From 9eb4887288a3f6aa0b2f68d9974b22ab3ca9c3f9 Mon Sep 17 00:00:00 2001 From: Bottersnike Date: Sun, 27 Nov 2022 22:29:36 +0000 Subject: [PATCH] Security docs --- docs.py | 7 +- images/ftk.png | Bin 0 -> 5903 bytes static/keys/SystemKeyFile | 1 + static/keys/UpdateKeyFile | 2 + styles.css | 12 + .../pages/sega/{ => misc}/partition.html | 0 templates/pages/sega/software/security.html | 526 ++++++++++++++++++ .../pages/sega/software/security/game.html | 6 - 8 files changed, 545 insertions(+), 9 deletions(-) create mode 100644 images/ftk.png create mode 100644 static/keys/SystemKeyFile create mode 100644 static/keys/UpdateKeyFile rename templates/pages/sega/{ => misc}/partition.html (100%) create mode 100644 templates/pages/sega/software/security.html delete mode 100644 templates/pages/sega/software/security/game.html diff --git a/docs.py b/docs.py index 021435c..59982ea 100644 --- a/docs.py +++ b/docs.py @@ -49,14 +49,15 @@ SEGA_CONTENTS = { "software": ("Software", { "pcp": ("PCP", {"libpcp.html": "libpcp"}), "drivers": ("Device drivers", None), - "security": ("Security", { - "game.html": "Game encryption", - }), + "security.html": "Security", "groovemaster.html": "GrooveMaster.ini", }), # "network": ("Networking", { # "allnet.html": "ALL.Net" # }), + "misc": ("Misc", { + "partition.html": "SEGA Partition Structure" + }), } CONTENTS = { "": EAMUSE_CONTENTS, diff --git a/images/ftk.png b/images/ftk.png new file mode 100644 index 0000000000000000000000000000000000000000..54bb034524af0ca9463af9b570585d7f9f8de48b GIT binary patch literal 5903 zcmaJ_XH-*Lw*?!)AOTTg0fHc6K>{Kmp+uT=P*BPRf}qlSlNO>>5hY#~q?)TBMG!XHjB#?#9_Ng`_gZ_dIoDb#mo1IG73!OU&^GyF7F)bouxy(Lk2#Zr)fh(AXh_ zk59Pm=fzJ9D89+ZCthG;pnEj}v6SchL6R6rBxP9deRcWdQ$0s(Q+=}+36I7$YQa#& zsak9jqF^{kf9^#=!PP$%G;7yjX>yJki?Z7_z9oKpUp>mm=%3!D4>-2RrJqrEGIHmo z`bS5;Wwuuo*tx^F+an$xm~SdojWeEGxibPF4>;wCWMmBU(_!#DiBG?J5(o6SW!J_tZ!zI6V8KUZ@0AFCs0 zbbK5}TSZWB3ZeuNEhL>ShmH6u%oP%R&1<6>tn;ee1z+w@!a0jYcJFe15a@<*lVRn= z1Mo^=wm)e4>o+E%mO%rK0nIg6S-b!D`#oFqGre$dmNl3CS$+VEXEe^kEo1fA%oLI> z3C78pcj0o>KYO+?SMVf7mOw~NV^x0m^~OeTT;S+#*M0w9%AU;KL^YQ@M{%|bTv2<4 zR!ZAu(iw9@IUQ6eYHMM>r0BWzP`R^@C?_#{$+Hq3SW1z(UWj#%qc(<2=L7XlBE&bT?R$AKQB=)I5E0^&oy%Gq-j--Oz_ zU)*H@gJuw=(c8mzo1K~^oNw0^9^!a?s9o17I<+MQj}ysE^i$D%d|gr4-CM0H=(cE& z!oqp+;E!*Y0^OFE$jK0Qtc@6%Bw;{LEK#YW9&JT!r7j~-F&MnpZ5;FM_BglG#Tu={ zC`MQYeoq|U8zr)!G=(1Jx8KCyM0HIP4Gls^`IzSR*@_Msy>V}n#X=4lkd9(WjyP&Q zdtS{_(erHYk|OzTucJL!WeDBs>7r`Ru9bx3=AT~q6#mN9@1O~p`_YPH#h$}(_1oT# z1M#R44Cluja$|F5sX6wZ=JFPHm>Iyy61+_Y;)|ssr$nE0pA)7MgWMLIW7a&*0mDQ2 zKzvD}J5EnfK;r5#>|{p+*ScG-KIHb?`hTgjyRKs)$t&7LADcp$=HX3?8w~jQ1>gc!m_*m zBtp0}t)N4qv3Es)kqVo%DBo8Emqrm)V|ap6#6IC_YFtTZ)%_SR4;Q`Fkr9kP*jC3 z%CPi+m5)MX;KkI1J;}Xg-hkSPD?