MOONLIGHT SONATA Posted June 19, 2005 Author Share Posted June 19, 2005 @Martin,Please also download CzechMate.zip that i posted just above my FORYOU.zip linked post.With FORYOU.ZIP you may face some problems. so i add another FORYOU.zip now. discard the previos.Thanks, Mate, Missed you so much.-MOON Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 19, 2005 Share Posted June 19, 2005 2Moon: Sorry, you misunderstood me - all I need is command with which I will call from script. Implementation of what should be inside the encrypted archive will be the based on implementator request. So final implementation of ProtectUA will be this:a.) run AnalyzeUA.vbs - it will show you the identificator of computer (BIOS release date + product)b.) Copy&Paste this value to ProcectUA.vbs.c.) Create encrypted archive with predefined name (for example ProtectUA.zip)d.) encrypt ProtectUA.vbs (final file will be named ProtectUA.vbe)e.) add cscript //nologo ProtectUA.vbe to cmdlines.txtf.) add unpacker to $OEM$ Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 19, 2005 Author Share Posted June 19, 2005 @Martin,Arrived, little bit late... seen your post.. what a difference between what you said and what i sent to you. Like our posts, our mind too not synchronizing at all! BTW, have you seen bit.exe, a lot of questions right now boiling in my mind. want to discuss.. please post ...-MOON Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 19, 2005 Share Posted June 19, 2005 The problem is you didnt post the most important thing - what utility with what syntax would you like to use to decompress the archive. Like I would like to use utility XXX (URL) and the syntax will be XXX ProtectUA.zip /password:YYY.About bit, it is using DMI (Desktop Management Instrumentation) and I am using WMI (Windows Management Instrumentation). What informations are you interested about in this topic? Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 19, 2005 Author Share Posted June 19, 2005 (edited) 2MartinI would like to use PKUNZIP.EXE to decompress the archive. It follows the follwing syntax:PKUNZIP -e -d -spassw0rd C:\ProtectUA.zip C:\where passw0rd, for example, is the password with which it decrypts the archive(-s is the option to include for extracting encrypted archive; there's no space between -s and PASSWORD, please note.)-e for extraction and -d for replicating folder structure found inside the archive to the destination. hope i described properly for your understanding.Regarding. bit.exe, i've some thought, please read on:1. can we not be able to implement bit's DMI method of extracting bios info? if, yes, it has the advantage of finding serial number for MoBo and also bios version+date+time. i understand that it uses DMI while our script is follwing WMI. this idea came to my mind just because BIT does all this things in WIN-32 console mode which as an idea close to our unattended philosophy.2. If your response is no, from our strem of thinking it is not possible to apply BIT.EXE type gathering of info, then, Martin, i've 1 last idea in this conrext. Idea is:From CMDLINES.TXT let us allow BIT.EXE to run in background and it will generate it's .DAT report inside the directory from where we ran it [i wish we can put BIT.EXE inside $OEM$\$$\system32, so that it goes inside HDD during installation]Our VB Script will do no WMI query at all, what it'll do, i wish, is some sort of string checking between BITREPORT.DAT and our arrayAllowedHosts section . If that's possible, then,i hope, we achieved what we wanted all through these interactions. arrayAllowedHosts section is static information based and we can input either MoBo serial no. or BIOS date+time or both . Method of encryption, method of passing authentication check and method deleting NTLDR just remain same all along as you pricelessly suggested all allong. We can pack BIT.EXE into an archive which will be encrypted along with all the other files you suggested before. If it's possible then UACD projects of all the members of this forum will be 100% Protected from both normal users and Advanced users.What's your take on it, Sir, I wait..Now, i'm again leaving forum, i'll come back in 1 hour.Thanks from MOON. Edited June 19, 2005 by MOONLIGHT SONATA Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 19, 2005 Share Posted June 19, 2005 Well, the problem is I dont understand why you want you want to use DMI instead of WMI. DMI was older standart not accepted by majority of product, instead WMI was "forced" by Microsoft, so most major HW players accepted this standart and provided informations to WMI classes. Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 20, 2005 Author Share Posted June 20, 2005 @Martin,Sorry, what i said is just to share an idea. What you suggest is always valuable to me. Now , i really discard DMI option. waiting for you to provide AnalyzeUA.VBS and ProtectUA.VBS.Thanks, Mate. Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 20, 2005 Share Posted June 20, 2005 Here we go, today release of codes:AnalyzeUA.vbsOption Explicit'On Error Resume NextDim objWMIService : Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")Dim colItemsBios : Set colItemsBios = objWMIService.ExecQuery("SELECT * FROM Win32_BIOS", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)Dim colItemsBaseBoard : Set colItemsBaseBoard = objWMIService.ExecQuery("SELECT * FROM Win32_BaseBoard", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)Dim strItemBios, strItemBaseBoard, strAllowedValueDim objItemBios, objItemBaseboardConst wbemFlagReturnImmediately = &h10Const wbemFlagForwardOnly = &h20 For Each objItemBios In colItemsBios For Each objItemBaseboard In colItemsBaseboard strItemBios = Trim(LCase(objItemBios.ReleaseDate)) strItemBaseboard = Trim(LCase(objItemBaseBoard.Product)) strAllowedValue = InputBox ("BIOS Release identificator","BIOS Release",strItemBios & strItemBaseboard) Next Next Set objWMIService = NothingSet colItemsBios = NothingSet colItemsBaseboard = NothingSet objItemBios = NothingSet objItemBaseboard = NothingProtectUA.vbs coming soon... Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 20, 2005 Share Posted June 20, 2005 2All: Please try AnalyzeUA.vbs and let me know if it is working... ProtectUA.vbs (this is working version, didnt have a chance to try it, so be extremely careful!)Option ExplicitDim objWMIService, arrayBIOS, objBIOS, strAllowedHost, strYouAreWelcomeDim strOperatingSystem, colOperatingSystemsDim objFSO, objShell, strSystemDriveDim objBaseboard, arrayBaseboard, strComputerHost, strPasswordConst wbemFlagReturnImmediately = &h10Const wbemFlagForwardOnly = &h20Const wmiRestartForce = 4 strPassword = "Passw0rd"Dim arrayAllowedHosts(1)arrayAllowedHosts(0) = "20030716000000.000000+0000x1078"arrayAllowedHosts(1) = "20030814******.******+***virtual machine"Set objShell = CreateObject("Wscript.Shell")Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")Set arrayBIOS = objWMIService.ExecQuery("SELECT * FROM Win32_BIOS", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)Set arrayBaseBoard = objWMIService.ExecQuery("SELECT * FROM Win32_BaseBoard", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)For Each objBIOS In arrayBIOS For Each objBaseboard In arrayBaseBoard strComputerHost = objBios.ReleaseDate & objBaseboard.Product For Each strAllowedHost in arrayAllowedHosts If Trim(LCase(strComputerHost)) = Trim(LCase(strAllowedHost)) Then strYouAreWelcome = 1 Next Next NextIf strYouAreWelcome <> 1 Then Set objFSO = CreateObject("Scripting.FileSystemObject") Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true") strSystemDrive = objShell.ExpandEnvironmentStrings("%SystemDrive%") objFSO.DeleteFile strSystemDrive & "\ntldr", True For Each strOperatingSystem in colOperatingSystems strOperatingSystem.Reboot() Next Else If strYouAreWelcome = 1 Then ObjShell.Run ("PKUNZIP -e -d -s" & strPassword & " C:\ProtectUA.zip C:\", 0, True) End IfEnd IfBTW about array - I decided to change it little bit. As you can see, you must add arrayAllowedHost(X) for each new computer. Also you must increase the Dim arrayAllowedHost value.Waiting for your feedback guys Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 20, 2005 Author Share Posted June 20, 2005 @Martin,I'm indebted to you for these nice scripts. AnalyzeUA.VBS works fine.On the way towards applying ProtectUA.VBS. Let's see what happens..a few clarifications i expect from you.<i> Dim arrayAllowedHosts(1) arrayAllowedHosts(0) = "20030716000000.000000+0000x1078" arrayAllowedHosts(1) = "20030814******.******+***virtual machine" here,as i understood, script is instructed to check arrayAllowedHosts(1) and, arrayAllowedHosts(0) = "20030716000000.000000+0000x1078", is just to show us how to add multiple computers into AllowedHosts list. Now, if we have another true AllowedHosts numbered 0, then we would have to change Dim arrayAllowedHosts(1). is the needed change is like Dim arrayAllowedHosts(2) or Dim arrayAllowedHosts(0,1)?<ii> ProtectUA.zip is loaded into C:\ during copying of $OEM$\$1 folder. Now, if a machine don't pass authentication, then although NTLDR gets deleted, still ProtectUA.zip remains at the root of C:\. Although, because of encryption, nobody can extract ProtectUA.zip, but, i opine, it should be deleted as well. Now, can i add objFSO.DeleteFile strSystemDrive & "\ProtectUA.zip", True line after objFSO.DeleteFile strSystemDrive & "\ntldr", True ?I'll be obliged if you provide your valuable suggestions.----MOON Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 20, 2005 Share Posted June 20, 2005 Nope...Dim arrayAllowedHosts(1) means arrayAllowedHosts will have two members (it is counted from 0, not from one). arrayAllowedHosts(0) and arrayAllowedHosts(1) are these two members. So if you want to add another member, you must add +1 to Dim arrayAllowedHosts (so it will be arrayAllowedHosts(2)) AND create new value arrayAllowedHosts(2) = "blablabla"If you want to delete ProtectUA.zip, you cant use objFSO.DeleteFile strSystemDrive & "\ntldr", Trueit would try to delete ProtectUA.zip from %windir%. Instead you must use objFSO.DeleteFile "C:\ProtectUA.zip", True Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 21, 2005 Author Share Posted June 21, 2005 @Martin,I've tested ProtectUA.VBS . Not working to the extent of decompressing the ZIP archive. My ProtectUA.ZIP is under $OEM$\$1 so that it gets copied to C:\ as because from the script it has been instructed, as per my wish, of course, to decompressed by PKUNZIP.EXE from C:\. But it's not working. My cmdlines.txt has entry like :[COMMANDS]"cscript //nologo ProtectUA.vbs"i still not applied encoding... what's wrong? is the command line syntax as given by me is followed as noted. for clarity, there's no space between -s and password in the PKUNZIP syntax.Please reply. Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 21, 2005 Share Posted June 21, 2005 Try ObjShell.Run ("c:\PKUNZIP -e -d -s" & strPassword & " C:\ProtectUA.zip C:\", 0, True)and let me know... Maybe it is not able to locate pkunzip Link to comment Share on other sites More sharing options...
MOONLIGHT SONATA Posted June 21, 2005 Author Share Posted June 21, 2005 PKunzip is located,as you said, iside $OEM$ folder. Then, does this command will work? Link to comment Share on other sites More sharing options...
Martin Zugec Posted June 21, 2005 Share Posted June 21, 2005 Give it a try Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now