TUCoPS :: PC Hacks
:: p_secure.txt
Security In Software Piracy - Techniques In Safe Warezing. How To Run A Warez Board Safely. Securing Personal Warez So It Can't Be Used
|
SECURITY IN SOFTWARE PIRACY
Procedures On Quickly And Effectively Encrypting Warez Diskettes
And Saving Your Ass From The Feds
---------------------------
Release 10/16/1994
Le Crack
1......Overview
2......My Search For Fast Encryption Software
3......Personal Warez Security (Recommended Technique)
3......Securing A Warez BBS (Recommended Technique)
OVERVIEW
--------
Important fact, there are more virgins in the world than people that HAVE
NOT pilfered, stole, borrowed, begged, test drove or just plain pirated
a copy of your buddies "VGA Mega-Prick" arcade game. Actually, pirates
do the software companies a favor by boosting sales. Most pirates, pirate
and use the software just long enough to check it out. If the software
is pretty cool, then the pirate will usually buy it...otherwise it will
get trashed. Ok, let's get back on track.
Q. WHY DID I WRITE THIS?
A. Because there are three downsides to pirating :
1. Your buddy that gave you "VGA Mega-Prick" could get pissed off
one day, call the FBI, SPA, or software manufacturer and
*buddy* fuck you.
2. It's not unusual for the FBI to monitor your favoriate H/P/A/V or
Warez board. And they DO investigates ALL reports made or
suspisions of, software piracy.
3. Sysops of H/P/A/V boards do get busted...so you now feel like
a shit because even though you lied about your name, you did
use callback verification...and your phone number is logged
in the BBS user file.
MY SEARCH FOR FAST ENCRYPTION SOFTWARE
--------------------------------------
Lately, I've became a little paranoid of getting that knock on the door
from the warez police. So I started to look for encryption programs
to encrypt my warez diskettes. Here are a few programs and methods of
encrypting your warez files and diskettes, and their weaknesses :
I. Using PKZIP (or ARJ) With Password Protection
Description:
Pkzip is a great program for quickly encrypting and compressing
your warez files. It's really a good product especially for
zipping files along with there sub-dirs on your harddisk using
the "-r -P" switches. Pkzip supports encryption as well with
the -S switch. (i.e. PKZIP -sMYPASSWORD TEST.ZIP)
Know Problems:
a. It takes FOREVER to zip the contents of a full diskette.
b. You can still view the filenames contained withing an
encrypted .ZIP file
c. It takes FOREVER to unzip a .ZIP file containing the
contents of a full diskette, back onto a blank diskette.
d. You could .ZIP the contents of a *full* diskette say a 1.44M
without using data compression, in order to speed things up.
However, a .ZIP file header will still be included with the
.ZIP, making the .ZIP file larger than 1.44M leaving you
unable to copy the .ZIP back to a diskette for storage.
II. Stacker, with password protection.
Stacker is pretty good when it comes to security, unlike that
other brand you get free with DOS. According to an associate
warez warrior you can create stacker diskettes with encryption
enabled that offeres pretty tight security, as well as speed.
As of this writing I have yet to test this, but a will conclude
that unless you're running Stacker then your pretty much out of
luck. However, I've noticed with the introduction of DOUBLESLUT
that most companies such as PC-TULS and SYMTEK are dropping
support for Stacker.
III. PADLOCK (shareware encryption program)
Padlock is a pretty cool menu driven shareware program for file
as well as diskette encryption...but it sucks. If you get it
try encrypting a 1.44m floppy, however you may need to start the
encryption prior to leaving on your vacation to Cuba...and it
should be complete when you return in a couple of weeks. It's
seeeellllooowwwww.
IV. DISKREET (a NU Utility)
This is an excellent program. You simply load a driver in your
config.sys, run DISKREET, and create a DISKREET password proteceted
diskette. In order to access the encrypted diskette (or harddisk)
you first have to load DISKREET to mount the drive, of course providing
the password.
The only problem that I know of is that as of NU v7.0 it doesn't
work with compressed drives. If your not running Stacker or
DOUBLESLUT, then this is probably for you.
V. DiskExpress v2.32 (shareware) <------- MY PICK
This is a cool utility, and what I recommend if your not running
DISKREET or STACKER. Really, this gem has the upper hand on all
of the previous encryption/compression methods mentioned above.
Exactly what is DiskExpress. Disk express is a disk imaging
program. In short, it reads ONLY the portion of a diskette that
contains data, optionally compresses the data, and stores the
data in a file, or image file if you will, on your harddisk. And
as of version 2.32 will allow you to encrypt the image file that
it creates. DiskExpress can be ran under DOS as well as OS/2,
and includes optional compression that rivals PKZIP 2.04G By
default, DiskExpress creates images files that are self extracting.
This eliminates the possibility of incompatability with newer
releases. Unlike DISKREET it works fine with disk compression.
And unlike using STACKER with on the fly compression/encryption,
your not "stuck" with having to use STACKER. The only downsides of
using DiskExpress that I found is that you can view the five line
description of the file, even if the file is encrypted. And
secondly, if you create an image of a 1.44M diskette then later
want to extract the image to another diskette, the diskette must
be blank, and of the same format, 1.44M In other words, you can't
make an image of a 1.2M and uncompress/extract it onto a 1.44M
However, I look forward to this being changed in a future release.
DiskExpress is available on most BBS's, as well as most shareware
CD-ROMS.
PERSONAL WAREZ SECURITY (Recommended Technique)
----------------------------------------------
Overall, DiskExpress is my pick, as you saw in the previous section.
For overall warez police protection I recommend an encryption/diskette
cataloging method as outlined :
(An detailed example will follow)
a. Create self extracting encrypted image files of all your warez
diskettes, naming each image file that you create in sequence
such as :
(DON'T put a description in the file, explained later.)
00000001.EXE
00000002.EXE
00000003.EXE
b. Copy each image back to it's respective diskette.
c. Adding new labels to your diskettes with just the filename
i.e. Label on diskette 1 reads : 00000001
Label on diskette 2 reads : 00000002
......................................
......................................
d. Creating an ENCRYPTED catalog.txt file that contains all of
the image file names along with their descriptions such as
CATALOG
=======
00000001 - Description of contents of image file on disk 1
00000002 - Description of contents of image file on disk 2
00000003 - Description of contents of image file on disk 3
..........................................................
..........................................................
In short, you end up with encrypted image files with a unique 8
digit filename. The label on the diskette with the 8 digit
filename. And an encrypted ascii text file, or master catalog
of all the image file names and a description.
LAMER'S EXAMPLE :
Ok, here's an example, say you want to encrypt a copy of
"Pecker Pirates", and the copy you have is on 3 diskettes. Here
is what to do :
1. Grab your warez diskette box and open er up and grab
your Pecker Pirate.
2. Run DXP to create a self extracing image (encrypted of
course) of the first diskette. Use 00000001 for the
filename, this is important!
The command line recommended for version 2.32, running
only DOS is :
DXP /DOS /p"MYPASSWORD" B: 00000001
(Important! The password you use IS CASE SENSITIVE!!)
3. Next run DXP again on diskette 2 this time use
00000002 for the filename, again this is important!!
4. Run DXP again on diskette 3, this time use 00000003 as
the filename.
5. You should have 3 images files on your harddisk now :
00000001.EXE
00000002.EXE
00000003.EXE
6. As mentioned (with version 2.32) you can still view the
5 line description even if the image file is created.
So DON'T BE A DUMB ASS and DON'T put a 5 line description
in the image file like "Pecker Pirates"!!
7. Next, create an ASCII text file called CATALOG.TXT
(you can use whatever name you like in place of CATALOG.TXT
if you like)
8. Next, add the lines to CATALOG.TXT :
Master Catalog
==============
00000001 - Pecker Pirates Disk 1
00000002 - Pecker Pirates Disk 2
00000003 - Pecker Pirates Disk 3
IMPORTANT--> 9. Encrypt your CATALOG.TXT file with PKZIP, Pretty Good
Privacy (PGP), or any GOOD encryption software. Make
sure you keep a backup copy of the file on a separate
diskette...cause if you loose it, your fucked. Keep
the file in a handy place. You will need it to look
up warez if you want to install it, or make copies
for other *buddies* out there.
NOTE 1
For added protection, if your REALLY paranoid you
could use a different password for EACH image file
you create, or each program. You would just include
the password, along with the 8 digit filename and
description in the CATALOG.TXT file, rather than
just the filename and description shown in step 8.
