Sign in to follow this  
Followers 0
Morthawt

A test security program to protect a PC temporarily without "locking" the machine.

16 posts in this topic

Since I am very security conscious and like things to be safe and secure, I figured I would try and write a simple security program to prevent access to the machine but keep everything on screen, rather than the windows "Lock Workstation" which would hide everything.

Can you have a quick look through this and give me your opinions or ideas on how it could be improved?

Opt('MouseCoordMode', 1)
#RequireAdmin
#AutoIt3Wrapper_Compile_Both=n
#AutoIt3Wrapper_UseX64=n
#NoTrayIcon
$speed = 1
If IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '') <> '' Then
$choice = MsgBox(3, 'Use previous', 'Previous file: ' & IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '') & @CRLF & @CRLF & 'Use this file instead of choosing a new one?')
If $choice = 6 Then
  $file = IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '')
  Check()
ElseIf $choice = 2 Then
  Exit
EndIf
EndIf
$file = FileOpenDialog('Choose file to check', @DesktopDir, 'All files(*.*)')
If $file = '' Then Exit
If FileExists($file) Then
MsgBox(0, 'Unplug the device', 'Unplug the drive')
Check()
Else
Exit
EndIf
Func Check()
If $file = '' Then Exit
IniWrite(@ScriptDir & '\lockout-check.ini', 'settings', 'key', $file)
Sleep(1000)
While FileExists($file) = 0
  MouseClick('left', 0, 0, 1, $speed)
  BlockInput(1)
  Sleep(100)
WEnd
BlockInput(0)
Exit
EndFunc   ;==>Check

The only problem I have seen so far is that if unsaved files are open in programs and someone hits the power button on the PC, that it "can" terminate the program while one of the programs with unsaved work is in the "Save changes, Cancel" mode which actually prevents the shutdown.

Share this post


Link to post
Share on other sites



I wonder if it is possible to automate the Protected Desktop that is in Windows Vista and 7.

Share this post


Link to post
Share on other sites

BlockInput can be gotten around with CTRL-ALT-DEL so it's not as secure as you might think it is.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

BlockInput can be gotten around with CTRL-ALT-DEL so it's not as secure as you might think it is.

Yes I have tested this, the thing is as soon as you get off that full screen ctrl alt del screen the inputs are all locked again and the mouse moved to the top left corner of the screen.

Share this post


Link to post
Share on other sites

But once you can do the 3 finger salute, you can kill your script from TaskManager, and thus the security program is halted.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

But once you can do the 3 finger salute, you can kill your script from TaskManager, and thus the security program is halted.

You cannot use task manager because as soon as it even tries to come up your mouse and keyboard are locked out again immediatly and the mouse is moved to the top left of the screen and a click is performed to change the focus away from any programs loaded. Try it if you have a USB drive to test it on. I was unable to bypass it with Ctrl Alt Delete including trying to use task manager via it.

1 person likes this

Share this post


Link to post
Share on other sites

Very slick actually. Works as you described.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

I have an updated version which includes option for password or usb drive file and a change in the controls over inputs. Before I was blocking inputs and now I am making hotkeys of crucial keys. Also the mouse is contained within a 1 pixel area of the screen and all windows are minimised

Opt('MouseCoordMode', 1)
#RequireAdmin
#include <Misc.au3>
#AutoIt3Wrapper_Compile_Both=n
#AutoIt3Wrapper_UseX64=n
#NoTrayIcon
Global $correct = 0
Global $password = ''
Global $input
Global $diskonly
Global $speed = 1
Global $file
Global $halfwidth = @DesktopWidth / 2
Global $halfwidth2 = $halfwidth + 1
$choice0 = MsgBox(3, 'Choose protection method', 'Do you want to use a password insead of a USB removable drive?')
If $choice0 = 6 Then
PasswordMode()
ElseIf $choice0 = 7 Then
FileMode()
ElseIf $choice0 = 2 Then
Exit
EndIf
Func PasswordMode()
$password1 = InputBox('Password selection', 'Enter the password you want to use', '', '*')
If $password1 = '' Then Exit
$passmatcheck = InputBox('Password selection', 'Retype the password to confirm', '', '*')
If $passmatcheck = '' Then Exit
If $password1 == $passmatcheck Then
  $password = $password1
  Check()
EndIf
If Not ($password1 == $passmatcheck) Then
  MsgBox(0, 'Mismatch', 'Passwords you typed were not the same' & @CRLF & @CRLF)
  PasswordMode()
EndIf
EndFunc   ;==>PasswordMode
Func FileMode()
If IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '') <> '' Then
  $choice = MsgBox(3, 'Use previous', 'Previous file: ' & IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '') & @CRLF & @CRLF & 'Use this file instead of choosing a new one?')
  If $choice = 6 Then
   $file = IniRead(@ScriptDir & '\lockout-check.ini', 'settings', 'key', '')
   If $file <> '' Then
    IniWrite(@ScriptDir & '\lockout-check.ini', 'settings', 'key', $file)
    Check()
   Else
    Exit
   EndIf
  ElseIf $choice = 2 Then
   Exit
  EndIf
EndIf
$file = FileOpenDialog('Choose file to check', @DesktopDir, 'All files(*.*)')
If $file = '' Then Exit
If FileExists($file) Then
  MsgBox(0, 'Unplug the device', 'Unplug the drive')
  Check()
Else
  Exit
EndIf
EndFunc   ;==>FileMode
Func Check()
Nokeys()
WinMinimizeAll()
Sleep(50)
If $file <> '' Then
  While FileExists($file) = 0
   _MouseTrap($halfwidth, 0, $halfwidth2, 1)
;~   BlockInput(1)
   Sleep(100)
   MouseClick('left')

