Posted April 08, 2019
high rated
Hey guys,
this is a message I wrote to GOG support some days ago:
Dear GOG support team,
I'll make it short. I know there exists a short topic about SecuROM being active in both of the F.E.A.R. expansions included in your Platinum Edition, but it does not contain any kind of solid proof. That's were I come in. I have more than five years of experience in debugging assembly code, and I took a look both at the FEARXP.exe and the FEARXP2.exe (I won't talk about your poorly hidden FEARMP.exe to spare you the additional shame). The results are perfectly clear: All you did is to take the original SecuROM-protected binaries and remove the actual disc-check so that the games run without the original discs inserted. But you, the "DRM-free company" (https://en.wikipedia.org/wiki/Digital_rights_management), did not even try to remove the DRM entirely or simply "borrow" the RELOADED resp. HATRED cracks (like you did in dozens of other games in the past), no, instead you blatantly lied to your customers about the .exes being "clean". So, getting technical: Both .exes have ALL features of SecuROM v7.40.0006 (https://en.wikipedia.org/wiki/SecuROM) still present and active: 1.) Entry point is in .Sitext region instead of .text, but that does not has to mean anything I admit. 2.) Debugging the .exes shows all sort of SecuROM's sophisticated anti-debug measures (but I managed to do it nonetheless ;) ), like the usual "A required security module cannot be executed" message and other stuff. 3.) Having a non-cloaked emulated disc drive mounted will trigger SecuROM to "blacklist" it the standard way. 4.) The entire Virtual Machine is fully intact and still used to process the game code on runtime. 5.) Running one of the two .exes creates a.) SecuROM's infamous zero-embedded registry data as well as b) its less infamous local file data on the resp. system. 6.) The SecuROM driver routine activates its kernel hooks on startup. 7.) Easy test for you to do: Run Sysinternals "Process Explorer", then try to start one of the addons - it will fail due to this process being on SecuROMs blacklist.
Ok, enough of the nice talk, fact is you are deliberately lying on your faithful customers by withholding all this - important - information and approve their systems getting "infected" by this obnoxiously intrusive DRM in a permanent way. I really hope you will be clever enough to just grab the cracked .exes and release a patch which removes SecuROM entirely from both addons AND get rid of the MP .exe (in disguise), or I'll open up a public huge post about this topic in the not-so-far future, and I'm pretty sure that most of your - I love this term - faithful customers won't be very pleased to hear about your shady practices, don't you think?
Sincerely yours,
Christsnatcher
I also attached a few images as "basic proof".
The response I got was just another blatant lie:
Hello
The topic was raised in the past and I can only give you the same answer:
I've talked with the Production Lead and this is not DRM, it is an anti-debugger protection and we will not be allocating resources to remove it. Process Explorer (Process Monitor) is an optional software, since it is interfering with the game we recommend to close it.
It is not uncommon for software to interfere with games and in some cases closing other programs before launching will be required.
Regards
Genoan
GOG.com Support
I answered a not-so-nice-way since I really got upset::
“Interfere”, yeah, sounds legit. Try to fool some kids, not me.
And got the standard automated response of:
Hello
Thank you for the feedback.
Have a nice day.
Regards
Genoan
GOG.com Support
So please just be aware that not only the multiplayer .exe did install fully active SecuROM file and registry data on your systems, the main .exes of both addons still do the very same. Just wanted to let you know, cheers!
this is a message I wrote to GOG support some days ago:
Dear GOG support team,
I'll make it short. I know there exists a short topic about SecuROM being active in both of the F.E.A.R. expansions included in your Platinum Edition, but it does not contain any kind of solid proof. That's were I come in. I have more than five years of experience in debugging assembly code, and I took a look both at the FEARXP.exe and the FEARXP2.exe (I won't talk about your poorly hidden FEARMP.exe to spare you the additional shame). The results are perfectly clear: All you did is to take the original SecuROM-protected binaries and remove the actual disc-check so that the games run without the original discs inserted. But you, the "DRM-free company" (https://en.wikipedia.org/wiki/Digital_rights_management), did not even try to remove the DRM entirely or simply "borrow" the RELOADED resp. HATRED cracks (like you did in dozens of other games in the past), no, instead you blatantly lied to your customers about the .exes being "clean". So, getting technical: Both .exes have ALL features of SecuROM v7.40.0006 (https://en.wikipedia.org/wiki/SecuROM) still present and active: 1.) Entry point is in .Sitext region instead of .text, but that does not has to mean anything I admit. 2.) Debugging the .exes shows all sort of SecuROM's sophisticated anti-debug measures (but I managed to do it nonetheless ;) ), like the usual "A required security module cannot be executed" message and other stuff. 3.) Having a non-cloaked emulated disc drive mounted will trigger SecuROM to "blacklist" it the standard way. 4.) The entire Virtual Machine is fully intact and still used to process the game code on runtime. 5.) Running one of the two .exes creates a.) SecuROM's infamous zero-embedded registry data as well as b) its less infamous local file data on the resp. system. 6.) The SecuROM driver routine activates its kernel hooks on startup. 7.) Easy test for you to do: Run Sysinternals "Process Explorer", then try to start one of the addons - it will fail due to this process being on SecuROMs blacklist.
Ok, enough of the nice talk, fact is you are deliberately lying on your faithful customers by withholding all this - important - information and approve their systems getting "infected" by this obnoxiously intrusive DRM in a permanent way. I really hope you will be clever enough to just grab the cracked .exes and release a patch which removes SecuROM entirely from both addons AND get rid of the MP .exe (in disguise), or I'll open up a public huge post about this topic in the not-so-far future, and I'm pretty sure that most of your - I love this term - faithful customers won't be very pleased to hear about your shady practices, don't you think?
Sincerely yours,
Christsnatcher
I also attached a few images as "basic proof".
The response I got was just another blatant lie:
Hello
The topic was raised in the past and I can only give you the same answer:
I've talked with the Production Lead and this is not DRM, it is an anti-debugger protection and we will not be allocating resources to remove it. Process Explorer (Process Monitor) is an optional software, since it is interfering with the game we recommend to close it.
It is not uncommon for software to interfere with games and in some cases closing other programs before launching will be required.
Regards
Genoan
GOG.com Support
I answered a not-so-nice-way since I really got upset::
“Interfere”, yeah, sounds legit. Try to fool some kids, not me.
And got the standard automated response of:
Hello
Thank you for the feedback.
Have a nice day.
Regards
Genoan
GOG.com Support
So please just be aware that not only the multiplayer .exe did install fully active SecuROM file and registry data on your systems, the main .exes of both addons still do the very same. Just wanted to let you know, cheers!
Post edited October 05, 2019 by Christsnatcher
