Closed SeanRamey closed 1 month ago
mirh
commented
1 month ago secdrv.sys is just 23KB, so yeah I guess this could pretty much be named just "user space safedisc"
(alternatively I guess you could also run the original driver inside of some "fake kernel" like wine does, but I don't think you could reimplement so much in just 700-800 lines of code)
Macrovision was just lazy and likely living on code debt going back to the 90s.
RibShark
commented
1 month ago Yeah that's correct. SafeDiscShim replicates the IOCTL in the last driver version 1:1; nothing it does requires kernel mode, it literally returns pre-defined responses. Earlier driver versions would have checked for debuggers and such and the responses would change depending on what it detected, but the latest driver version just hardcodes the "correct" response and returns that.
Copied discs will still be detected as this was done outside of the driver, in user-mode code that is embedded in every safedisc executable.
SeanRamey
commented
1 month ago Thanks for the answer!
I'm confused about this tool. What EXACTLY does it do? Does it still basically implement the complete functionality of SafeDisc copy protection, just not as some insecure driver? If so, why wasn't SafeDisc driver originally created this way?
Or does this tool just send the correct data no matter if the disc is a copy or not?