12345678_1_2345678_2_2345678_3_23456789_4_2345678_5_2345678_6_2345678_7_2345678_8

Saran Wrap, an extra goodie for Back Orifice
~~~~~ ~~~~
Version 1.0
Concieved and Written by Brian Enigma <enigma@netninja.com>


Abstract
~~~~~~~~
    I just got back from DefCon 6.0 and witnissed all the hype and fanfare for
BackOrifice.  If you do not already know how cool and wonderful BackOrifice is,
you will have to go to http://www.cultdeadcow.com to witness it in its full
glory.

Description
~~~~~~~~~~~
    Now, how do you get the unsuspecting individual to execute this program?
It has no user interface, does nothing (visible), and deletes itself when
finished installing.  The typical user may be a little curious as to what the
program they just double-clicked on did (before it disappeared).  
    Saran Wrap packages your custom Back Orifice installer with another
"legitimate" program--whether it is an installer, an application, a game, or
anything else under the sun.  The main program is run, it first creates a
copy of your BO install, which runs and gets deleted.  Then, it runs the
"real" program.
    I am publically releasing the Saran Wrap for Back Orifice.  Use it wisely, 
use it well, use it at your own risk.

Installation
~~~~~~~~~~~~
    Installation is quite easy and requires three files:
1) The Saran Wrap executable (SaranWrap.EXE by default, but you can rename it
   to anything you wish--SETUP.EXE, for instance)
2) Your BOSERVER.EXE file, optionally customized for your own choice of port
   number and password
2) The "real" program that should be run and presented to the user

    You should first rename your BOSERVER.EXE file to DATA1.Z.  (Be sure you
have Explorer set up to show you full filenames with extensions.  Answer "yes"
to the "are you sure you want to change this to another extension?" question).
    Next, rename the "real" program (SETUP.EXE or NOTEPAD.EXE or QUAKE.EXE,
for example) to DATA2.Z.  Again, answer "yes" to the "change the extension?"
question.
    Rename SaranWrap.EXE to the "real" program's file name (SETUP.EXE, NOTEPAD.EXE,
QUAKE.EXE, etc).

    That is all there is to it.  The name space of "DATA?.Z" should not conflict
with any existing program installer.  In fact it should fit in quite well.
Most installers use a single file (SETUP.EXE) or use multiple files (SETUP.EXE,
DATA.Z, SETUP.INS, SETUP.PKG, etc.).  In the case of a single-file install, 
the installer will now look like a multi-file install (especially, if you throw
in a few bogus files from a multi-file install).  For a multi-file install, 
the DATA1.Z and DATA2.Z fit in quite nicely with the legitimate DATA.Z.

Source Code
~~~~~~ ~~~~
    Source code is included.  Any bug reports or code suggestions would be
appreciated, and may be sent to enigma@netninja.com.

Conclusion
~~~~~~~~~~
    Have fun.  Do not cause too much trouble.  Thanks, CDC for making such
a great "tool."

DEAD
      COW
KICKS
      ASS
