nERv
Universal SafeDisc and SafeCast Loader (c) RELOADED
10/2009 :..... RELEASE.DATE .. PROTECTION .......: Safedisc/Safecast
DISC(S) .. GAME.TYPE ........: All
Release note:
Since the Macrovision Corp. turned into Rovi Corporation and discontinued
development of SafeDisc/SafeCast DRM's, we have decided to make this old
tool public (after some adjustments).
This tool bypasses checks like cd/dvd validation, trial, online-activation
(for beta games), execution-count and of course silent cd/dvd check (so you
should be able to play The Sims 2 as well). Read the included ReadMe.txt for
more details and on how to use this.
Please note that we will take no responsibility for this loader. We will not
provide any future fixes or support. We are aware the Source archive is
password protected. Do not ask us for the password.
Antivirus software that blocks code injection will block this loader, so make
sure to greenlist the included exe and dll or disable your antivirus software.
Special note:
We would like to take this opportunity to state our case against the recent
unnecessary propers by Razor.
From the nfo of Borderlands_Proper-Razor1911:
Razor claims that our release "wasts [sic] 1gb more space".
Fact: Our release is smaller. Installed, both are the same in size.
Razor claims that our release is a "self made iso", implying that it is not
retail.
Fact: We stated clearly in our nfo that our release was from Trymedia, which
is an official retail* distributor. It uses another installer that installs
faster, and every installed file is byte-identical to their version, except
for the exe.
Razor claims that we "removed" the delay import directory entry.
Fact: this entry was not available in the original executable.
Besides, a "Delay import" table does exactly what it implies: it DELAYS the
execution of dlls. If there is no "delay import" table, as in our
executable, the inits of the dlls will not be delayed, but loaded before EP
as every other dll. Razor's implication that our version lacks PhysX in any
way is absolutely incorrect (see technical proof below).
Of all the outright lies, Razor claims that their releases are somehow more
"retail" than our Borderlands release (Trymedia), and also recently
SKIDROW's Raven Squad (Steam) release, is the most bizarre.
Let's refer to the Merriam-Webster definition of retail:
Main Entry: re'tail
Function: verb
Date: 15th century
transitive verb
1 : to sell in small quantities directly to the ultimate consumer
The online distributable versions of games are the same product, the same
files, but sold by an online retailer with an official distribution deal
with the publisher and sold directly to the ultimate customer. What exactly
is less than retail about that? The "retail" rule was always meant as a way
to distinguish the final version of a game from unfinished betas and review
copies. It was never meant to limit releases to physical boxed store copies.
Especially in a time and age where digital distribution is becoming more
and more regular and some titles (for instance Saw) are exclusively
distributed on digital platforms, it seems outdated to disallow releasing
such titles altogether. And we know that Razor knows this, because
they too have released titles from such sources.
In the case of Borderlands the only difference with the Razor "retail"
version and our version is that the Razor version, ironically, requires you
to allow the installer to go online during installation. If the Securom
internet date-check at the end of the installation fails, it uninstalls the
game. The installer also launches the game, and if the disc-check fails
(which it will due to Razor's "self made" iso), it will also roll back the
installation. Razor tried to 'fix' this, by creating a fake executable that
should be copied over during the installation to prevent the installer from
automatically uninstalling the game. How "retail" is that solution ?
Another example is the release of A-Train 8. Here a downloaded installer
placed on a "self made iso" was good enough for Razor. And in the ultimate
act of hypocrisy, they nuked a legitimate proper that pointed out that their
release crashed due to badly copied code from a trial version of the game,
something they regularly accuse others of.
As it looks, the reasons for Razor's odd behaviour and unneeded propers
may be an overinflated sense of entitlement and frustration over the recent
inability to win releases in an honorable fashion.
Technical proof:
00AAD33B PUSH Borderla.01B2B7C8
; UNICODE "PhysXLocal/PhysXLoader.dll"
00AAD340 CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryW>]
; kernel32.LoadLibraryW
00AAD346 JMP SHORT Borderla.00AAD364
00AAD348 MOV ESI,DWORD PTR DS:[<&KERNEL32.LoadLibraryW>]
; kernel32.LoadLibraryW
00AAD34E PUSH Borderla.01B2B800
; UNICODE "PhysXLoader.dll"
00AAD353 CALL ESI
00AAD355 TEST EAX,EAX
00AAD357 JNZ Borderla.00AAD3E3
00AAD35D PUSH Borderla.01B2B820
; UNICODE "PhysXLocal/PhysXLoader.dll"
00AAD362 CALL ESI
As Physxloader.dll gets loaded the physx subsystem gets inited.
017F6086 MOV EAX,Borderla.01EF13F8
017F608B JMP Borderla.017F6090
017F6090 PUSH ECX
017F6091 PUSH EDX
017F6092 PUSH EAX
017F6093 PUSH Borderla.01E863EC
017F6098 CALL Borderla.01892882
017F609D POP EDX
017F609E POP ECX
017F609F JMP EAX
017F60A1 MOV EAX,Borderla.01EF13E4
017F60A6 JMP Borderla.017F6090
017F60AB MOV EAX,Borderla.01EF13E8
017F60B0 JMP Borderla.017F6090
017F60B5 MOV EAX,Borderla.01EF13EC
017F60BA JMP Borderla.017F6090
017F60BF MOV EAX,Borderla.01EF13F0
017F60C4 JMP Borderla.017F6090
And the above gamecode fills the delayed IAT-Address with its
corresponding PhysxLoader APIs.
These APIs will be called whenever the game calls PhysX SDK calls.
An example of this:
Before:
00AAD51F |. CALL DWORD PTR DS:[1EF13EC] ; Borderla.017F60B5
After:
00AAD51F |. CALL DWORD PTR DS:[1EF13EC] ; PhysXLoa.NxCreatePhysicsSDK
1. Read nfo.
2. Unpack.
3. Use the included files to run any safedisc/safecast protected executables.