USB Lock v6

[crashdemons]

Note: This is completely unrelated to the program offered on TuCows and CNET, I named it without ever checking the title, and I may decide to change it at will.

What Does it do?

This program allows you to require a specific drive (USB preferably) to be connected to the computer to gain access while the program is running.

Downloads:

USBLock.zip (Includes Source code, Compiled version, and English .LANG file)

UPDATES: _{(click "see post" to see notes on changes)}

Version 6: see post

Version 5: see post

Version 4: see post

Version 3: see post

Version 2: see post

-----------------------------------

-How does it do it?

1a. On a normal run, the program will ask you for a drive letter to assign as a "Key Drive".

1b. A drive letter is assigned by command-line parameter.

1c. The "auto" parameter is used, and we skip to Step 4.

2. The Program will then generate a random keyfile, save a hash of the keyfile locally and save the actual keyfile on the root of the chosen/validated drive.

3. Waits until the keydrive is removed.

4. BlockInput is called

5. Then the program then checks repeatedly for the existence of the keyfile on all drives

6. The keyfile is validated, if it is valid, BlockInput is released and we return tp Step 2.

7. Assuming the keyfile is invalid, it is deleted and we return to step 5.

Note: There is a special keyfile that can be saved on a drive that will shut down the program to allow emergency access.

(if you edit the emergency text in the script, you will need to edit your own emergency keyfile)

USBLock_Emergency_Keyfile.zip

Requirements:

WindowsConstants.au3

GUIConstants.au3

StaticConstants.au3

String.au3

Misc.au3

myToast.au3 - by me (given)

MD5.au3 - which is either by:

- Ward (Using CallWindowProc; I suggest this one.)

- Frez Systems Ltd and SvenP (all AutoIt)

- Other

Credits:

Monitor On/Off Example - MrCreatoR

MD5 - SvenP or Ward

... let me know if you were missed for credit.

EDIT: fixed the "steps" explanation

5-5-13 Edit: Re-added images to post

Edited May 6, 2013 by crashdemons

[ludocus]

I tried this, But when I remove my drive it says it locks my computer but then those nothing..

It doesn't lock my computer.

And why don't you use something like this: ?

expandcollapse popup

#include <File.au3>
While 1
$flash   = DriveGetDrive("removable")
if @Error then
Else
    if FindKey($flash[1]) Then
        msgbox ( 32+0, 'correct', 'this is the correct drive' )
    EndIf
    
EndIf
WEnd






Func FindKey($sDrive, $sD = 0, $sFile = 'key.opal', $sCreate = 0)
    if $sD = 1 then 
        if FileExists($sDrive&$sFile) Then
            FileDelete($sDrive&$sFile)
            if @error then
                return SetError(1, 1)
            Else
                return SetError(-1, -1)
            EndIf
        Else
            return -1
        EndIf
    EndIf
    If FileExists($sDrive&$sFile ) Then
        return 1
    Else
        if $sCreate = 1 then _FileCreate($sDrive&$sFile )
        return 0
    EndIf
EndFunc

[crashdemons]

Sorry, redownload the ZIP - I had the script stuck with the "DebugMode" parameter enabled (Runs normally, but does not lock)

and to answer your second question; I do, essentially, do that - create a file and check for existence, but having wrote this myself I did it in the way I saw most efficient.

[ludocus]

ok, I went on with my script.

And now I have about the same thing but then a lot smaller:

expandcollapse popup

#include <File.au3>
#NoTrayIcon
$check = DriveGetDrive('removable')
if @error then 
    msgbox ( 16, 'Error', 'Please insert a drive before running this program' )
    Exit
EndIf

$times = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\UsbLocker", "times" )
if $times = '' Then
    msgbox ( 32, 'Welcome', 'This program will now write a key to your drive: '&$check[1]&@CRLF&'Enjoy this program, created by ludocus :)' )
    RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\UsbLocker", "times", 'REG_SZ', 38383 )
    FindKey($check[1], default, default, 1 )
EndIf

While 1
sleep ( 100 )
$flash   = DriveGetDrive("removable")
if @Error then
    LockOut('on')
Else
    if FindKey($flash[1]) Then
        LockOut('off')
    Else
        LockOut('on')
    EndIf
EndIf
WEnd

Func LockOut($sType)
    if $sType = 'off' Then
        if not ProcessExists('explorer.exe') then
            WinMinimizeAllUndo()
            run ('explorer.exe')
        EndIf
        