>@XZC~yH<2RQ#UF|kLo1HI6tzD{3KIY+isyTtw zFREUR7=XTk-oVAGER>qlol(YOK(nDXQxS+v6k}eZlh|&h>>dszCvZlG z8*+Aw9wsKVwN(Pp&|NZcbQEhT!A<(G3c|XDc5S?TR%f zTS0ApD0%jkH^1Bo;_~B{HD^z1H&>jxw8IEa7FZ51D9o45>M3TZ2;Dhh8)e=vtF(z$$Q4p#LA|@LwllFq?q#x0Kh7cAT z{OVNM5zEhJWmQzomB3o*QH!DlP4C;9oeAj4+OnaqBBqDT>8b-~K3;J)L`0Y%(}8$x z;q`pZ(0(i=*zw{>Pr=9ioUZ{J`YiG`eyv;c8%3TbnxITbiA)It$68R!$HMRFbyIy7 zU>Vad>w(P)C}sH#*TnuoT_^R*V#<&mn5@18ASu77fDt1H+jY1R2{h$8;)?v}oOhhk zr3=c?N(7;z5)`w&G@$LKm2Vw37&IogK#n712@SaS_Do{qzA3D|_V)()6THEZH=|$T zV1oFLDMz!uBpO6Dejwb8nWYdP&FVZUsXcomPU*l;AL6LM8$}pu#q)BaU36i~m!=CM zYVobwoMW^diXluO=%+`_6Hp<;#$SqG9q4tz{o3!!pJ- za0{Sg>UX<>sX}zxRgQ{z?Y)sCwzmI2+*l=!hS+SUx%+c% zUnJgH0P=GSAOtnV{fF*uwR_Z#xE%F>hC^}EfLmqnCua&bHwI6zN;5~{r$(YuC4XRT_(lUR6ZIK7{%*x2 zR(IT1?AuJ$M0i%AlKW5OIFXZQQ7js=DFa z)yOU%$2c96X~`pbiO;s1A1xUAFUPiMk0p0ea_0RLm zTTb%#9FObEk|m8>%O#DsS4uRyrCB1ZGj`?0YctR~d)}6}%f==#gJYbymNs5AOz(v! zZ9Sw$_f`mUon=|k(a{~ap!uh%a)7u;J)g8WI%Q%0C|%FHJm+^Fj2-Jsrm7o~_Hy$y zZx6hv&Ch4f*9RQG)JgSzeK<@e-y9@y?!Nn5Y*RzmY*ICA+d&0O`Rw_;N47gaUnxw} zJWtJIa;ME{tbwNe!F-lW*o|o^Uhr>dXN|fX+WE_ZpHwpxa37~8&p^;I$Yl+1>h*SX zsA&`uF{c0Ky8Q90mCj?C5bg{NtIl_^_wF z@4n7GvRg&fbe}ttb|sn>`!28i1VF#_m(9;7i25=6dWR-(V0N44?FZBq?ar8n?AUv+ zRZ3?+zdqj;qLinFwBoH&rH>HqF2z&xg#*dcs574RZ>oeEr{1@x?9P6rkNC(PfOUFa zxU@ur=1s^Xg}fNXh58$#Na8$9J7$Qmq)(maw~LZcT-55ltM)ZOlXBI=3~S^% zJc*IHP=O<&--X?Z4=x!VFw2PD_j)bzT;A^VjGll!tUc-Cyl;*yCnH!FMjT`>~!+gOTEWpy1Vw{LGi95Y| z(>|8j1l>zJ^~e|ws}1~o{A|ELIL6ZZa4Cmg1n5o_Yu(}PW~I18=wMmoeun`qagP(dC!H1=9Mzr+?aTMF zz-UnZXgF{Jt{~rsk*PLs5CyFq4LJAI=%rAr^b%jG?dP&|iebtce{Z6>CF0J$XDyOB z+PQKwBjHjG#9H6xqmGj_kOmedGG~KzGMcI{6(_M=k=!?q-a{48(Pi`hKmZdtCl^+b z2)&Ei+OhA?%gX)ZdcW8tY?DEUzf%jGlX)wGlDyjC#U zZ!Su`wqp_!?9Y|{T6qW4@PdL3RgER4-~rr@mcQZ8P4(!uClBqg(vAs$_q_zgQ{l8J zJ76*^gQj6Q5m))1hFWhR3n$AWsZNX|o0*d_S|zMMzG5UU zfG-&bw;I}=yp8sg?@HBa5VD^BkZ4xc$9hQTxsE&;kqpzUxOqWu74=?He=YOK%$2Lc zehcHnN6@Gb_3U`#kR6uT6l#FbuUNsvk_|(+I^rz!`uid<4{&HWtsvE~QqqDtr3dv? z1|8`2o4un)H@!@VH_|Da%Z<5!Z!UP^9d3UD{l^TrD8NfXvY+>QKU417Bb)Bw_>KPrTiEv@ z5k57>(JgS`$G<40=&PD72Ymb2S;CMFiY$Z08)SIUYC&o`2v%~5s}Won@i|V(o#%D+ zIPS7i2vgus_uZ^y@7RU%Y>esBzbBYfX`*Pd4{xT6p&RY9TGpsin^!Y`C<6%}z5&qi zncIK6rD}(w6!*l>WQ9l1I&G=YRq~`(gcYP>kvxag`j8yWI5d%51nPx{vl3Ekgy3bv zsC$7(b6VzZ*CYQJput}>$`kuNJndDmqwm%gvF#ch`v(?{MGP>>d=W%8pcn1=J9B^n z2=@ORjDE|w8gNYtKPpxiCEGmyUaUjl-ycCLruM1wkiU5_>pxt951o4)#eS&X|2`Gm zHO9&;1gmViu1duaA(-{||JBRi+sm~Fc@gM8^O4|0$V>D#z1j6XBBqfvI^FqfV4&1) zpp?m!;lxRYy7_3u#vlWV>)9HWQeP8jzxlf<5`c@mwK8$#1|k*!-^KluerBGv4OGmK z2I%SV;*$9>yx~Zq*ut@Yi1 zs)wr>>w3A7*4M@{6H)hh#)3R|iYDy;O{eiObrqxoNWYsMIsmxNdSAjqU1K;!gBILZ zo*X|Lx>As=RbKKP`qZ7#v`0j8&Cp=EalLwM&>_ir_5S2_$y?QBp|Gi2il5UmXNwe`(U%(P z=P?R67A|%}RW?64V-(i;)(l~uYyX!6Y|7B1ue6dUn8GwV)9pyM8Q87|$^DaX@@FQ+ zJE)39UHXmQiYBCHBq)J*u6~3tgU}pD#MPzRLE4keCQZ!H*S%GbS|0?;zKO_5;>hdC zFRtdv!