I lately bought my palms on a USB drive with Kakasoft USB Copy Safety (DRM safety). This software program guarantees to allow you to share information with out the worry of it being copied by the top consumer. Nevertheless, the pseudo-hacker in me couldn’t resist the problem. In spite of everything, “If it may be learn, it may be copied.” On this article, I’ll stroll you thru all the course of I used to crack this safety, sharing my thought course of and detailed steps alongside the way in which. Don’t fear—I’ve pixelated any delicate info, however you’ll nonetheless get a transparent image of how you can bypass such weak defenses.
How the Copy Safety Works
Kakasoft’s methodology entails inserting an executable file on the USB that acts as a digital file explorer, disabling the same old copy/paste operations. You may open information from this explorer, however you may’t transfer them outdoors of the USB. Right here’s a peek on the UI:
As you may see, the copy icon is grayed out, and right-clicking on any file or listing gained’t assist both—the copy choice is disabled.
Preliminary Makes an attempt to Break the Safety
I had a couple of theories on how this software program would possibly work, and I got down to check each.
Hidden Directories
First, I assumed the info is likely to be in a hidden listing on the USB, displayed by the digital explorer. Whereas the USB did have hidden directories, none contained significant information.
Subsequent, I puzzled if the exe was a self-extracting archive. I attempted utilizing 7-zip to extract it, but it surely was no use—7-zip reported a damaged archive.
On-line Search
Turning to the web, I looked for concepts utilizing the hidden listing title, HPSafeBox
. This led me to a Reddit submit discussing the identical copy safety. The submit steered that information was saved within the HPSafeBox listing or a hidden Y
drive. Checking and modifying native registry settings didn’t assist.
Partition Editor
I ran varied offline instruments, together with a partition editor, hoping to uncover hidden drives. TreeSize solely confirmed the C
drive and the USB’s F
drive:
I used TreeSize as somebody was capable of uncover the hidden drive utilizing it in a YouTube video
Discovering the exe Location
In my case, the USB got here with an executable software program hidden behind the digital file browser. I made a decision to try to hint the place the executable is likely to be working from, hoping that it would give me some clues in regards to the hidden information’s location. My thought course of was that if the exe file is ready to run on the system then it have to be saved in an accessible location. I attempted utilizing Process Supervisor to determine the file location however clicking on “Open file location” did nothing:
Subsequent, I used a really previous software known as Api Monitor
. It permits you to monitor a program and reveals which DLL calls that program is making. This gave me my subsequent clue—the trail of the executable working from the F drive, however with a command line reference to a hidden Z drive:
Accessing the F
drive path was blocked:
And the Z
drive additionally returned an error:
Disabling Group Coverage Adjustments
The Z
drive error intrigued me. I used to be accessing this drive on my private pc and I don’t keep in mind placing any restrictions in place. This SuperUser submit talked about some Group Coverage adjustments to disable this restriction. I went forward and disabled the “Stop entry to drives from My Laptop” setting:
With this restriction lifted, I accessed the Z drive, uncovering the NLLastF
listing containing all of the information I wanted:
Let this be a reminder: if one thing is accessible offline, it’s solely a matter of time earlier than the safety measures or DRM protections are bypassed.