------------------------------------

Application: Keys Off 1.3
Bug description: Allows user to set the Keys Off prefs to it's defaults.
Tested on: Power Mac running system MacOS 7.6, Centris running MacOS 7.5.3
Author: <System Cowboy> "Syscowboy@Excite.com"

------------------------------------

What is Keys Off?

Well most of you will probably now what it is but for those of you who don't hears a brief description. Keys Off is a cool little control panel that will let you disable the keyboard from being used with out the correct password being entered. It has many features that make it extremely secure e.g. disable shift key, lock keyboard on start up and loads of other stuff.

Bug description

Allows the attacker to reset the Keys Off prefs to it's defaults so that it will not run automatically on start-up and the password will be set to 'a'. How does it work, well basically you write a CD that will let an application boot up automatically, the program is the one I have included with this file called 'KeyKilla'. When the program runs it will delete the Keys Off prefs, then you kill the power to machine. Know when keys Off loads on start-up it will think it has been run for the first time and it will create it's default prefs.

 

How to exploit it

First you need a CD-Writer and the software (I used Toast), if you don't have these get them or borrow them.

Setting up toast (If you aren't using toast read the following and then try and set your CD writer software to the equivalents). First go to the Format menu and select 'Mac Volume' (see below)

 

Know copy keykilla to a floppy disk, this is just to make the copying process faster, if you like you can copy a hole volume but it's up to you. Click on the Data button and set the volume to be copied as the floppy you have just copied KeyKilla to. You need to know set the file you wish to boot up when the CD is loaded, Check the AutoStart box and select Keykilla. Click OK and your ready to write your CD.

Once your CD is written should be able to brake into any computer that is running Keys Off, this is how.

Using your CD

This depends on a few things:

If the computer is shutdown then you need to reboot the computer with the CD in the CD drive, the computer should boot up as normal, once the desktop has loaded then so should our CD, you will probably find that the Keys Off Screen saver thing will still boot up but this doesn't matter. Know we need to get the computer to shutdown and because we can't use the keyboard we have to just turn the power off (pull the plug). Know reboot and you shouldn't have any trouble getting in to the system.

Know if you find that when you get to the victim computer Keys Off is already running you can do pretty much the same as above but you don't need to start up with the disk in just put it in the CD drive. Sometimes if the screen saver thing is running then the disk wont mount so you need to force your way to the finder by hitting Command+powerkey (these keys are not disabled by keys Off) the Apple debugger box should pop up, type in G FINDER, this will take you to the finder and should crash that screensaver.

 

Problems that may occur

If you restart the Mac and that message box pops up saying that the computer was shutdown improperly then your fucked, there is no way around this because you can't click on the OK box so you will just have to leave it until another day.

 

Solution

Turn off Quicktime autoloader feature, it's as simple as that.

 

 

EOF

well I hope this helps you in some way or another and please tell me if you got it working or not and on what system because I will post the results on my site. I think that this little bug may effect many other security applications but i am looking in to that right know. Thanks to all.

© Cowboy Corp 1999