BO2K General FAQ

Table of Contents

1 - General Topics 
1.1 - What is BO2K? Where can I get it?
1.2 - Who wrote BO2K? Why was it written?
1.3 - Is this a 'hacker tool', or is it an 'administration tool'?
1.4 - What is BO2K good for? What are the legitimate uses for it?
1.5 - How big is BO2K, anyway? Gimme statistics.
1.6 - Are there licensing terms for BO2K? How much does it cost?
1.7 - What about export controls?

2 - Compatibility Topics 
2.1 - What does it run on? What do I need to use BO2K? Hardware requirements? Operating system?
2.2 - Will clients exist for other operating systems?
2.3 - What about servers? Can I control a Mac from my Linux box?
2.4 - What are the differences between BO2K and the original BO? Is it backward compatible?

3 - Running BO2K 
3.1 - How do I run more than one server at a time?
3.2 - How can I tell if BO2K is running on my machine?
3.3 - How can I tell if BO2K is running on someone else's machine?
3.4 - So, I'm running BO2K. How do I get rid of it?
3.5 - What is a connect string (address, conn str, etc)?
3.6 - What is a binding string (bindstr, bind str, etc)?
3.7 - I'm using the BO Peep plugin and it seems choppy and slow, what am I doing wrong?

4 - BO2K Support 
4.1 - What support is available for BO2K? Can I buy support for my company?
4.2 - Where is the official BO2K documentation?
4.3 - I love BO2K, but I wish there was a feature to ...
4.4 - Where can I get plugins for BO2K? Are legacy BUTTPlugs supported?
4.5 - Where can I ask questions and get them answered?
4.6 - Are there IRC channels or UseNet groups for discussion of BO2K related topics?

5 - BO2K Security And Development
5.1 - How do I know that I can trust BO2K on my network?
5.2 - I don't believe you. Where is the source code?
5.3 - How can I recover my password if I have physical access to the machine?
5.4 - I want to write plugins. Do I have to download all of the BO2K source?
5.5 - Is there another FAQ for developers only?


1 -- General Topics

1.1 -- What is BO2K? Where can I get it?
You can get BO2K from the BO2K website in the downloads section at http://www.bo2k.com. 

1.2 -- Who wrote BO2K? Why was it written?
BO2K was written by DilDog of the Cult of the Dead Cow. Many of the commands that BO2K comes with were directly ported from Sir Dystic's original Back Orifice source code. It was written with a two-fold purpose: To enhance the Windows operating system's remote administration capability and to point out that Windows was not designed with security in mind. 

1.3 -- Is this a 'hacker tool', or is it an 'administration tool'?
This tool, like other tools you might have around the house can be used legitimately, or it can be used to harm people. You can take a hammer and beat people in the head with it. Doesn't mean we need to go around beating people in the head with hammers to teach them that they should watch out for maniacs wielding hammers. Imagine a whole world of people that don't know a hammer from sponge, let alone what a hammer is good for, and you'll find what situation we're in here. Hackers can use it to hack. Administrators can use it to make their lives a lot easier. Administrators, be responsible with this tool. End-users, don't trust random people on the internet, and they won't hit you with a hammer... Too bad it has to be this way, but Microsoft wasn't thinking of making the computer foolproof when they put together their operating systems. 

1.4 -- What is BO2K good for? What are the legitimate uses for it?
Remote administration. Administration of many Windows boxes through encrypted channels. Performing common tasks on many machines without having to walk over to each and every one of them. Controlling a Windows machine that is many miles away with the kind of flexibility that UNIX users have enjoyed for decades, without a ridiculous VPN setup. 

1.5 -- How big is BO2K, anyway? Gimme statistics.
Well, the BO2K server without any plugins installed is ~100K. Nice small footprint. The client software is ~500K. Large, bulky, MFC, GUI. That's why :). The whole suite will fit on a single 1.44MB floppy disk. 

1.6 -- Are there licensing terms for BO2K? How much does it cost?
It costs nothing. Freeware. It's also open source. It's available under the GNU Public License. For end users, the license is simple. Use it, distribute it. Don't claim that you wrote it, because you didn't. We also aren't going to support the software. We don't have ANY manpower to do so. So, if you can't figure it out with everything we've put on this web site, you're shit out of luck. Have a look at the project forums, try the mailing lists, whatever. For developers, more detail about source code usage is available in the Developers Corner FAQ. 

1.7 -- What about export controls?
The US still has antiquated laws in place that keep citizens and corporations from exporting encryption that is already available in other countries anyway. The reasons why these export restrictions are still in place are beyond me. This probably stems from the fact that the US Government, on the whole, fears technology because they don't understand it. It would be in the best interest of America, for these laws to go away, and stay away. They only stifle scientific development, and free thought and speech. 


2 -- Compatibility Topics

2.1 -- What does it run on? What do I need to use BO2K? Hardware requirements? Operating system?
BO2K 1.0 will currently run on Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, and WindowsXP systems. All of the various parts of the BO2K suite have been testing and found to be working on all of these platforms. It only runs on Intel platforms at the moment. Since everything is open source, hopefully more support for other operating systems and environments will be added. 

2.2 -- Will clients exist for other operating systems?
Well sure, why the hell not. We did it for the UNIX command line client for the original BO. There were even a number of TCL GUIs for Back Orifice running around out there. We'll try to make a more concerted effort to collect what people develop and put it on the BO2K website. 

