Cyber Cafe Software Security
by minion
Cyber cafes are popping up all over the world.
The purpose of cyber cafe software is to restrict the user depending on purchases and security purposes. In normal cyber cafes there is usually one server running the server software responsible for managing and serving customers, and the rest run the client software which contacts the server for information like user/password info, item purchasing, time purchasing, etc.
You would think that security would be a huge priority when working directly with the purchase of time and direct money use. Ironically though, cyber cafe software can usually be bypassed with ease.
The piece of software being covered here is Tinasoft EasyCafe, claiming to be "The best Internet Cafe Management Software in the World."
Bold statement, eh?
EasyCafe works like this... On the server is the EasyCafe server software. It handles all EasyCafe connections, user details, socket info, accounts, prices, time distribution, balances, log files, transactions, even food orders! The admin on the server can also get continuous screenshots of any client, send pop-up messages, and some other features.
Now on to the fun stuff, the client software. Careful when testing cafe software. It is extremely easy to lock yourself out of your own computer! There are three files which play a role in EasyCafe's security.
CLIENT.EXE - Client application. Handles server requests, time, orders, billing info, etc.
GUARDIT.EXE - Monitors escape keys (not very well), Task Manager, and other potentially dangerous things.
EASY.CFG - Configuration file for CLIENT.EXE.
CLIENT.EXE doesn't have much fun stuff in it but GUARDIT.EXE and EASY.CFG sure do.
GUARDIT.EXE keeps you from simply being able to Alt+F4 the main login screen. Well, what happens when it can't be started? The program freaks out and closes itself and tells you to contact the system admin!
So how exactly do you get this to happen? It's simple. Just rename GUARDIT.EXE to anything else and then kill the Guardit process.
Killing the process could be a pain if you're trying to use Task Manager, considering that running Guardit closes Task Manager every time you open it, so let's just use CMD.EXE.
C:> rename "C:\Program Files\TinaSofi\EasyCafe Client\Guardit.exe" Guardit.bak C:> tskill Guardit |
Wait a couple of seconds after you type this and you should be prompted with an OK box saying: ERROR:: GUARDIT.EXE CAN NOT BE STARTED..! PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR.
After hitting OK you will be returned to a computer free of the restrictions placed by the server and client software.
It gets easier though.
GUARDIT.EXE is based on time intervals. If you hit Ctrl+Alt+Del and Task Manager pops up, it takes a couple of seconds for Guardit to close it.
Can you see the flaw yet?
Guardit is also what is responsible for making sure the client isn't closed.
Quickly killing Client and then Guardit immediately after will also return you to an unrestricted computer!
C:> tskill Client C:> tskill Guardit |
Believe it or not, there's more.
The configuration file has come back to haunt EasyCafe. The configuration file is where the server's IP address is stored. Simply changing the server's IP to another that's pre set up with unlimited time will obviously bypass what the software had intended.
The file should look something like:
127.0.0.1 — "xQa6$¥]®x""-¢ P3*tcIL2c'UGCIU Tiyfl%o™!6@ 1S H” A4 6<( R?-J Tz Aa¥6¢C AO°?" U6016% '_ 2&-iij-i< "4? 0524 'T3/0¥A aD»? °°>i |
The first parameter, 127.0.0.1, is the server IP address.
A quick change in the configuration and you're done.