Mostrando mensaje 5676     < Anterior | Siguiente > Responder a este mensaje Asunto: RE: [aulainf] Sobre el DeepFreezer Fecha: Domingo, 9 de Junio, 2002  19:27:26 (+0200) Autor: Josep Pujadas i Jubany <jpujades @.......es> En respuesta a: Mensaje 5671 (escrito por Pepe Meneu) Bé, Sembla que és algú que vol desfer-se de la protecció que dóna DeepFreeze i ha fet un grup a Yahoo. Hi he entrat i Yahoo diu que el grup no existeix. Millor ... De moment, l'única manera de desprotegir el sistema és la comentada en l'informe que està penjat a la web de l'AEIC (que és la mateixa que explica aquest hacker en anglés). Salutacions, Josep Pujadas http://www.xtec.es/~jpujada1 mailto:jpujades@wanadoo.es -----Mensaje original----- De: Pepe Meneu [mailto:pepem@maestroteca.com] Enviado el: domingo, 09 de junio de 2002 9:35 Para: aulainf@eListas.net Asunto: Re: [aulainf] Sobre el DeepFreezer El meu anglés natiu de Vila-real no m'aplega per a comprendre si açò seria una solució provisional -------- Do you want to learn about how to hack the Windows security program Deep Freeze? Well, I'm not gonna lie to you. There isn't one YET that I know of, but there is a Yahoo group with some good information to get you started on this Mt. Everest of hacks! It is located at http://groups.yahoo.com/group/deepfreeze True: you can delete DeepFreeze with a boot disk, but that's not an honest hack. And most admins now know to password the CMOS and to disable the a: in the bootup sequence. Be sure to check out all the different sections: Bookmarks, Database, Photos, etc. The main program file for the Windows 9X version of Deep Freeze is a dynamic Virtual Device Driver (VxD) located in the c:\windows\system\iosubsys directory named PERSIFRZ.VXD. And, of course, it runs in Ring0. The password file for the Windows 9X version of Deep Freeze is located in the c:\progra~1\hypert~1\deepfr~1\ and is called PERSIS0.SYS. It IS true that deleting persis0.sys from a boot floppy in pure DOS will disable Deep Freeze, but that is because they don't want Deep Freeze to load if there is no password! (make sense?). The REAL Deep Freeze action/protection is in the .vxd. Read about VxD's and you'll understand why Deep Freeze is so hard to hack. It remains to be seen whether it is possible to write a program which can dynamically unload the Deep Freeze .vxd "on-the-fly". Or, whether it is possible to delete the PERSIS0.SYS password file "on-the-fly" and replace it with another one containing a known password. The file is "in use" and seems strongly resistant to manipulation. Probably because it is locked by the .vxd in Ring0. There is an API called VxDCall which can access Ring0 from Ring3, and it is also possible that another VxD could be written to unload PERSIFRZ.VXD. If anyone is up to the challenge and figures this out, PLEASE post to http://groups.yahoo.com/group/deepfreeze Meanwhile Deep Freeze remains the ultimate and "Complete Windows Protection" program, bar none. It has the respect of every hacker out there. But then again, is there really such a thing as "hack-proof"? We all know Deep Freeze can be deleted with a boot disk. But we want to develop a true hack for it. Will you contribute to the effort?? ------------- -- Saludos,Salutacions Pepe pepem@maestroteca.com -------------- http://www.maestroteca.com -------------------------- ¿Buscas una página educativa? En Maestroteca hay cientos.¿Está la tuya? ------------------------------- _______________________________________________________________________ MENSAJE DE ELISTAS: Si consideras eListas de utilidad y te gustaría apoyar nuestra labor, puedes hacerlo votando por eListas para el concurso iBest 2002 Para votar, visita http://www.elistas.net/ml/61/ ¡¡GRACIAS POR TU APOYO!!