Jump to content

Protecting UACD ! -Some Insight

MOONLIGHT SONATA
 Share

Recommended Posts


rikgale

rikgale

Posted
Posted

Thanx Martin

Few quick questions/requests.

When you are adding in the 2nd CD protection, are you going to allow for the fact that most ppl don't have a 2nd CD and therefore have the code dectet this and revert to the current 1CD method?

And the request, can the msg in the msgbox be customisable?

I look forward to trying out your new code

Link to comment
Share on other sites
rikgale

rikgale

Posted
Posted (edited)

MOON (I'm gonna carry on this converstaion here and not in the other post to save it getting cluttered, ok?)

What's the idea behind using Quick Batch File Compiler, surely if all the .cmds are in the passworded zip then you've nothing 2 worry about or are you after another layer of protection. I'm a tad confused as to the point of this.

The only changes to the code I made where changing ProtectUA.zip to Protect.zip in ProtectUA.vbs

Rik

EDIT: Moved from other post: Interested in the script (Rename$$ script you talked about), maybe it could be incrop in the code so that the user runs it once and it places it in the correct place etc.

EDIT2: Martin feel free to edit the top post if you wish, but note any changes in the Changelog at the bottom so I can keep a track of things. I'll try to maintain the guide as best I can as it as it has had a goodly number of views already :)

Edited by rikgale
Link to comment
Share on other sites
MOONLIGHT SONATA

MOONLIGHT SONATA

Posted
  • Author
Posted

@rikgale,

Those who'll read your guide probably don't need to come back here for ongoing discussions on modifications. If you always update in your gude page about anything finalised here, i wouldn't make that page cluttered with my dirty keystrokes.

Have you ever realised how you could save your RunOnceEx.cmd from prying eyes? Are you not going to include path info of your .cmd files there? quick Batch File Compiler can make a RunOnceEx.EXE for you and you include in cmdlines.txt just this info:

[COMMANDS]

".\RunOnceEx.EXE"

If i find time i'll narrate how you can conceal another .EXE file by compiling it during a particular .EXE, so that when you run 1.EXE, file 2.EXE automatically extracts and remain as long as command sets in 1.EXE is not completed. If your 1.exe (actually 1.cmd compiled into 1.exe) has in its last command a path reference of 2.exe, you don't need to put 2.exe in your cd seperately. Just include it in 1.exe and run it, your 2.exe file is automatically executed and in the end gets deleted completely!

Link to comment
Share on other sites
rikgale

rikgale

Posted
Posted (edited)

:thumbup

, i wouldn't make that page cluttered with my dirty keystrokes.
I am oft humbled by your 'dirty' key strokes. ;)
Those who'll read your guide probably don't need to come back here for ongoing discussions on modifications.

Hopefully we'll stur some more interest and ppl might wish to follow development. The initial idea of using the MAC address sparked my interest until it died out and this started up, once I'd noticed it.

Glad you like the guide, if you can think of any improvements let me know and I'll see about moddin' the guide.

Have you ever realised how you could save your RunOnceEx.cmd from prying eyes? Are you not going to include path info of your .cmd files there? quick Batch File Compiler can make a RunOnceEx.EXE for you and you include in cmdlines.txt just this info:

[COMMANDS]".\RunOnceEx.EXE"

D'oh. That didn't cross my mind. I'll def. look into that. As for your last paragraph, I feel a little confused, but I'll tackle that once I am happy about using Quick Batch File Compiler (QBFC)

EDIT: Moon, did you get my PM, what ya think?

EDIT2: I like QBFC, nice idea, i'll try it out in my next build

EDIT3: Shame it changes a 60byte .cmd file into a 146Kb .exe, thats quite a size increase. I was gonna try making something spiffy and adding it to the guide but I'm out of space and there is no way I am creating another post just to have a fancy .cmd file. Ppl can use the standard boring .cmd file. It does the same thing.

EDIT4: Made a few changes to the guide as per latest PM, MOON.

Edited by rikgale
Link to comment
Share on other sites
MOONLIGHT SONATA

MOONLIGHT SONATA

Posted
  • Author
Posted

@Rikgale,

try UPX on the exe file with --best --force option. Size will be greately reduced. anyway, you're trying security in your CD and minding size of the .CMD vis-a-vis .EXE? Main advantage of .EXE is that nobody can get any clue from where you're running .vbs or .vbe or WPI etc. Arrange more time wasting for the intruder. I can't understand your logic. Look before you leap into security as your company is going to make money out of it.

Link to comment
Share on other sites
MOONLIGHT SONATA

MOONLIGHT SONATA

Posted
  • Author
Posted

@Martin,

Sorry, for my late response. If our next testing is based on wmi class query of baseboard, cpu, and harddisk informations, i don't know what to say you. ProcessorID is same for all the AMD Athlon XP 2000+ made on this earth, My disk drive is Maxtor 6E040L0 and probably a lot of people may have that diskdrive. I'm little confused. what the Signature value in Diskdrive Query result mean? Is it useful? Baseboard has only Product and Manufacturer as relevant data. Isn't the "size=" result in diskdrive query a Unique figure? I need your assistance in finding the proper query inputs. every result after WMI Class query is giving me headache as i find no usable marker apart from what i noted above.

One point i ask you which is not related to it but itching me. Does WMI Class Query available in WINPE or Bart-PE as default. I mean is it possible for anyone to know Query results on-the-fly from a Live CD?

If you can suggest some query Inputs that can be implemented in PC Code Generation, i promise i'll reply soon so that you can write the script this week.

waiting yoyur kind response.....

Link to comment
Share on other sites
Martin Zugec

Martin Zugec

Posted
Posted

First I will answer to rikgale: the second cd method will be implemented only for people that have two cds, so dont care, it wont affect people with one cd...

2Moonlight: It will be combined identificacator, so for example cpu frequency + baseboard manufacturer + bios identificator + HDD capacity...

Link to comment
Share on other sites
MOONLIGHT SONATA

MOONLIGHT SONATA

Posted
  • Author
Posted (edited)

2Martin,

Replace baseboard Manuf. with Product or add Manuf. as xtra ID. HDD Capacity or size is nice. what about including something from SupportContactDescription section out of computersystem query? CPU max clockspeed can be coupled with its Manuf. or model. BTW, what the signature value in Diskdrive query mean?

Edit: include Serial Number query from Win32_PhysicalMedia as it returns actual Serial Number of HDD for use.

Edited by MOONLIGHT SONATA
Link to comment
Share on other sites
rikgale

rikgale

Posted
Posted (edited)
@Rikgale,

try UPX on the exe file with --best --force option. Size will be greately reduced. anyway, you're trying security in your CD and minding size of the .CMD vis-a-vis .EXE? Main advantage of .EXE is that nobody can get any clue from where you're running .vbs or .vbe or WPI etc. Arrange more time wasting for the intruder. I can't understand your logic. Look before you leap into security as your company is going to make money out of it.

Thanx MOON, only just saw this post. It never really crossed my mind that you mite be able to protect the .cmd files as .exe. That's why I'd never really thought about the security implications of it. Now it has been pointed out, then best efforts shall be made to reduce this inherent weakness.

Edit I've used QBFC to make my RunOnceEx.cmd into and .exe but I can't get it to be executed by Cmdlines.txt. I tried the syntax you suggested ".\RunOnceEx.EXE" and I tried "RunOnceEx.EXE" and neither seemed to work. Am I missing something? Any help gratefully recieved.

Edited by rikgale
Link to comment
Share on other sites
MOONLIGHT SONATA

MOONLIGHT SONATA

Posted
  • Author
Posted
I've used QBFC to make my RunOnceEx.cmd into and .exe but I can't get it to be executed by Cmdlines.txt. I tried the syntax you suggested ".\RunOnceEx.EXE" and I tried "RunOnceEx.EXE" and neither seemed to work. Am I missing something? Any help gratefully recieved.

What i described is clearly noted in GreenMachine's CMDLINES.TXT Guide. He used it to run any .exe file from $OEM$ by referring as i said to you inside cmdlines.txt. Here's the link to GreenMachine's Page:

http://greenmachine.msfnhosting.com/READING/cmdlines.htm

Can you send me the RunOnceEx.cmd file which you convert to .exe? I may help then.

Link to comment
Share on other sites
Martin Zugec

Martin Zugec

Posted
Posted

TODO list:

1.) Second CD protection

2.) Search for WMI classes that will identify computer. Not just BIOS, but many common parameters, like HDD or CPU...

3.) make more userfriendly version

4.) create version, that will automatically update allowed hosts array without need to manually create it.

5.) ability to provide password for archive.

6.) switch for testing purposes, something like ProtectUA.vbe -Check, that will tell you if you can or cant use the cd

7.) Message box in case user is not authorized

8.) builder, that will autocreate protectua.vbe using parameters, maybe .NET GUI.

Any other ideas? I would like to have a list, so I will know what to do.

I am also thinking about storing allowed hosts in separated encrypted zip file, so you wont need to modify script all the times, just this config file.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...