19 posts
Location
Australia
Posted 22 August 2015 - 01:05 PM
So, I decided to work on a password utility so that all my computers can be locked. I wanted one that seemed like it was a limited version of the shell so that intruders can have a quick play around and try to exploit it (and fail). Here is a list of all the feature currently implemented:- If an invalid command is entered, it will display "Unknown command. Type 'help' for a list of commands" in red for 2 seconds before rebooting back to the utility
- Working installer
- Commands (shutdown, edit, about, help and unlock)
- Unable to be terminated
- Compatibility with black and white terminals
Prerequisites- Normal or advanced computer
- Running the program on a pocket computer will graphically glitch most things
Installation- Type this command into the terminal:
pastebin run JSkhhZpg
- Read the on-screen instructions and then press Enter/Return to begin setup or F1 to quit
- Enter your password into the black box and press Enter
- Restart the computer (reboot command)
Planned additions- Make the utility act more like the shell where when a command is entered, instead of clearing the screen, it simply scrolls down like the original shell
- Pocket computer compatibility
VideosHere's a YouTube video demonstrating the basic functions of the utility. Please bear in mind that the video is outdated, but the usage hasn't changed.Thanks for reading and I hope you guys enjoy!
Beta testingCurrently, there is public beta testing available. Use
pastebin run hiNKwEnr to beta test Advanced Password Utility.By running the beta tests, I am not responsible for any damages done to your computer, including anything that relates to it such as it's files and the mod itself.
Edited on 10 February 2016 - 11:26 AM
82 posts
Location
France
Posted 23 August 2015 - 09:00 AM
It's very nice looking. I think this is the best looking implementation of a password system I've ever seen yet. I find it sad that you didn't implement encryption and prevented terminating the program though. It renders it useless !
You can use this api to hash passwords:
http://regex.info/code/sha1.lua(
Don't forget to use a salt)
And simply doing this:
local temp = os.pullEvent
os.pullEvent = os.pullEventRaw
Will fuck up the OS enough that it won't be able to register ctrl+T calls.
And of course to revert it you can do
os.pullEvent = temp
once the access has been granted.
Edited on 23 August 2015 - 07:43 AM
1583 posts
Location
Germany
Posted 23 August 2015 - 10:38 AM
It's very nice looking. I think this is the best looking implementation of a password system I've ever seen yet. I find it sad that you didn't implement encryption and prevented terminating the program though. It renders it useless !
You can use this api to hash passwords:
http://regex.info/code/sha1.lua(
Don't forget to use a salt)
And simply doing this:
local temp = os.pullEvent
os.pullEvent = os.pullEventRaw
Will fuck up the OS enough that it won't be able to register ctrl+T calls.
And of course to revert it you can do
os.pullEvent = temp
once the access has been granted.
Or you just don't use os.pullEvent. Instead you could use coroutine.yield or os.pullEventRaw.
82 posts
Location
France
Posted 23 August 2015 - 11:03 PM
I don't get it. Isn't the OS is responsible for the termination of running programs with CTRL+T ?
Changing the pointer to the pullEvent function to something else looks like the only way to do it to me since it seems to use that
Edited on 23 August 2015 - 09:05 PM
1583 posts
Location
Germany
Posted 23 August 2015 - 11:24 PM
I don't get it. Isn't the OS is responsible for the termination of running programs with CTRL+T ?
Changing the pointer to the pullEvent function to something else looks like the only way to do it to me since it seems to use that
Nope. pullEvent is a wrapper for pullEventRaw (wrapper for coroutine.yield) which just adds termination. If you don't use it in your script, it is not able to terminate it. Changing os.pullEvent just makes it more convenient because you don't have to change anything in your code to prevent termination.
19 posts
Location
Australia
Posted 24 August 2015 - 02:11 AM
The next version of the program will have these additions:
- Ctrl+T will no longer work
SHA1 enryption with some salt (Mm.. finger lickin' good)- AES Encryption by SquidDev will be used for encryption
- Patch setup bugs
- Setup doesn't reboot or clear screen once done
- Setup installs the program before the user decides to install it
- "Note: Press Enter to continue" is false and comes up after the password is already entered
I will be fixing the main program more in the version after, but it should work after I finish the above changes.
I would also like to say that you have my permission to use this utility in your own operating system, as long as the following criteria are met:
- You have asked me about it either through Reddit (reddit.com/u/Djinnibone) or through this thread
- You credit me either in your operating system thread or in the OS itself.
- You don't alter the code in any way, shape or form
Edited on 25 August 2015 - 11:45 AM
19 posts
Location
Australia
Posted 27 August 2015 - 08:04 AM
Version 1.1 changelog
- Fixed a bug allowing the program to be terminated, rendering it useless (thanks @Yarillo)
- Fixed some setup bugs including not clearing the screen or restarting once complete, "Press Enter to continue" message coming up too late and a few more
- Fixed an annoying feature where the computer would reboot after most commands were entered (excluding reboot)
I wasn't able to implement an encryption API yet mostly because the APIs I found would either not encrypt or encrypt, but not decrypt. If you could help me on that, that would be awesome!
Hope you enjoy the update!
Pastebin Codes- Program:
LRyGYzvs- Setup:
RErAPuG3Edited on 27 August 2015 - 06:07 AM
82 posts
Location
France
Posted 27 August 2015 - 06:32 PM
Nope. pullEvent is a wrapper for pullEventRaw (wrapper for coroutine.yield) which just adds termination. If you don't use it in your script, it is not able to terminate it. Changing os.pullEvent just makes it more convenient because you don't have to change anything in your code to prevent termination.
No, I still don't get it. You don't need to use either pullEvent or pullEventRaw to implement CTRL+T termination. It's handled in the background by something that uses os.pullEvent() to detect termination. Such a code can still be terminated by standard means.
while true do
sleep()
end
So what do you mean by
If you don't use it in your script, it is not able to terminate it.
?
3057 posts
Location
United States of America
Posted 27 August 2015 - 07:12 PM
If you don't use os.pullEvent or any function that calls os.pullEvent (sleep is one of them), the script can't be terminated. The os.pullEvent function is responsible for terminating the script. Other functions can call os.pullEvent, which will make the script terminatable, but os.pullEvent is the culprit.
From bios.lua
function os.pullEvent( sFilter )
local eventData = { os.pullEventRaw( sFilter ) }
if eventData[1] == "terminate" then
error( "Terminated", 0 )
end
return table.unpack( eventData )
end
1583 posts
Location
Germany
Posted 27 August 2015 - 07:59 PM
If you don't use os.pullEvent or any function that calls os.pullEvent (sleep is one of them), the script can't be terminated. The os.pullEvent function is responsible for terminating the script. Other functions can call os.pullEvent, which will make the script terminatable, but os.pullEvent is the culprit.
From bios.lua
function os.pullEvent( sFilter )
local eventData = { os.pullEventRaw( sFilter ) }
if eventData[1] == "terminate" then
error( "Terminated", 0 )
end
return table.unpack( eventData )
end
Thanks for explaining what I were not able to ^^
82 posts
Location
France
Posted 29 August 2015 - 06:15 AM
If you don't use os.pullEvent or any function that calls os.pullEvent (sleep is one of them)
164 posts
Posted 31 August 2015 - 01:09 PM
Umm, AES encryption?
That's WILDLY insecure for passwords - you HASH a password, not encrypt it. Use SHA256 (I have the API in my program -
http://pastebin.com/8fyFyw3B line 15-197) and a salt.
Edited on 31 August 2015 - 11:09 AM
19 posts
Location
Australia
Posted 01 September 2015 - 01:03 AM
Umm, AES encryption?
That's WILDLY insecure for passwords - you HASH a password, not encrypt it. Use SHA256 (I have the API in my program -
http://pastebin.com/8fyFyw3B line 15-197) and a salt.
I never was able to implement a working encryption API, but yours seems to work pretty good. You don't mind if I use your SHA256 code and credit you in the next update of this program?
Edited on 01 September 2015 - 05:42 AM
19 posts
Location
Australia
Posted 05 September 2015 - 12:06 AM
Version 1.2 changelog
- Fixed a few bugs
- Messages no longer display one line under where they should be
- And more.
- Reduced all the times for displaying messages
- Implemented compatibility for black and white terminals
- (Half) implemented a confirm password system
- Only works on black and white terminals
- Changed how logging in works slightly
- May revert back in the future
If you find any bugs, please report them ASAP. Thanks for reading and I hope you enjoy the update!
Pastebin Codes- Program: tvYEAjbq- Setup: JSkhhZpgEdited on 04 September 2015 - 10:07 PM
19 posts
Location
Australia
Posted 10 February 2016 - 12:32 PM
Beta testing now available
Currently, there is beta testing available to the public. Please note that things may change overtime and you may encounter bugs. If you do encounter a bug, please let me know as soon as possible on this thread.
Once you install Advanced Password Utility Beta, you agree that I am not held liable for any damages done to your computer, it's files or anything relating to them. You also agree to never redistribute or publically alter any part of this Program without direct permission from the author.
To install Advanced Password Utility Beta, use the command pastebin run hiNKwEnr.
I will be implementing some other features such as an updater, encryption and so many other things as development goes on.
Current Beta version
2.0 Beta Build 1