WTB: a "virus"

[ruski]

Not sure if this belongs in services or goods, but this'll do.

I need 3 programs. One for XP SP3, one for Win 7 and an Android app to control it.

I want it to be able to instantly and unrecoverably BSOD and reset (ie triple fault) the computers if any key is pressed, or a mouse button, once it's activated, from both a locked login screen or an active session. Customisable grace period when activating it, to lock it etc. The Android app is to remotely disable the crasher, return a positive status when active, and alert if it appears to have been crashed.

Max security for the app so the unlock can't be forged, however you feel is appropriate. No back doors, and open legible source is a MUST.

PM me to make a price offer or for more details.

Edit, given discussion below - doesn't have to have an android app controlling it. That was just a bit of wishful thinking. Anything secure will do.

[deslok]

Related?
 https://bitcointalk.org/index.php?topic=41468.0

[ruski]

No, did you read the post?  This is for security vs physical break-in.

[TiagoTiago]

I don't have much to contribute; but i felt like saying i find it interesting you want an automated self-destruct with remote disarming; it's not everyday you see somthing with self-destruct mechanism outside of a scifi setting.


Hm, what if instead of producing an irrecoverable crash, you just had your system running in an encrypted partition, and when the alarm is tripped it just rebooted? This way the attacker would still have no way to read your data (even if they just pulled the power cable before the data could be shredded, in hopes of reading the disks with another machine) but you wouldn't have much trouble getting your machine running again once it's safe again.

[deslok]

If we want to go for self destruct i suggest a thermite charge over the hdd, i'll even make you the thermite(shipped unmixed simply as mettalic poweders packaged seperatly of course)

[ruski]

I dont want the data destroyed, just the comp reset, as encrypted HDs are useless while the computer is running.

[deslok]

I dont want the data destroyed, just the comp reset, as encrypted HDs are useless while the computer is running.

dammit i wanted an excuse to make some thermite

[ruski]

High mesh Al powder is controlled in Australia anyway. It wouldnt even make it past customs 

[deslok]

High mesh Al powder is controlled in Australia anyway. It wouldnt even make it past customs 

What if i was to ship bulk al along with the tools to make high mesh?

[NothinG]

One for XP SP3, one for Win 7

If it takes a hacker 2 programs to allow access for this, then that person sucks...

I want it to be able to instantly and unrecoverably BSOD and reset (ie triple fault) the computers if any key is pressed, or a mouse button, once it's activated, from both a locked login screen or an active session.

Just lock the keyboard?

No back doors, and open legible source is a MUST.

Good fucking luck, maybe if someone where to code it in Delphi you'd have fun reading the source?

PM me to make a price offer or for more details.

I'd like to see the price for this as well.


-----
All this sounds like LogMeIn or something...

[ovidiusoft]

OP, what you really want is a IP remote power device. You can get a dedicated one, or some UPS-es will have this function. It's safer than running any software solution, and it will definitely cost you less than development for what you want.

Also keep in mind that cold boot attacks are easy enough for someone who know what they're doing, so you should make sure that there is at least a 3-5 minutes time frame between the moment that you power off and the moment that someone has access to the computer. Thoroughly secured computer case with no external USB/CDROM access, and having the room secured with a heavy metal door will do. Also, no windows, basement is perfect.

On the other hard, if you need that kind of security you're either completely paranoid, or involved in some deep illegal stuff. Either way, you should get help or "help"

[ruski]

If it takes a hacker 2 programs to allow access for this, then that person sucks...

Win 7 and Win XP are very different. So are the CPUs on each machine. What bluescreens XP may not affect 7, and vice versa.

Just lock the keyboard?

Shit, why didn't I think of that? Anyone bring their own keyboard? And if you mean software, anyone bring something to unlock it?

No back doors, and open legible source is a MUST.

Good fucking luck, maybe if someone where to code it in Delphi you'd have fun reading the source?

I'd say I can read pretty much any language well enough to know what's going where and if there's anything unwanted in it. Hence legible, ie _ is not a variable name.

PM me to make a price offer or for more details.

I'd like to see the price for this as well.

Well, you sound like you know everything, why don't you give me a quote and do it yourself?

@ovidiusoft, I thought of that too, was almost going to build a killswitch myself, but the computers I'm protecting are on 24-7 and not convenient to physically access, so I don't want false alarms killing them and having to go find out what's wrong. Besides, an IP isn't going to know if someone's using it. I'd have to get the alert, notice, connect to it and shut it down myself. This just seems tidier. I can't imagine it costing too much time or effort for someone who knows what they're doing. Doesn't have to be an android app controlling it, anything simple and secure will do.

And yeah, I'm paranoid. Deal with it.

[NothinG]

If it takes a hacker 2 programs to allow access for this, then that person sucks...

Win 7 and Win XP are very different. So are the CPUs on each machine. What bluescreens XP may not affect 7, and vice versa.

I was saying, why not merge the code into one program instead of the split. Worried about the file size?

Just lock the keyboard?

Shit, why didn't I think of that? Anyone bring their own keyboard? And if you mean software, anyone bring something to unlock it?

It's code, there are a few sources that let you hook keystrokes ( C#: http://www.codeproject.com/KB/system/CSLLKeyboard.aspx ) so the user can't use them.
Just unbind them when you want them to be able to use their keyboard.

No back doors, and open legible source is a MUST.

Good fucking luck, maybe if someone where to code it in Delphi you'd have fun reading the source?

I'd say I can read pretty much any language well enough to know what's going where and if there's anything unwanted in it. Hence legible, ie _ is not a variable name.

So, you wouldn't want obfuscated code?

PM me to make a price offer or for more details.

I'd like to see the price for this as well.

Well, you sound like you know everything, why don't you give me a quote and do it yourself?

I've done my fair share of RAT's thank you very much.

[ruski]

Honestly, stop picking it apart. I think I made it fairly clear what I need. Nothing software based, ie a kbd hook, that leaves it running and vulnerable will do. Even if you could just tell me how to do it. In whatever language you like. And I can do the rest re interface.

Also, @ whoever said it was still vulnerable to a cold boot, I know. Anything short of a triple prot fault leaves the comp running with keys in memory. The bioses also do a full mem init on boot, so anyone short of well equipped police wont be able to get anything from it, and they're not who I'm protecting the systems from. Hell, I'm aussie, they cld prob put me in jail indefinitely until I just told them the pw.

[Sekioh]

Well your 'virus' would be the same as a keyboard hook in that regard, it's still software running in background, and an autorunning script off a usb/cd/flash media can run some task killing events if the systems not locked down from power accounts. If it's secure THAT way, then keyboard hook would be still faster and easier to worry about with a remote app for disabling from a password over the local network.

[ruski]

Well your 'virus' would be the same as a keyboard hook in that regard, it's still software running in background, and an autorunning script off a usb/cd/flash media can run some task killing events if the systems not locked down from power accounts. If it's secure THAT way, then keyboard hook would be still faster and easier to worry about with a remote app for disabling from a password over the local network.

I'm betting the first thing anyone would do is plug in a monitor and hit a key to wake it up, if not just unplug it and take it. I did actually give this some thought before I decided to pay somebody to do it. Also, no autorun.  The software side is locked up tight, but if someone knows the login pw it's all over. This is to be like a time delay lock on a safe. Even with the key you can't open it.

[deslok]

Well your 'virus' would be the same as a keyboard hook in that regard, it's still software running in background, and an autorunning script off a usb/cd/flash media can run some task killing events if the systems not locked down from power accounts. If it's secure THAT way, then keyboard hook would be still faster and easier to worry about with a remote app for disabling from a password over the local network.

I'm betting the first thing anyone would do is plug in a monitor and hit a key to wake it up, if not just unplug it and take it. I did actually give this some thought before I decided to pay somebody to do it. Also, no autorun.  The software side is locked up tight, but if someone knows the login pw it's all over. This is to be like a time delay lock on a safe. Even with the key you can't open it.

If they physically take it all bets are off only physical destruction will ensure data safety, look at what we're doing we're running SHA-256 hashes anyone intent on stealing your data is going to remove the hdd and have at it

[ruski]

Sure, if they want to spend a few hundred years at it. This way they don't get it the easy way.

[deslok]

Depends on their capabilities, TH had a good article on passwords and encryption a few months back
http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html
Worth a read if you're worried about security

[Sekioh]

My point was, even a pseudo-'virus' would be in the RAM, and still prone to a reboot into a live-distro of tools or *nix. It's still software and therefore bypassable, your only security if someone was physically at a computer is the drive being encrypted, that is ALL you can do to a computer to protect it from a few minutes of being prepared. Rebooting would even help, you can't hook a virus early enough on to stop booting into safe mode or the recovery console. At that point only way to secure the system outside of encrypted disk is a custom bios layer, and THAT would get expensive.