LowKey Posted December 4, 2007 Share Posted December 4, 2007 Can anyone offer some help as far as creating a script to ask for a password, and if said password is false, lock the USB device to prevent changes and/or viewing? I've entertained a few ideas, such as moving files to a temporary folder, ejecting the USB device, and hiding the files, but all of them have a flaw, be it the fact that I cannot code it, or the method isn't very effective. Any help would be appreciated. I've already got the GUI and everything. Thanks! ~T3CHM4G3~PROjECTS: Telnet Client Link to comment Share on other sites More sharing options...
weaponx Posted December 4, 2007 Share Posted December 4, 2007 (edited) I did something similar many ages ago when AutoIt 3.1.1 was first released. I want to warn you that this is the first script I ever wrote.Basically I worked at a company that didn't allow employees to bring in non-company usb devices and they needed a way to "whitelist" devices, and it also had to work remotely. Description:This will display a gui containing a list of all the existing USB devices on your system. Removing an item will disable it immediately. You can also "unlock" the registry entries that allow a new device to be plugged in.Step 1: Run as administratorStep 2: Click "Unlock" to allow a new device to be addedStep 3: Plug in the new deviceStep 4: After drivers finiish installing, click "Lock"P.S. A strange side effect was that the device would only work on the same port is was originally plugged into.This relys upon: -psexec.exe for remote functions-Devcon.exe to force restart of usb devices-setacl.exe to perform the locking on the usb registry entriesexpandcollapse popup#cs ---------------------------------------------------------------------------- AutoIt Version: 3.1.1 (tested 3.2.8.1) Language: English Platform: Win9x / NT Author: WeaponX (ghostofagoodthing@gmail.com) Script Function: Remote / Local USB Configuration. #CE ---------------------------------------------------------------------------- ; ---------------------------------------------------------------------------- ; Dim variables ; ---------------------------------------------------------------------------- #include <GUIConstants.au3> Dim $cname Dim $machinelbl Dim $installdir Dim $label Dim $mylist Dim $btnremove Dim $btnrefresh Dim $btnlock Dim $keynum Dim $splitkeynum Dim $usbhid[30][2] Dim $chkcmd Dim $usbroot Dim $locktest Dim $required[3] = ["devcon.exe", "psexec.exe", "SetACL.exe"] Dim $x ;Default window mode $console = @SW_HIDE ; ---------------------------------------------------------------------------- ; Begin script ; ---------------------------------------------------------------------------- ; Make sure required files exist For $X = 0 to Ubound($required) - 1 $filecheck = FileExists(@WorkingDir & "\" & $required[$X]) If $filecheck = 0 Then MsgBox(0, "File missing", "Missing required file: " & $required[$X], 0) Exit EndIf Next Switch $CmdLine[0] ;Open GUI for local machine Case 0 $machinelbl = "Local" gui() ;Open GUI for remote machine Case 1 $cname = $CmdLine[1] & "\" $machinelbl = $cname gui() ;Run without gui on remote machine Case 2 $cname = $CmdLine[1] & "\" $machinelbl = $cname ;Display command progress $console = @SW_SHOWDEFAULT Switch $CmdLine[2] Case "lock" lock() Case "unlock" unlock() Case "enable" service($cname, 2) Case "disable" service($cname, 4) EndSwitch EndSwitch ;Must be declared here and within gui() $usbroot = $cname & "hklm\system\currentcontrolset\enum\usb" ;$installdir = RegRead ( "hklm\SOFTWARE\USBConfig","") ;if @error = 1 then ;$installdir = @WorkingDir ;endif ; Generate interface Func gui() $usbroot = $cname & "hklm\system\currentcontrolset\enum\usb" ; generate window with title GUICreate("USB Config", 220, 340) ; will display an empty dialog box GUISetState(@SW_SHOW) $label = GUICtrlCreateLabel($machinelbl, 10, 5, 200) GUICtrlSetFont(-1, 12) GUICtrlSetStyle(-1, $SS_CENTER) $mylist = GUICtrlCreateList("", 10, 30, 200, 200) $btnremove = GUICtrlCreateButton("Remove", 10, 230, 75, 25) $btnrefresh = GUICtrlCreateButton("Refresh", 10, 260, 75, 25) $btnlock = GUICtrlCreateButton("Lock", 135, 230, 75, 25) $chkcmd = GUICtrlCreateCheckbox("Show console windows", 10, 290) lockcheck() usblist() EndFunc ;==>gui ; Attempt to write to USB registry key Func lockcheck() $locktest = RegWrite($cname & "hklm\system\currentcontrolset\enum\usb", "Status", "REG_SZ", "Unlocked") If $locktest = 1 Then GUICtrlSetData($btnlock, "Lock") GUICtrlSetData($label, $machinelbl & " unlocked") Else GUICtrlSetData($btnlock, "Unlock") GUICtrlSetData($label, $machinelbl & " locked") EndIf EndFunc ;==>lockcheck ; Populate list box with generic device name Func usblist() $usbdevice = "" $usbdesc = "" $keynum = 1 GUICtrlSetData($mylist, "") While 1 $usbdevice = RegEnumKey($usbroot, $keynum) If @error = -1 Then ExitLoop $usbsubkey = RegEnumKey($usbroot & "\" & $usbdevice, 1) $usbdesc = RegRead($usbroot & "\" & $usbdevice & "\" & $usbsubkey, "DeviceDesc") $usbhid[$keynum][0] = $usbdevice $usbhid[$keynum][1] = $usbdesc GUICtrlSetData($mylist, $keynum & " " & $usbdesc & "|") $keynum = $keynum + 1 WEnd EndFunc ;==>usblist ; Restart USB hubs to detect new devices, stop deleted devices Func refresh() If $cname = "" Then ; Run locally RunWait('devcon.exe restart usb*', @WorkingDir, $console) Else ; Run remotely RunWait('psexec.exe ' & $cname & ' -c -s devcon.exe restart usb*', @WorkingDir, $console) EndIf EndFunc ;==>refresh ; Disallow addition of new devices Func lock() RunWait('SetACL.exe -on "' & $cname & 'hklm\system\currentcontrolset\enum\usb" -ot reg -actn ace -ace "n:administrators;p:read" -ace "n:everyone;p:read" -actn clear -clr "dacl,sacl" -log "' & @WorkingDir & '\usbconfig.log"', @WorkingDir, $console) EndFunc ;==>lock ; Allow addition of new devices Func unlock() RunWait('SetACL.exe -on "' & $cname & 'hklm\system\currentcontrolset\enum\usb" -ot reg -actn ace -ace "n:administrators;p:full" -ace "n:everyone;p:read" -actn clear -clr "dacl,sacl" -log "' & @WorkingDir & '\usbconfig.log"', @WorkingDir, $console) EndFunc ;==>unlock ; Enable / Disable USB service Func service($cname, $starttype) RegWrite($cname & "hklm\system\currentcontrolset\services\usbehci", "Start", "REG_DWORD", $starttype) RegWrite($cname & "hklm\system\currentcontrolset\services\usbhub", "Start", "REG_DWORD", $starttype) RegWrite($cname & "hklm\system\currentcontrolset\services\usbstor", "Start", "REG_DWORD", $starttype) RegWrite($cname & "hklm\system\currentcontrolset\services\usbuhci", "Start", "REG_DWORD", $starttype) If $starttype = 2 Then MsgBox(0, "Enable", $cname & " Enabled", 3) ElseIf $starttype = 4 Then MsgBox(0, "Disabled", $cname & " Disabled", 3) EndIf EndFunc ;==>service While 1 $msg = GUIGetMsg() Switch $msg ; Click Remove button Case $btnremove $splitkeynum = StringSplit(GUICtrlRead($mylist), " ") $response = MsgBox(1, "", "Remove " & $usbhid[$splitkeynum[1]][2] & "?") If $response = 1 Then unlock() RegDelete($usbroot & "\" & $usbhid[$splitkeynum[1]][1]) lock() refresh() lockcheck() MsgBox(0, "", "Device removed.", 3) EndIf ; Click Refresh button Case $btnrefresh refresh() lockcheck() usblist() MsgBox(0, "", "USB Refreshed", 3) ; Click Lock / Unlock button Case $btnlock If $locktest = 1 Then lock() ElseIf $locktest = 0 Then unlock() EndIf lockcheck() ; Click Checkbox, update variables immediately Case $chkcmd Switch GUICtrlRead($chkcmd) Case 1 $console = @SW_SHOWDEFAULT Case 4 $console = @SW_HIDE EndSwitch Case $GUI_EVENT_CLOSE ExitLoop EndSwitch WEndEDIT: Cleaned up comments and a few case statements Edited December 4, 2007 by weaponx Link to comment Share on other sites More sharing options...