  WEnd
Else
  While 1
   _MouseTrap($halfwidth, 0, $halfwidth2, 1)
;~   BlockInput(1)
   Sleep(100)
   MouseClick('left')

  WEnd
EndIf

_MouseTrap()
Keys()
;~  BlockInput(0)
$choice2 = MsgBox(4, 'Lock again...', 'Press "yes" to lock the screen again, "no" to exit')
If $choice2 = 6 Then Check()
If $choice2 = 7 Then Exit
 

EndFunc   ;==>Check

Func Nokeys()
HotKeySet('q', 'blank')
HotKeySet('w', 'blank')
HotKeySet('e', 'blank')
HotKeySet('r', 'blank')
HotKeySet('t', 'blank')
HotKeySet('y', 'blank')
HotKeySet('u', 'blank')
HotKeySet('i', 'blank')
HotKeySet('o', 'blank')
HotKeySet('p', 'blank')
HotKeySet('a', 'blank')
HotKeySet('s', 'blank')
HotKeySet('d', 'blank')
HotKeySet('f', 'blank')
HotKeySet('g', 'blank')
HotKeySet('h', 'blank')
HotKeySet('j', 'blank')
HotKeySet('k', 'blank')
HotKeySet('l', 'blank')
HotKeySet('z', 'blank')
HotKeySet('x', 'blank')
HotKeySet('c', 'blank')
HotKeySet('v', 'blank')
HotKeySet('b', 'blank')
HotKeySet('n', 'blank')
HotKeySet('m', 'blank')
HotKeySet('Q', 'blank')
HotKeySet('W', 'blank')
HotKeySet('E', 'blank')
HotKeySet('R', 'blank')
HotKeySet('T', 'blank')
HotKeySet('Y', 'blank')
HotKeySet('U', 'blank')
HotKeySet('I', 'blank')
HotKeySet('O', 'blank')
HotKeySet('P', 'blank')
HotKeySet('A', 'blank')
HotKeySet('S', 'blank')
HotKeySet('D', 'blank')
HotKeySet('F', 'blank')
HotKeySet('G', 'blank')
HotKeySet('H', 'blank')
HotKeySet('J', 'blank')
HotKeySet('K', 'blank')
HotKeySet('L', 'blank')
HotKeySet('Z', 'blank')
HotKeySet('X', 'blank')
HotKeySet('C', 'blank')
HotKeySet('V', 'blank')
HotKeySet('B', 'blank')
HotKeySet('N', 'blank')
HotKeySet('M', 'blank')
HotKeySet('0', 'blank')
HotKeySet('9', 'blank')
HotKeySet('8', 'blank')
HotKeySet('7', 'blank')
HotKeySet('6', 'blank')
HotKeySet('5', 'blank')
HotKeySet('4', 'blank')
HotKeySet('3', 'blank')
HotKeySet('2', 'blank')
HotKeySet('1', 'blank')
HotKeySet('{NUMPAD0}', 'blank')
HotKeySet('{NUMPAD1}', 'blank')
HotKeySet('{NUMPAD2}', 'blank')
HotKeySet('{NUMPAD3}', 'blank')
HotKeySet('{NUMPAD4}', 'blank')
HotKeySet('{NUMPAD5}', 'blank')
HotKeySet('{NUMPAD6}', 'blank')
HotKeySet('{NUMPAD7}', 'blank')
HotKeySet('{NUMPAD8}', 'blank')
HotKeySet('{NUMPAD9}', 'blank')

