SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-03 21:29:23 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

[Protection] Add PopCap DRM Protect #50

New Issue
Open
opened 2026-01-29 21:05:24 +00:00 by claunia · 2 comments
claunia commented 2026-01-29 21:05:24 +00:00
Owner
Copy Link

Originally created by @TheRogueArchivist on GitHub (Jan 11, 2022).

Inhouse copy protection used by shareware PopCap games, seemingly replacing the previous use of ActiveMARK. Seems to make use of a drm.xml found in various places depending on the time the game was released, with earlier versions placing drm.xml in the folder "drm/common", later versions in the root directory of the game. Later versions use a seemingly obfuscated drm.xml.bin, with every version of the xml/bin having a corresponding .sig file. The "main" exe is actually just a wrapper for the actual executable, seemingly stored in a DAT file with the same name. When the wrapper is run, it extracts the real executable as a hidden file in the working directory with the name popcap1.exe (not sure if there are others). Strings worth investigating: "?popcapdrmprotect!", "?popcapdrmprotend!", and "!YN00000PACPOPPOPCAPPACPOPPOPCAPBUILDINFOMARKERPACPOPPOPCAPPACPOPPOPCAPXXXXXXXXX". Files that may worth doing checks for: "drm.xml", "drm.xml.sig", "drm.xml.bin", "drm.xml.bin.sig", "drmss.jpg".

Originally created by @TheRogueArchivist on GitHub (Jan 11, 2022). Inhouse copy protection used by shareware PopCap games, seemingly replacing the previous use of ActiveMARK. Seems to make use of a drm.xml found in various places depending on the time the game was released, with earlier versions placing drm.xml in the folder "drm/common", later versions in the root directory of the game. Later versions use a seemingly obfuscated drm.xml.bin, with every version of the xml/bin having a corresponding .sig file. The "main" exe is actually just a wrapper for the actual executable, seemingly stored in a DAT file with the same name. When the wrapper is run, it extracts the real executable as a hidden file in the working directory with the name popcap1.exe (not sure if there are others). Strings worth investigating: "?popcapdrmprotect!", "?popcapdrmprotend!", and "!YN00000PACPOPPOPCAPPACPOPPOPCAPBUILDINFOMARKERPACPOPPOPCAPPACPOPPOPCAPXXXXXXXXX". Files that may worth doing checks for: "drm.xml", "drm.xml.sig", "drm.xml.bin", "drm.xml.bin.sig", "drmss.jpg".
claunia commented 2026-01-29 21:05:24 +00:00
Author
Owner
Copy Link

@TheRogueArchivist commented on GitHub (Jan 31, 2022):

Seems to also have a CD equivalent, the following disc appears to have it: http://redump.org/disc/59954
Files to investigate:
CDProtect

@TheRogueArchivist commented on GitHub (Jan 31, 2022): Seems to also have a CD equivalent, the following disc appears to have it: http://redump.org/disc/59954 Files to investigate: ![CDProtect](https://user-images.githubusercontent.com/24215969/151742605-9dd831e9-567d-4788-b31a-369fe64a2541.png)
claunia commented 2026-01-29 21:05:24 +00:00
Author
Owner
Copy Link

@mnadareski commented on GitHub (Sep 7, 2025):

If there are any links or references for what items may contain this, please provide them.

@mnadareski commented on GitHub (Sep 7, 2025): If there are any links or references for what items may contain this, please provide them.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SabreTools/BinaryObjectScanner#50
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?