Valuater Posted December 4, 2007 Share Posted December 4, 2007 (edited) I want to warn you that this is the first script I ever wrote.Damn Nice for a first script... weapon!8) Edited December 4, 2007 by Valuater Link to comment Share on other sites More sharing options...
weaponx Posted December 4, 2007 Share Posted December 4, 2007 Thanks. I even wrote an install / uninstall package for it that has all the required files rolled into it. These are classic! Install USBConfig: expandcollapse popup; ---------------------------------------------------------------------------- ; ; AutoIt Version: 3.0 ; Language: English ; Platform: Win9x / NT ; Author: A.N.Other ; ; Script Function: ; USBConfig Installer / Uninstaller ; ; ---------------------------------------------------------------------------- ; ---------------------------------------------------------------------------- ; Set up our defaults ; ---------------------------------------------------------------------------- ;AutoItSetOption("MustDeclareVars", 1) ;AutoItSetOption("MouseCoordMode", 0) ;AutoItSetOption("PixelCoordMode", 0) ;AutoItSetOption("RunErrorsFatal", 0) ;AutoItSetOption("TrayIconDebug", 1) ;AutoItSetOption("WinTitleMatchMode", 4) ; ---------------------------------------------------------------------------- ; Script Start ; ---------------------------------------------------------------------------- $response = MsgBox(1, "Install", "Install USBConfig?") if $response = 2 then Exit $installchk = RegRead ( "hklm\SOFTWARE\USBConfig","") if @error <> 1 then MsgBox(0, "", "Already installed in: " & $installchk, 3) Exit endif $installdir = InputBox ( "Installation folder", "Target installation folder:", @ProgramFilesDir & "\USBConfig\") if @error = 1 then Exit RegWrite ( "hklm\SOFTWARE\USBConfig","", "REG_SZ", $installdir ) RegWrite ( "hklm\SOFTWARE\Classes\Network\Type\2\shell\USBConfig","", "REG_SZ", "USB Config" ) RegWrite ( "hklm\SOFTWARE\Classes\Network\Type\2\shell\USBConfig\command","", "REG_SZ", $installdir & "usbconfig.exe %d" ) DirCreate ( $installdir ) FileInstall("c:\USBConfig\SetACL.exe", $installdir & "SetACL.exe") FileInstall("c:\USBConfig\psexec.exe", $installdir & "psexec.exe") FileInstall("c:\USBConfig\devcon.exe", $installdir & "devcon.exe") FileInstall("c:\USBConfig\USBConfig.exe", $installdir & "USBConfig.exe") FileInstall("c:\USBConfig\UninstallUSBConfig.exe", $installdir & "UninstallUSBConfig.exe") MsgBox(0, "Install", "Installed", 3)oÝ÷ ÙIâËZU*'~(ºÚ"µÍÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÂÈ]]Ò]Ú[ÛËÈ[ÝXYÙN[ÛÚÈ]ÜNÚ[^ÈÈ]]ÜKÝÂÈØÜ[Ý[ÛÂUTÐÛÛYÈ[[Ý[ÂÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÈÙ]ÝY][ÂÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÐ]]Ò]Ù]Ü[Û ][ÝÓ]ÝXÛUÉ][ÝËJBÐ]]Ò]Ù]Ü[Û ][ÝÓ[ÝÙPÛÛÜ[ÙI][ÝË BÐ]]Ò]Ù]Ü[Û ][ÝÔ^[ÛÛÜ[ÙI][ÝË BÐ]]Ò]Ù]Ü[Û ][ÝÔ[ÜÑ][ ][ÝË BÐ]]Ò]Ù]Ü[Û ][ÝÕ^RXÛÛXYÉ][ÝËJBÐ]]Ò]Ù]Ü[Û ][ÝÕÚ[]SX]Ú[ÙI][ÝË BÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÈØÜÝÈKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKBÌÍÜÜÛÙHHÙÐÞ K ][ÝÕ[[Ý[ ][ÝË ][ÝÕ[[Ý[TÐÛÛYÏÉ][ÝÊBY ÌÍÜÜÛÙHH[^]ÌÍÚ[Ý[HYÔXY ][ÝÚÛIÌLÔÓÑÐTIÌLÕTÐÛÛYÉ][ÝË ][ÝÉ][ÝÊBYÜHH[ÙÐÞ ][ÝÉ][ÝË ][ÝÒ[Ý[][ÛÝÝ[ ][ÝËÊB^][YYÑ[]H ][ÝÚÛIÌLÔÓÑÐTIÌLÕTÐÛÛYÉ][ÝÊBYÑ[]H ][ÝÚÛIÌLÔÓÑÐTIÌLÐÛÜÙÉÌLÓ]ÛÜÉÌLÕIÌLÌÌLÜÚ[ ÌLÕTÐÛÛYÉ][ÝÊB[[ÝH ÌÍÚ[Ý[JBÙÐÞ ][ÝÕ[[Ý[ ][ÝË ][ÝÕ[[Ý[Y ][ÝËÊ Link to comment Share on other sites More sharing options...
weaponx Posted December 4, 2007 Share Posted December 4, 2007 You want to know the coolest part though? I used the combination of psexec and devcon to stop the USB hubs remotely, since I had admin rights I would stop my neighbors USB mouse + keyboard just to eff with them. Link to comment Share on other sites More sharing options...
