Thawing Out DeepFreeze

Thawing Out DeepFreeze
by Murder Mouse

Section 1: The Introduction
----------------------------

If your school is like many then they might use a program on all accessable
computers called DeepFreeze. DeepFreeze is a program released by Faronics that's
task is to preserve the original configuration of the workstation. Therefore,
if you install a game or something on one of the computers protected by
DeepFreeze, then the next time that computer is rebooted the game is gone.
However, it's been known for a while that there are ways to bypass DeepFreeze.
How is Faronics responding to this threat? The same way any great conspiracy
theorist would expect a business like them to, by trying to cover everything
up. In 2003 Faronics tried and failed in filing a suit to Google in order to
limit the access it's users have to information related to exploiting DeepFreeze.
Meanwhile they still triumph DeepFreeze on their site as the best thing since
sliced bread when it comes to computer security. Therefore instead of taking
the appropriate measures towards these problems they are trying their
damnest to maintain a state of security through obscurity. Sorry Faronics, but
as any IT tech will gladly tell you, it just simply doesn't work. So without
further delays lets get on with ways of getting past DeepFreeze...


Section 2: DeepUnfreezer
-------------------------

This really isn't even a section as much as it is just to let you know in case
you don't that this tool is included with this kit. It's a program created by
Emiliano Scavuzzo that does a pretty damn good job of thawing out DeepFreeze.
Included in the deepunfreezer.zip is a manual, including screenshots, on how
to use this tool. Be sure to read this manual before using the tool, though it's
use should be pretty self-explanatory. If you try to use this tool and it
doesn't work then that means that your school is using the latest build of
DeepFreeze (which as of the date I'm writing this, 4-10-06, is 1426). If this
is the case then read on to figure out other ways to bypass DeepFreeze.


Section 3: Persi0.sys
-----------------------

This next technique involves creating a persi0.sys file to replace the one
on the workstation. This is the primary configuration file used by DeepFreeze,
and can usually be found in C:\. To do this go to Faronic's web site
(www.faronics.com) and download an evaluation copy of DeepFreeze. Then install it
on your computer and set it to have a null password, and to have all drives
thawed. Then pop a knoppix-std cd or some live cd and find your persi0.sys, and
copy this file to a USB stick. Then take this to school with your knoppix cd.
Then reboot the workstation with the live cd distro and usb stick already set
and ready. Boot into the distro, save a backup copy of the original configuration
file onto your USB stick, and replace the original on the workstation with yours.
Then just reboot the computer, take out your cd and USB stick, and enjoy.


Section 4: Persifrz.vxd
------------------------

I can't guarantee that this works on newer builds of DeepFreeze, but it's worth
a shot. This file can usually be found in the iosubsys folder in system/system32.
This is the virtual driver for DeepFreeze, and if you wipe this off then
DeepFreeze is done for. To do this grab a floppy disk with dos, reboot the
computer with your floppy in the A: drive, find the file from there, and del
it.


Section 5: Worst Case Scenerio
-------------------------------

The worst case scenerio here is that your school is using the latest build of
DeepFreeze, has password protected the BIOS, and only allows booting to C:\.
If this is the case, well, I'm sorry to say it, but you are shit out of luck.
You could always remove the CMOS battery to bypass the BIOS measure, but this
would require you to open up the casing, which isn't something you can exactly
do unless you either have permission or a very long opportune moment (which
is pretty fucking doubtful). You can ask around to see if maybe there is some
advice that anyone can give you on possibly getting around this, but I wouldn't
expect much. Luckily most schools (at least as far as I know) aren't smart
enough to implement all three, and there is always a workaround. Good luck.