HotKeySet('{ESCAPE}', 'blank')
HotKeySet('{TAB}', 'blank')
HotKeySet('{ENTER}', 'blank')
HotKeySet('{LWIN}', 'blank')
HotKeySet('{RWIN}', 'blank')
HotKeySet('{SPACE}', 'blank')
HotKeySet('{APPSKEY}', 'blank')
HotKeySet('{DEL}', 'blank')
HotKeySet('{DOWN}', 'blank')
HotKeySet('{UP}', 'blank')
HotKeySet('{LEFT}', 'blank')
HotKeySet('{RIGHT}', 'blank')
HotKeySet('{PAUSE}', 'blank')
HotKeySet('{BS}', 'blank')
HotKeySet('{F1}', 'blank')
HotKeySet('{F2}', 'blank')
HotKeySet('{F3}', 'blank')
HotKeySet('{F4}', 'blank')
HotKeySet('{F5}', 'blank')
HotKeySet('{F6}', 'blank')
HotKeySet('{F7}', 'blank')
HotKeySet('{F8}', 'blank')
HotKeySet('{F9}', 'blank')
HotKeySet('{F10}', 'blank')
HotKeySet('{F11}', 'blank')
HotKeySet('{F12}', 'blank')
HotKeySet('^c', 'blank')
HotKeySet('^a', 'blank')
HotKeySet('^v', 'blank')
HotKeySet('^p', 'blank')
HotKeySet('#', 'blank')
HotKeySet('!{F4}', 'blank')
HotKeySet('^{ESC}', 'blank')
HotKeySet('!{TAB}', 'blank')
 

EndFunc   ;==>Nokeys
 
Func Keys()
HotKeySet('q')
HotKeySet('w')
HotKeySet('e')
HotKeySet('r')
HotKeySet('t')
HotKeySet('y')
HotKeySet('u')
HotKeySet('i')
HotKeySet('o')
HotKeySet('p')
HotKeySet('a')
HotKeySet('s')
HotKeySet('d')
HotKeySet('f')
HotKeySet('g')
HotKeySet('h')
HotKeySet('j')
HotKeySet('k')
HotKeySet('l')
HotKeySet('z')
HotKeySet('x')
HotKeySet('c')
HotKeySet('v')
HotKeySet('b')
HotKeySet('n')
HotKeySet('m')
HotKeySet('Q')
HotKeySet('W')
HotKeySet('E')
HotKeySet('R')
HotKeySet('T')
HotKeySet('Y')
HotKeySet('U')
HotKeySet('I')
HotKeySet('O')
HotKeySet('P')
HotKeySet('A')
HotKeySet('S')
HotKeySet('D')
HotKeySet('F')
HotKeySet('G')
HotKeySet('H')
HotKeySet('J')
HotKeySet('K')
HotKeySet('L')
HotKeySet('Z')
HotKeySet('X')
HotKeySet('C')
HotKeySet('V')
HotKeySet('B')
HotKeySet('N')
HotKeySet('M')
HotKeySet('0')
HotKeySet('9')
HotKeySet('8')
HotKeySet('7')
HotKeySet('6')
HotKeySet('5')
HotKeySet('4')
HotKeySet('3')
HotKeySet('2')
HotKeySet('1')
HotKeySet('{NUMPAD0}')
HotKeySet('{NUMPAD1}')
HotKeySet('{NUMPAD2}')
HotKeySet('{NUMPAD3}')
HotKeySet('{NUMPAD4}')
HotKeySet('{NUMPAD5}')
HotKeySet('{NUMPAD6}')
HotKeySet('{NUMPAD7}')
HotKeySet('{NUMPAD8}')
HotKeySet('{NUMPAD9}')
HotKeySet('{ESCAPE}')
HotKeySet('{TAB}')
HotKeySet('{ENTER}')
HotKeySet('{LWIN}')
HotKeySet('{RWIN}')
HotKeySet('{SPACE}')
HotKeySet('{APPSKEY}')
HotKeySet('{DEL}')
HotKeySet('{DOWN}')
HotKeySet('{UP}')
HotKeySet('{LEFT}')
HotKeySet('{RIGHT}')
HotKeySet('{PAUSE}')
HotKeySet('{BS}')
HotKeySet('{F1}')
HotKeySet('{F2}')
HotKeySet('{F3}')
HotKeySet('{F4}')
HotKeySet('{F5}')
HotKeySet('{F6}')
HotKeySet('{F7}')
HotKeySet('{F8}')
HotKeySet('{F9}')
HotKeySet('{F10}')
HotKeySet('{F11}')
HotKeySet('{F12}')
HotKeySet('^c')
HotKeySet('^a')
HotKeySet('^v')
HotKeySet('^p')
HotKeySet('#')
HotKeySet('!{F4}')
HotKeySet('^{ESC}')
HotKeySet('!{TAB}')

