USB Thumbscrew

[scapenz]

Hi guys, kinda new around here. Been really interested by all of the USB stuff that you have on this site. I never realised that USBs were so open ended and that you could do so much with them. Pretty cool huh.

Anyway, im still pretty new to batch/vbs programming but I have an idea for a new USB hack that I don't think has been considered up until now. From what i've noticed all of the current hacks available seem to specialise in stealing information and from this view they really go towards only one purpose. My idea is something like a USB passkey. A USB that once plugged in modifies something on the computer that means the computer can only be used from then on by that USB key. Now I understand that the idea of a "USB key" isn't exactly new. It's quite feasible to lock the computer down by doing something like this to the boot order on the host system: http://www.technospot.net/blogs/how-to-loc...sing-usb-stick/. What i'm thinking is something that does it on the fly, that once plugged in immediately makes that computer dependent on that USB and that USB alone. Is this feasible? Editing the bios from windows is an obvious no, but surely there is a way to remove/replace the boot.ini file on the hardrive and something critical to letting the user move around that's then copied back to the host system by the USB when it is plugged in?

This isn't necessarily for any specific purpose, although it could be used for security purposes on foriegn computers that you might be using from time to time. I'm just curious to see whether such a vulnerability exists within windows and whether it could be done? Thanks, tell me what you think.

[X3N]

you could do something like that with truecrypt

[scapenz]

But wouldn't you need admin rights on the target computer in order to run truecrypt? Since truecrypt needs to install drivers in order to mount the encrypted volume as a drive. Or are you thinking of using it in some other way? ;) Cant seem to find anything through google that would work but im a poor little nooblet so i guess i'll just have to keep looking. Most of the programs that do lock up computers well arn't freeware jobs and have some sort of evaluation popup so that spoils the fun.

[Mat]

You could probably make the USB key bootable with an instance of grub that would chainload the windows partition on the hard drive. That would allow the USB drive to boot the hard drive, and if you erase the MBR from the hard drive, then it wont be able to boot itself.

I dont see how this would be beneficial though.

[X3N]

But wouldn't you need admin rights on the target computer in order to run truecrypt? Since truecrypt needs to install drivers in order to mount the encrypted volume as a drive. Or are you thinking of using it in some other way? ;) Cant seem to find anything through google that would work but im a poor little nooblet so i guess i'll just have to keep looking. Most of the programs that do lock up computers well arn't freeware jobs and have some sort of evaluation popup so that spoils the fun.

in order to have an encrypted hard drive you need a passkey or pass phrase that unlocks the entire partition and by definition you pretty much have to be an admin. If you just wanted to lock your computer all you have to do is hit windows key + L which locks it. Now it would also be possible to write some vbs code that watches WMI for a certain usbdrive instertion which could lock if removed... but really why would you spend the time to program that when you can just hit Win + L to lock your computer...

I understand the concept your thinking of though here which i think is like biometric style watching only with a usb drive... which is a little more complicated... considering you'd have to write your own program locking mechanism for your computer that totally bypasses windows login features... unless theres a way to intgrate with them... but i doubt it.

[StillFallin]

i think i know what your talking about here and i have this implemented on my computer.

by adding a batch file in the computer as a hidden system file set to run at startup due to adding it in the run folder in registry.

you can have the computer start up and run the script and look for a certain file on all drives (including usb)

once it finds the file it ends the script and prompts a message saying all systems are running

but if it can not find the file it will say that only "your user name here" can use this computer and then immediately turn the computer off.

i implemented this in my laptop about 6 months ago because of the sensitive data held on it and if it were to fall into the wrong hands it could be bad.

correct me if im wrong but is this something of what you were kinda looking for?

if so let me know and feel free to e-mail me at

sfeadmin @ stillfallin.com

and i will be more then glad to send you the source files and details on how to install

until then i will consider taking some time and getting a post going with all the stuff needed and instructions on how to do this and install it

its quite simple and runs 100% in the background without anyone being able to see that its being run due to the use of vb scripts and bat files

so ya if your interested then email me and i will get that stuff to you asap

[scapenz]

Um that sounds kinda like what i'm after. But this script would only work on startup, to stop it being booted without the usb. The focus of this idea however was more on securing the computer at boot up and while logged on, rather than just one or the other. Thanks for the offer though.

