Uh oh... What did I do to FD-ISR???

Discussion in 'FirstDefense-ISR Forum' started by eniqmah, Sep 24, 2007.

Thread Status:
Not open for further replies.
  1. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    This may or may not mean any thing, but I'd like to know what it really means for users of FDISR.

    Abstract: Unlocker deletes the inactive snapshots and renames the active snapshot upon reboot, causing irreversible damage?


    Tools needed:
    Unlocker v. 1.5

    Environment: Booting with deepfreeze in thawed mode, system folders not hidden/protected (this can be set in Folder options in control panel)
    ISR service not running on boot or is terminated after boot (via taskmanager)
    Assume active snapshot = folder "0" in directory "C:\$ISR",
    Assume inactive snapshots = folders "1" through"9" in "C:\$ISR" ( if the system has that many snapshots)


    Instructions to replicate:
    Step 1. Navigate to: "C:\$ISR\$APP" > replace ISR.ico with another/DIFFERENT icon with the same name. This step was just part of what I was doing ( trying to reshack the icon :) ), and may not be necessary to replicate the situation.
    Step 2. Navigate to: "C:\$ISR" > rightclick on the snapshot folder "0" to unlock the folder, this will lead you to the ability to rename that folder upon reboot
    > rightclick on snapshot folders"1" through "9" and delete them using unlocker.
    Step 3. Rebooting will lead to the ISR Service not being able to run > ISR can not start correctly to enable you to boot into another snapshot.
    Step 4. Navigate to: "C:\$ISR" and see that the snapshot folder "0" have been renamed to something else.
    Step 5. Reboot and press F1 to get into the FDISR boot menu > Error message: "0" folder not found - FirstDefense-ISR ERROR - Presss any key to boot Windows.
    Step 6. Press any key, boot to Windows to end up @ step 3.

    So essentially, after I do this to ISR, I am free to mess the system up, without much help from ISR to recover. So what does this really mean?
    Reinstall ISR from within the messed up system and restore from archive? Would some one try doing that and report back?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    First, what on earth possessed you to do this. Second. I presume you took an image of the system before trying this.

    Let me see. First statement is irrelevant. Second, I can guess the answer.

    What you need to do is see if you can uninstall what's left of FDISR, although I wouldn't be surprised if you can neither uninstall or reinstall. Should be chance you have an image with all the snapshots, then restore it, and update via the archihve. If you don't have an image, hopefully you have a windows disk, or recovery disks. You may have to somehow either do a repair install of windows, or restore your recovery disks. Then reinstall FDISR. Next create a new secondary snapshot, and boot to it. Finally restore you primary/other snapshots from archives.

    Lastly, chastise oneself highty for doing this, and vow never to do it again.:D

    Pete
     
  3. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Nope, tried to reinstall it without success. Leaving image restoration seemingly the only option left to recover.
    This works.
    I did it because I wanted to find a way to destroy this program because the premise that what you do in one snapshot doesn't affect other snapshots just didn't seem right to me. I did show to myself at least one way to mess up a system that has FD-ISR on it - the whole system- not one snapshot. Having done that, I can now strengthen this recovery scheme by using other software programs to hide the ISR folders completely. Regarding the recovery of This particular system that I messed up...well it was a VM, ;) I'm not THAT n00bish.


    EDIT: I tested this again on a system that has 2 snapshots of FD-ISR that are booting in freeze mode. The result was the same, I was able to mess up the system and, unless I'm missing something, recovery was not possible without resorting to image restores.
    Now here is the kicker: I tested this a third time on a system booting DeepFreeze in Freeze mode. As predicted, deleting the snapshots didn't do any harm to the system after rebooting.
     
    Last edited: Sep 25, 2007
  4. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    LOL, I suspect there are numerous ways, if one puts ones mind to it, not really surprising since the program is not designed to prevent suicide, just to reduce the incidence of accidental injury :D
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Hi Enigmah

    Glad you were doing this in a VM machine. Remember though FDISR was not designed against an attack from the outside. It was designed to quickly recover from all the things that can go wrong on a system without any outside help.

    It also won't protect you from things that attack the disk itself. I would advise not messing with it from the point of trying to "harden" it. I suspect what you will end up with is it not working when you need it.

    If you think about the number of machines out there with FDISR vs no protection at all, someone designing an attack specifically against FDISR is so slim, .....

    I would just protect the system as you have with DeepFreeze, and whatever else and let FDISR be in peace.

    Pete

    PS. If you'd like I can give you much better ways to screw up your machine.:D
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's why all FDISR-users have Image Backup softwares, like StorageCraft, Acronis, Terabyte, Paragon, ... to restore their system, if FDISR failed to do it.
    This happened to me at least two times, when legit softwares corrupted FDISR.

    But that's peanuts and already solved long time ago. I consider this thread as old news. :)
     
  7. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Yes,Imaging Backup App. are a last resort and a must have beyond everything else but as already said by Erik it makes you dumb and lazy because you almost never anymore have to sort problems out,just restore an image and your back in business.
     
Thread Status:
Not open for further replies.