Jump to content
Sign in to follow this  
TehBeyond

Productive Lock

Recommended Posts

TehBeyond

For those of us that have the computer do things while we are gone, this program is a godsend. It will allow your computer to keep downloading, converting, archiving, or whatever while preventing other users from screwing around with it. Now you don't have to worry about your brother, roommate, parents, spouse, etc. stopping whatever you told it to do!

When you run the script, it "hibernates" in the background. Then, when you press CTRL+ALT+L, the lock engages. This is where the true innovation comes in... I designed the Lock to use "keystroke passwords." This means that you could set mouse scrolls or clicks as characters in your password. You can also use keys that normally cannot be part of passwords, such as CTRL, SHIFT, NUMLOCK, etc.

The default password in the code and compiled version is left-click, right-click, CTRL, ALT. To change it, open up the Help page for _IsPressed and use the two-digit codes provided. I considered writing a password "recorder," but decided against it because it could be exploited for other purposes. (ie, keylogging) Sorry, but you'll have to do this manually.

Please note that with the proper password, there is no way a user could circumvent the lock. Programs, however, are another story. A "Spammer" program could rip through this lock faster than you could say "Oops!" However, once the Lock is engaged, it would be very difficult to launch such a program.

Conclusion: Set your password, compile, and dump it in your Startup folder or write a Startup registry key for it. You'll be glad you did!

--A few notes on the compiled version...

It can be decompiled with a blank passphrase.

It contains the mp3 and icon file that I thought went well with the program. Feel free to remove or change these.

ProductiveLock.zip

If you took the time to read through this whole post, kudos to you!. I would appreciate any comments...


I would have told you I have Alzheimer's, but I forgot.My Splendid-Tastic Blog

Share this post


Link to post
Share on other sites
Generator

Very cool and useful, i might need it in school.

Share this post


Link to post
Share on other sites
TehBeyond

I just realized that I forgot to add the icon file to the .zip, so, in case any of you want it...

Spam.ico (from Leo's Icon Archive)


I would have told you I have Alzheimer's, but I forgot.My Splendid-Tastic Blog

Share this post


Link to post
Share on other sites
Skrip

Please explain exactly what it does. I realise you have told us that it locks the computer, but how does it do that? What does it actually do?


[left][sub]We're trapped in the belly of this horrible machine.[/sub][sup]And the machine is bleeding to death...[/sup][sup][/sup][/left]

Share this post


Link to post
Share on other sites
TehBeyond

It creates a GUI. It traps the mouse cursor within this GUI. Whenever another window/program becomes active, it changes it back to the Lock GUI. This should defeat ALT+TAB. It will close the Task Manager when opened, so as to prevent killing off the Lock by users.

Granted, someone could WIN+L your computer... but that wouldn't do them any good, so you have to hope that they don't do that.


I would have told you I have Alzheimer's, but I forgot.My Splendid-Tastic Blog

Share this post


Link to post
Share on other sites
LuckyMurari

Very Nice Idea...well thought of one

Share this post


Link to post
Share on other sites
ryantollefson

If you're quick with a keyboard you can disable it...

While locked:

Hit Ctrl+Alt+Del

Then quickly hit Alt+E (for end process) and it will end the app.

Share this post


Link to post
Share on other sites
jvanegmond

I like the fact that passwords can be a lot more difficult with this.

Share this post


Link to post
Share on other sites
sandman

Cool, but the GUI could be a little better..

Well that's just me.. I'm used to all these darn Web 2.0 graphics.

edit: I added in a mask behind the lock window.. now people can't see what you're doing either, let alone meddle with it. It still doesn't look very pretty, unfortunately.

#cs
    This code written by TehBeyond           tehbeyond@gmail.com                    6/17/07
    This code modifed by sandman__           may_contain_peanuts2@yahoo.com         6/27/07
    This code modifed by _________           ___________________                    ________
    This code modifed by _________           ___________________                    ________
    Feel free to modify this code, but leave this portion intact.
    Add your name/email to a Modifed By line before distributing your code.
    
    |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    ||||||||||||||||||||||||||||||||Description||||||||||||||||||||||||||||||||||||
    |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    This script is intended for disabling the use of your computer while it is 'busy.'
    Examples I can think of include archiving, downloading, file converting... the list
    goes on.  With the use of Productive Lock, your brother, roommate, parents, girlfriend,
    fiancee, etc. will be unable to screw with your computer.  Please note that this script
    is VERY secure if the password is chosen well, but it could be bypassed by a 'spamming' program.
    It would, however, be nigh impossible to launch another program once the Lock has been
    activated.
    
