Protecting UACD ! -Some Insight

[MOONLIGHT SONATA]

@Martin,

Thanks a lot for your comments. here is my response further:

What i wanted to say is Copy Protection additionally.Here's what i've in my cdromsn.vbs script. I use it to get the parameter VolumeSerialNumber of a burnt CD.

*************************************************************

arrComputers = array("PUT YOUR Computer Name Here")

For Each strComputer In arrComputers

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_CDROMDrive", "WQL")

For Each objItem In colItems

WScript.Echo "Cdrom serial number: " & objItem.VolumeSerialNumber

Next

Next

*************************************************************

Now i want to remind you a few facts i checked. A blank CD has no VolumeSerialNumber as obvious. When you write the 1st session or the only session in it, a VolumeSerialNumber is available for that CD. But, when you write the next session, previous VSN is overwritten to a new one. This is precisely the reason for Sony, Microsoft and Moonlight Sonata can't still hit the bull's eye. you can't know the VSN without burning the CD; and, you can't make your CD multi-session and incorporate the 1st session's VSN into your protection scheme, for after 2nd session, there's no trace of the earlier VSN.

Now, i worked out the 2-or-more CD protection. Idea is such:

CD-1 is Windows XP install cd with $OEM$ and I386 folder and root files in it. We're not going to make it first. CD-2 is our Software CD, we precisely want to block any misuse of this CD by any Professor Moriarty! We need to burn this CD-2 first, as whole, in a single session. After burning we get the VolumeSerialNumber by using cdromsn.vbs script. Now, think about your ProtectUA.vbs. You know how to implement this VSN in the file as a unique mark. Include such changes in ProtectUA.vbs and go to burn CD-1. Please, don't burn right now. Few other inclusions are crucial. Cd-1 should've ProtectUA.vbs in $OEM$\$$\system32 folder. I'm not joking mate. See what we need more. We need Nanaki's CDSWITCH program that can search a particular CD by its Label and that can be used to force a particular CD or refuse a particular CD. BTW, don't forget to give different labels to the CD-1 and CD-2 at the time of burning. Say, WXPCCP_UA1 for CD-1 and WXPCCP_UA2 for CD-2. Now, in RunOnceEx.cmd write this lines:

********************************************************************

REG ADD %KEY%\001 /VE /D "Preparing Installation Profile..." /f

REG ADD %KEY%\001 /V 1 /D "cdswitch /ew" /f

REG ADD %KEY%\001 /V 2 /D "cdswitch WXPCCP_UA2 /f:WXPCCP_UA1 /r:%CDROM%\SLOCKAPP\PROTECTUA.CMD /d /w" /f

REG ADD %KEY%\001 /V 3 /D "%SystemDrive%\CMDBOX\PREPARE.CMD" /f

****************************************************************

Now, i interprete these. At 1st log-on in your tray you've WXPCCP_UA1. cdswitch can locate a driveletter by the volume label of the CD in the drive. switch /f:WXPCCP_UA1 tells it to locate the drive letter by volume label. WXPCCP_UA2 actually tells cdswitch to ask for CD-2 and it ejects CD-1. You insert CD-2, run ProtectUA.CMD from anywhere from the CD-2. ProtectUA.CMD should've reference for "cscript //nologo ProtectUA.vbs". Now, you know if your CD-2 is copied by someone, what'll happen to that copy and the machine.

If additionally, ProtectUA.VBS includes BIOS release date and Product, this package is neither usable nor copiable. Am i wrong ?

For other discussions i'll post later. Mate, i'm already feeling carpel tunnel syndrome in my fingers for such long typing. Excuse me.

P.S.: My cdromsn.vbs is possible only because i've learnt from your script the logic of such script writting. Actually, cdromsn.vbs is the first VB script written by me. Hat's off to you.

[rikgale]

Thanx for the explaination, I'll have a look into that, althought I have to admit that I probably wont use $$Rename.txt as I don't really fancy wading thru my RunOnceEx.cmd again and changing the name.

Good idea MOON, might I suggest, however that keep protectUA.vbs a seperate entity. As this will allow ppl who do use this on only one disc (DVD) to aviod confusion. Also I see one small flaw. What happens if someonw gets hold of just a copy of the 2nd disc and just uses it to install software on an already set up XP?

Do either of you two mind if I open a new topic about ProtectUA and put down a simple 1-2-3 type guide (Do this, then do that etc.) and links and credits to this topic and you guys. Also always any trouble shooting to be done else where and allow this topic to be for further development. Ideas?

If ok with you it will probably not get done until the weekend, but I thought that a guide written by a user and not a developer would be a good plan. I love 1-2-3 guides. Learn the basics step by step and work from that as a base:)

P.S. please excuse my worse than ususal English, I've just finished 12hours driving a forklift, and I'm beat

Edited July 19, 2005 by rikgale

[Martin Zugec]

2Rikgale: Go for it, it would be great!

2Moonlight: Are you sure serial number is unique for every burning and that it is random number? If this is true, it would be great!

BTW congrats to first vbscript file

[IRON FART]

I may be living in the stone age here, but why do you want to protect a UACD? We are all creating custom Windows installations for ourselves or possibly for a buisiness. Custom...

It's not like anyone will want one of our UACDs will they?

[MOONLIGHT SONATA]

2rikgale,

Go for the Guide. I'll really appreciate your interest in ProtectUA. Afterall, any good help info can only be supplied by someone who has gone through the miseries to gather the knowledge. As you initially suffered in applying it, only you can help others to avoid those hiccups.

I wait for your guide to feature in 1st Page. Soon!

@Martin,

yeah, the said serial number is unique. I share my personal xperience with you. I thought initially that such VSN is not unique and it can't change. I burnt a session, got output VSN and then gone into writting another session in the same cd, now with ProtectUA.VBS having that VSN. All plan fell flat after 2nd session. I again tried query, alas ! it's giving me a different VSN. Then i realized that we can't protect a single CD in this way. What we need is at least 2 CDs. For your further info, this VSN is never displayed by Nero Info Tool and yes, mate it's random number.

I feel really humbled when you appreciate either my idea or my VBScript. I'm charged by you now, and i'm going for another post for you regarding other discussions that i kept untouched after your last response.

[MOONLIGHT SONATA]

@Martin,

A. Please describe what do you mean when you say "...PC code could be generating using baseboard, cpu and HDD configuration instead of BIOS informations." ?

Can you help us in generating such code ? If baseboard, CPU and HDD configuration combines into protection scheme, i think we'll get better result than what we've based on BIOS outputs. This idea is irresistible, please elaborate and help us by coding such thing.

B. From pcbuyerbeware.com i gathered info that if a XP CD has oembios.bin in it then it's surely implementing SLP. Now, oembios.bin was there even before SLP arrived. what's new, is that some OEMs are packing it along with oembios.dat and oembios.sig (these files are also present in pre-SLP era) in a ZIP archive and they put the archive in a folder with name like "SLP Files". What's the purpose of it i don't know.

[MOONLIGHT SONATA]

Dear Iron HART,

You've made some very serious observations on this topic. While i really appreciate your concern on the whole issue, stiil i can't spare myself from commenting over the issue.

First, i want to say something about Martin Zugec, the writer of the protection script. Please take note. Martin isn't party to any misuse of the protection method by either MOONLIGHT SONATA or any other member as well as any guest visitor who wants to make money by selling such a protected UAXPCD. So far as i know, Martin is an MVP and he has recently done presentation on WMI Class Query in a Microsoft World Seminar. With obsession, i've read out almost all the posts (total ~ 1200) made by him in this forum. From the reading and from my talk with him inside this forum, i've came to the conclusion that he's a good samaritan who purposefully visits this forum with one and only motto : HELPING OTHERS. In terms of scripts or code, he has taken very little from here, rather he has enriched this forum by his invaluable comments, codes, etc. Statistically, among his all the posts of approx. 1200, only 0.5% is "HAA-HAA-HEE-HEE" type posts; rest is what makes him such an important member of this forum. Martin's generosity is not rare; we all found and finding such trait in abundance outside the computing world. But, if someone visits this forum to help others and if he wants to share his vast knowledge base with others, we should not fool ourselves by ignoring his effort. If we commit such silly things, our foolhardiness will be too rarer to find anywhere. Thinking that he is collaborating here to make buisness out of such issue is like indulging in some sort of character assassination of him. Please spare him.

Finally, a little about myself. Protecting an UAXPCD is not an issue which interests me more than my actual goal. My goal is to better myself. Interaction with Martin has ignited passion and curiosity within me to know more about VB Script and WMI Class Query. I'm enriched by his knowledge and all this is possible because of his arrival to help me in Protection Issue. Protection is not such a big issue if i put it in comparison with my pursuit of garnering knowledge. Protection is only relevant for us to see a method is working or not. How many Linux applications are generated and discarded every day? In writting and erasing of all Linux applications,in the end of the day human sharing and using of knowledge triumphs. Ultimately. If anyday, Martin, for some reason, asks me to discard this Whole Protection Issue, i can easily abandon any implemenation of it in my CD. But, even if he asks or anybody, can it be easy for me to abandon the knowledge that i've gained to protect it or in writting VB Script or about WMI Class Query? Can Anybody do so? Implementation is an earthy human concept which gave birth to Technology, Knowledge is heavenly, sublime. Probably, for this reason, from time immemorial, Sages have compared knowledge with SOUL, and not with our Skins or our dresses. Can you discard your SOUL, if I ask? I post on Protection mainly to enrich me with knowledge. If we can do anything with this Windows XP CD, why not in terms of protection? And, dear, it's not Buisness of Money, it's Buisness of Knowledge.

Hope You Understand my reaction.

Edited July 22, 2005 by MOONLIGHT SONATA

[rikgale]

Hey Moon

I can see your point. I did my UACD as something to exersise my brain, whilst doing a dull job. It stimulated me enough to quit my job and return to University to do another degree, this time in a field which I feel a bit more suited and also moved me to start up my own company. I will have a go at most things that come up in the forum, in time, but will obivously priortise the things that are going to be more of a use to me or stur my interest more. Hence this protection is at the top of the pile as it is a bit off the beaten track of the things that normally are produced here.

Over time I am sure that we'll all be able to put back in what we have taken out of this intellecutal pot, remember when you were a N00b? I do. I got help when I was stuck, and will endevour to help the N00bies of 2morw.

Moon, one last point. I like what you said about M.Z. but you also forget that helping others and learning go hand in hand. He is probably getting a double kick out of this which is that while helping those less knowleageable he is also expanding the knowledge base that leads him to help. B)

One little mod that would be nice to add to the code is an error box, other pop up type window (with a count down timer and no other buttons) telling the user why they are about to loose the use of there NTLDR, and that after 15 seconds or so then shutting down. I think that is the one and only thing I feel is missing.

I'm gonna stop rambling now as lack of sleep is effecting my vision.

[MOONLIGHT SONATA]

@rikgale,

You made my visit today really worthfull. What a nice post you made, dear. I'm short of adjectives to praise you and your vision. All the best wishes for your Company and your future studies.

about M.Z. => what you said in the context is little confusing me. may be, he's getting what you said. but, 1 thing is certain, even if he gets he couldn't have got it if he came with the purpose of sharing knowledge only to enrich his KB. Nobody can get it if he does it intentionally. If he does, he'll get only return of investment and not reward of investment. what i wrote about him is not any return of favour, it's reward for a noble cause. One thing i wish to lend you as advice which will help you and your company in the long run is that MONEY NEVER COMES IN ABUNDANCE IF YOU ALLWAYS THINK ABOUT IT. THOSE WHO HAVE MADE MONEY HUGE, NEVER THOUGHT THEIR QUEST CAN GENERATE SO MUCH MONEY. IS IT POSSIBLE FOR ANYBODY TO WORK FOR A NOBEL PRIZE KEEPING ITS MONETARY VALUE IN THE MIND ALL THE TIME. MONEY COMES ONLY WHEN YOUR PRODUCTIVITY HAS THAT POTENTIAL.

Same with KB of M.Z. If he allways help others keeping in mind that it helps himself in return, his productivity is bound to suffer. And one day he'll find no takers for all the help he could summon.. I'm sure, his case is in noway in the line of any conscious effort. even if he gets what you say, he actually gets it subconsciously. May be he has no knowledge of geeting it, untill you and me discuused it and posted for his viewing. Now, spare him, i'm also, otherwise his productivity is going to suffer because of us! No more talk on him personally, only about his scripts and comments. No more, me included!

about, boxes and messages => i don't know if it's worthfull. Why do you want to alert someone of the caliber of Professor Morriarty! If during 15 seconds countdown, Professor goes to restart the machine forcibly, where will you get the chance of deleting NTLDR, my dear Watson? isn't it elementary?

[rikgale]

about, boxes and messages => i don't know if it's worthfull. Why do you want to alert someone of the caliber of Professor Morriarty! If during 15 seconds countdown, Professor goes to restart the machine forcibly, where will you get the chance of deleting NTLDR, my dear Watson? isn't it elementary?

Can't the NTLDR be deleted before the message box is shown? "Your install is right royally shafted and will restart in 15 sec......" or something like that, probably not quite so rude. Maybe more along the lines of "You have installed this Unatteded XP install on a machine for which it was not intended, your machine will now restart. Please install an original copy of XP, not this copy!" I might be using this in a commerial environment on an infrequent basis ( that's if Martin doesnt mind) if customer require certian things, otherwise they are going to get a vannila XP install.

What I was maybe trying to get at is that MZ would probably never have tried many things if it were not for the likes of you suggesting that maybe they wanted to protect what they had been working on. I bet Martin would never have had the idea of protecting UA install if it were not for you. Thus, because of this he has learnt how to protect is hard work, something he may never have even thought of.

You made my visit today really worthfull. What a nice post you made, dear. I'm short of adjectives to praise you and your vision. All the best wishes for your Company and your future studies.

Thanx, that mean alot.

Edited July 22, 2005 by rikgale

[riverrm]

stumbled across this topic a bit late. What's great about this forum is that needs are identified and solved as a community. The more folks are involved the more usefull the solution.

What Moon originally requested is something most OEM builders implement in their recovery media. SMBios is generally the tool of choice. Now that wmi is available it can do most of what smbios can. SMBios is still the tool of choice on the production floor. The good thing is that there are DOS and Windows versions, and that does not have the overhead of WMI.

Using this info manufacturers limit software to run only on dell machines,or only on GX280 models or one could make it serial numbers specific.

One also could write a tag to the bios (such as asset tag etc.) which then could be used to determine which image/drivers/overlay to apply.

great forum B)

[rikgale]

One also could write a tag to the bios (such as asset tag etc.) which then could be used to determine which image/drivers/overlay to apply.

Now that's a good idea!!!! Say you had 2 or three computers in your home, such as myself and each had a different role and needed different apps on board, but you did not want to fiddle with WPI or other attended post install apps. Each machine could have a crafted install with out any intervention.

EDIT: just thought about how this could be done. Use a script similar to the VBS used for ProtectUA but when matching the BIOS id instead of/or as well as deleteing the NTLDR it could also load a RunOnceEx.cmd for that particular machine.

EDIT2: The flaw in the above is that ProtectUA and WMI features that are used for checking the BIOS id are called once XP has booted for the 1st and RunOnceEx.cmd needs to be called before then

Edited July 22, 2005 by rikgale

[riverrm]

run smbios as detached program in unattended.txt it will run before windows setup. then based on the return of the smbios query you could copy the correct drivers, or in your example modify install behavior by modifying/adding/deleting files later consumed by you install process.

for example: smbios finds model=gx280 then copy gx280.bat to c: ; then during cmdlines.txt or after have script react to existance of that file.

[rikgale]

For future reference a copy of SMBIOS can be found here.

[Martin Zugec]

Heh, stop talking about me, I dont know what to say

2Moon:

yes, we could create one long string containing many different things (CPU, baseboard etc...) and then create some identifier...

If you will tell me what values would you like to use, I will write that script for you

2rikgale: This can be done by many ways... I am usually combining following methods:

Based_on_pc_type - desktop, notebook etc.

Based_on_pc_model - GX150, GX260 etc.

Based_on_PnP_Identifier - wifi etc.

Based_on_MAC - specific for defined computer.

However there are many ways to accomplish this task