Welcome Guest.   Make a donation to an author on the site October 31, 2014, 10:24:24 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
View the new Member Awards and Badges page.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: IDEA: Temporary Access  (Read 3758 times)
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« on: October 13, 2008, 04:05:37 PM »

40Hz was wondering where I was headed with my "Self destruct" idea. Seeing that he put us onto the very useful "Dead Man's Switch" app I thought it only fair to share the next step in my project with everyone.
The idea for this project came from two other projects: Keepass portable and Keeform. Keepass portable has a very useful feature that enables you to drag and drop hidden passwords. You can drag and drop a password onto a web page input field for example. Keeform lets you do the whole thing automatically.
There are times when you would like people to access password protected resources but also limit the time they can access the resource.
Keepass and Keeform don't cater for this very well for a number of reasons:
1. You need the entire applications plus the master password to make use of these features
2. Keeform only works for IE.
3. Once you get into Keepass you can "unhide" the password.
My idea is that a program that includes a selection of the features in Keepass and Keeform, runs off a USB drive and "self destructs" after a preset time would overcome these problems. The user would simply click on an icon on the USB drive. The app would then take the browser to the specific web page and automatically log in.
Keepass uses CSecureEditEx code to secure edit controls and CodeProject shows how it could be used in a project.
I've been tempted to give it a go but I figure I will die of old age b4 I get it working.

 
« Last Edit: October 13, 2008, 04:09:50 PM by Uncle John » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: October 13, 2008, 04:29:59 PM »

"Self destruct" will never work - there will always be a way to bypass it. Refusing to activate based on time is also trivial to bypass. And even contacting a server for decryption keys (which will grant or refuse based on time/whatever) can be bypassed, although that's a bit trickier.

Depending on your exact needs, some of these problems might be acceptable, though.
Logged

- carpe noctem
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« Reply #2 on: October 13, 2008, 05:00:10 PM »

Any thoughts on CSecureEditEx?
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: October 13, 2008, 05:35:17 PM »

Any thoughts on CSecureEditEx?
Good idea not using the default EDIT control, but I would probably have done things differently implementation-wise... Also, I'm a big fan of being able to "show contents instead of asterisks" for password controls, but obviously in the way that enabling the feature clears the current contents of the control.
Logged

- carpe noctem
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« Reply #4 on: October 14, 2008, 05:08:42 AM »

There might be a much easier way to achieve what I'm after. I noticed the following article that describes a simple program: herley-poster_abstract. It would seem much easier than implementing edit controls.
Logged
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« Reply #5 on: October 14, 2008, 04:23:12 PM »

Easier still is what I'll call the three steps forward three steps back method (see: non-technological methods in Keystroke logging ).
Auto Form Filling would be nice but Auto Field filling would be sufficient.
I'd suggest that the Autohotkey program that does the field filling should first check whether "Dead man's switch" is present before executing. This would help prevent the use of the password by anyone other than the holder of the USB drive.
I hope someone (Skrommel perhaps?) has a go at this.
After I test the device and see that it works as intended I'd like to share part 3 of my project with everyone.   
« Last Edit: October 14, 2008, 05:16:06 PM by Uncle John » Logged
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« Reply #6 on: October 18, 2008, 06:32:11 PM »

Oh. Silly me embarassed keystroke logging is only a problem when the keyboard is used to enter the password. Since my idea is to enter the password automatically I don't have to worry about methods for defeating keystroke logging.
I've found an Autohotkey program that will do most of what I'm after at AutoFiller all that is needed now are a few modifications....
 
Logged
Uncle John
Supporting Member
**
Posts: 38


View Profile Give some DonationCredits to this forum member
« Reply #7 on: October 29, 2009, 03:28:29 PM »

I'm glad I put the pursuit of this project on hold for a while. I've found that someone else has already done what I was hoping to accomplish: How to pwn with U3 Hack
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.029s | Server load: 0.04 ]