TUCoPS :: PC Hacks :: p_secure.txt

Security In Software Piracy - Techniques In Safe Warezing. How To Run A Warez Board Safely. Securing Personal Warez So It Can't Be Used

                        SECURITY IN SOFTWARE PIRACY

       Procedures On Quickly And Effectively Encrypting Warez Diskettes
                     And Saving Your Ass From The Feds
                        ---------------------------
                            Release 10/16/1994
                                 Le Crack


              1......Overview

              2......My Search For Fast Encryption Software

              3......Personal Warez Security (Recommended Technique)

              3......Securing A Warez BBS (Recommended Technique)


OVERVIEW
--------

Important fact, there are more virgins in the world than people that HAVE
NOT  pilfered, stole, borrowed, begged, test drove or just plain pirated
a copy of your buddies "VGA Mega-Prick" arcade game.  Actually, pirates
do the software companies a favor by boosting sales.  Most pirates, pirate
and use the software just long enough to check it out.  If the software
is pretty cool, then the pirate will usually buy it...otherwise it will
get trashed.  Ok, let's get back on track.

Q. WHY DID I WRITE THIS?

A. Because there are three downsides to pirating :


    1.  Your buddy that gave you "VGA Mega-Prick" could get pissed off
        one day, call the FBI, SPA, or software manufacturer and
        *buddy* fuck you.

    2.  It's not unusual for the FBI to monitor your favoriate H/P/A/V or
        Warez board.  And they DO investigates ALL reports made or
        suspisions of, software piracy.

    3.  Sysops of H/P/A/V boards do get busted...so you now feel like
        a shit because even though you lied about your name, you did
        use callback verification...and your phone number is logged
        in the BBS user file.



MY SEARCH FOR FAST ENCRYPTION SOFTWARE
--------------------------------------

Lately, I've became a little paranoid of getting that knock on the door
from the warez police.  So I started to look for encryption programs
to encrypt my warez diskettes.  Here are a few programs and methods of
encrypting your warez files and diskettes, and their weaknesses :


    I. Using PKZIP (or ARJ) With Password Protection

          Description:

          Pkzip is a great program for quickly encrypting and compressing
          your warez files.  It's really a good product especially for
          zipping files along with there sub-dirs on your harddisk using
          the "-r -P" switches.  Pkzip  supports encryption as well with
          the -S switch.  (i.e. PKZIP -sMYPASSWORD TEST.ZIP)

          Know Problems:

          a. It takes FOREVER to zip the contents of a full diskette.

          b. You can still view the filenames contained withing an
             encrypted .ZIP file

          c. It takes FOREVER to unzip a .ZIP file containing the
             contents of a full diskette, back onto a blank diskette.

          d. You could .ZIP the contents of a *full* diskette say a 1.44M
             without using data compression, in order to speed things up.
             However, a .ZIP file header will still be included with the
             .ZIP, making the .ZIP file larger than 1.44M leaving you
             unable to copy the .ZIP back to a diskette for storage.


   II. Stacker, with password protection.

         Stacker is pretty good when it comes to security, unlike that
         other brand you get free with DOS.  According to an associate
         warez warrior you can create stacker diskettes with encryption
         enabled that offeres pretty tight security, as well as speed.
         As of this writing I have yet to test this, but a will conclude
         that unless you're running Stacker then your pretty much out of
         luck. However, I've noticed with the introduction of DOUBLESLUT
         that most companies such as PC-TULS and SYMTEK are dropping
         support for Stacker.


  III.  PADLOCK (shareware encryption program)

        Padlock is a pretty cool menu driven shareware program for file
        as well as diskette encryption...but it sucks.  If you get it
        try encrypting a 1.44m floppy, however you may need to start the
        encryption prior to leaving on your vacation to Cuba...and it
        should be complete when you return in a couple of weeks.  It's
        seeeellllooowwwww.


   IV.  DISKREET (a NU Utility)

        This is an excellent program.  You simply load a driver in your
        config.sys, run DISKREET, and create a DISKREET password proteceted
        diskette.  In order to access the encrypted diskette (or harddisk)
        you first have to load DISKREET to mount the drive, of course providing
        the password.

        The only problem that I know of is that as of NU v7.0 it doesn't
        work with compressed drives.  If your not running Stacker or
        DOUBLESLUT, then this is probably for you.


    V.  DiskExpress v2.32 (shareware)        <------- MY PICK

        This is a cool utility, and what I recommend if your not running
        DISKREET or STACKER.  Really, this gem has the upper hand on all
        of the previous encryption/compression methods mentioned above.
        Exactly what is DiskExpress.  Disk express is a disk imaging
        program.  In short, it reads ONLY the portion of a diskette that
        contains data, optionally compresses the data, and stores the
        data in a file, or image file if you will, on your harddisk. And
        as of version 2.32 will allow you to encrypt the image file that
        it creates.  DiskExpress can be ran under DOS as well as OS/2,
        and includes optional compression that rivals PKZIP 2.04G  By
        default, DiskExpress creates images files that are self extracting.
        This eliminates the possibility of incompatability with newer
        releases.  Unlike DISKREET it works fine with disk compression.
        And unlike using STACKER with on the fly compression/encryption,
        your not "stuck" with having to use STACKER. The only downsides of
        using DiskExpress that I found is that you can view the five line
        description of the file, even if the file is encrypted.  And
        secondly, if you create an image of a 1.44M diskette then later
        want to extract the image to another diskette, the diskette must
        be blank, and of the same format, 1.44M   In other words, you can't
        make an image of a 1.2M and uncompress/extract it onto a 1.44M

        However, I look forward to this being changed in a future release.

        DiskExpress is available on most BBS's, as well as most shareware
        CD-ROMS.


PERSONAL WAREZ SECURITY (Recommended Technique)
----------------------------------------------

Overall, DiskExpress is my pick, as you saw in the previous section.
For overall warez police protection I recommend an encryption/diskette
cataloging method as outlined  :

          (An detailed example will follow)

          a. Create self extracting encrypted image files of all your warez
             diskettes, naming each image file that you create in sequence
             such as :

             (DON'T put a description in the file, explained later.)

             00000001.EXE
             00000002.EXE
             00000003.EXE

          b. Copy each image back to it's respective diskette.

          c. Adding new labels to your diskettes with just the filename
             i.e.   Label on diskette 1 reads :   00000001
                    Label on diskette 2 reads :   00000002
                    ......................................
                    ......................................

          d. Creating an ENCRYPTED  catalog.txt file that contains all of
             the image file names along with their descriptions such as

             CATALOG
             =======
             00000001 - Description of contents of image file on disk 1
             00000002 - Description of contents of image file on disk 2
             00000003 - Description of contents of image file on disk 3
             ..........................................................
             ..........................................................



           In short, you end up with encrypted image files with a unique 8
           digit filename.  The label on the diskette with the 8 digit
           filename.  And an encrypted ascii text file, or master catalog
           of all the image file names and a description.


        LAMER'S EXAMPLE :

        Ok, here's an example, say you want to encrypt a copy of
        "Pecker Pirates", and the copy you  have is on 3 diskettes.  Here
        is what to do :


               1.  Grab your warez diskette box and open er up and grab
                   your Pecker Pirate.

               2.  Run DXP to create a self extracing image (encrypted of
                   course) of the first diskette.  Use 00000001 for the
                   filename, this is important!


                   The command line recommended for version 2.32, running
                   only DOS is :

                      DXP /DOS /p"MYPASSWORD" B: 00000001

                   (Important! The password you use IS CASE SENSITIVE!!)


               3.  Next run DXP again on diskette 2 this time use
                   00000002 for the filename, again this is important!!

               4.  Run DXP again on diskette 3, this time use 00000003 as
                   the filename.

               5.  You should have 3 images files on your harddisk now :

                     00000001.EXE
                     00000002.EXE
                     00000003.EXE

               6.  As mentioned (with version 2.32) you can still view the
                   5 line description even if the image file is created.
                   So DON'T BE A DUMB ASS and DON'T put a 5 line description
                   in the image file like "Pecker Pirates"!!

               7.  Next, create an ASCII text file called CATALOG.TXT
                   (you can use whatever name you like in place of CATALOG.TXT
                    if you like)

               8. Next, add the lines to CATALOG.TXT :

                  Master Catalog
                  ==============
                  00000001 - Pecker Pirates Disk 1
                  00000002 - Pecker Pirates Disk 2
                  00000003 - Pecker Pirates Disk 3


 IMPORTANT-->  9. Encrypt your CATALOG.TXT file with PKZIP, Pretty Good
                  Privacy (PGP), or any GOOD encryption software.  Make
                  sure you keep a backup copy of the file on a separate
                  diskette...cause if you loose it, your fucked.  Keep
                  the file in a handy place.  You will need it to look
                  up warez if you want to install it, or make copies
                  for other *buddies* out there.

