Timer hack!!!

If you have any discover some bugs when you try our software or when you are in operation, please let us know. Please describe the symptom as detail as possible. Thanks!

Timer hack!!!

Postby UfukD » Fri May 07, 2010 10:25 pm

Hi

It's been a long time since i was here because i was very satisfied with the version i used, everything worked well. I had only one fear and that was that someone who knows much about computers can hack the timer. Personally I know 1 way to do it. Today a friend showed me several hacks by which you can alter the timer, stop the timer, even start the computer without throwing in money. I use deepfreeze software. The timer monitor is normally not active on my kiosks. Today he showed me how he alters the timer. So I activated the monitor and let him try again, but the monitor didn't work. He stopped the timer again and the computer didn't restart which it should be because of the monitor.

Anyway, how does he do this all? Very simple, by getting in to the registry and altering the registerkeys of your software.

1. First of all lets begin with the hack of starting the computer without throwing in money. What he does is restart the computer, at the POST screen press f5 to get in to Safe mode of windows XP. The kiosks have two user accounts. One is the standard Administrator account and second an account i made by which the computer starts up normally. In Safe mode he logs of the second user account and logs back in by Administrator, opens up Msconfig and at checks out Weavefuturetimer software from Startup and reboots. When he was doing this i was thinking that it won't work because deepfreeze, but it did work. The kiosk started up, weavefuturetimer started also up with locked screen, after waiting about 20 seconds the timer started up with 1 hour of internet. This is how he starts up without throwing in money.

What we can do about this is, I know from other kiosksoftware I used before I used Weavefuture is that you can somehow block the keyboard usage at the startup of the computer, this way they can't get in the bios or press f5 to get in to safemode of windows. How that software did this, I don't know. Can you find this maybe?

2. How to stop timer? He opens a internet explorer screen. at the address field he writes c: and enters, by this you can get in to the rootdirectory even if you hided the diskdrives in the admin menu of the timersoftware. There he finds in the windows folder the registry and opens the registry key where the timer is being held at that time. He opens the key and puts there a 0 in and presses ok and closes down the registry. At that time the timer is stopped at whatever minute and second it was. Even if the timer monitor is active, the timer doesn't reset. Can you please check on this and fix it. How can we prevent this ?
UfukD
 
Posts: 68
Joined: Sat Sep 08, 2007 9:56 am

Re: Timer hack!!!

Postby josewashingtonjr » Mon May 10, 2010 4:18 pm

Olá! este texto foi traduzido do português para o inglês pelo google translation. Tenho uma sugestão! Porquê você não tenta instalar um aplicativo no seu terminar que proteja as pastas por senha? assim ele não vai ter acesso a pasta do windows! Sobre ele entrar no sistema usando o modo de segurança! aqui onde eu instalei o meu terminal, sempre tem alguma pessoa responsável. (ele liga o terminal e o desliga) e só deixa o cliente usar depois que ele foi ligado. Ficando assim o cliente proibido de realizar qualquer outra função no mesmo. Aqui no Brasil eu utilizo meu terminal em ambientes fechados, com uma pessoa responsável por perto. Geralmente é o dono do estabelecimento. Espero que essa informação possa te ajudar.

Hello! this text was translated from Portuguese into English translation by google. I have a suggestion! Why do not you try to install an application on your end to protect folders password? so he will not have access to the windows folder! About him entering the system using Safe Mode! Here's where I set up my terminal, always has some responsible person. (It connects the terminal and off) and just let the client use after he was linked. Whereupon the customer forbidden to perform any other function the same. Here in Brazil I use my terminal indoors, with a responsible person nearby. Usually it is the owner of the establishment. I hope this information can help you.
josewashingtonjr
 
Posts: 6
Joined: Mon Mar 15, 2010 12:02 pm

Re: Timer hack!!!

Postby UfukD » Tue May 11, 2010 5:02 am

Hi

Jose, the purpose of buying and installing a automated kiosk system is that you DON'T need someone in the neighbourhood to watch the system, it works by itself.

Anyway, I have AGAIN fixed the problem by myself. I blocked the usage of regedit and msconfig by a GPO (group policy). This way the hack doesn't work anymore.

A question to the admin: does the timer work under Windows 7? I'm going to try it this week if I have time to install it on a computer with W7. I hope it works, W7 has more security measures.
UfukD
 
Posts: 68
Joined: Sat Sep 08, 2007 9:56 am

Re: Timer hack!!!

Postby Administrator » Wed May 12, 2010 9:10 am

For kiosk
1. you need to enable the password for each user account, especially the administrator account
2. enable bios password
3. windows 7, 32 bit, does not have problem for AK5. the 64 bit windows 7 or vista need to disable signed driver for every reboot, so it is not good
For 64 bit windows, you need new version coin acceptor AT5,
There is hardware 64 bit windows upgrade kits for AK5 . please send email to sales@weaveture.com ask for price.
Administrator
 
Posts: 386
Joined: Tue Jan 16, 2007 1:38 am


Return to Bugs

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron