Hi fellow reversers,

recently I had the opportunity to have a look at the forth generation of a great shooter game that shatters the earth *hint* *hint* - and when I had a look at the exe (just due to my usual routine), I saw that it had a new version of SafeDisc (4.60.00). And it seems that SafeDisc changed quite some stuff, I couldn't find any of my previous markers. I'm too busy to work on it at the moment, but I thought I'd just have a look around - maybe someone else had done some work on this version of SafeDisc. I have to admit that I'm nowhere good at reversing SafeDisc, I'd just like some comments to verify or void my first impression of "things changed a lot, doh!" concerning this version of SafeDisc.

It's not of really high interest to me, it's more to reassure myself (that I'm not travelling to Alzheimer Road or similar) I'm not interested in a fully automatic unwrapper or such, I'd rather appreciate a more technical analysis of what's inside the "new" SafeDisc. What has changed, what has not? What's completely new?

P.S. I just saw that PEiD lists SD 4.70 detection in the changelog, so I guess my 4.60 isn't all that new already

I've searched the forums that I have access to, but couldn't find anything about versions after 3.20. I wonder if it's so boring to have a look at it?

Well, about the issue you could download and check these document and tool:
Unpacking Safecast
hxxp://arteam.accessroot.com/tutorials.html?fid=163

Unsafedisc 46 By Arteam
hxxp://arteam.accessroot.com/releases/file_info/download1.php?file=UnSafeDisc_46_by_ARTeam.rar

I hope they are covering your "curiosity"

Cheers

Nacho_dj

safecast is like baby safedisc, some things changed since v2, cdcheck, keymorphs and so on.. from v3 its more or less the same and the unsafedisc program in the url is practically useless....

...if you mean Quake4,than there is nothing to worry about,because this game does NOT contain SDAPI.
In other way it would be a bit more difficult to unpack the application.


...I totally agree.

I've had a look at the tool and the posts About Safecast as a baby: I remember some early versions of it where a 1-Byte-Patch was sufficient to knock it out But apart from that my curiosity is still quite alive. I was hoping to find something like a simple list about what's inside SD 4.60 and on in contrast to earlier versions. (Remember, I'm not really interested in a full unwrapper, more in a thorough technical overview without the marketing yaddayadda...) And I couldn't find anything about that SD SDK except for statements like "Game x does [not] use it." which isn't of real interest to me (well sort of, I'd need something to look at of course, but I'm not that gaming fan at all these days). I'm curious about the possibilities the SDK offers, too.

A great thanks for all your suggestions though. I'll have to work on it myself, I guess

...I would advise you not to follow these version numbers so precisely.
In general there are two variations of this protector: basic and advanced.
The forth basic version is very similar to the third.
Among other features advanced variation offers an opportunity to use special APIs,which makes it more difficult to eliminate the protector from the application.These APIs are mainly like a kind of calculating functions embedded in the application's code.They use various variables(both protector's and application's) to get needed results.The last ones are then returned to the application for its usage or for further calculations.All calculation takes place in the protector's module -- ~df394b.tmp.
The main producer now,that uses advanced version of SD,is Electronic Arts.

Well, from my limited contact with games I noticed that there has been a major change between 4.0 and 4.6 (haven't seen any newer versions yet, as I said, I'm not that into gaming itself, it's more the desire to know how things work). I had been playing with SD 2.70 back in the days, and ever since then I was able to locate the same structures in every new version, so I assumed there had been no dramatic changes. This definitely changed somewhen between 4.0 and 4.6 - kinda like with Securom 5 and 7 upwards. I looked into some updates and patches and saw that there seems to be a huge gap in version numbers between 4.0 and 4.6 so I assumed that 4.6 indicates a (partly|completely?) redesigned protection. But there seems to be little information about what has changed. I'm not interested in unpacking particular targets, I'm more interested in the methods newly introduced with 4.6 and on. How has the protection scheme changed? Which methods are still there, which ones are newly introduced? etc.

Yeah, I know, I know, DIY is the magic "number" here

laola
Are you common with the third version of SD??
If you are,then I can tell you,that,in my humble opinion,nothing is changed in principle.Same mechanisms,that were used in the third version,rule also in the forth one.
The main change appears to be the release of the second version of SDAPI.These two versions noticeably differ from one another.But this concerns already SafeDisc Advanced.