PDA

View Full Version : password prog



ihsir
12-27-2001, 11:54 PM
I have made a password prog in c++ that when inputted with the correct pwd exits otherwise continues indefinately.

My 2 questions are

1. is there a way to automatically shut down the computer after say 3 wrong passwords are given. If yes how?

2. i' have put the prog pathname in autoexec.bat and have disabled the boot from floppy option.

What are other ways of bypassing the autoexec?


Any help would be greatly appreciated (and before i forget i use win98.)

Hillbillie
12-28-2001, 04:29 PM
If you are using this as some kind of security thing, remember that 'Ctrl + C' will (usually) break out of a DOS program.

As for the shutting down the computer, of course there's a way. That way would be to study the BIOS, make sure it supports that kind of thing, then uh write the code. :p I have no idea how you'd go about doing that, though...

-KEN-
12-28-2001, 08:05 PM
look up the ExitWindows() function

VirtualAce
12-31-2001, 02:32 PM
The best way to secure Win9X is to use the msdos.sys file. Unhide the file using the attrib command. Edit the file with an editor and change BOOTGUI=1 to BOOTGUI=0. Then in your autoexec.bat file place a reference to your DOS password program prior to any other entries. At the end of the autoexec file place a reference to c:\windows\win.

When the system boots, your code will be executed first. If the code is wrong, simply reboot the system and the whole process begins again. If the code is correct simply exit(0) and since you are in the autoexec shell, the autoexec will continue to execute and will run Windows when it is done because of the c:\windows\win.

To disable other things like the F8 key prior to bootup use the switches command in your config.sys file. I'm sorry but I absolutely forget all the switch options and what they do. Make sure that your code is solid and has a backdoor. I used my password program at college to protect my system. One time the code failed due to a bug I had not detected and I was locked out of my system - I also disabled CTRL-C. So, I had to go and change the boot options in the BIOS so I could boot from A: - which was also password protected.

For total security password protect your BIOS so they cannot get in there and change the boot from floppy option. Don't forget your password or you will have to clear the BIOS settings via a jumper on your motherboard. It's really embarassing to get locked out of your own system by your own code. Trust me I've been there.:D

VirtualAce
12-31-2001, 02:36 PM
To reboot the system:

outp(0x64,0xFE);

This will only work if you are in pure DOS (Windows catches this) and if the keyboard buffer is not full. In DOS this will work 99% of the time since the keyboard buffer being full is a rare occurrence.

doubleanti
01-02-2002, 02:49 AM
to ensure the keyboard buffer isn't fully, make one call to kbhit (), and if it returns nonzero [true], then have a getch () [to no saved value] in order to get that one character out, yeilding an unfull keyboard buffer...

and [for the sake of mentioning], to clear the keyboard buffer... make a loop polling kbhit() and returning getch () [to nowhere] until there is nothing left in the keyboard buffer...

sean
01-03-2002, 11:30 AM
I don't think there's anyway of keeping out hackers perfectly. If someone wants to get in, they'll get in. There's no way of letting someone send you mail on a website, without somehow exposing your address. You can put it in a link, they just read the code. You use cgi, they just read the code. Windows 95 for example. You just press escape, and BINGO, you're in.

sean
01-03-2002, 11:34 AM
Correction to the above: The best you can do is by changing the way your computer boots completely - make your own processor. Even so, there's still a way to stop the PC and look at the registers before that. HotMail tried doing something like that. One of my friends forgot their password, and as extra security, didn't enter a logical answer to their secret question. I was in after 2 minutes.

VirtualAce
01-04-2002, 09:18 AM
The method I've shown will prevent people from getting into your system. The only way in is through the BIOS password or by clearing the CMOS via a jumper on the motherboard. For those that are paranoid or need a lot of security there are cases that are locked and some that have chassis intrusion alarms.

If you place your file in autoexec.bat it will execute prior to Windows, prior to switching to protected-mode - still in pure DOS. If you remove the switches (F8, F5, etc) password protect the BIOS, set floppy drive seek at boot to NO then there is no way in. Even if you change out hard drives or put a new floppy drive in or attempt to boot from floppy, there is no way in.

Another way that has been mentioned is to password protect the boot sequence via the BIOS, which is much easier since it does not require you to write any code.

From what I've seen of professional back office security programs, Win9X cannot be made totally secure - there is always a wy in. That would require an OS like Windows NT or Win2000. Win9X was made for home users and therefore lacks a lot of security. Plus the more secure, the less friendly the OS and the less that it likes to run games. What fun would that be?

:D

ihsir
01-06-2002, 04:34 AM
... please explain (though it worked perfectly)

outp(0x64,0xFE);

and how can i get to know more about port numbers and what data to send them and what will they respond?

VirtualAce
01-06-2002, 06:39 AM
Do a search for Ralph Brown's Interrupt Listing. Also when you get there, make sure you get the viewer for it - it's all on the page as you will see. Download the entire thing - about 9 files including the viewer. It is a list of interrupts, ports, memory areas, DMA, PIC, and just about everything else inside your PC. Awesome reference. It will never leave your drive.

I sure post that a lot......perhaps I should get the address for it.