@gXSSRfCUgY;%P^JK4g_a(ccz3zW+Vo1S14W{q=^vV{38>23CnmJw??{;Uz zb^C^R{Z;O4KhnXdk-ZPM#d;TGbHV_^QIj9{}2*;*UjcMC6;FQd&8HF@+bA)o|)kW|}r(vRso zvY{rCOpJ08zsdc&_LkPh?RzR|0(Ho^<(tk!h=*tn31i_x7AIr=!-U$=mOw7M@Vk!{ zDHV5+BdZc=^`uUAM-b7P1ld*7E0zDYT#7ZSLj;+>^de^6*Qo zouQfzmW6Ob&#X{csR?y(#0#zcw*VOfe#XHcqbkA;{vS2ux z>%5*ufy_MWcz=c8@qxgu@|4L6sgf;K;HZ0TaBm=0B<(Pakd8_7$Ot=<`n(2u^H);I z&3cBgHu{5ymaVve&s{|HVPg>L3qo;_o5{U^al2U?C z9>hD3HP2q1F~Sz5A?JDc$OZmr)G2h==`uJRm)oFPUAEb{E3HMp0$l>9`|c2O9o!4);|~OIdZ_SbmB>?V)R|F zIK47tcC}>og@W;pIe~ey`3U)tP0;zmJfanb7#TIY8KLnfXR4*1&Y0(WL*!#fb;rNz zl)jecRM#H05^g}AylSDX!jnUSn`P~{)px{>e{13g>*mU6Ry|%?j%8c-CT#l7Rrf9*k&IV$ZasA5)z6N~^zVX&kqGW$GwrExSaqCLA|zyOt*(|b zdgV>ta9SH$x>e6e@C#ymlhKAe-er8RD{*%%GvPU8n-TK;Ih z(%CsHV6NS5vXMiuTlVVp#sR<4C{nnAZo^H~S*u4mb}%Qyr(lhYs6S}+KErFq)8A~v z@0j3sYLAc4-Hj_u_#{0jdG$Wi2G;5_D_lDPU;%WeXgM9NtQV6?WAEMu|Kcck7$ek~ zo-#}%pngo5fJ+lxVQFD;Y3b`#ankF@&8CZqT4C0N2}AnQwO~0MuNfn$P(C{wH5(XI zQ}nDvJ)m|@xO?jZV%U&w#LttYj592{P{p<-DhWB=KB;IcC?*!`H4~?F0Xa5m^0g-) zt)V1^tn(aB1h0g9eJ}aqS`)vmAhbW9}6BN-95GlaOA(lV_4JHINNm?W^vR2wmp z`dkO`t&PX0k3d`N%1t0E$V=2BU68lm5&#~uH*at@LE8N8n@xKB^(TI9{GuL7%ZVnx z6q{GX5ng{YMPsUTgFwbXpk6>{quUg$j&Q66f_)oA2O}%T@CN9`Jk|iqbb94UI8%#>YC3w6Jh`W literal 0 HcmV?d00001 diff --git a/static/keys/SystemKeyFile b/static/keys/SystemKeyFile new file mode 100644 index 0000000..c5a2fee --- /dev/null +++ b/static/keys/SystemKeyFile @@ -0,0 +1 @@ +adsaf21519189aq1g56161asdff19as1f9:PF:CA[][_159191wef \ No newline at end of file diff --git a/static/keys/UpdateKeyFile b/static/keys/UpdateKeyFile new file mode 100644 index 0000000..42d6c60 --- /dev/null +++ b/static/keys/UpdateKeyFile @@ -0,0 +1,2 @@ + +GkN#l \ No newline at end of file diff --git a/styles.css b/styles.css index 6faeef6..3d5fccc 100644 --- a/styles.css +++ b/styles.css @@ -294,6 +294,18 @@ mark { } } + +.ata-bad { + color: #f5417d; +} +.ata-good { + color: #4df541; +} +.ata-ignore { + color: #f5ad41; +} + + @media (prefers-color-scheme: dark) { body { background-color: #000; diff --git a/templates/pages/sega/partition.html b/templates/pages/sega/misc/partition.html similarity index 100% rename from templates/pages/sega/partition.html rename to templates/pages/sega/misc/partition.html diff --git a/templates/pages/sega/software/security.html b/templates/pages/sega/software/security.html new file mode 100644 index 0000000..4c27b22 --- /dev/null +++ b/templates/pages/sega/software/security.html @@ -0,0 +1,526 @@ +{% extends "sega.html" %} +{% block title %}{% endblock %} +{% block body %} +