    In summary, it is almost as secure as Win+L, but allows the computer to continue whatever
    it was doing.  I recommend putting it in your startup folder or writing a registry startup key.
#ce
#include <misc.au3>
#include <guiconstants.au3>
;~ #NoTrayIcon
_Singleton(@ScriptFullPath);The default password is below.  To change it, use the _IsPressed key list.
If FileExists(@TempDir&"lock.mp3")=0 Then FileInstall(@ScriptDir&"\lock.mp3",@TempDir&"lock.mp3");Not really necessary...but I like it.
$pwstring = "01021112";left mouse click, right mouse click, control, then alt
;Defining some variables...
$pwindex = 2
$complete = 0
$timer = 0

$maskwin = GUICreate("lockmask", @DesktopWidth, @DesktopHeight, 0, 0, $WS_POPUPWINDOW, $WS_EX_TOOLWINDOW)
GUISetBkColor(0x3B3E62, $maskwin)
;~ WinSetTrans($maskwin, "", 230)
$lockwin = GUICreate("Productive Lock", 400, 300, -1, -1, BitOR($WS_POPUPWINDOW, $WS_CHILD));Create GUI
GUISetBkColor(0x3B3E62, $lockwin)
GUICtrlCreateLabel("This computer has been locked by Productive Lock.", 4, 16, 388, 24, $SS_CENTER)
GUICtrlSetFont(-1, 12, 500, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0xFF0000)
GUICtrlCreateLabel("Please enter your keystroke password to unlock.", 4, 72, 388, 20, $SS_CENTER)
GUICtrlSetFont(-1, 12, 400, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0xFF0000)
GUISetFont(10)
GUICtrlCreateLabel("Please note that resistance is futile.  Productive Lock", -4, 136, 390, 17, $SS_CENTER)
GUICtrlCreateLabel("supports long, complex keystroke passwords.", -4, 152, 393, 17, $SS_CENTER)
GUICtrlCreateLabel("It also defeats attempts to circumvent the Lock.", -4, 168, 392, 17, $SS_CENTER)
GUICtrlCreateLabel("Oh, and do have a nice day.", -4, 208, 395, 17, $SS_CENTER)
GUICtrlCreateLabel("~Courtesy of TehBeyond and AutoIt", -4, 280, 395, 17, $SS_CENTER)
SoundPlay(@TempDir&"lock.mp3");my voice, letting you know the script launched.
_ReduceMemory();this func should be included in the default installation of AutoIt.  It is just that good.
While 1;"hibernate" in backround forever.
    If _IsPressed("11") And _IsPressed("12") And _IsPressed("4C") Then;Ctrl+alt+l launches Productive Lock...
        ;--------HotKeySet is also an option.  However, I prefer _IsPressed because some programs like to override AutoIt hotkeys.
        $mousetimer = TimerInit()
        If WinExists("Windows Task Manager") Then;eliminate use of Task Manager by closing window
            WinClose("Windows Task Manager")
            #cs
                ---------Alternately, Task Manager can be closed by clicking the 'X' in the corner... just uncomment these lines.
                WinActivate("Windows Task Manager")
                $taskman=WinGetPos("Windows Task Manager")
                MouseClick("primary",$taskman[0]+$taskman[2]-15,$taskman[1]+15,1,0)
                ---------Alt+F4 can also be used. Just uncomment these lines.
                WinActivate("Windows Task Manager")
                Send("!{F4}")
                ;---I included the above because sometimes AutoIt doesn't seem to like to WinClose Task Manager.(it could just be the operater...me :D)
            #ce
        EndIf

        GUISetState(@SW_SHOW, $maskwin)
        GUISetState(@SW_SHOW, $lockwin)
        WinActivate("Productive Lock")
        MouseMove(@DesktopWidth / 2, @DesktopHeight / 2, 0);center mouse
        _MouseTrap(@DesktopWidth / 2 - 190, @DesktopHeight / 2 - 130, @DesktopWidth / 2 + 190, @DesktopHeight / 2 + 125);trap mouse in window


        Do
            If Not WinActive("Productive Lock") Then;the user hit alt+tab or ctrl+alt+del
                WinClose("Windows Task Manager");eliminates use of Task Manager by closing window
                WinActivate("Productive Lock")
                WinSetState("Windows Task Manager", '', @SW_DISABLE);just in case it refuses to close, disables the controls (occasionally AutoIt doesn't close Task Manager)
                MouseClick("primary", @DesktopWidth / 2, @DesktopHeight / 2, 1, 0);center mouse, the click is just in case user had time to right-click outside of the window
                _MouseTrap(@DesktopWidth / 2 - 190, @DesktopHeight / 2 - 130, @DesktopWidth / 2 + 190, @DesktopHeight / 2 + 125);trap mouse in window
            EndIf
            If TimerDiff($timer) > 2000 Then;if more than two seconds have passed since last correct key...
                $timer = 0;reset the timer
                $pwindex = 2;reset how far along in entering the password the user is
                $pwchar = StringLeft($pwstring, $pwindex);reset the current password character to the first button
            EndIf
            Workhorse($pwchar)
            Sleep(10)
            If TimerDiff($mousetimer) > 239000 Then ;every 3 mins, 59 secs...
                MouseClick("primary", @DesktopWidth / 2, @DesktopHeight / 2, 1, 0);this should prevent screensaver (unless the wait time is under four minutes)
                $mousetimer = TimerInit()
            EndIf
        Until $complete = 1
        GUISetState(@SW_HIDE, $maskwin)
        GUISetState(@SW_HIDE, $lockwin)

