PURPOSE INSTALLATION/SETUP OPERATION OPTIONS COMMAND LINES RELATED PROGRAMS
Author: Dan Mares, dmares @ maresware . com (you will be asked for e-mail address confirmation)
Portions Copyright © 1998-2020 by Dan Mares and Mares and Company, LLC
Phone: 678-427-3275
******************************************
This program should be run from a DOS boot
******************************************
Brandit may work when run from a DOS box (window) under WIN9X, but if errors occur, you should reboot to DOS and rerun the program. IT WILL NOT WORK IN WIN2K or NT DOS BOX.
Because of the extreme low level in which this program accesses the hard drives Mares and Company, LLC, and the author assume no responsibility for any damage which may be caused either to the physical hardware or for the loss of data. When using this program, the user assumes all responsibility and liability for loss.
Because of the extreme low level in which this program accesses the hard drive the user should be advised that in some instances any one hard drive or type of hard drive may not be able to be branded.
Brandit is designed to help law enforcement and security personnel identify the true owner of hard disks.
Brandit “brands” a physical hard drive with personal identification information. This information can later be used by investigators or security personnel to determine the owner of the disk.
Some uses of the program might be:
1. Brand the hard drive to determine which computer it was installed in (for inventory purposes).
2. Brand the drive with ownership information. Then if the computer is lost or stolen and is recovered, law enforcement can use their copy to view the branding and thus identify the rightful owner.
3. Brand the drive to indicate who the computer is specifically assigned to. Often computers, especially laptops, will "walk" from one desk to another. Brandit can be run by auditors or IT staff to see where the computer initially was assigned.
4. Computers can be "rebranded" any time. But only by the person who has the original "key" that was provided when the brand was initialized. This means that if a computer is reassigned, the brand can be updated.
Brandit is licensed on a per use basis. The default number of licenses issued is generally 15 (this is subject to change at any time). This means the original licensee can brand 15 computers/disks. After the licenses are used up, additional ones must be purchased. Currently the pricing of additional licenses gives discounts based on volume. Volume prices as of January, 2004 range from $1.00 to $5.00 per brand/use.
The use of Brandit to merely VIEW the current branding is not considered a "use" for licensing purposes. Brandit may be used indefinitely to VIEW current branded disks. The version of Brandit that will read or view the branding can be found on the web at dmares.com in the forensic suite section.
For more information about licensing please call Mares and Company, LLC at 770-237-8870.
topRegistering your copy:
When you first receive your copy of Brandit, if the program itself hasn't been registered to you, it might be necessary for you to run a setup program on the distribution disk.
To determine if Brandit is registered, enter the command ( BRANDIT -? ).
If the banner indicates the program is already registered, you can begin using it.
If the banner indicates the program is unregistered and unlicensed then you need to run the setup program found on the disk. The setup program will register Brandit to you or your company/organization, depending on the information you provide. Before it is registered, Brandit will not operate.
If you have received Brandit as part of one of the Maresware suites, Brandit was registered during your initial install of the suite.
If you have purchased Brandit as a stand-alone program, or received a complimentary copy, it is probably already registered. Complimentary copies, when provided, are generally the property of some law enforcement agency. Once registered, the registration cannot be changed.
Once registered, the program is ready to use.
Brandit comes on a pre-licensed disk that permits a specific number of uses.. The default number of licenses is 15. No other specific installation is necessary. Once properly registered, you can make as many copies as you like of the registered BRANDIT.exe program.
To run Brandit for the purpose of creating or changing a brand(-c option), you MUST have the license disk in the A: drive. Brandit will not create or change a brand without the license disk in drive A:. The actual Brandit program can reside anywhere on your system, but the license disk must be present as just described.
It might be beneficial to put an operating system on the disk so it can be used as a stand alone boot and branding disk. However, this is not necessary. If the operating system is placed on the disk, don't put any other files on the disk. Appearance of other files could corrupt and invalidate the license.
The license disk (original distribution disk) is NOT needed to use Brandit to VIEW the current brand on a hard drive. Brandit will show the current brand (or lack of) when run from any location. Again, the license disk is not necessary. Brandit's read and View capability is always accessible. This is a benefit to law enforcement since it allows them to distribute Brandit to anyone who needs to perform this check. (ex., robbery investigators). It is also of value to corporate IT staff and Auditors who might use Brandit to check each machine to see what the brand is.
1. Make certain Brandit is registered. ( BRANDIT -? ). If not use setup.exe to register it.
2. Boot to DOS, or enter a DOS box (Window) in WIN9X. (Brandit will not run under NT).
3. Insert the license disk in the A: drive.
4. Enter one of the following commands: BRANDIT, or BRANDIT -c
Since this is such a low level program the author cannot accept any responsibility for problems or lost data caused by its operation. The user must assume and take all responsibility for the consequences of using this program.
