeDisc",
// SafeDisc (Unconfirmed)
// Currently only found in a pirate compilation disc: IA item "cdrom-classic-fond-58".
"1.01.045" => "SafeDisc (Unconfirmed - Please report to us on GitHub)",
// "4.82.01 0004" - Unknown version from https://extreme.pcgameshardware.de/threads/windows-10-spiele-mit-safedisc-kopierschutz-starten-nicht-u-a-battlefield-1942.400359/page-5
// SafeDisc Lite (Confirmed)
// Found in Redump entry 14928.
"2.60.020" => "SafeDisc Lite",
// SafeDisc Lite (Unconfirmed)
// Found in Redump entries 63769 and 89649.
// This is unconfirmed because it is only known to exist in Mac versions of Lite, which currently isn't scanned for.
// If it is present on PC, or at least in an executable format that can be scanned, it is not currently known or documented.
"2.70.020" => "SafeDisc Lite (Unconfirmed - Please report to us on GitHub)",
_ => "Macrovision Protected Application (Generic detection - Report to us on GitHub)",
};
}