System Security

+

The Ring* series have a number of security measures in place, some easy to bypass, others requiring more work. They + are listed here in, roughly, the order in which each layer is applied.

+ +

Drive ATA Password

+

The SSD contained within the system has an ATA password set. The system BIOS contains a password derivation function + that derives the specific password for that drive based on its serial number.

+

This can be bypassed either by extracting the password used, or by first powering on the Ring* system with the drive + connected, then hotplugging the SATA data cable on the drive while keeping the drive powered.

+ +
+ Why does this work? +

The following is the sequence of possible security modes for an ATA drive:

+ + + + + + + + + + + + + + + + + + + + + + SEC0 + + + + + Power: off + + + Security: No + + + + + + Power on + + + + + Freeze + + + + + HW Reset + + + + + + + + + + SEC1 + + + + + Security: No + + + Frozen: No + + + + + + + + SEC2 + + + + + Security: No + + + Frozen: Yes + + + + + + + + SEC5 + + + + + Security: Yes + + + Unlocked: Yes + + + Frozen: No + + + + + + + + SEC4 + + + + + Security: Yes + + + Unlocked: No + + + Frozen: No + + + + + + + + SEC6 + + + + + Security: Yes + + + Unlocked: Yes + + + Frozen: Yes + + + + + + Power on + + + + + HW reset + + + + + + + Unlock + + + + + + Freeze + + + + + + + + SEC3 + + + + + Power: off + + + Security: Yes + + + +

When the drive has a password set, it initially starts in SEC3. The RingEdge then transitions the drive to SEC5 + then SEC6. Importantly, however, as long as power is never lost, the drive will remain in SEC6 mode, even if we + connect it to a different system.

