12345678_1_2345678_2_2345678_3_23456789_4_2345678_5_2345678_6_2345678_7_2345678_8

Silk Rope, an extra goodie for Back Orifice
~~~~ ~~~~
Version 1.1
Concieved and Written by Brian Enigma <enigma@netninja.com>

Abstract
~~~~~~~~
    I just got back from DefCon 6.0 and witnissed all the hype and fanfare for
BackOrifice.  If you do not already know how cool and wonderful BackOrifice is,
you will have to go to http://www.cultdeadcow.com to witness it in its full
glory.

Description
~~~~~~~~~~~
    Last week, I released SaranWrap, a down-and-dirty little wrapper for
Back Orifice.  It very nicely trojan-ized BO into a small collection of files
that looked more-or-less harmless.
    Shortly after, I am releasing a little more elegant solution--Silk Rope.
(I've always prefered silk rope to Saran Wrap anyway...a little more 
comfortable and a little less hot).
    Silk Rope very nicely binds the BO installer with a program of your
choosing.  All that is required is the Silk Rope stub file and the Silk
Rope bind program (which runs in DOS, similarly to BOCONFIG).  

Installation
~~~~~~~~~~~~
    First, locate SilkRope.exe.  It is a file of about 41K.  (If it is 
larger, you probably already have something stored in there.  Try again
with a fresh new one).
    Copy it to something new (for instance SETUP.EXE).  And run SilkRopeBind.
SilkRopeBind will ask you a few questions.  There are no default answers.  
All of them must be answered:

File name of the SilkRope program stub to bind the executables into?
(This is the name of a stub file that does not already have a BO installer
 and a real program bound to it).  You will probably want to enter:
setup.exe

File name of the Back Orifice installer?
(This is the name of your BO installer).  If you are running BO "out-of-the-
box" and it is sitting in the current directory then you will want to enter:
boserve.exe

File name of the "real" program to be run?
(This is the glorious "Trojan horse" that will get displayed to the end
 user after all is said and done).  Enter the program's file name here (I
used Notepad for some of my tests):
notepad.exe

    Silk Rope Bind will take a second and then package everything into your
original file (setup.exe, in the above example).  If you look at the file
size, you will see it is significantly larger (there is no compression
built into the system, so it will be the size of all three files combined,
plus a little overhead).

    Congratulations!  You're done!  Pass the program around to all your 
friends (or enemies).

Error Messages
~~~~~ ~~~~~~~~
    To be a little more discreet with error messages, the Silk Rope stub does
not use plain text.  After, how would someone feel if they had a message pop
up stating "Could not locate embedded Back Orifice installer?"  Here is a list
of the Silk Rope stub's error messages and what they mean:

Windows Application::INTERNAL ERROR
  There was a problem creating the temp files
Windows Application::STACK FAULT
  The stub could not locate itself.  Because of this, it could not extract the
  BO installer or the real program from itself.
Windows Application::CORRUPT FILE (this file has been damaged or corrupted)
  The stub located itself, but had problems extracting one or both of the
  embedded executables.  Most likely, you forgot to run SilkRopeBind 
  beforehand.

Possible Limitations
~~~~~~~~ ~~~~~~~~~~~
    As I am not 100% sure how Windows (or Microangelo) handles icon resources
internally in files.  Microangelo (http://www.impactsoft.com/) is a cool 
little utility that allows you to change an applicatin's icon.  If the
single-file-install icon is not good enough for you, you might attempt to
use Microangelo (at your own risk...presently, it is untested).
    For some reason, my "monitor for the end of the application" routines
are not working too well (and I don't have the time to exhaustively debug
them).  Therefore, every time you run SilkRope, it will leave a little
temp file in your temp directory.
    Also, there is a little problem with wrapping a BO installer and
program into a SilkRope executable that already has them installed.  For
some reason, it just grows in size (and uses the older embedded executables).

Source Code
~~~~~~ ~~~~
    Source code for the stub and the binder is included.  Any bug reports or 
code suggestions would be appreciated, and may be sent to enigma@netninja.com.

History
~~~~~~~
1.0  Initial release
1.1  * Added Windows NT detection: If NT is detected, then the BO installer is
       skipped and the "real" program is run.  (Running the BO installer under
       NT causes a pretty nasty dialog box to pop up...one that mentions
       enumerating passwords)
     * Added simple encryption so that the BO installer is not stored in "plain
       text" embedded in the Silk Rope file.  That way, virus checkers have
       a little more difficult time discovering BO on the hard drive.
     

Conclusion
~~~~~~~~~~
    Have fun.  Do not cause too much trouble.  Thanks, CDC for making such
a great "tool."

DEAD
      COW
KICKS
      ASS