    Else
        WinMinimizeAll()
        If ProcessExists('explorer.exe') then ProcessClose('explorer.exe')
        if ProcessExists('taskmgr.exe') then ProcessClose('taskmgr.exe')
        if ProcessExists('cmd.exe') then ProcessClose('cmd.exe')
    EndIf
EndFunc





Func FindKey($sDrive, $sD = 0, $sFile = 'key.opal', $sCreate = 0)
    if $sD = 1 then 
        if FileExists($sDrive&$sFile) Then
            FileDelete($sDrive&$sFile)
            if @error then
                return SetError(1, 1)
            Else
                return SetError(-1, -1)
            EndIf
        Else
            return -1
        EndIf
    EndIf
    If FileExists($sDrive&$sFile ) Then
        return 1
    Else
        if $sCreate = 1 then _FileCreate($sDrive&$sFile )
        return 0
    EndIf
EndFunc

Maybe usefull?

[crashdemons]

now I have about the same thing

Not really.

Don't be offended if I decide not to use your script.

I don't see the need to close Explorer or Cmd if I'm already locking out user input - And I'd rather not restrict the drive to removable drives.

(The only reason I don't check A, B and C is because A B and C are, usually, always mounted drives.)

I also don't agree with writing to the registry unnecessarily.

Feel free to continue your application in another thread

Edit: I also see that you repeatedly minimize all windows, not blocking input?

Edited May 18, 2008 by crashdemons

[ludocus]

ok,

I will not put the code in another thread because I made it to help you not to make a new topic

[crashdemons]

My application works fine for now, thanks

Just as long as I make sure to turn off the occasional debug parameter.

[ludocus]

yeh I would do that lol

[Ev0lving]

I get a error, once compiled using beta, I get the following

Line -1:

Error: Variable Used without being declared

I use windows vista x86 with sp1

Edited January 7, 2009 by Ev0lving

[spudw2k]

Pretty cool. If I had my druthers, I'd use a hardware_id instead of a key. Also If you want to prevent Ctrl+Alt+Del take a look at the code in this thread.

Edited January 7, 2009 by spudw2k

[b0ris]

Pretty cool. If I had my druthers, I'd use a hardware_id instead of a key. Also If you want to prevent Ctrl+Alt+Del take a look at the code in this thread.

Isn't it just easier to get the serial of the device? That's also unique, and just one line of code

[spudw2k]

Isn't it just easier to get the serial of the device? That's also unique, and just one line of code

Except a serial is virtual and can be compromised.

http://www.autoitscript.com/forum/index.ph...mp;#entry600479

[b0ris]

Except a serial is virtual and can be compromised.

http://www.autoitscript.com/forum/index.ph...mp;#entry600479

Hmm...I thought the serial is a hardcoded...then it's not the best idea, sorry.

[crashdemons]

UPDATE: Version 2

Updated includes files for newer AutoIt versions. (3.2.12.1 tested)

Supports two different styles of MD5.au3 (see first post for suggestions)

Pretty cool. If I had my druthers, I'd use a hardware_id instead of a key. Also If you want to prevent Ctrl+Alt+Del take a look at the code in this thread.

I would rather not marry the security of my computer to a specific drive without some sort of session-specific key.

Think of what might happen if you lock your PC and then lose your USB drive - someone could steal it and unlock your PC repeatedly.

However, the key I'm using is random and created on the keydrive (only the hash is saved on the locked system). This key is also renewed each time the drive unlocks the system.

So, even if someone copies the keyfile from your keydrive - if you unlock your system or quit USBLock, their key becomes invalid.

(However, the emergency key is an issue if they're aware of this software.; but you can always modify the emergency key text - edit the string starting with "~X@CD_USBLock")

Secondly, I'd rather not mess with system key combinations (like CTRL+ALT+DEL) that you're not supposed to block anyway.

- I COULD (although I'm not sure if I could do it in a simple method that would work for everyone) later use the serial or hardware id as part (but not all) of the identification for the keydrive.

NOTE: if you want to change how the "key" is determined just change what _GetNewKey() outputs.

Edited March 11, 2009 by crashdemons

[Ev0lving]

Version 2.0

Very nice additions and very nice script, I am still able to input keystrokes and mousemovements in vista, the toast box comes up and tell me that my system is lock but I can still access it fully, I can help with getting it to work on Vista if you want.

[crashdemons]

I'm guessing BlockInput fails if you do not run the program as admin [in Vista].

Failure: Already Enabled or #RequireAdmin not used.

I'll add #RequireAdmin to the script to fix this. Edited March 17, 2009 by crashdemons

[crashdemons]

Version 2.0

Very nice additions and very nice script, I am still able to input keystrokes and mousemovements in vista, the toast box comes up and tell me that my system is lock but I can still access it fully, I can help with getting it to work on Vista if you want.

I Just updated the script to have #RequireAdmin as suggested by the help file.

Try the new version of it. (2.1+)

Thanks.

[crashdemons]

Just updated again (3.0)

This time I added:

• A GUI to list possible drive selections for your keydrive. (no fixed drives, no floppy drives, no CD-ROM's)
• Tray Option to set a new keydrive while unlocked. (Remember - you can have only one valid keydrive set.)
• Changes to Locked mode to secure your computer more immediately.
• Changes to update the keyfiles more immediately.
• Added some parameter settings. (see below)

Parameters:

• "auto" - use a previously saved key hash, lock immediately without keydrive selection . (Good for Windows Startup if you already set a keydrive; example: "USBLock.exe auto")
• Anything Else - the first character is used to specify a keydrive to silently set before Locked/Unlocked modes. (silent alternative to the selection GUI; example: "USBLock.exe D" for D:\)

Notes:

The GUI has (currently) a fixed width of 300 and will start another row if the number of drives goes beyond 300px wide.

(I would start smaller than 300 except the titlebar text becomes hidden)

Tell me if the GUI is displayed correctly in dimensions, etc.

Tell me also if the drive icons are incorrect for your operating system, as I can add conditions to modify the DriveIcons array.

(I only had a WinXP box to test the icons with.)

etc.

Included from first post to catalog/save space:

• UI: Standard running mode now features a visual listing of valid drives to set as your keydrive.

  Close this window to Exit USBLock

  (If the drive icons are wrong for your OS, we can update!)

• Security: The BlockInput and security checks are now done immediately upon 'lock' and all during the "secured" Toast display.
• Options:

  The KeyDrive can now be changed to a new drive while in 'Unlocked' mode. (See Tray menu)

• Parameters: Normally USBLock is ran without parameters.

  If you use the parameter 'auto' the computer is immediately locked with a previously saved key. (Windows Startup? )

  Otherwise, parameter text is used to silently select a new keydrive. ("ijk" sets drive I:\)

• Other: The Tray Icon and Tooltip have been changed to show correctly in script mode.
• Other: Keys are now updated immediately instead of after Toast notifications.

Edited May 20, 2010 by crashdemons

[Ev0lving]

Parameters:

• "auto" - use a previously saved key hash, lock immediately without keydrive selection . (Good for Windows Startup if you already set a keydrive; example: "USBLock.exe auto")
• Anything Else - the first character is used to specify a keydrive to silently set before Locked/Unlocked modes. (silent alternative to the selection GUI; example: "USBLock.exe D" for D:\)

Great additions to the script, I have one problem.. I am trying to use the auto Parameters with no luck, it just runs the program in vista and asks me to select a drive but there is no drive in the systema nd I want it to lock so the script exits and the system is un secure again. same as when I log off and log on again.

Edited April 8, 2009 by Ev0lving

[crashdemons]

Great additions to the script, I have one problem.. I am trying to use the auto Parameters with no luck, it just runs the program in vista and asks me to select a drive but there is no drive in the systema nd I want it to lock so the script exits and the system is un secure again. same as when I log off and log on again.

Sorry, for the delayed response.

For not seeing your drives listed:

The following drives cannot be written to as a keydrive:

Drives with the letters A or B; Fixed drives; and CDROM/Optical drives.

However, everything but the floppy drives will be CHECKED for a valid keyfile - this allows you to make an emergency HDD, CD, etc. if your USB ports die.

To make this short:

Please insert a removable device that shows up in My Computer as a drive letter higher than C.

THEN start USBLock in normal mode and select it from the GUI.

(NOTE: USBLock cannot check for special USB devices that do not have drive letters, such as some cameras, MP3 players, etc.)

For problems using the "auto" mode:

To use "auto" mode, it would be in your best interest to satisfy two conditions first:

1. run USBLock in normal mode and select a removable drive as your keydrive

2. make sure USBLock is compiled so that you can use auto mode

- - - the command-line will look like "USBLock.exe auto" without the quotes.

Condition number 1 is important otherwise USBLock will be trying to automatically match a nonexistant keyfile. If a keyfile is NOT existant in auto mode, you may encounter very annoying results.

If you're seeing a drive-selection window when using a parameter, then that parameter is not being passed to the program

- "auto" and the drive selection parameters force USBLock to skip initial drive selection.

Edited April 10, 2009 by crashdemons