+

This allows us full read-write access to the drive without ever knowing the password!

+
+ +

Windows Password

+

It seems silly to mention, but it's worth noting. AppUser will automatically log in, but if you need to + log back in, or wish to login as SystemUser, you'll need the passwords.

+

AppUser's password is segahard.

+

SystemUser's password is <6/=U=#tpe!$*3!5. NOTE: if a debugger is attached to + mxprestartup, Miflac=Ifme9Jfp0 will be attempted as the password for + SystemUser instead. This is not the correct password for a production unit. +

+ +
+ Finding SystemUser's password + +

When AppUser logs in, mxprestartup is executed. This binary constructs SystemUser's password then elevates + permissions. When no debugger is present, the following steps are performed:

+ +
    +
  • Add 153815264b5839090b0d1c1a423c02241633130673071a1e38443912410b47380f213c1d and + 2e0247311e162b666c6640393737724157001f56045b4b4f24333457335a26381f4c3349 together (these are + strings contained within the binary). +
    • +
      +
    • Result: C:\Windows\System32\wbem\wmitemp.mof
      • +
    +
  • Read C:\Windows\System32\wbem\wmitemp.mof. +
    • +
      +
    • Result: 270a2a053b29042b261d1b22070d140c
      • +
    +
  • Add 152c05381a141f494a48060223260d29 to this value. +
    • +
      +
    • Result: <6/=U=#tpe!$*3!5
      • +
    +
+ +

If a debugger is present, a similar process is performed:

+ +
    +
  • Add d0b1c034a32243340505a343659517c121f0319583d205c593a690719604846000e062a6 and + 63f10541f0c201c0703022f332a13094b542f130c25491a1c280a65440831296e2563590 together, with each + byte + modulo 255 (not 256!). +
    • +
      +
    • Result: 34a3c57594e444f47535c53797374756d63323c546279667562737c5d68796f6e2379737
      • +
    +
  • Flip the nibbles of each byte.
    • +
      +
    • Result: C:\WINDOWS\system32\drivers\mxio.sys
      • +
    +
  • Read C:\WINDOWS\system32\drivers\mxio.sys.
    • +
      +
    • Result: 9160e5c22392918371e43573f2b095b1
      • +
    +
  • Add 43368004f2a34211f4f12120b1b57151 to this value, with each byte modulo 255. +
    • +
      +
    • Result: d49666c61636d39466d65693a4660703
      • +
    +
  • Flip the nibbles of each byte.
    • +
      +
    • Result: Miflac=Ifme9Jfp0
      • +
    +
+ +

Why is the process for a debugged process more elaborate? I'm not sure.

+
+ +

System binaries encryption

+

The system binaries, normally located on S:, are a TrueCrypt partition. The partition file can be found + at C:\System\Execute\System. It has password segahardpassword, and used the alternate data + stream loated at + C:\System\Execute\DLL:SystemKeyFile as a keyfile. +

+

C:\System\Execute\DLL:UpdateKeyFile is also present here, which is used for encryption of update + data (but is not utilised in the process of mounting S:).

+ +
+ What's an Alternate Data Stream? +

An alternate data stream, or ADS for short, is a feature of the NTFS filesystem where additional data can be + stored alongside a file or directory. On modern Windows systems, they can be shown using dir /R. If + you are performing analysis on the system using digital forensics software, which you probably should be, all + major packages will show these streams clearly.

+ +
+ +
The alternate data streams, in FTK Imager
+
+ +

The SANS Institude + website is a great resource for more information and links.

+
+
+ Finding this information + +

The decryption of the system partition is the responsibility of mxstartup. This file contains pairs + of hex strings which sum to produce the paths to the alternate data streams, and the volume password.

+
+ +

Keyfile downloads

+ + +

Keychip

+

This is the first point during the boot process where a physical keychip is required in order to continue the system + boot process.

+

With the exception of mxkeychip, processes do not + directly communicate with the keychip. Instead, they communicate with mxkeychip via a PCP. mxkeychip itself is then responsible for + communicating with the keychip. These communications are AES encrypted with keys agreed during the initial + handshake.

+ +

The keychip is responsible for a number of functions:

+
    +
  • Each keychip is assigned a region, and this region must match the region stored in the Ring*'s EEPROM.
    • +
  • It contains configuration tables for the network setup.
    • +
  • It is able to perform basic encryption and decryption, which is used to derive the game encryption key.
    • +
  • It includes a large challenge-response table used to authenticate with the specific game.
    • +
  • It contains Aime billing information regarding how many credits are allowed on this machine before + re-authenticating with network services.
    • +
  • It contains a small amount of writable storage used to store trace logs, such as when the system booted or + authenticated with network services.
    • +
+ +

This security layer can be bypassed by replacing the mxkeychip.exe binary with a custom binary, + eliminating the need to emulate the physical parallel device, and its encryption.

+ +

Game data encryption

+

Once the system has verified it is allowed to continue booting, it proceeds to decrypt the game partition. This is + done by performing a keychip.decrypt request.

+

The specific key used varies by game. The easiest way to retrieve this key is to, well, ask the keychip for it. We + can first start a listener on port 40106 to retrieve the value that the boot process is passing. + Following that, we can start the real mxkeychip, and request the same decryption. It will then provide us with the + key to be used for the game encryption!

+

TODO: Some proper digging into the mx binaries to determine exactly where it pulls the encrypted string in the + request

+

The value we have now should be 16 bytes, and is the contents for a keyfile.

+

Like the S: drive, game data is a TrueCrypt partition. Check the SEGA partition description to determine which partition contains + the game data. If in doubt, just try they all until one works :).

+ +

Game-keychip handshake

+

There is one final security step present, however I believe this to only be present in some games.

+

When the game boots, it makes requests to keychip.ssd.proof and keychip.ds.compute. These + are challenge-response queries, which the keychip will internally look up in a large table of possible values.

+

While we could dump the EEPROM chip located on the keychip, there is no need for this. As the game also needs a copy + of the responses to validate against, we can just grab that file, as we have already decrypted the game partition by + this point. The file will likely be named [game ID]_Table.dat.

+ +

I'll flush this out later, but for now, here's the structure of that file:

+
{% highlight "c" %}
+struct {
+    struct {
+        char challenge[7];
+        char responses[4][20];
+    } ds[10000];
+    struct {
+        char challenge[16];
+        char response[16];
+    } ssd[10000];
+}
+{% endhighlight %}
+ +

The responses are scrambled as described below:

+

DS Scramble:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Output index012345678910111213141516171819
Input index155131410121116741812630178199
+

SSD Scramble:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Output index0123456789101112131415
Input index6841271311023111415059
+ +

NOTE: The following information may only be true for MaiMai FiNALE! I have not yet verified this on other + games! +
+ In dev mode, the game will only ever request a single string as the challenge. +

+

This string is 2CFECBC71CF1E4, and its corresponding four response pages are (not scrambled):

+
    +
  1. ca6ed736401682dd4411a27d2440ac4b478bad8b
    2. +
  2. 4ac606302ce5ef51abb3df2dc46c863b3c06aa2c
    3. +
  3. 2aaf35b2aba4c6840bdb7bd40ecbce2cca934795
    4. +
  4. 2f6d713dabde3c43df818491ab9467ba8ba0fed4
    5. +
+

+ NOTE: The following information is super un-verified!
+ Occasionally the game will make a query to the DS table that is not present in the table. In this instance, the + keychip responds with the entry at index n, where n is a counter that increments every time a + keychip.ds.compute query is performed, modulo 100. +

+

It should be noted that if the keychip binary imemdiatly terminates the connection, rather than sending a + known-incorrect response (such as if the challenge matches none in the known tables), the game will re-attempt the + query, and this query will, with a high likelyhood, be different.

+ +

It should additionally be noted that this whole process can be skipped by returning code=54 rather than + a valid response.

+ +{% endblock %} \ No newline at end of file diff --git a/templates/pages/sega/software/security/game.html b/templates/pages/sega/software/security/game.html deleted file mode 100644 index e68cb98..0000000 --- a/templates/pages/sega/software/security/game.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "sega.html" %} -{% block title %}{% endblock %} -{% block body %} -

Game Encryption

-

Games are encrypted with CrackProof encryption.

-{% endblock %} \ No newline at end of file