| View previous topic :: View next topic |
| Author |
Message |
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
 Posted: Thu May 01, 2008 1:35 pm Post subject: |
 |
|
| Zippo() wrote: | Sorry, but I had to stop here:
Could you maybe make a version that doesn't require installation? At least while you are trying to get people to try and crack it? |
Personally, I don't want anyone to try and crack it, because they are ruining a good thing and a year's worth of work. That's why I created an EULA.
Just use the installer, It only takes about 30 seconds, and if you don't like it, use the uninstaller. It's as simple as that. |
|
| Back to top |
|
 |
Fry
Joined: 01 Nov 2007
Posts: 689
|
| Posted: Thu May 01, 2008 8:05 pm Post subject: |
|
|
HCProfessionals Im trying to crack it so you can make a patch so its more secure. No need to offend
_________________
check out my site
www.eliteknifesquad.com |
|
| Back to top |
|
|
SomeGuy
Joined: 21 Apr 2008
Posts: 96
Location: somewhere
|
| Posted: Thu May 01, 2008 8:26 pm Post subject: |
|
|
There's no patch that can be made if the pc can be booted from a cd. Most main-stream linux live cd's can mount the internal hard disk and then Windows permissions are useless. (Encrypted volumes are still safe though)
How does this handle safe mode bootups? Is it still secure then?
What If there is more than one user account on the pc, does it run automatically for all persons that log in to the PC?
The only way to truly secure a pc when you are not using it is to enable a boot password in the bios and turn the pc off or hibernate. |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Thu May 01, 2008 9:13 pm Post subject: |
|
|
| SomeGuy wrote: | There's no patch that can be made if the pc can be booted from a cd. Most main-stream linux live cd's can mount the internal hard disk and then Windows permissions are useless. (Encrypted volumes are still safe though)
How does this handle safe mode bootups? Is it still secure then?
What If there is more than one user account on the pc, does it run automatically for all persons that log in to the PC?
The only way to truly secure a pc when you are not using it is to enable a boot password in the bios and turn the pc off or hibernate. |
It says at the bottom of the documentation that the software has only been tested on XP/Vista and it's not recommended to run on any other OS. I would like to program the software to run on Linux, but I'm not even sure if AutoHotkey is even compatible with Linux. There are also so many forms of Linux that we would probably need to build and emulator or find an emulator online to run this software.
Also, Safe Mode needs to be tested, thanks for the idea, and if it doesn't work, safe mode does load the registry and we could probably make a key to run it. It takes about an hour for me to load Safe mode because of agpCP.dll, but we'll see.
Each user must install Rsecure PC Lock, that way it doesn't run on every account when you install it, because some users may not want the software.
Fry - I know, I'm not offended at all, that's why i put the software on here is so you guys can crack it or do whatever to help, but there are those few out there who want to crack it and not for a good reason.
Thank you guys for the help and let me know of ways to improve this software! |
|
| Back to top |
|
|
LBJ
Joined: 03 May 2007
Posts: 17
|
| Posted: Fri May 02, 2008 12:19 am Post subject: |
|
|
OK. I'm confused, but totally willing to comply.
| SomeGuy wrote: | | then it is not secure. would you like some of the source code? |
| HCProfessionals wrote: | | lol, go for it. That way I can make a patch. |
| HCProfessionals wrote: | I'm waiting........
lol |
| SomeGuy wrote: | | i gotta get a fresh VM set up... Smile |
| HCProfessionals wrote: | | Don't go out of your way now.... Laughing |
Based on that exchange, I assumed the OP was happy for (if not challenging for) proof that compiled ahk source is easily retrievable. Accordingly, I provided a very brief snip of his source. I didn't bother with a virtual machine as in SomeGuy's approach, so it only took a couple of minutes.
Now I've been asked by the OP via PM to either take down the source, or to display a different portion of the code. I think the latter is the best option since it's important within the context of this post (using ahk to produce a security related application) to make it clear that ahk source is definitely very obtainable from a compiled exe.
As an aside, PM's are great for off-topic communication, but this request appears to be fine for the topic.