       NOTE 1

                  For added protection, if your REALLY paranoid you
                  could use a different password for EACH image file
                  you create, or each program.  You would just include
                  the password, along with the 8 digit filename and
                  description in the CATALOG.TXT file, rather than
                  just the filename and description shown in step 8.

       NOTE 2

                  One last note.  DiskExpress (DXP) has several options
                  be sure to check out the documentation.  As stated,
                  DON'T BE A DUMB ASS and put the description of the
                  program in the image file! (as of DXP version 2.32)
                  And be sure to keep your CATALOG file backup up, and
                  encrypted!!

       NOTE 3

                  If your using compression with DXP you can probably
                  fit multiple images back onto a single diskette. Be
                  sure and not to forget to add the 8 digit (i.e. 00000001)
                  filename on the label of the diskette.


                  And if you've never bought a damn program in your life
                  consider buying DXP.  The guy is doing a good job
                  writing it so far, and it might just save your ass!





Securing A Warez BBS (Recommended Technique)
--------------------------------------------

Be sure to read through the previous section or you'll be lost!  Ok,
here we go.  If your a warez sysop I recommend creating encrypted images,
and an encrypted CATALOG.TXT file as mentioned in the previous section.

If you have WAREZ .ZIP files already on your bbs here is what I recommend
if you can't create DXP images.  Say for instance you have a file called
MKOMBAT.ZIP in your BBS file library, here is a sure fire warez fed protection
method :


               First, if MKOMBAT.ZIP is password protected, remove
               the password!


               a. Rename the .ZIP file MKOMBAT.ZIP  to  SKEEZER.ZIP, or
                  some other odd ball name.



               b. Next, using the 8 digit naming convetion mentioned
                  in the previous section, create another zip file
                  like so :

                      PKZIP -sMYPASSWORD -e0 00000001.ZIP SKEEZER.ZIP


                  The -e0 switch tells PKZIP TO NOT USE COMPRESSION.
                  The -sMYPASSWORD encrypts the file using MYPASSWORD
                  as the password needed to later extract the .ZIP file.


               c. Next, add the filename, and descrption of that file
                  to your CATALOG.TXT file in the same format as mentioned
                  in the previous section :

                  CATALOG
                  =======
                  00000001.ZIP  -  Mortal Kombat
                  ..............................
                  ..............................

               d. Use PGP or some other program to encrypt your catalog
                  file...and keep a backup copy!


Ok, if you haven't caught on yet let me explain.  Even though you password
protect a .ZIP file, you can still view the contents of the file.  This holds
true for .ARJ files as well.  First, were simply giving your MKOMBAT.ZIP an
inconspicious name called SKEEZER.ZIP   Next, were taking SKEEZER.ZIP
zipping it up into another .ZIP file called 00000001.ZIP, encrypting
00000001.ZIP with the password  "MYPASSWORD".  Remember were using PKZIP
with the -e0 switch, meaning that 00000001.ZIP will not be compressed!


An extra step to be taken, if I were running a warez bbs would be to
password protect each 00000001.ZIP, 00000002.ZIP etc files with different
passwords.  You can easily write/get a program that generates random
passwords for this purpose.  As a sysop you would be responsible for
distributing the CATALOG.TXT  file to your callers, upon verification.
So even if the FEDS get in your board and seize it, they can't do shit
without having to decrypt that CATALOG.TXT file to get the passwords that
correspond to each 0000????.ZIP file.

And with a little ingenuity, you could easily write a program to generate
new random passwords for each file in a particular file area, change the
password on each of the .ZIP files, and log the 00000???.ZIP filenames,
passwords, and descriptions to a new PGP encrypted CATALOG.TXT file.


On a final note...for absolute security you could PGP encrypt the CATALOG.TXT
file for all the people on your public key ring.  That way, unless they
have their secret key to descrypt the CATALOG.TXT there pretty much locked out.
Using PGP encryption to encrypt the CATALOG.TXT for a select few, and
periodically changing the passwords on your 00000???.ZIP files would
provide ultimate security for your warez.




Comments, suggestions or if you'd like to grant me access to your warez
collectibles should be addressed to Le Crack, my PGP key block follows,
on the following boards :


& the Temple of the Screaming Electron                      510/935-5845
The Privateer Express   (DoveNet)                           904/638-2147



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi6hTg4AAAECANrwvu607OoUvpEhtMeqnkTfzAQIOMBA65PlVgIILYRLHjlo
uHIKLhk85OPZvmi3+bfY35lHBCFtDrq/uK+YHDEABRG0CExFIENSQUNL
=mVOm
-----END PGP PUBLIC KEY BLOCK-----

************************************************************************



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH