SECURITY IN SOFTWARE PIRACY Procedures On Quickly And Effectively Encrypting Warez Diskettes And Saving Your Ass From The Feds --------------------------- Release 10/16/1994 Le Crack 1......Overview 2......My Search For Fast Encryption Software 3......Personal Warez Security (Recommended Technique) 3......Securing A Warez BBS (Recommended Technique) OVERVIEW -------- Important fact, there are more virgins in the world than people that HAVE NOT pilfered, stole, borrowed, begged, test drove or just plain pirated a copy of your buddies "VGA Mega-Prick" arcade game. Actually, pirates do the software companies a favor by boosting sales. Most pirates, pirate and use the software just long enough to check it out. If the software is pretty cool, then the pirate will usually buy it...otherwise it will get trashed. Ok, let's get back on track. Q. WHY DID I WRITE THIS? A. Because there are three downsides to pirating : 1. Your buddy that gave you "VGA Mega-Prick" could get pissed off one day, call the FBI, SPA, or software manufacturer and *buddy* fuck you. 2. It's not unusual for the FBI to monitor your favoriate H/P/A/V or Warez board. And they DO investigates ALL reports made or suspisions of, software piracy. 3. Sysops of H/P/A/V boards do get busted...so you now feel like a shit because even though you lied about your name, you did use callback verification...and your phone number is logged in the BBS user file. MY SEARCH FOR FAST ENCRYPTION SOFTWARE -------------------------------------- Lately, I've became a little paranoid of getting that knock on the door from the warez police. So I started to look for encryption programs to encrypt my warez diskettes. Here are a few programs and methods of encrypting your warez files and diskettes, and their weaknesses : I. Using PKZIP (or ARJ) With Password Protection Description: Pkzip is a great program for quickly encrypting and compressing your warez files. It's really a good product especially for zipping files along with there sub-dirs on your harddisk using the "-r -P" switches. Pkzip supports encryption as well with the -S switch. (i.e. PKZIP -sMYPASSWORD TEST.ZIP) Know Problems: a. It takes FOREVER to zip the contents of a full diskette. b. You can still view the filenames contained withing an encrypted .ZIP file c. It takes FOREVER to unzip a .ZIP file containing the contents of a full diskette, back onto a blank diskette. d. You could .ZIP the contents of a *full* diskette say a 1.44M without using data compression, in order to speed things up. However, a .ZIP file header will still be included with the .ZIP, making the .ZIP file larger than 1.44M leaving you unable to copy the .ZIP back to a diskette for storage. II. Stacker, with password protection. Stacker is pretty good when it comes to security, unlike that other brand you get free with DOS. According to an associate warez warrior you can create stacker diskettes with encryption enabled that offeres pretty tight security, as well as speed. As of this writing I have yet to test this, but a will conclude that unless you're running Stacker then your pretty much out of luck. However, I've noticed with the introduction of DOUBLESLUT that most companies such as PC-TULS and SYMTEK are dropping support for Stacker. III. PADLOCK (shareware encryption program) Padlock is a pretty cool menu driven shareware program for file as well as diskette encryption...but it sucks. If you get it try encrypting a 1.44m floppy, however you may need to start the encryption prior to leaving on your vacation to Cuba...and it should be complete when you return in a couple of weeks. It's seeeellllooowwwww. IV. DISKREET (a NU Utility) This is an excellent program. You simply load a driver in your config.sys, run DISKREET, and create a DISKREET password proteceted diskette. In order to access the encrypted diskette (or harddisk) you first have to load DISKREET to mount the drive, of course providing the password. The only problem that I know of is that as of NU v7.0 it doesn't work with compressed drives. If your not running Stacker or DOUBLESLUT, then this is probably for you. V. DiskExpress v2.32 (shareware) <------- MY PICK This is a cool utility, and what I recommend if your not running DISKREET or STACKER. Really, this gem has the upper hand on all of the previous encryption/compression methods mentioned above. Exactly what is DiskExpress. Disk express is a disk imaging program. In short, it reads ONLY the portion of a diskette that contains data, optionally compresses the data, and stores the data in a file, or image file if you will, on your harddisk. And as of version 2.32 will allow you to encrypt the image file that it creates. DiskExpress can be ran under DOS as well as OS/2, and includes optional compression that rivals PKZIP 2.04G By default, DiskExpress creates images files that are self extracting. This eliminates the possibility of incompatability with newer releases. Unlike DISKREET it works fine with disk compression. And unlike using STACKER with on the fly compression/encryption, your not "stuck" with having to use STACKER. The only downsides of using DiskExpress that I found is that you can view the five line description of the file, even if the file is encrypted. And secondly, if you create an image of a 1.44M diskette then later want to extract the image to another diskette, the diskette must be blank, and of the same format, 1.44M In other words, you can't make an image of a 1.2M and uncompress/extract it onto a 1.44M However, I look forward to this being changed in a future release. DiskExpress is available on most BBS's, as well as most shareware CD-ROMS. PERSONAL WAREZ SECURITY (Recommended Technique) ---------------------------------------------- Overall, DiskExpress is my pick, as you saw in the previous section. For overall warez police protection I recommend an encryption/diskette cataloging method as outlined : (An detailed example will follow) a. Create self extracting encrypted image files of all your warez diskettes, naming each image file that you create in sequence such as : (DON'T put a description in the file, explained later.) 00000001.EXE 00000002.EXE 00000003.EXE b. Copy each image back to it's respective diskette. c. Adding new labels to your diskettes with just the filename i.e. Label on diskette 1 reads : 00000001 Label on diskette 2 reads : 00000002 ...................................... ...................................... d. Creating an ENCRYPTED catalog.txt file that contains all of the image file names along with their descriptions such as CATALOG ======= 00000001 - Description of contents of image file on disk 1 00000002 - Description of contents of image file on disk 2 00000003 - Description of contents of image file on disk 3 .......................................................... .......................................................... In short, you end up with encrypted image files with a unique 8 digit filename. The label on the diskette with the 8 digit filename. And an encrypted ascii text file, or master catalog of all the image file names and a description. LAMER'S EXAMPLE : Ok, here's an example, say you want to encrypt a copy of "Pecker Pirates", and the copy you have is on 3 diskettes. Here is what to do : 1. Grab your warez diskette box and open er up and grab your Pecker Pirate. 2. Run DXP to create a self extracing image (encrypted of course) of the first diskette. Use 00000001 for the filename, this is important! The command line recommended for version 2.32, running only DOS is : DXP /DOS /p"MYPASSWORD" B: 00000001 (Important! The password you use IS CASE SENSITIVE!!) 3. Next run DXP again on diskette 2 this time use 00000002 for the filename, again this is important!! 4. Run DXP again on diskette 3, this time use 00000003 as the filename. 5. You should have 3 images files on your harddisk now : 00000001.EXE 00000002.EXE 00000003.EXE 6. As mentioned (with version 2.32) you can still view the 5 line description even if the image file is created. So DON'T BE A DUMB ASS and DON'T put a 5 line description in the image file like "Pecker Pirates"!! 7. Next, create an ASCII text file called CATALOG.TXT (you can use whatever name you like in place of CATALOG.TXT if you like) 8. Next, add the lines to CATALOG.TXT : Master Catalog ============== 00000001 - Pecker Pirates Disk 1 00000002 - Pecker Pirates Disk 2 00000003 - Pecker Pirates Disk 3 IMPORTANT--> 9. Encrypt your CATALOG.TXT file with PKZIP, Pretty Good Privacy (PGP), or any GOOD encryption software. Make sure you keep a backup copy of the file on a separate diskette...cause if you loose it, your fucked. Keep the file in a handy place. You will need it to look up warez if you want to install it, or make copies for other *buddies* out there. NOTE 1 For added protection, if your REALLY paranoid you could use a different password for EACH image file you