The spoiler contains a part of my upcoming writeup on copy protected PC CDs.
After months of searching and finally getting my hands on a Premium, without spending a fortune (the prices are insane!), I gave it a try instantly: Comparing the DPM results of a legit disc and a copy created with the Plextor Premium using Blindwrite, was a (positive!) shock for me. I've never imagined that the lines would more or less be a vertically shifted copy.
The resulting copy works in all drives I checked, is detected as fast as the original and gave no errors – even though the absolute density is higher than on the original disc (a perfect copy wouldn't have the line shifted down compared to the original)
Physically all the Plextor drives mentioned above in the big spoiler should be able to achieve the same, but the firmware does not allow it.
Of course this video is a bit lengthy (waiting for timeout) and I already cut one minute from the original footage (@Alexander1970 can confirm that this version matches with the full version and isn’t modified beyond the removal of some waiting time. As always: HUGE “Thank You!”, Alex).
Mr. Broom is just a background actor this time, because I (better say my helper as I’m very camera-shy) had to actively interact with the CDs. This asked for a more sophisticated tool.
Opposed to earlier SecuROM versions, v4.8 and newer¹ don’t just extract a key (called "electronic fingerprint applied onto the glass master which assigns a unique number to each CD-ROM title" in marketing-lingo) from a non-standard subcode of the CD. Tricks with modified subchannel have been fully beat with the wide distribution of RAW-DAO(+SUB96) capable CD writers, as well as software dedicated to copying protected CDs (CloneCD, Alcohol 120%, Blindwrite Suite are the most famous examples).
To counter the development of better hard- and software faithfully copying virtually any (even invalid) structure, Sony amended their product with DPM (data position measurement). This was not a completely new idea, CD-COPS did this way earlier (and is a beast to beat to this day!). In contrast to CD-COPS and other DPM-based protections, the newer SecuROM didn’t define some reference sectors, where the angles of these sectors to each other on the (identical) stamped discs, are encoded in a code printed on paper and checked on start.
===
If you get really, really, REALLY lucky, by a huge fluke, it is possible to simply copy a CD-COPS disc and the CD-R works. This can’t really happen on a SecuROM new(er) discs. The CD of each infected game contains a different pattern of areas, which feature a lower data density (I suspect larger pits and lands). These areas appear as peaks in DPM diagrams (higher value on vertical axis → bigger angle per sector → less sectors per turn). A CD-writer will not write such a nonsense. It writes the pits and lands at a defined, constant size… so that about 700MB fit on a standard CD-R.
There are very few exceptions from that rule: I know of some Plextor drives (Premium, Premium 2, PX-712, PX-716, PX-755, PX-760) featuring different sizes for pits/lands under the marketing name “GigaRec”. This allows more or less data written to a standard CD. Smaller pit sizes – more memory – isn’t very compatible to other drives. Plextor claimed lower settings, larger pits, enhanced compatibility, data security and sound on CDDA (for the people from audiophile group). Yamaha CRW F1 AudioMaster is another writer that could increase the pit sizes for audio mastering.
Of all the drives above, only the “Plextor Premium 1” allowed actually changing the data density/GigaRec rate/pit size on the fly while burning a CD-R. Notice what? If we exactly know, where the sections of lower density are on a legit SecuROM are, we can advise the Premium to write bigger/smaller to actually copy the CD with extraordinary accuracy. The only program that ever implemented this, is the Blindwrite Suite by VSO.
I've read that SecuROM v7 can not be successfully backed up with the Plextor Premium. I can't test this, as I don't have any SecuROM v7 CD. By the time that version number had been reached, most PC games were already too big to fit on one or two CDs, so a transition towards the usage of DVD or even double-layer DVD took place. In addition to that, often an online activation was used (additionally to the disc check). As end user equipment doesn't include any RAW read/write features for DVDs, things like this cannot be done on DVD. Only emulation can be used to backup such games.
___________
¹ I couldn’t find a definitive version number. While v4.8 is frequently (mostly!) mentioned, as the one that switched to the newer and more robust method, there are also some sources saying v4.77 is affected by the change. I can confirm this a bit: I own one sample (Hotel Gigant) which is detected ProtectionID with containing v4.77 and it uses changing data density patterns as distinguishing feature. Given that the reading is correct, there are indeed games with lower SecuROM versions not relying on subcode data.
To counter the development of better hard- and software faithfully copying virtually any (even invalid) structure, Sony amended their product with DPM (data position measurement). This was not a completely new idea, CD-COPS did this way earlier (and is a beast to beat to this day!). In contrast to CD-COPS and other DPM-based protections, the newer SecuROM didn’t define some reference sectors, where the angles of these sectors to each other on the (identical) stamped discs, are encoded in a code printed on paper and checked on start.
===
If you get really, really, REALLY lucky, by a huge fluke, it is possible to simply copy a CD-COPS disc and the CD-R works. This can’t really happen on a SecuROM new(er) discs. The CD of each infected game contains a different pattern of areas, which feature a lower data density (I suspect larger pits and lands). These areas appear as peaks in DPM diagrams (higher value on vertical axis → bigger angle per sector → less sectors per turn). A CD-writer will not write such a nonsense. It writes the pits and lands at a defined, constant size… so that about 700MB fit on a standard CD-R.
There are very few exceptions from that rule: I know of some Plextor drives (Premium, Premium 2, PX-712, PX-716, PX-755, PX-760) featuring different sizes for pits/lands under the marketing name “GigaRec”. This allows more or less data written to a standard CD. Smaller pit sizes – more memory – isn’t very compatible to other drives. Plextor claimed lower settings, larger pits, enhanced compatibility, data security and sound on CDDA (for the people from audiophile group). Yamaha CRW F1 AudioMaster is another writer that could increase the pit sizes for audio mastering.
Of all the drives above, only the “Plextor Premium 1” allowed actually changing the data density/GigaRec rate/pit size on the fly while burning a CD-R. Notice what? If we exactly know, where the sections of lower density are on a legit SecuROM are, we can advise the Premium to write bigger/smaller to actually copy the CD with extraordinary accuracy. The only program that ever implemented this, is the Blindwrite Suite by VSO.
I've read that SecuROM v7 can not be successfully backed up with the Plextor Premium. I can't test this, as I don't have any SecuROM v7 CD. By the time that version number had been reached, most PC games were already too big to fit on one or two CDs, so a transition towards the usage of DVD or even double-layer DVD took place. In addition to that, often an online activation was used (additionally to the disc check). As end user equipment doesn't include any RAW read/write features for DVDs, things like this cannot be done on DVD. Only emulation can be used to backup such games.
___________
¹ I couldn’t find a definitive version number. While v4.8 is frequently (mostly!) mentioned, as the one that switched to the newer and more robust method, there are also some sources saying v4.77 is affected by the change. I can confirm this a bit: I own one sample (Hotel Gigant) which is detected ProtectionID with containing v4.77 and it uses changing data density patterns as distinguishing feature. Given that the reading is correct, there are indeed games with lower SecuROM versions not relying on subcode data.
The resulting copy works in all drives I checked, is detected as fast as the original and gave no errors – even though the absolute density is higher than on the original disc (a perfect copy wouldn't have the line shifted down compared to the original)
Physically all the Plextor drives mentioned above in the big spoiler should be able to achieve the same, but the firmware does not allow it.
I have to explain a bit what can be seen on the video below. The test game is "Sonic Adventure DX – Director’s Cut", infected with SecuROM v5
First CD:
At the beginning there is a CD-R inside the Plextor Premium containing an emulation copy. It works only when an emulator (Alcohol 120%, Daemon Tools) modifies read timings. The disc is named “NEEDS_RMPS2_0” instead of “CD1” – since the emulator is deactivated. Consequently starting the game from a CD-R burned in naive way, fails with this error message:
Note that SecuROM is set to silent exit on some games in case of detecting a copy. You might not get any explicit message that your CD has been rejected. In such a case the spinning disc icon on the mouse courser just disappears.
Second CD:
Inside the LG drive is a Twin Peak copy of “CD2”. The copy would pass on a drive ignoring twin sectors, but this drive stops shortly at twins, throws errors and doesn’t produce the correct timings. After a long time limit, SecuROM gives up, admitting to be not sure (doesn’t accept, but doesn’t call the disc a backup either):
(No idea why the message is in English, but the Retry/Abort buttons translated into German)
Third CD:
I removed the Twin Peak copy from the LG drive and inserted a copy written with Plextor Premium (ab)using the GigaRec feature. The copy gets accepted almost instantly!
Of course this video is a bit lengthy (waiting for timeout) and I already cut one minute from the original footage (@Alexander1970 can confirm that this version matches with the full version and isn’t modified beyond the removal of some waiting time. As always: HUGE “Thank You!”, Alex).
Mr. Broom is just a background actor this time, because I (better say my helper as I’m very camera-shy) had to actively interact with the CDs. This asked for a more sophisticated tool.