NOTE 2
One last note. DiskExpress (DXP) has several options
be sure to check out the documentation. As stated,
DON'T BE A DUMB ASS and put the description of the
program in the image file! (as of DXP version 2.32)
And be sure to keep your CATALOG file backup up, and
encrypted!!
NOTE 3
If your using compression with DXP you can probably
fit multiple images back onto a single diskette. Be
sure and not to forget to add the 8 digit (i.e. 00000001)
filename on the label of the diskette.
And if you've never bought a damn program in your life
consider buying DXP. The guy is doing a good job
writing it so far, and it might just save your ass!
Securing A Warez BBS (Recommended Technique)
--------------------------------------------
Be sure to read through the previous section or you'll be lost! Ok,
here we go. If your a warez sysop I recommend creating encrypted images,
and an encrypted CATALOG.TXT file as mentioned in the previous section.
If you have WAREZ .ZIP files already on your bbs here is what I recommend
if you can't create DXP images. Say for instance you have a file called
MKOMBAT.ZIP in your BBS file library, here is a sure fire warez fed protection
method :
First, if MKOMBAT.ZIP is password protected, remove
the password!
a. Rename the .ZIP file MKOMBAT.ZIP to SKEEZER.ZIP, or
some other odd ball name.
b. Next, using the 8 digit naming convetion mentioned
in the previous section, create another zip file
like so :
PKZIP -sMYPASSWORD -e0 00000001.ZIP SKEEZER.ZIP
The -e0 switch tells PKZIP TO NOT USE COMPRESSION.
The -sMYPASSWORD encrypts the file using MYPASSWORD
as the password needed to later extract the .ZIP file.
c. Next, add the filename, and descrption of that file
to your CATALOG.TXT file in the same format as mentioned
in the previous section :
CATALOG
=======
00000001.ZIP - Mortal Kombat
..............................
..............................
d. Use PGP or some other program to encrypt your catalog
file...and keep a backup copy!
Ok, if you haven't caught on yet let me explain. Even though you password
protect a .ZIP file, you can still view the contents of the file. This holds
true for .ARJ files as well. First, were simply giving your MKOMBAT.ZIP an
inconspicious name called SKEEZER.ZIP Next, were taking SKEEZER.ZIP
zipping it up into another .ZIP file called 00000001.ZIP, encrypting
00000001.ZIP with the password "MYPASSWORD". Remember were using PKZIP
with the -e0 switch, meaning that 00000001.ZIP will not be compressed!
An extra step to be taken, if I were running a warez bbs would be to
password protect each 00000001.ZIP, 00000002.ZIP etc files with different
passwords. You can easily write/get a program that generates random
passwords for this purpose. As a sysop you would be responsible for
distributing the CATALOG.TXT file to your callers, upon verification.
So even if the FEDS get in your board and seize it, they can't do shit
without having to decrypt that CATALOG.TXT file to get the passwords that
correspond to each 0000????.ZIP file.
And with a little ingenuity, you could easily write a program to generate
new random passwords for each file in a particular file area, change the
password on each of the .ZIP files, and log the 00000???.ZIP filenames,
passwords, and descriptions to a new PGP encrypted CATALOG.TXT file.
On a final note...for absolute security you could PGP encrypt the CATALOG.TXT
file for all the people on your public key ring. That way, unless they
have their secret key to descrypt the CATALOG.TXT there pretty much locked out.
Using PGP encryption to encrypt the CATALOG.TXT for a select few, and
periodically changing the passwords on your 00000???.ZIP files would
provide ultimate security for your warez.
Comments, suggestions or if you'd like to grant me access to your warez
collectibles should be addressed to Le Crack, my PGP key block follows,
on the following boards :
& the Temple of the Screaming Electron 510/935-5845
The Privateer Express (DoveNet) 904/638-2147
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQBNAi6hTg4AAAECANrwvu607OoUvpEhtMeqnkTfzAQIOMBA65PlVgIILYRLHjlo
uHIKLhk85OPZvmi3+bfY35lHBCFtDrq/uK+YHDEABRG0CExFIENSQUNL
=mVOm
-----END PGP PUBLIC KEY BLOCK-----
************************************************************************
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