@X3N Sure, windows+l could work, but Id prefer something that froze both the mouse and keyboard and yet kept the screen intact. From an ease-of-use perspective its a lot easier just to pull out the usb and walk off than it is to remember to lock windows first and then take the usb out. And unlocking it would be a breeze, rather than having to sit there typing out the password - just plugging the sucker in and carrying on as you were.

Thanks for the suggestions. I'll keep looking. Some of the freeware I have come across does exactly the job i'm after (eg Computer Lock Up) but there's no way in telling how exactly they did it and whether it would work straight off of a usb. Damn exe's.

Edit:

I found a piece of VBS that disables the keyboard and mouse cleanly for 10 seconds. This is what i'm after.

Private Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Sub Form_Activate()
  DoEvents
  BlockInput True
  Sleep 10000
  BlockInput False
End Sub

Noted it doesn't stop ctrl+alt+del but it does have an effect on alt+f4 as I wasn't able to close the window down once it was running.

[DingleBerries]

i think i know what your talking about here and i have this implemented on my computer.

by adding a batch file in the computer as a hidden system file set to run at startup due to adding it in the run folder in registry.

you can have the computer start up and run the script and look for a certain file on all drives (including usb)

once it finds the file it ends the script and prompts a message saying all systems are running

but if it can not find the file it will say that only "your user name here" can use this computer and then immediately turn the computer off.

i implemented this in my laptop about 6 months ago because of the sensitive data held on it and if it were to fall into the wrong hands it could be bad.

correct me if im wrong but is this something of what you were kinda looking for?

if so let me know and feel free to e-mail me at

sfeadmin @ stillfallin.com

and i will be more then glad to send you the source files and details on how to install

until then i will consider taking some time and getting a post going with all the stuff needed and instructions on how to do this and install it

its quite simple and runs 100% in the background without anyone being able to see that its being run due to the use of vb scripts and bat files

so ya if your interested then email me and i will get that stuff to you asap

What if the computer is booted in safe mode? Does the script still run? My university has something like this implemented but it runs when the user logs in and puts up an overlay with a password and user box. All you have to do to bypass it is CTRL+ALT+DEL and end the loginscreen.exe then you get full admin rights. Your script sounds pretty affective however if someone really wanted to grab the data a live cd would be all they need. I would also encrypt my drive with truecrypt.

[StillFallin]

What if the computer is booted in safe mode? Does the script still run? My university has something like this implemented but it runs when the user logs in and puts up an overlay with a password and user box. All you have to do to bypass it is CTRL+ALT+DEL and end the loginscreen.exe then you get full admin rights. Your script sounds pretty affective however if someone really wanted to grab the data a live cd would be all they need. I would also encrypt my drive with truecrypt.

well i never tried booting it in safe mode to see if that would bypass it

i will however try that here soon probably withing the next hour or so

but as far as going and ctrl+alt+del and canceling the running task i guess that would work if you are quick enough

the reason i say if you are quick enough is because there was a time when i left my usb at work and had my laptop off and when i turned it on it just turned back off and wouldn't let me in because the usb drive with the file was not there.

now i keep a backup copy of that file on my ipod just in case i loose my usb drive

but i do know that i have tried to be faster then the script and tried to cancel the task but maybe its just my computer don't have enough ram to load the menus and stuff but i cant seem to get in there and stop the task in time before it shuts off.

but

you can always change the time that it takes for the pc to issue the power down command but on my pc i have it set at a 0 second delay that way there is no chance that people can get in my pc

here give me a lil while and ill test it in safe mode and on all the other accounts on the pc like guest and the main main administer and stuff like that and i will post the results

other then that ya i will start working on the post to release this lil bit of code i made so yall can enjoy it as well

[DingleBerries]

Also try hitting alt+f4 as fast as you can or CTRL+C to end the batch script. ill pm you with my email, id like to take a look at the .bat if you dont mind

[scapenz]

Yea i've sent you my email to, wouldn't mind taking a look myself. If this script is as good as you say it is then it could be used for the boot half of locking up the system quite successfully.