2.3 -- What about servers? Can I control a Mac from my Linux box?
Well sure! Well.. not yet. But someday. There's no reason why the server couldn't be ported. To Mac, to Linux, to BeOS, to CP/M. Have fun. Develop and be prolific. We dare ya. 

2.4 --  What are the differences between BO2K and the original BO? Is it backward compatible?
BO2K is an almost complete rewrite of the original Back Orifice. It sports a much heftier plugin architecture that can extend every little part of the system in any way. By default, BO2K comes with the capability to talk over TCP as well as UDP, and supports strong encryption through plugins. Commands have also been added, upgraded and fixed, especially in the areas of file transfer and registry handling. 


3 -- Running BO2K

3.1 -- How do I run more than one server at a time?
You install two servers. Each with a different installation filename, and running on different ports. But, this is not suggested, as it is not necessary. BO2K servers can run on multiple ports and accept connections over any number of mediums at once. You only need one server to do everything. 

3.2 --  How can I tell if BO2K is running on my machine?
Well, it depends. If you install it as Administrator on a Windows NT machine, you'll see it in the process list running as a service. Otherwise, there are no really good ways to tell if it's running. You will probably want to check your RunServices and Run registry keys as well as your startup groups to make sure that there isn't anything in there that you didn't specifically put in there (Good idea regardless!). If you don't understand what I just told you, go get the 10 year old kid down the street that 'knows computers' and get him to tell you. And give him a few bucks for it too, he deserves it. 

3.3 --  How can I tell if BO2K is running on someone else's machine?
There's no good way to tell. Until someone finds a good way to tell. And then we'll make that not work any more. You shouldn't be able to tell if BO2K is installed remotely. 

3.4 -- So, I'm running BO2K. How do I get rid of it?
Connect to the server with the client, and go to 'server control', and run the 'shutdown server' command with the 'DELETE' option. If you don't have the password, or you didn't mean to run it, you may have to get someone to help you hunt through your registry and startup groups to delete the appropriate registry keys. Don't install this program on your machine unless you really know what you're doing. And don't be dumb and let someone else put it on your system. Trust no one. 

3.5 -- What is a connect string (address, conn str, etc)?
A connect string is a description of how you want to connect to a remote machine. It specifies a remote address (usually an IP address, but not necessarily), followed by the network type, the encryption type, and the authentication type. A typical example of a connect string is: 192.168.55.20,TCPIO,XOR,NULLAUTH 

3.6 -- What is a binding string (bindstr, bind str, etc)?
A binding string is a description of how you want to set up a listening service on the server machine. It specifies a binding characteristic (usually an IP port or an IP address:port pair, but not necessarily), followed by network type, encryption type, and authentication type. A typical example of a binding string is: 15380,UDPIO,3DES,NULLAUTH 

3.7 --  I'm using the BO Peep plugin and it seems choppy and slow, what am I doing wrong?
You may be trying to send over a really big screen over a really slow network. Be aware that when VidStream starts up, it synchronizes by sending over the whole remote screen. That takes a while. If things lock up, wait for a little while. it'll come through. 


4 -- BO2K Support

4.1 -- What support is available for BO2K? Can I buy support for my company?
There is none. And you can't. You'll just have to get along. We don't have any personnel to sit around and answer questions or fix things. 

4.2 -- Where is the official BO2K documentation?
On the BO2K website. http://bo2k.sourceforge.net . If you aren't reading this on the website, someone probably ripped this faq off. Go there for the newest info. 

4.3 -- I love BO2K, but I wish there was a feature to ...
We love BO2K too. But we can't do everything. Go to the Submit a Bug section, and you'll see there a link to submit a Feature Request. Also, if you're a programmer, feel free to join all of the other developers that would like to write BO2K stuff, and write a plugin, or extend the server. Send us what you've done and if we like it, we'll put it in the next distribution. 

4.4 -- Where can I get plugins for BO2K? Are legacy BUTTPlugs supported?
Right on the website. In the download area. There will probably be other places on the net that have BO2K plugins, and I'm sure you know how to use a search engine, so I bet you'll find them if you look. Legacy BUTTPlugs are supported in BO2K as well. 

4.5 -- Where can I ask questions and get them answered?
Try irc.freenode.net, channels #bo2k, #bo2kdev. We will answer you; wait or try again later if we're not around.

4.6 -- Are there IRC channels or UseNet groups for discussion of BO2K related topics?
See question number 4.5. There is also a Cult Of The Dead Cow newsgroup at alt.fan.cult-dead-cow that you can try asking questions on. 


5 -- BO2K Security and Development

5.1 -- How do I know that I can trust BO2K on my network?
First things first, BO2K uses strong encryption, making it a very difficult problem for system crackers to mess with your connections. BO2K is also very low profile, making it good for network surveillance. BO2K also comes with full source code available, so if you don't trust us, and want to see exactly what the software is doing, either take a look at it yourself, or have someone you trust do it for you. 

5.2 -- I don't believe you. Where is the source code?
It's in the developer SDK download section. In the Dev Corner. 

5.3 -- How can I recover my password if I have physical access to the machine?
You can find the server executable, open it up with the configuration tool, and look at the password. It's all plaintext in the executable anyway. Someday, that will change, when new authentication plugins are developed. 

5.4 -- I want to write plugins. Do I have to download all of the BO2K source?
Nope. You only need to download the BO2K SDK. Go to the Dev Corner. 

5.5 -- Is there another FAQ for developers only?
Yes. It's in the Dev Corner on the BO2K website. Go there and browse around. It's in there. 


Editor: Andre Reis, andrereis at users dot sourceforge dot net