xtc
August 31st, 2007, 18:21
In the recent release of the game BioShock, the net was swarming with rumors that SecuROM, the copy protection used, was nothing less than a rootkit.
Having been relatively outspoken in debunking these claims, I was invited into the forum of the New Cyber Army. For the purpose of discussing what SecuROM supposedly was doing to subvert your system.
Here's a link to the rather long-winded discussion: http://www.r-force.org/modules.php?name=Forums&file=viewtopic&t=489&start=90&postdays=0&postorder=asc&highlight=
Basically they're a group collecting "evidence" that various DRM schemes do all sorts of bad things to ones system.
They even made up a term, TrojanKIT, to describe such activitiy.
If you check on slashdot, you'll see the type of fud they've previously "published".
At any rate, I figured that most of you would get some laughs out of this character.
I'd advise against posting there, his responses are fully consistent with his previous ventures into charters he doesn't understand: http://killdevilhill.com/physicschat/messages2/3746.html (The most flawed solution to: x + 8 = 5 ever!)
Anyway, I've picked out the most hilarious statements (yeah, there's a lot):
"There is another way of circumventing the Ring 0 access, Obviously I am reluctant to mention this because of the security issues it involves. Bios level injection. This would be where the OS is set up to inject code into bios function calls. Effectively rendering non physical drives inoperable whilst the app is running. "
"It is no secret around here, I was the original Zero CooL the so called King of Inet. No I did not crash Wall Street, or get banned from owning a PC or using a Touch tone phone, that was Just Hollywood."
"As for rootKIT arguments, would it not have been easier to say the definition of rootKIT is so restricted of a Frame work that it would need to be almost a carbon copy if Sony's Previous offering to be classicfied as one. "
"Yes SecuROM installs drivers, it also installs virtual devices. The first communicates from run level 3 into 2 and 1. That is what drivers do. However the latter is an illusion of device, which exists in Ring 0. "
"As peeps are aware, my reputation and credibility precedes me, I only ever say something if I am sure about it, and when I am not I make it very clear I am speculating."
"Legally you cannot say, this DRM has been exploited, otherwise you get sued (even if you have the data to support it), Yes I know this stinks, however what you do is create your own virtual device to protect against Ring 0 viri/trojans."
"Ring 0 is and area used for communications with Hardware."
"Well given the uninformed nature of your reply your are looking at the Kernel Stack, which holds up to three pages of data and yes signature references of associated registers are sent to the Kernel stack."
"Windows API's stink, they do not function correctly, you just can't rely upon the information it returns.
(Before you ask, I am bound by confidentiality agreement with Senior Staff at Microsoft Redmond not to go into specifics of that) "
"I would advise you, that our technical information is so accurate that we where approached by the same legal team that Sued Sony over the rootKIT."
"Dude seriously, http://www.crownedanarchist.com/timedensitymass.htm I wrote the only existing conjecture which allows you to plot infinite space time. I am not blowing my own trumpet when I say you are out of your league."
"So simple OS structure is breeze compared to the complexity of infinite space time."
"But these are drivers what exactly have this got to do with Virtual Hardware?
Drivers are applications which allow your operating system to have dedicated data channels to your hardware. Yes SecuROM uses drivers, but nobody has ever claimed they sit in Ring 0."
"The reason why I say this, is how many times do you have to be told. An emulation of Hardware is not a driver. "
"To repeat yet again, A virtual Device is an emulation of hardware which exist in the kernel and Run level 1 and 2. At no point does this actually make it a driver."
"Another problem with off the shelf debuggers, sniffers and loggers, the DRM companies mostly have access to the same thing (Getting it yet?), so they just force higher priority in the stack. Normally done by deliberately over loading the 3 Pages of the Kernel Stack, causing it to refresh (but this can also cause the OS to lock up so not recommended tactic but since when have DRM companies listened to common sense?)."
"btw the fact you are running 4 rootKIT revealers, just shows you do not know what a rootKIT is, it's a DRM which Mark set a very confined definition of.
Thus any variation to is that would be required to block it from Mark's software, it is not longer a rootKIT, but instead another Ring 0 Virtual device. "
"You are the one trying to present very simple processes as being complex. To me it is just box of switches, switch the right ones off or odd and read the results, nothing complicated in that."
"Just because Windows is heavy GUI based OS does not mean that ability has disappeared for TOS apps (Terminate and stay Resident)."
"Notice the term Driver? instead of Virtual Hardware/Device.
I will give him that, it's a clever smoke screen that most people would fall for, as our brains fill in the missing details and make us think we are talking about the same subject."
"This guy is playing games.
What I find more fascinating is where he learned this from?
Because this is not your script kiddie or hacker stuff. It is Social Engineering, back in the day I got Mitnik onto that. "
"If your golden nugget is that I was once one of the most famous hacker/Cracker/Phreakers on the planet. Then you are on a non starter there as I have never hidden this from the industry."
"As for me being a founder of Social Engineering techniques, this is no secret, neither is me knowing Mitnik back in the day, everybody in scene knew each other online."
Having been relatively outspoken in debunking these claims, I was invited into the forum of the New Cyber Army. For the purpose of discussing what SecuROM supposedly was doing to subvert your system.
Here's a link to the rather long-winded discussion: http://www.r-force.org/modules.php?name=Forums&file=viewtopic&t=489&start=90&postdays=0&postorder=asc&highlight=
Basically they're a group collecting "evidence" that various DRM schemes do all sorts of bad things to ones system.
They even made up a term, TrojanKIT, to describe such activitiy.
If you check on slashdot, you'll see the type of fud they've previously "published".
At any rate, I figured that most of you would get some laughs out of this character.
I'd advise against posting there, his responses are fully consistent with his previous ventures into charters he doesn't understand: http://killdevilhill.com/physicschat/messages2/3746.html (The most flawed solution to: x + 8 = 5 ever!)
Anyway, I've picked out the most hilarious statements (yeah, there's a lot):
"There is another way of circumventing the Ring 0 access, Obviously I am reluctant to mention this because of the security issues it involves. Bios level injection. This would be where the OS is set up to inject code into bios function calls. Effectively rendering non physical drives inoperable whilst the app is running. "
"It is no secret around here, I was the original Zero CooL the so called King of Inet. No I did not crash Wall Street, or get banned from owning a PC or using a Touch tone phone, that was Just Hollywood."
"As for rootKIT arguments, would it not have been easier to say the definition of rootKIT is so restricted of a Frame work that it would need to be almost a carbon copy if Sony's Previous offering to be classicfied as one. "
"Yes SecuROM installs drivers, it also installs virtual devices. The first communicates from run level 3 into 2 and 1. That is what drivers do. However the latter is an illusion of device, which exists in Ring 0. "
"As peeps are aware, my reputation and credibility precedes me, I only ever say something if I am sure about it, and when I am not I make it very clear I am speculating."
"Legally you cannot say, this DRM has been exploited, otherwise you get sued (even if you have the data to support it), Yes I know this stinks, however what you do is create your own virtual device to protect against Ring 0 viri/trojans."
"Ring 0 is and area used for communications with Hardware."
"Well given the uninformed nature of your reply your are looking at the Kernel Stack, which holds up to three pages of data and yes signature references of associated registers are sent to the Kernel stack."
"Windows API's stink, they do not function correctly, you just can't rely upon the information it returns.
(Before you ask, I am bound by confidentiality agreement with Senior Staff at Microsoft Redmond not to go into specifics of that) "
"I would advise you, that our technical information is so accurate that we where approached by the same legal team that Sued Sony over the rootKIT."
"Dude seriously, http://www.crownedanarchist.com/timedensitymass.htm I wrote the only existing conjecture which allows you to plot infinite space time. I am not blowing my own trumpet when I say you are out of your league."
"So simple OS structure is breeze compared to the complexity of infinite space time."
"But these are drivers what exactly have this got to do with Virtual Hardware?
Drivers are applications which allow your operating system to have dedicated data channels to your hardware. Yes SecuROM uses drivers, but nobody has ever claimed they sit in Ring 0."
"The reason why I say this, is how many times do you have to be told. An emulation of Hardware is not a driver. "
"To repeat yet again, A virtual Device is an emulation of hardware which exist in the kernel and Run level 1 and 2. At no point does this actually make it a driver."
"Another problem with off the shelf debuggers, sniffers and loggers, the DRM companies mostly have access to the same thing (Getting it yet?), so they just force higher priority in the stack. Normally done by deliberately over loading the 3 Pages of the Kernel Stack, causing it to refresh (but this can also cause the OS to lock up so not recommended tactic but since when have DRM companies listened to common sense?)."
"btw the fact you are running 4 rootKIT revealers, just shows you do not know what a rootKIT is, it's a DRM which Mark set a very confined definition of.
Thus any variation to is that would be required to block it from Mark's software, it is not longer a rootKIT, but instead another Ring 0 Virtual device. "
"You are the one trying to present very simple processes as being complex. To me it is just box of switches, switch the right ones off or odd and read the results, nothing complicated in that."
"Just because Windows is heavy GUI based OS does not mean that ability has disappeared for TOS apps (Terminate and stay Resident)."
"Notice the term Driver? instead of Virtual Hardware/Device.
I will give him that, it's a clever smoke screen that most people would fall for, as our brains fill in the missing details and make us think we are talking about the same subject."
"This guy is playing games.
What I find more fascinating is where he learned this from?
Because this is not your script kiddie or hacker stuff. It is Social Engineering, back in the day I got Mitnik onto that. "
"If your golden nugget is that I was once one of the most famous hacker/Cracker/Phreakers on the planet. Then you are on a non starter there as I have never hidden this from the industry."
"As for me being a founder of Social Engineering techniques, this is no secret, neither is me knowing Mitnik back in the day, everybody in scene knew each other online."