create, or each program. You would just include the password, along with the 8 digit filename and description in the CATALOG.TXT file, rather than just the filename and description shown in step 8. NOTE 2 One last note. DiskExpress (DXP) has several options be sure to check out the documentation. As stated, DON'T BE A DUMB ASS and put the description of the program in the image file! (as of DXP version 2.32) And be sure to keep your CATALOG file backup up, and encrypted!! NOTE 3 If your using compression with DXP you can probably fit multiple images back onto a single diskette. Be sure and not to forget to add the 8 digit (i.e. 00000001) filename on the label of the diskette. And if you've never bought a damn program in your life consider buying DXP. The guy is doing a good job writing it so far, and it might just save your ass! Securing A Warez BBS (Recommended Technique) -------------------------------------------- Be sure to read through the previous section or you'll be lost! Ok, here we go. If your a warez sysop I recommend creating encrypted images, and an encrypted CATALOG.TXT file as mentioned in the previous section. If you have WAREZ .ZIP files already on your bbs here is what I recommend if you can't create DXP images. Say for instance you have a file called MKOMBAT.ZIP in your BBS file library, here is a sure fire warez fed protection method : First, if MKOMBAT.ZIP is password protected, remove the password! a. Rename the .ZIP file MKOMBAT.ZIP to SKEEZER.ZIP, or some other odd ball name. b. Next, using the 8 digit naming convetion mentioned in the previous section, create another zip file like so : PKZIP -sMYPASSWORD -e0 00000001.ZIP SKEEZER.ZIP The -e0 switch tells PKZIP TO NOT USE COMPRESSION. The -sMYPASSWORD encrypts the file using MYPASSWORD as the password needed to later extract the .ZIP file. c. Next, add the filename, and descrption of that file to your CATALOG.TXT file in the same format as mentioned in the previous section : CATALOG ======= 00000001.ZIP - Mortal Kombat .............................. .............................. d. Use PGP or some other program to encrypt your catalog file...and keep a backup copy! Ok, if you haven't caught on yet let me explain. Even though you password protect a .ZIP file, you can still view the contents of the file. This holds true for .ARJ files as well. First, were simply giving your MKOMBAT.ZIP an inconspicious name called SKEEZER.ZIP Next, were taking SKEEZER.ZIP zipping it up into another .ZIP file called 00000001.ZIP, encrypting 00000001.ZIP with the password "MYPASSWORD". Remember were using PKZIP with the -e0 switch, meaning that 00000001.ZIP will not be compressed! An extra step to be taken, if I were running a warez bbs would be to password protect each 00000001.ZIP, 00000002.ZIP etc files with different passwords. You can easily write/get a program that generates random passwords for this purpose. As a sysop you would be responsible for distributing the CATALOG.TXT file to your callers, upon verification. So even if the FEDS get in your board and seize it, they can't do shit without having to decrypt that CATALOG.TXT file to get the passwords that correspond to each 0000????.ZIP file. And with a little ingenuity, you could easily write a program to generate new random passwords for each file in a particular file area, change the password on each of the .ZIP files, and log the 00000???.ZIP filenames, passwords, and descriptions to a new PGP encrypted CATALOG.TXT file. On a final note...for absolute security you could PGP encrypt the CATALOG.TXT file for all the people on your public key ring. That way, unless they have their secret key to descrypt the CATALOG.TXT there pretty much locked out. Using PGP encryption to encrypt the CATALOG.TXT for a select few, and periodically changing the passwords on your 00000???.ZIP files would provide ultimate security for your warez. Comments, suggestions or if you'd like to grant me access to your warez collectibles should be addressed to Le Crack, my PGP key block follows, on the following boards : & the Temple of the Screaming Electron 510/935-5845 The Privateer Express (DoveNet) 904/638-2147 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi6hTg4AAAECANrwvu607OoUvpEhtMeqnkTfzAQIOMBA65PlVgIILYRLHjlo uHIKLhk85OPZvmi3+bfY35lHBCFtDrq/uK+YHDEABRG0CExFIENSQUNL =mVOm -----END PGP PUBLIC KEY BLOCK----- ************************************************************************