rikgale Posted July 23, 2005 Posted July 23, 2005 (edited) This will hopefully be the ulitimate 1-2-3 type guide for protecting your copy of UACD. This guide is based on (a summary as it were) this post. This process works, but can cause damage to your current install if mis-used. So you have been warned. let us begin:1) Download the attachment at the end of this post.2) Extract contents to a temp folder.3) Move PKUnzip into $OEM$\$1 dir4) Move ProtectUA.cmd and Protect.vbs into $OEM$\$$\system325) Run Analyze.vbs from the desktop to get the BIOS ID code of your machine6) Edit ProtectUA.vbs (DON'T RUN IT) Place the code that is shown into the Dim arrayAllowedHosts(1)arrayAllowedHosts(0) = "xxxxxxxxxxxxxxxxxxxx"arrayAllowedHosts(1) = "xxxxxxxxxxxxxxxxxxxx" section of the code as shown above. Copy it exactely!7) Repeat steps 5 and 6 for every computer you wish to use the UACD on. If you wish to use this on more than two computers then the above code can be added to by simply adding more arrayAllowedHosts, like soDim arrayAllowedHosts(2)arrayAllowedHosts(0) = "xxxxxxxxxxxxxxxxxxxx"arrayAllowedHosts(1) = "xxxxxxxxxxxxxxxxxxxx"arrayAllowedHosts(2) = "xxxxxxxxxxxxxxxxxxxx" Remember that all arrays start at 0, so Dim arrayAllowedHosts(3), will allow you 4 arrayAllowedHosts.8) In $OEM$\$1 create a zip file called Protect.zip. This should contain any .cmd files and .reg files that you use during your install. This zip shoul be password protected/encrypted. (I used Zip 2.0 encrypotion in Winzip, 128 and 256bit AES encrytion did not seem to work with PKUNZIP)9) It should be noted that PKUNZIP only works with 8.3 naming convention so that any names longer than 8.3 will be trunkcated when extracted. (I renamed all my .cmd and .reg files to 8.3 to get round this problem, you can also use $$Rename to change the file names back to what they were, but I have been unable to locate an example of the syntax used)10) Once you have password protected ths zip file the password must be entered into the appropriate section in the ProtectUA.vbs file Const wmiRestartForce = 4strPassword = "SET YOUR PASSWORD HERE"Dim arrayAllowedHosts(1)You need to keep the " " around your password or it won't work!11) Once all this has been done you should be ready to setup your RunOnceEx.cmd. The calling of the ProtextUA.cmd must be the 1st operation in the RunOnceEx.cmd because the zip file has to be extracted before any further .cmds can be called. NOTE: the zip file will be extracted to the root of the C: drive so you will need to take this into account when calling .cmds and .reg files in the RunOnceEx.cmd. Here is an example of the 1st few lines on my RunOnceEx.cmd @echo offSET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceExREG ADD %KEY% /V TITLE /D "Installing Applications" /fREG ADD %KEY%\001 /VE /D "Preparing Installation Profile..." /fREG ADD %KEY%\001 /V 1 /D "%SystemDrive%\Windows\System32\ProtectUA.CMD" /fREG ADD %KEY%\002 /VE /D "Inital Registry Changes and Tweaks" /fREG ADD %KEY%\002 /V 1 /D "REGEDIT /S %systemdrive%\musicMov.reg" /fREG ADD %KEY%\002 /V 2 /D "%systemdrive%\NWIcon.vbs" /f12) Once you have done all of this and made sure that the correct password and bios ID's are in the VBS file you should be ready to run a test install. If you are installing on a VM you will need the BIOS ID of the VM, for this install XP with out the secuirty protection and run Analyze.vbs for the BIOS ID and add to the ProtectUA.vbs13) Burn, test and pray.14) If it works which it should everything should install as usual and nothing untoward should happen, if this is the case then great. There is one final test after that, which is to go into the ProtectUA.vbs file and change the BIOS ID of your test machine to an incorrect BIOS ID, just changing one number should do. 15) Burn and test again, this time the install should fail after the 1st part of RunOnceEx.cmd has been complated, your machine should restart and then moan that NTLDR is missing.16) Once everything is working, the VBS code needs to be encrypted to complete the security. Download and install the Windows Script Encoder and also encrypt.cmd from the bottom of the post. Copy your ProtectUA.vbs to the root of C:\ and run encrypt.cmd. ProtectUA.vbs must be in the Root of C:\ for this to work. This should produce ProtectUA.vbe. Edit ProtectUA.cmd. Change REM Start Machine Authentication and wait for its endSTART /WAIT %SOURCEPATH%\Cscript.EXE //Nologo ProtectUA.VBSto REM Start Machine Authentication and wait for its endSTART /WAIT %SOURCEPATH%\Cscript.EXE //Nologo ProtectUA.VBEThen in $OEM$\$$\system32 replace ProtectUA.vbs with ProtectUA.vbe.17) Burn and test.-----------------------------------------------------------------------------------------I have a few notes that may be of use to anyone who tries this.1) Your C: root will end up with all your .cmd and .reg files after the install, and these need the cleanup.cmd edited to be removed. Use del %0 at the end of the cleanup.cmd to remove itself2) Remeber the 8.3 naming convention. This was my major bugbear when I 1st tried this as my zip was called ProtectUA.zip (Which was suggested in the other post) which is too long for 8.3 I spent ages banging my head trying to figure it out, this is why I now use a zip called Protect.zip. I have edited the code to reflect this and the updated versions are attached to this post. If you read the other post and come accross the Protection.zip by all means download but you'll have to change the code yourself.Many Thanx to Martin Zugec and MOONLIGHT SONATA for the ideas and the code.Post back any results you get and anywhere where the guide is a bit thin on the ground and I'll add to it if necessary.Use this post for trouble-shooting as the main post is probably now best left for development purposes.-------------------------------------------------------------------------------------------Changelog:v1 - Orginalv1.1 - Stated that it was a summary. Added Changelog.v1.2 - Added points 16), 17) and removed Notes 3). Added encrypt.cmd as an attachment.v1.3 - Mentioned " in Password and changed a few things at request of MOONProtectionUA.zipencrypt.cmd Edited July 23, 2005 by rikgale
Bâshrat the Sneaky Posted July 23, 2005 Posted July 23, 2005 If I understand this right, this is a summary of the 'main topic'?Thanks, it's very interesting, but because I had lost the track of the main topic, things were becoming quite complicated: big topic, with many huge posts that were not always related to the protection of an UWXPCD.Thanks again for this summary P.S.: and thanks to all those who contributed to it, of course!!!