GEOSoft Posted December 4, 2007 Share Posted December 4, 2007 @WeaponX You have a devious mindset. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!" Link to comment Share on other sites More sharing options...
LowKey Posted December 5, 2007 Author Share Posted December 5, 2007 Awesome. I could use some of this code. The main thing is, is the script will need to be run from the USB drive with an Autorun.inf file. ~T3CHM4G3~PROjECTS: Telnet Client Link to comment Share on other sites More sharing options...
weaponx Posted December 5, 2007 Share Posted December 5, 2007 (edited) Awesome. I could use some of this code. The main thing is, is the script will need to be run from the USB drive with an Autorun.inf file.That won't get you very far. If someone steals your flash drive the only thing they will need to get your files is to disable autorun. You should be using a thumb drive with a lock switch on it so everything is encrypted. Edited December 5, 2007 by weaponx Link to comment Share on other sites More sharing options...
SkinnyWhiteGuy Posted December 5, 2007 Share Posted December 5, 2007 Or do what I do, and use Truecrypt. It works off a thumb drive (with Admin access), and you have to have the password to access the files (as a mounted drive somewhere else). Doesn't prevent it from being seen, but with some clever naming, it could be overlooked. Link to comment Share on other sites More sharing options...
LowKey Posted December 5, 2007 Author Share Posted December 5, 2007 (edited) Its not so much theft I'm worried about. People often ask to borrow the drive to put pictures, etc. on and move it to their computer (no LAN here), so I'm always a bit wary as to lending it out. I just wanna keep folk from looking at what I dont want them to. Turning off autorun isn't an option on these computers. The computers we use are very restricted and on student accounts, no chance of (the typical user) getting admin access. Edited December 5, 2007 by LowKey ~T3CHM4G3~PROjECTS: Telnet Client Link to comment Share on other sites More sharing options...
weaponx Posted December 5, 2007 Share Posted December 5, 2007 No LAN?!?!?? That can't be good for productivity. Are you guys still using floppy disks and 3dFx Voodoo 1's??? Link to comment Share on other sites More sharing options...
LowKey Posted December 12, 2007 Author Share Posted December 12, 2007 Not quite, but close x.x; its amazing we've got XP OSs on these dinosaurs. 128 mb ram x.x ~T3CHM4G3~PROjECTS: Telnet Client Link to comment Share on other sites More sharing options...
DW1 Posted December 12, 2007 Share Posted December 12, 2007 OMG no LAN? no internetz? @weaponX, what are you trying to say about my voodoo card? LOL AutoIt3 Online Help Link to comment Share on other sites More sharing options...
schilbiz Posted December 12, 2007 Share Posted December 12, 2007 You guys are dating yourselves.. but then again I remember when I was all hyped about Voodoo 3dfx video cards.. Link to comment Share on other sites More sharing options...
DW1 Posted December 12, 2007 Share Posted December 12, 2007 You guys are dating yourselves.. but then again I remember when I was all hyped about Voodoo 3dfx video cards.. LOL, and I'm only 22 AutoIt3 Online Help Link to comment Share on other sites More sharing options...
weaponx Posted December 12, 2007 Share Posted December 12, 2007 Dating ourselves? What ?? lol I'm only 25 but I definitely had a a pair of Voodoo 2's in SLI. Link to comment Share on other sites More sharing options...
John117 Posted December 12, 2007 Share Posted December 12, 2007 I remember the first time I saw Doom on a Voodoo 3dfx video card. WOW! btw my first script added a pic to a gui I think? -dont worry! one day, you too, will get there Link to comment Share on other sites More sharing options...
LowKey Posted December 13, 2007 Author Share Posted December 13, 2007 (edited) my first AutoIt script was...if i'm not mistaken, a Notepad clone...wow, i feel noobish =P As for dating myself...anyone remember MUDding? I could go for some Nuclear War, now that I think about it. EDIT: Aha, my next project! Full functional Telnet client! Edited December 13, 2007 by LowKey ~T3CHM4G3~PROjECTS: Telnet Client Link to comment Share on other sites More sharing options...
schilbiz Posted December 13, 2007 Share Posted December 13, 2007 @ danwilli and weaponx: Yea, I was just messing with you, I am in my 20's as well. Still considered "young" in my book. @ weaponx - Voodoo 2's supported SLI? wow where was I.. probably too absorbed in trying to figure out how to hax my mem via emm386/memmaker so I could play quest for glory. @(&*)@ conventional memory.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now