Bypassing the Windows Lock Screen

Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.

[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.

First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.

[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.

Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.

Apple ][ Graphics as your Screensaver or Second Screen


Hipsters rejoice, you can actually make those high-tech IPS panels look like crap. Really nostalgic crap. [Kaveen Rodrigo] wrote in to show how he displays weather data as his Apple ][ emulated screensaver.

2014-07-08-234300_1366x768_scrotHe’s building on the Apple2 package that is part of the xscreensaver available on Linux systems. The program has an option flag that allows you to run another program inside of it. This can be just about anything including using it as your terminal emulator. [Adrian] recently sent us the screenshot shown here for our retro edition. He is running bash and loaded up freenet just to enjoy what it used to be like in the good old days.

In this case, [Kaveen] is using Python to pull in, parse, and print out a Yahoo weather json packet. Since it’s just a program that is called when the screensaver is launched, you can use it as such or just launch it manually and fill your second monitor whenever not in use.

We gave it a whirl, altering his code to take a tuple of zip codes. Every hour it will pull down the data and redraw the screen. But we’ve put enough in there that you’ll be able to replace it with your own data in a matter of minutes. If you do, post a screenshot and what you’re using it for in the comments.

Continue reading “Apple ][ Graphics as your Screensaver or Second Screen”

Kindle hack adds value to the wallpaper

What if your Kindle displayed useful information as the “screensaver”? Now it can thanks to this extension of the Kindle weather display hack we covered a year ago. [Pablo Jiménez Mateo] figured out how to display time, date, weather, and tasks as his Kindle wallpaper while retaining the original functionality of the device as an ePaper reader.

The hack isn’t strictly standalone. Like the Kindle weather station hack on which it is based, you need a computer to act as the server. We see this as a good thing. The server generates a vector graphic which is used as the Kindle screensaver. This process of scraping and packaging the data is just too much for the computing power of the Kindle alone.

Now that [Pablo] got this working without disrupting the normal function of the device, you can remix the hack with your own information sources by working with the server-side code. For those that aren’t familiar with the Linux commands needed to get the Kindle ready, don’t worry. This is reasonably non-invasive. You do need to Jailbreak your device. But once you do, the steps used simply load a small script to grab the images.

Custom screensaver on the non-touch Kindle 4

[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.

Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.

After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980’s.

Continue reading “Custom screensaver on the non-touch Kindle 4”