EndFunc   ;==>Keys

Func blank()
If StringLen($input) > 128 Then $input = ''
If StringLen(@HotKeyPressed) = 1 Then
  If StringRegExp(@HotKeyPressed, '[[:alnum:]]') Then
   $input = $input & @HotKeyPressed
;~    MsgBox(0, 0, $input, 1)
  EndIf
EndIf
If @HotKeyPressed = '{ENTER}' Then
;~   MsgBox(0, 0, $input)
  If $input = $password Then
   $correct = 1
;~    MsgBox(0, 0, 'Password Correct')
   _MouseTrap()
   Keys()
   Send('!+^#')
   Exit
  Else
   $input = ''
  EndIf

;~   $input = ''
EndIf

EndFunc   ;==>blank

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Just HOW locked do you want the workstation. I have a program that is very much full proof at locking the workstation, and I can probably create a customized version of it for you for more security. The source code of it can be found here: http://code.google.com/p/kidsafe/source/browse/KidSafe.au3

EDIT: Also, you can actually KILL the secure desktop process through command prompt on the non-secure desktop.

EDIT EDIT: There is also a problem with your script. What if someone plugs in another USB drive before the USB drive with the key?

Edited by rcmaehl

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

Just HOW locked do you want the workstation. I have a program that is very much full proof at locking the workstation, and I can probably create a customized version of it for you for more security. The source code of it can be found here: http://code.google.com/p/kidsafe/source/browse/KidSafe.au3

EDIT: Also, you can actually KILL the secure desktop process through command prompt on the non-secure desktop.

EDIT EDIT: There is also a problem with your script. What if someone plugs in another USB drive before the USB drive with the key?

Well, my thinking is that if its your computer you would only plug your drive in and select the file you use to identify your usb drive. Anyone elses drive would not work.

Regarding how secure I want to make this, I want to see how far I can go. The problem I am running into is that if you push the power button, windows starts terminating exe's and I have done this before while having unsaved files open and it terminated my security program and was stuck at the notepad "Do you want to save the changes?" Well at that point the keyboard works again and I think you can unlock the mouse with another ctrl alt delete.

Share this post


Link to post
Share on other sites

Well, my thinking is that if its your computer you would only plug your drive in and select the file you use to identify your usb drive. Anyone elses drive would not work.

Regarding how secure I want to make this, I want to see how far I can go. The problem I am running into is that if you push the power button, windows starts terminating exe's and I have done this before while having unsaved files open and it terminated my security program and was stuck at the notepad "Do you want to save the changes?" Well at that point the keyboard works again and I think you can unlock the mouse with another ctrl alt delete.

You actually can block the power button. Although it requires ADMIN privs. I have done this before by opening up device manager and disabling the power button device in it. Although you can also just kill the shutdown process itself although it will still terminate some programs. Secondly, I still haven't solved how to make programs start saving work if the system starts to shutdown, although I'm experimenting with a few different methods. I don't use the device manager method in my program to block shutdown events because it may be considered going TO FAR.

Also: May I use your usb device key method for my program as an option for unlocking it?


My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

You can't actually block the power button. You can block it from shutting down windows perhaps, but if you press and hold it for 4 seconds, the computer is going down regardless of what the OS tries to do. It's a hardware feature, not a software one. Also, even if you COULD block the power switch, pulling the plug always works, regardless of any software hacks you attempt.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

You can't actually block the power button. You can block it from shutting down windows perhaps, but if you press and hold it for 4 seconds, the computer is going down regardless of what the OS tries to do. It's a hardware feature, not a software one. Also, even if you COULD block the power switch, pulling the plug always works, regardless of any software hacks you attempt.

Some BIOSes have options as to what to do when the power button is pressed, but getting AutoIT to change BIOS settings is a whole other set of problems.

Share this post


Link to post
Share on other sites

True, but your options in BIOS are usually limited to having it turn off immediately, or waiting 4 seconds, I haven't seen one yet that prevents the power switch from being used to power down a computer. In some servers that might be an option, but for a PC I haven't run into one. Also, the power cord is still the weak link here.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

I am not worried about the pc being shut down, I am worried about access to it (I am not actually "worried" but you know what I mean). The only way I can find so far is to push the power button and hope the security program's exe gets terminated and that a file is still unsaved and will halt the ensuing shutdown, thus giving chance to gain access back.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0