Protecting UACD ! -Some Insight

[rikgale]

.....And a guide that an id*** (me) could follow.

[MOONLIGHT SONATA]

@BrandonS_Mil & rikgale,

Here's a Guide (almost!) that i find pertinent for your requests. And, Files packed Too!

I explain the working of this Protection method in some detail.

Method is to be implemented from RunOnceEx.CMD. Another criterion is to implement it in RunOnceEx.CMD by adding it into the REG ADD section. Though, this authentication should start before any Post-Installation Non-Microsoft File transfer activity, we can't simply add the running of this authentication script in RunOnceEx.CMD directly by following the syntax below:

%SystemDrive%\Windows\System32\ProtectUA.CMD

SET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

REG ADD %KEY% /V TITLE /D "Software Installation Window" /f

REG ADD %KEY%\001 /VE /D "Preparing Installation Profile..." /f

REG ADD %KEY%\001 /V 1 /D "%CDROM%\$OEM$\PREPARE.CMD" /f

Reason is Our ProtectUA.CMD file contains the command-line running of ProtectUA.VBS, the actual file which does all the WMI Class Queries to auto-detect

Unique Identificator from BIOS. As not all WMI Classes are available at the T-13 Minute mark, a time when both CMDLINES.TXT and RunOnceEx.CMD jobs get lined-up for 1st log-on time accomplishment, the above input into RunOnceEx.CMD will fail. Will fail because ProtectUA.CMD will then run at the T-13 Minute Mark, instead of at the 1st Log-On. The correct input into RunOnceEx.CMD should be like this:

SET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

REG ADD %KEY% /V TITLE /D "Software Installation Window" /f

REG ADD %KEY%\001 /VE /D "Preparing Installation Profile..." /f

REG ADD %KEY%\001 /V 1 /D "%SystemDrive%\Windows\System32\ProtectUA.CMD" /f

REG ADD %KEY%\001 /V 2 /D "%CDROM%\$OEM$\PREPARE.CMD" /f

Now, the ProtectUA.VBS will do all WMI Class Queries at the time of 1st Log-On.

Still Reading?....Follow Me...

All of your .CMD files including Prepare.CMD need to be packed in a ZIP archive (in ProtectUA.VBS, we call the ZIP as ProtectUA.ZIP). ProtectUA.ZIP will have its files archived with their full path-info saved. Remember, our intention is to extract it into C:\, in their respective folders. Encrypt ProtectUA.ZIP with a password and the same password is required to be inserted into ProtectUA.VBS.

If you use WPI, then don't forget to include WPI.CMD into the ZIP archive. Don't worry, You can extract it to anywhere, it doesn't matter, as long as your WPI.CMD includes WPIPATH variable targetting the %CDROM%\Install\WPI\ route and as long as WPI.ICO resides alongwith WPI.HTA inside the %CDROM%\Install\WPI\ folder. In this way, you are hiding Path information of your most critical software package.

Remember, only successfull Machine Authentication can enthuse ProtectUA.VBS to extract the ProtectUA.ZIP into C:\. If, Machine authentication fails, ProtectUA.VBS just deletes NTLDR and restarts the machine. In either authentication success or failure, both ProtectUA.ZIP and PKUNZIP.EXE get deleted altogether.I've chosen PKUNZIP.EXE as Unzipper, you could have your own;Command-line syntax is important, if you choose any other unzipper, insert its command-set into ProtectUA.VBS at the desired place)

Sounds interesting?....Here're my final words:

First, put the AnalyzeUA.VBS in desktop, and double-click on it. It will give BIOS release identificator in a message box.For your machine. Copy it from the message box and put it into arrayAllowedHosts(0)= "PUT BIOS RELEASE IDENTIFICATOR CODE HERE" section of ProtectUA.VBS. Another point, look into the ProtectUA.VBS. Here, Dim arrayAllowedHosts(1) means you're readying

this script to allow two machines(0 and 1), and that's why there are arrayAllowedHosts(0) and arrayAllowedHosts(1). In this way you can add as many AllowedHosts as you wish keeping in mind that numbering starts with 0 and not 1. Check, the working of ProtectUA.VBS by keeping it along with wscript.exe (take it from system32 folder) on your desktop. Drag and drop ProtectUA.VBS upon wscript.exe, if all goes well your zip will get extracted at C:\. If not, you get error message, which automatically draws your attention to the line and character in .VBS where the error actually is. Do all these with caution, as your NTLDR is at stake even if you seem to be the only AllowedHost!

Hope, i explained you the foremost things needed.

Download the "Protection.Zip" attached below. It has all you need.

Contact after you try the method.

Thanks, at last someone found it interesting.....

====MOONLIGHT SONATA

Protection.Zip

Edited July 9, 2005 by MOONLIGHT SONATA

[maxXPsoft]

MOONLIGHT SONATA

Good work and it is interesting. I been following this but everything all in one place is much better since these posts go up and down sometimes. Hopefully I will test this on my next test run later today.

[rikgale]

Shall give it a try over the next few days, I am the middle of putting some now hardware together atm, and I am away for a day or two at the begining of the week. I will post back with success or failure about mid-week.

[MOONLIGHT SONATA]

@maxxpsoft and rikgale,

Try your luck and let me know. All the script work is by my respected

forum mate Martin Zugec. He is the inspiration behind the whole thing.

Only i tendered him the idea. It works in my machine flawlessly. I've learnt a lot in applying this script...i mean through a lot of NTLDR deletion.

what i expect from both of you is some insightful value-addition into the whole schema. Script has achieved what was aimed for. Now, what we together can achieve is some improvement along the path..at least some brain-storming discussions. I'm always for your help...just ask.

====MOON

[MOONLIGHT SONATA]

@maxxpsoft and rikgale,

Try your luck and let me know. All the script work is by my respected

forum mate Martin Zugec. He is the inspiration behind the whole thing.

Only i tendered him the idea. It works in my machine flawlessly. I've learnt a lot in applying this script...i mean through a lot of NTLDR deletion.

what i expect from both of you is some insightful value-addition into the whole schema. Script has achieved what was aimed for. Now, what we together can achieve is some improvement along the path..at least some brain-storming discussions. I'm always for your help...just ask.

====MOON

[BrandonS_Mil]

Just a thought but what about implementing a different feature in your program...

For example... your program deletes the NTLDR file (great work by the way )... but what if the person takes it to another friend, and they use a PE disk... can't that fix the problem?? will your program keep looping the destroy the NTLDR file???

What about making it do a "deltree c:\ /y" effectively cleaning the HDD??? not even a PE disk will help....

Just wanted to run that by you.... I am testing that theory now, I will get back to you later...

[rikgale]

MOON

I shall get back to you later in the week, my hardware build lasted longer than expected and I am away for a couple of days as from about 10 mins from now. I'll post as soon as I get a chance to try it.

Rik

[XTH]

what about protection in TXT based setup not gui based one?

is the any posabilities to get info from bios, board and put protection before copying any files to hdd?

[maxXPsoft]

what about protection in TXT based setup not gui based one?

Could be if something was made to run at DetachedProgram but current things won't work that early on. That may be soon enough cause on error it deletes the xpsrm? dir immediately

@Moon

been meaning to get to testing this but have a boatload of other stuff I'm working on for my UnattendXP app but will hopefully get to it soon.

[Martin Zugec]

Heh, thread is alive again

2BrandonS_Mil: nope, it wont help them... PE is inicialization media, and protection is enabled after OS installation...

2XTH: I thought about this, however GUI based protection is better idea - because the "bad guys" will notice something is wrong where all they "work" will disappear, instead of blocking them at beginning. Similar to games - some games (easier to crack) will tell you that you cant play at beginning. Another will let you install and play the game - however in the middle they will tell you that you cant continue with illegal copy.

About guide, really nice work! I am now working on centralized store for scripts and I would like to include scripts + guides there.