        ;I like to re-set variables when not in use. (personal preference only)
        $timer = 0
        $mousetimer = 0
        $pwindex = 0
        $complete = 0
        _MouseTrap(-1, -1, -1, -1);cancel the MouseTrap
        _ReduceMemory()
    EndIf
    Sleep(50);adjust the sleep time based on how long you hold the ctrl+alt+l hotkey.
WEnd


Func Workhorse($pwchar_current); I named it this because it is the "workhorse" of the program.  It does the actual keypress checking.
    If _IsPressed($pwchar_current) Then;if the user hits the next button in the password sequence...
        $timer = TimerInit();start the two-second timer
        $pwchar = StringRight(StringLeft($pwstring, $pwindex), 2);sets the next button in the password sequence
        Local $temp = $pwindex
        $pwindex = $temp + 2;sets how far along in the password sequence the user is
        If $pwindex - 2 > StringLen($pwstring) Then $complete = 1 ;when the user has entered the last key, notify of completion
    EndIf
EndFunc   ;==>Workhorse

Func _ReduceMemory($i_PID = -1);w0uter created this ABSOLUTELY AMAZING bit of code.  Put into every script you write!
    If $i_PID <> -1 Then
        Local $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $i_PID)
        Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', $ai_Handle[0])
        DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $ai_Handle[0])
    Else
        Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', -1)
    EndIf
    Return $ai_Return[0]
EndFunc   ;==>_ReduceMemory

Everything else is still the same, I just changed the GUI a bit.

Edited by sandman

[center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]

Share this post


Link to post
Share on other sites
m0nk3yI3unz

To defeat the WIN+L thing, could you just make a hotkeyset("#","nullfunc") when nullfunc() does nuthing? (Just found a use for the 'bug' that hotkeyset steals key usage xD)

Edited by m0nk3yI3unz

Monkeh.

Share this post


Link to post
Share on other sites
jvanegmond

Cool, but the GUI could be a little better..

Well that's just me.. I'm used to all these darn Web 2.0 graphics.

What the fuck is Web 2.0? I have been SO confused over the last days, but never dared ask!!

Share this post


Link to post
Share on other sites
sandman

I'm not sure Manadar........... I just kinda mean average-user-friendly when i say that.


[center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]

Share this post


Link to post
Share on other sites
evk

Awesome idea. However there is one itty bitty problem. If you hit all of the keys included in your password at the same time (or within the default two seconds) you can get into the system. If you maybe add an else to your Workhorse function where it would reset the string position to the beginning if you hit an incorrect key you might be able to solve the problem.

Share this post


Link to post
Share on other sites
TehBeyond

Awesome idea. However there is one itty bitty problem. If you hit all of the keys included in your password at the same time (or within the default two seconds) you can get into the system. If you maybe add an else to your Workhorse function where it would reset the string position to the beginning if you hit an incorrect key you might be able to solve the problem.

You are absolutely correct, I did consider this. However, in order to change that, I would be essentially creating a keylogger which could be modified for malicious use. As I stated before... "with the proper password, there is no way a user could circumvent the lock." By "proper password" I mean that you should be including mouse clicks and choosing keys that are spread about the keyboard. That would make it highly unlikely that someone would mash the keys and mouse long enough to count as the correct password.

Also, this is a general comment on various ways to circumvent the lock, you are all absolutely correct. However, if you had not seen the source code would you know how to get around it? Most people would not try the CTRL+ALT+DEL ALT+E trick. Also, if one had not seen the source, he would assume a wrong keypress would start the password over, because that is what he is used to. (In normal passwords, a wrong character = not the password.)

As far as the WIN+L hotkeyset null-function goes... I tried it and it didn't work. I think Windows keeps priority over the hotkeys, overriding them all for its own personal use.


I would have told you I have Alzheimer's, but I forgot.My Splendid-Tastic Blog

Share this post


Link to post
Share on other sites
Learning4once

This is excellent for helping me learn thing for a basic part of a security tool I wanted, THANKS!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×