[StillFallin]

here you go i have released everything in this post

http://hak5.org/forums/index.php?showtopic=10853

best regards,

stillfallin

[DingleBerries]

Found this, and i like it so far. How to lock your computer using USB stick

So what this trick does ? . It will make make the windows look for BOOT.INI in a USB drive Follow the steps

Make Hidden Files visible:

Boot.ini is hidden file by default. Open C drive and go to Tools > Options > View. Look for Hide Protected system files . Uncheck it. Now you should be able to see the BOOT.INI file.

Copy System Files:

Copy the files 1) BOOT.INI 2) NTDETECT 3) NTLDR to your USB stick. This is assuming that your windows is installed in C drive. In case its D drive look into D drive. Remove the USB stick

windows system files

Setting up BIOS

Now restart your computer and keep [ F8 ] key pressed as soon as the computer starts. After you get into the BIOS, Look for the menu item where you can change your Boot Device. After you find it, set USB device as first boot device and Hard disk as secondary .

NOTE: I would also burn these files to a cd for safe keeping.

[scapenz]

That boot.ini method works, but it involves more setting up than stillfallins. If the computer is actually yours its probably better to do that since it stops them dead in their tracks, whereas the other method still allows them to log in and its that much more loose because it only stops them there rather than before windows even starts. Ie with no boot.ini safe mode wont work either. Has anyone confirmed on whether stillfallins method works in safe mode?

[StillFallin]

That boot.ini method works, but it involves more setting up than stillfallins. If the computer is actually yours its probably better to do that since it stops them dead in their tracks, whereas the other method still allows them to log in and its that much more loose because it only stops them there rather than before windows even starts. Ie with no boot.ini safe mode wont work either. Has anyone confirmed on whether stillfallins method works in safe mode?

well thats good to know that that method works im thinking about possibly setting that up for a test of my own

and im sorry about the safe mode test i did try to do that but for some reason my laptop wont boot in safe mode it just freezes which is something that i need to look into because ya thats not good

[Mat]

Each of these methods are quite good, but ultimately they wont stop someone who actually want to get at your computer.

It's the work of a moment to get a usb thumbdrive that will boot linux. With that drive connected to your computer, the attacker has your data, end of story.

You have to ask the question, 'why am I doing this?'

If you are putting this protection mechanism on your computer to make it look cool and like something out of the movies, then that's great; but if you actually want it to perform a role of protection, then its a waste of time.

Use Truecrypt. It works, it's proven and it's simple.

I dont say this to disparage anyone, or to insult anyone, I say it because it's true.

[DingleBerries]

Use Truecrypt. It works, it's proven and it's simple.

QFE, also do the BOOT.ini thing, if not for added security do it for the geek inside of you.

[scapenz]

Lol sounds good. Points taken Mat. Realistically though i'm after something simple and passive to protect and lock the computer for maybe a few minutes at a time. If I was after something more solid, to protect it indefinitely then you're right, use truecrypt. But the point was to make something that could be run, on the fly, straight off the USB. You could say I wasn't wanting to protect the data to any great degree, but moreover protect my spot on the computer to stop people from stealing it. Anyway,still working on it, hit a small bump with the crl+alt+del blocking, but at the moment I have it locking up the mouse and keyboard input indefinitely while the usb is removed, which is good. :P Btw that usb linux boot sounds cool, I saw an article about it on portableapps.