rikgale Posted July 23, 2005 Author Posted July 23, 2005 Yes this is a summary, I have edited the post to state this. Indeed the original post is now moving away from security having completed what it set out to do.A few additions I would like to see are:1) the inclusion of a box that pops up to tell the user that they have installed that copy of UAXP on a machine for which it was not intended.Actually that's the only thing
Martin Zugec Posted July 23, 2005 Posted July 23, 2005 2rikgale: thx dude for this guide, hope so more people will use it now But I have to say one thing - you MUST encrypt your vbs file, because the protection is really weak if you dont use it (password is in plaintext and anybody can edit it and add their own identifier inside...). About $$Rename.txt, the syntax is followin:[Section_name_1]Short_name_1 = "Long_name_1[$$]"Short_name_2 = "Long_name_2[$$]"so for example[\]D = "Documents and settings$$"If you are interested, I could create script that will automatically create this files (in fact I already have that code somewhere)
rikgale Posted July 23, 2005 Author Posted July 23, 2005 (edited) I'll edit 1st post to say that it must be encrypeted. Also I'll dig out the .cmd I use for encryption and add that to 1st post Edited July 23, 2005 by rikgale
MOONLIGHT SONATA Posted July 23, 2005 Posted July 23, 2005 @rikgale,nice guide. I've not checked your modifications to the code till now. One point for all the users of this method as well as those who run .cmd files that have very vital instructions set, please use Quick Batch File Compiler to change your .cmd files to .exe files and in doing so use the option of running the .EXE as ghost application(means no command window will ever be displayed; one step ahead of CMDOW) and also set a difficult to guess "decompiler" password so that decompiling the .exe back to the parent .cmd is peacefully restricted.
Martin Zugec Posted July 23, 2005 Posted July 23, 2005 Developement discussion will continue at old thread (http://www.msfn.org/board/index.php?showtopic=48523&hl=), this will be only for releases and users questions, ok?
rikgale Posted July 24, 2005 Author Posted July 24, 2005 Please post back as to how you get on. We're all interested as to how it went.
rikgale Posted October 6, 2005 Author Posted October 6, 2005 32bit files can be found in this post here.
adrianbodor Posted April 20, 2007 Posted April 20, 2007 Hy,I read everything about this an what can I say it's perfect. I just tested my UAXP in VMware and it works 100%I have run the code from GUIRunOnce because RunOnceEx interfear with IE7.A solution more agressive beside ntldr could be to add in the script a code to delete the mbr, erase partitions maybe only C:\ , not to cause damage on the others or something like this but I don't know if it could be done. I have searched the net but I didn't find anythingWhat do u think?
MOONLIGHT SONATA Posted April 27, 2007 Posted April 27, 2007 @adrianbodor,well, i'm apprehensive if erasing parttion, preferably C:\ is possible at that stage being already working from C:\. However, erasing mbr or editing mbr may be possible thanks to some 3rd-party command-line tool and of course thanks to GOD! With that script you can think for deleting some vital Windows resource directories and even Documents and Settings (though, about latter i'm not too sure), so that loading Windows next time is hardly possible.About mbr edit/delete - i'll start searching net from now on.Thanks.
adrianbodor Posted January 13, 2008 Posted January 13, 2008 (edited) I have found a way to delete the mbr with a 3rd party tool just like you said, it'a freeware app called mbrwiz.exeIt's a DOS command line based appJust add this line after ntldr line ObjShell.Run ("C:\mbrwiz.exe /Wipe=2"), 0, TrueYou can use other argument specified on the site http://mirror.href.com/thestarman/asm/mbr/MBRWiz.html Edited January 13, 2008 by adrianbodor
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now