Before running Brandit on any platform or specific type of hard drive it is recommended that the user conduct some tests on disks similar to those that will be branded. Some older drives, drives requiring special drivers, and drives which contain disk overlays may not be brandable.
When branding a disk, Brandit should only be run from a DOS boot, not a DOS window. Under WIN9X the branding program seems to work well in a DOS window. However, on some platforms this may not be the case, and the user should test the operation first. (Brandit will NOT run under NT).
The default command line to start Brandit and initialize or change a brand is:
A:>brandit -c
NOTE: the license disk MUST always be present in the A: drive to add or change a brand. It does NOT have to be present to read, view, or remove the current brand.
When Brandit is run different things take place depending on the state of the hard drive it is being run on.
If multiple physical drives are in the computer, it is recommended that you first run Brandit without any options to let the program determine which drives are available for branding. The program will show a screen with the drive parameters it finds. If the drives do not appear to be correct, you might have some BIOS conflicts. When you are comfortable with the drive number you are using, then the -d option can be used without prior interrogation of the system.
DRIVE #: BOOT 1st PARTITION - CYLS-HEADS-SECS - TOT SECS - TOT_SIZE TYPE 0 YN-- BIGDOS > 32M 1247 255 63 20,033,055 10,256,924,160 LBA 1 N--- BIGDOS > 32M 524 32 63 1,056,384 540,868,608 LBA 2 N--- BIGDOS > 32M 1008 66 63 4,191,201 2,145,894,912 PART 3 NNN- BIGDOS > 32M 1023 255 63 16,434,495 8,414,461,440 BIOS Enter the drive number of the drive to use, ^C to quit: 0,1,2,3,
In most systems, only one hard drive is present, and Brandit will default to that drive.
0 YN-- BIGDOS > 32M 1247 255 63 20,033,055 10,256,924,160 LBA
If Brandit is run without the -c option, it will merely try to determine if the drive is branded, and if so will show the current brand. If the drive is not branded, and the -c is not used, Brandit will respond and tell the user there are no more licenses remaining. This message is merely an indication that there is no brand. There may in fact be licenses to brand with and the use of the -c option will not reveal that.
Brandit will show the drive parameters and the user must determine if this is the correct drive to brand.
Each time Brandit is run with the -c option, it first checks to see if the disk has been previously branded.
There doesn't appear to be any brand on this disk Do you want to add a brand to the disk? [Y/N] Y
If this is the first time Brandit is being run on the physical drive, it will ask if you want to brand the disk. If the answer is yes, the program allows you to enter up to five (5) lines of user ownership information. For example:
Input ownership information, max of five lines each with a max of 50 characters Dan Mares * Mares and Company, LLC * PO Box 464429 * Lawrenceville, GA. 30042 * 770-237-8870, 678-427-3275 *
This information is then encrypted and placed on a section of the disk that is not normally accessible.
The user is provided an 8 digit “KEY” or password. This key must be kept if you later wish to alter or remove the branding. For example:
Your password for future use is 9882D419 Don't forget it
The user is also asked if a second key should be generated using a password that the user supplies. This is to allow the user to enter a password which is more easily remembered than the one generated by the system. This second password can also be entered using the -p option on the command line.
It is suggested that this second password always be used. It will probably be easier to remember than the one that is generated. If you lose both passwords (keys) there is no way to remove or change the brand. Brandit will provide this option as follows:
You can optionally input a secondary password which will later allow you to change or remove the current branding. The maximum size of the password is 15 characters. Do you wish to enter a backup password now? [Y/N] Enter the password now ****** Enter it again for verification ******
If you later want to change or remove the brand, this 8 digit KEY, or your own password, is needed to allow the program to alter the brand. Without the proper key, the program will not allow you to change or remove the branding. This is to prevent an unauthorized user from performing those operations.
When the program is run, if the disk is already “branded”, the program checks the integrity of the current branding. If it has been altered, a message is provided. In either case, the current brand is displayed on the screen. On some disks, as a safety precaution, a "backup" brand is also placed on the disk. This backup brand is very hard to find and eliminate, and if it was ever placed on the disk, chances are it is still there. So if the primary brand is erased, altered or in any way tampered with the backup brand, if available, is used.
(To determine the current branding, just run the program on a hard drive.)
If the disk is already branded, and you want to re-brand the disk, you must provide the program with the proper key or password (provided when the original brand was installed).
This program currently has been tested and will run on hard drives formatted in the following way: DOS, WIN95A, WIN95B, NTFS and LINUX. It has also been tested and operates on drives using extended INT13 access on drives, and SCSI drives.
Since Brandit cannot be run under NT, when branding a drive running NT operating system, the computer will have to be booted from a DOS bootable disk and the -d option will have to be used. This is because NT will not allow the low level of writing which the program must do, and only a DOS boot will allow this.
If you use the -f option, you can brand multiple drives with the same information. This is useful because then the KEY you are provided will be the same for all the drives. The -f option requires a small text file be provided which contains the "standard" information the user wishes to place on the drive. This is recommended for branding multiple drives with identical information.
CAUTION: It is possible for the primary brand to become corrupted or erased. However, this is highly unlikely as the procedure for doing this is outside the scope of most users' capabilities. In any case, if a backup brand was installed, it will take over.
Brandit IS NOT compatible with and cannot be run from within a DOS window on NT.
NOTE: The problems and suggested solutions described here operate at a very low level and may not always solve the problem. The user is cautioned that some may also cause some data loss. Use with caution and make certain your data is backed up before you start.
Problem: You are trying to brand a laptop drive and keep getting an error message indicating the branding is not being written.
Solution: This is a hard one. The option to force a brand might work.
However, it is very dangerous and could corrupt your drive. We recommend that
you call Mares and Company, (770)-237-8870 for assistance.
Problem: You keep getting different password "keys" every time you brand a different computer.
Solution #1: One solution is to make certain the information branded
is always identical. Use the -f option.
Solution #2: Have a custom, 2nd password (key) imbedded into your copy of the program. (We can provide this for a small fee). This is a key which will always work with your individual copy of the program.
Problem: Program indicates there are no more licenses left.
Solution: Purchase additional disk with additional licenses.
Problem: Program indicates it can't find a location to place the
brand. (this is often caused when original disks have been sent by their manufacturer
with random data on the disk, or the disk was wiped with a really good wipe
program).
Solution: Call Mares and Company, 678-427-3275 to obtain the option
which will force this operation. (Then use it with caution.)
Problem: Program indicates an old backup brand, an altered/erased primary brand but doesn't allow you to create a new brand. (This may be caused by a wipe of the drive which left random characters on the disk).
Solution: Call Mares and Company, 678-427-3275 to obtain the option
which will enable Brandit to succeed in this situation.
-? Get a help screen.
-d x Replace the ‘x’ with a 0, 1, or 2 indicating which physical disk drive you wish to brand. Remember, this is physical drive, not logical. When dealing with NTFS file systems a DOS boot is required, and this option should be used. If the program is run without the -d option, the program lists the possible drives, and asks the user to pick one.
-c If no brand exists, create a new one. If one already exists, then overwrite the existing one (if the proper key can be input by the user). The existing brand is shown to the user before asking to replace it. Use the -c to create the first brand of a disk.
-[fF] + filename Replace ‘filename’ with the name of a file containing the information you wish to brand onto the hard drive(max. of 49 characters). Use this to get consistent branding from one drive to the next, and the same password/"key".
The -F (upper case option) also defaults to using the -c (create brand) option. This is to save time and typing.
If the -F (upper case) option is used, most of the user prompts are eliminated. This -F option allows for virtual hands free installation of the brand. Because of this, caution is needed to make certain the proper passwords and brands are installed.
-p + KEY Replace ‘KEY’ with the 8 digit key (or password) you were provided on a previous run. This eliminates the need to enter the key for rebranding.
-q Run quiet. Only show the existing branding if there is one. Police should use this to check the existence of a prior brand.
-r Remove the current branding on the drive. The proper key or password must be supplied.
NOTE: Brandit may, on rare occasions, indicate that the drive is not capable of being branded. This can be overcome by an option not listed here. If you want to force a brand onto a drive, please call for the appropriate option.
Physical drive numbers are: 0= =1st hard drive (usually drive C:), 1= =2nd physical hard drive, and 2= =3rd physical hard drive. Remember, logical drive designations, C:, D: E: etc, are not related to the physical drive if the drive is partitioned. Also, if there is a mixture of IDE and SCSI drives then the OS numbering and the user's expectation of the numbers will probably be different.
Depending on the formatting of the physical drives, physical drive numbers may not coincide with the logical drive letters assigned by the operating system.
C:>brandit
/* check to see if an existing brand is there, and display it. */
C:>brandit -c
/* create a brand, but display all physical drives to choose from */
C:>brandit -d 0 -c
/* run on physical drive 0. 1st hard drive, and create a brand */
C:>brandit -d 1 -c
/* run on physical drive 1. 2nd hard drive */
C:>brandit -d 2 -c
/* run on physical drive 2. 3rd hard drive */
C:>brandit -c -f fname.txt
/* use the contents of fname.txt as branding information */
C:>brandit -F fname.txt -p password -d 0
/* use the contents of fname.txt as branding information, and brands drive 0 using the "password". This command line will run virtually unattended. If there is an existing brand, and the password matches, it is automatically changed */
C:>brandit -d 0 -r
/* remove the existing brand on drive 0 */
None