So, to the OP, which section of the current snip would you like removed, or which section of your code are you content to have substituted for it?
I haven't bothered playing with your application at all, so I haven't looked for any immediate threat to its security in the snip I previously posted, but I'll happily comply with your directions. I do believe it's important to leave a reasonable snip present though to firmly emphasize the source availability of compiled ahk.
Ultimately, if you want the code removed entirely, I'm happy to comply with that too. Let's just keep it a public discussion though for the benefit of the forum. |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 4:49 am Post subject: |
|
|
| I would like a few programmers to help out with this script and make it better. It would be nice if you could take down the source code. |
|
| Back to top |
|
|
LBJ
Joined: 03 May 2007
Posts: 17
|
| Posted: Fri May 02, 2008 5:23 am Post subject: |
|
|
| HCProfessionals wrote: | | It would be nice if you could take down the source code. |
Certainly. Done. |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 5:55 am Post subject: |
|
|
| Thank You! |
|
| Back to top |
|
|
ahklerner
Joined: 26 Jun 2006
Posts: 1249
Location: USA
|
| Posted: Fri May 02, 2008 11:53 am Post subject: |
|
|
| HCProfessionals wrote: | | I would like a few programmers to help out with this script and make it better. It would be nice if you could take down the source code. |
I'm Willing to help.
_________________
ʞɔпɟ əɥʇ ʇɐɥʍ |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 2:27 pm Post subject: |
|
|
The best way to help is to download the program and see if you can find any way to improve it.
The major thing right now is to get it to work in safe mode if it's even possible.
-----------------------------------------------------------------------------------
Knowing the registry fairly well, I know that Windows loads the following folders in safe mode:
Safe mode
HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \SafeBoot \Minimal
Safe mode with networking
HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \SafeBoot \Network
but, with the way this software has been designed, it isn't designed to run on the entire machine, each user acount will have it's own setup.
So here's what I'm trying to figure out:
1. If I write a registry key in HKEY_LOCAL_MACHINE and someone goes into an account in safe mode without the program installed, will Windows wait for that program to load or if Windows does not find it, will it skip it and move on.
2. If #1 does not work, is there a way to write a registry key that will run another registry key in another location? |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 2:39 pm Post subject: |
|
|
Also,
While programming this software, I had seem to found a function undefined in AutoHotkey (I had some help from Lazlo),
For those of you who think it is impossible to watch two processes at one time, well it isn't anymore.
| Code: | SetTimer, NameOfTimerHere
NameOfTimerHere:
Process Exist, Process 1 Here
If ErrorLevel
If Process 1 Exits, Put It's Reaction Here
Process Exist, Process 2 Here
If !ErrorLevel
If Process 2 Exits, Put It's Reaction Here
Return |
Thank You Lazlo for all your help! |
|
| Back to top |
|
|
ahklerner
Joined: 26 Jun 2006
Posts: 1249
Location: USA
|
| Posted: Fri May 02, 2008 3:10 pm Post subject: |
|
|
The best way to make your program as robust as possible would be to release the source code, so that all of the knowlegable contributors to this forum would be able to review it. I assume that if you did not think about something as simple as booting in safe mode to overcome it, that there are other areas that it could be improved.
Many people have their own areas of expertise. I'm sure you would get some great contributions should the source be released.
_________________
ʞɔпɟ əɥʇ ʇɐɥʍ |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 6:54 pm Post subject: |
|
|
The source code can be downloaded on the first post of this topic, but make sure you read and agree to the Source Code Software End User License Agreement before going through any of the source code.  |
|
| Back to top |
|
|
HCProfessionals
Joined: 18 Jun 2007
Posts: 107
|
| Posted: Fri May 02, 2008 6:59 pm Post subject: |
|
|
The easiest way to go is after you have read and agreed to the EULA is to start with the RSecure PC Lock source code and learn and understand it and go form there.
It's not very clean and jumps all over the place, but if you can figure out that source code then you'll be able to understand the rest.
Anyone who is seriously interested in helping improve this software, can contact me at: rsecuresoftware@yahoo.com and I'll add you as a developer on the RSecure Software Website. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