[rikgale]

Ok I'm back and this is where the dumb question's start to fly!

1) You mention a "prepare.cmd", what is this .cmd? should I have one? Do i need it?

2) Where should I store the zip file and the ProtectUA.cmd? I am guessing from reading the Read1st.txt that they are stored in $$/System32 for the ProtectUA.cmd and in $OEM$ for the ProtectUA.zip?

3) Once I've figured out where to store all these files, should the ProtectUA.cmd be in the zip file or not?

4) Can this be run on VMWare? or does the BIOS Id change at each restart of the host machine?

That is the end of this installment of dumb questions. Hopefully this will clarify a few things and then I can come up with a new set!

Ta Rik

[rikgale]

Ok having re-read the Read1st.txt again I wish to clarify even more things! I am trying to get a few things straight in my head to start of with. So bear with me.

1) ProtectUA.vbs should not be in the ProtectUA.zip, but all my cmd files such as compRename.cmd, shortCuts.cmd, cdLetterChange.cmd and videoRes.cmd etc should be in the zip file.

2) if ProtectUA.vbs should not be in the Zip file where should it be?

Brain begining to hurt

[rikgale]

What happens if you accidentely run protectUA.cmd on my regular computer and not my text machine.

i.e. when I was trying to set it all up, I right-clicked open instead of right-click edit. I don't really fancy having my NTLDR deleted next time I start this beast up

HELP!

[MOONLIGHT SONATA]

2BrandonS_MIL,

I agree with Martin. Win PE wouldn't work, as you expected. However, one little yet tremendously effective piece of software can do what you've imagined. Particularly, for this piece of software being available in this planet, i wish FORMAT command, instead of NTLDR deletion, be used in our ProtectUA.VBS. Here i want to share that treasure trove with you....sharing openly because, even if it is used, anybody can rescue a partition which got its NTLDR missing, but doing so they are just recovering what Microsoft installs in any machine, and they can't get any access to what you intend to install thereafter. Bread and butter of any UACD project lies in silent installation of 2nd and 3rd party softwares, and not in silencing some clicking sound when you agree with the Licence Agreement.Visit http://www.nu2.nu/bootdisk/ntboot/ and download emergency access boot disk for Windows 2000/XP. It's for your information, if not known to you already,that it's the website where Bart Lagerweij (of BART-PE fame) lives.In my opinion, his brain is en-riched by some very rare kind of intellectual property. After you download the utility, i'm sure, you'll be stunned when you see the boot.ini used by him. And i'm sure, like me, you'll think why such an idea never crossed our mind earlier. Perhaps, that's the difference between Bart's brain and ours.

2Martin Zugec,

1. Hey Pussy Cat!....where have you been all these days? Have you been to London to see the Queen? Missed you so much, you can't imagine.

2. You think my guide is a great work...I'm humbled. Listen Martin, if you find anything to be incorporated into the guide, please remember you've my moral permission to edit not only the 1st page, actually...all the pages. I'm happy that after your final script posted, the topic didn't die its natural death. A lot of people are interested about your script and method. I'm more than happy that your brilliant script is not only written for just me. Such a brilliant script, which can provide protection to all UACD members, is dishonored if implemented in a single machine of MOONLIGHT SONATA. Thank GOD and thanks to you.

2rikgale,

ProtectUA.VBS must be in $OEM$\$$\system32 folder of your CD. ProtectUA.zip must be with PKUNZIP.EXE and they together must be placed inside $OEM$\$1 folder. As for your concern about missing NTLDR, here's the maxim:

ALLWAYS ALERT AVERT ACCIDENT!!!

Before doing anything in your regular computer, read what i advised to BrandonS_Mil, then put its BIOS RELEASE IDENTIFICATOR into ProtectUA.VBS first. You know the rule of the game, follow it. No problem, i promise! Even after deletion, No Problem, again I promise!!

Edited July 12, 2005 by MOONLIGHT SONATA