Hello everyone,
In my previous thread "phenoProtect Reverse Engineering (Technical Paper)" I stated that I found another game protected by a newer version of phenoProtect.
It's been many months and I finally found the time to write this (shorter) technical paper about this newer version.

English: https://www.lucadamico.dev/papers/drms/phenoprotect/Zanzarah.pdf
Italian: https://www.lucadamico.dev/papers/drms/phenoprotect/Zanzarah_ITA.pdf

I hope you will enjoy it, any feedback is welcome

 

[KleinesSinchen]

You know I'm looking from a different perspective on these topics than you because… well you know… because I'm unable to do such cool things.
My perspective is/was always: Fooling the protection with a copy, preferably a non-emulated one.

I stumbled on scrolling through your paper at this point:

phenoProtect trigger: You will get an error at 50% of installation when using a disc image.

They got competent in detecting an image with this one?

To be honest I had trouble to get the previous version on Carrera Grand Prix reject a copy. If I remember correctly the only way failing to copy was trying to recreate the CD by placing the files+folders instead of dumping the original to an image.
It was one of those things testing your patience with a load of read errors. Not a serious protection.

 

[SylverReZ]

I guess leaving out text references to copy protection makes it a lot easier to find and defeat those checks than I thought. Just goes to show how very useless this protection really is without any form of encryption or some other additional measures added.

 

[KleinesSinchen]

I guess leaving out text references to copy protection makes it a lot easier to find and defeat those checks than I thought. Just goes to show how very useless this protection really is without any form of encryption or some other additional measures added.

You still have to know how to do reverse engineering. That is more than most end users will ever be able to do.

Self-encryption, anti-debug, anti-crack and whatnot are needed to stop (rather slow down) crackers. End of 1990s or early 2000s the question was rather if CloneCD will create a working copy out of the box. If the answer to that question is yes, your protection was worth nothing and just cost money.
Of these self-made, unknown DRM I've seen not a single one passing the test (rejecting a copy) → Only the later versions of the big ones succeeded, and they had anti-crack.

 

[Luca91]

They got competent in detecting an image with this one?

Since my goal was actually to trigger the protection, I just created an ISO and mounted it. I'm pretty sure you can easily create a working 1:1 copy using CloneCD though

I guess leaving out text references to copy protection makes it a lot easier to find and defeat those checks than I thought. Just goes to show how very useless this protection really is without any form of encryption or some other additional measures added.

Well, string encryption can slow down static analysis, but it is useless when running the target in a debugger. Without additional anti-debugging tricks, you could for example set a breakpoint on MessageBoxA (or equivalent in your situation) and get the plaintext string from the stack.

Good countermeasures to reverse engineering are well-designed packers and virtualizers.