Foreverrising Blog

May 23, 2010

Defeating the Respondus LockDown Browser

Filed under: Uncategorized — Tags: , , , — foreverrising @ 8:31 pm

Update

I suggest to institutions not to use Respondus. I also suggest if you work for the developer, you should pay me for the workaround this time because your code is lazy.

I have now found a couple more workarounds for this software, just for the record. Well, it’s more of a “Haha, fudge you,” to the developer.

[Original Post]

While installing software for the semester on my home computer, I found a way around the Respondus LockDown Browser. As I don’t natively run Windows on my machine, I was installing it on my guest Windows XP system. Therein lies the workaround.

The browser attempts to prevent the user from opening new windows and keep users from multitasking while taking a “secure” test online. When running Respondus on a virtualized system, the most the browser can do is prevent multitasking on the guest OS, which doesn’t matter when the host OS is capable of doing so.

Try VMWare, VirtualBox, or VirtualPC and install Windows, then install the browser within it. Then pass the knowledge onto teachers to let them know the program is useless unless it is installed on a standalone school PC.

eRock


Update

I deleted the version of the Respondus Lockdown Browser that I had installed in XP inside of VirtualBox, and installed what they said was the ‘new’ version. Trying to run it did result in the message saying something along the lines of “Respondus cannot run in virtualization software such as VirtualPC, VMWare, or Parallels.”

That just tells me they added a function to test the virtual hardware to see if the program is running inside a virtual machine. All that tells me to do is think outside of the box.

If you can’t run an application, why not run a service? Install TightVNC and run a VNC viewer as a service. Then you would be able to connect to the computer that is taking a test and use the functionality of multitasking as well.

Then there is another way as well..

About these ads

18 Comments »

  1. This is an amazing simple idea. I always hated that I couldn’t even change songs that I was playing while taking tests. Thanks for the insight. Next test im absolutely doing this.

    Comment by Andy — June 9, 2010 @ 5:20 am

  2. eRock, have you actually tried this? I quickly tried running Lockdown Browser within VMWare and it immediately detected it when I started the browser. I thought it would be a work-around too, but it’s apparently not.

    Rhegan

    Comment by Rhegan — September 10, 2010 @ 9:33 pm

  3. Yes, this works, but it seems that Respondus uses a couple methods to detect whether it is in certain virtual machines. It works for me in VirtualBox on a linux machine. For more information in regard to VMWare, see http://www.codeproject.com/KB/system/VmDetect.aspx

    Comment by foreverrising — November 11, 2010 @ 3:47 pm

  4. You know this program is pointless. I have a blackberry and another computer. If I really want to cheat then all I need to do is use my phone OR use my other computer. Whoever made this is foolish and our teachers are foolish for using it.

    Comment by Ken — September 8, 2011 @ 7:51 pm

    • There’s money in selling software to people who don’t know any better. Take Microsoft for example.

      Comment by foreverrising — September 8, 2011 @ 10:18 pm

    • not really i stupid concept when they use it in university, in a monitored classroom, not able to pull out blackberry or another computer :P

      Comment by omar khan — March 13, 2012 @ 8:22 pm

  5. Reblogged this on Marian-The-Duke and commented:
    Respondus to this. Such a stupid concept…always a way to circumvent these ridiculous measures…

    Comment by MariantheDuke — January 22, 2012 @ 8:05 pm

  6. Do you happen to have an old link to you’re version of lockdown browser? It doesn’t work with tightvnc for me when it’s ran as service and i’m not quite sure how to change service name or if that would have any affect

    Comment by x — February 17, 2012 @ 11:22 pm

    • I do not have a link to the version that I have. I still have it installed in a virtual machine which I cannot distribute, for obvious reasons. About renaming a service, maybe try this link: http://thomaskrehbiel.com/post/1733-how_to_rename_a_windows_service and please post back. I would change the port number that accepts the connection as well. Default is 5900. Use your head for that part, and remember: this article is more about how you cannot instill integrity with software. :) There are also other ways around this program, which I play with from time to time. Just throw it into a debugger.

      Respondus causes an exception when it loads, and checks to see if the exception is handled normally. If the exception is unhandled (which is the way a regular version of windows would do it), respondus sees that, but if a virtual machine handles the exception, then respondus sees that as a sign that it is in a virtual machine.

      As for how it may be currently checking to see if there is a VNC server installed, I’m not sure. I will probably check into this shortly in the future. Have you tried RDP (Remote Desktop) yet?

      I’m not even going to get into using wireshark in this reply.

      Happy circumvention!

      Comment by foreverrising — February 19, 2012 @ 11:40 pm

  7. Yeah i’ve tried RDP and i know about the vnc port just the current version of lockdown blocks tightvnc,teamviewer etc and also when i changed the service names it still managed to detect some how

    Comment by x — March 1, 2012 @ 11:41 am

  8. Windows 7 and i’m using the latest lockdown brower

    Comment by x — March 1, 2012 @ 12:01 pm

  9. have you had any luck?

    Comment by x — March 5, 2012 @ 7:57 pm

    • No luck. I have other projects going on, but I will explore further soon.

      Comment by foreverrising — March 7, 2012 @ 11:41 pm

  10. have you had a chance to look into it yet?

    Comment by x — June 14, 2012 @ 8:55 am

    • Yes, I am happy to report I was successful. However, realizing that people who develop the software also have searched out this page, I am declining to further post the workarounds. Thus, maybe they will debug their code.

      Comment by foreverrising — August 27, 2012 @ 10:14 pm

  11. Will it detect another laptop running off of the same router??

    Comment by Scott — July 16, 2012 @ 2:59 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: