Related
2 Factor Authentication for Windows alpha
Hey folks,
this is my alpha preview of my 2Factor Authentication App for Android/Windows.
Disclaimer: By installing this app you will possibly harm your Windowssystem.Expect many bugs in the Phone app, but especially in the Windows app. Use it at your own risk. By downloading the app you agree to this.
This app could make Windows unusable*
*Well, better use Linux or Mac anyway.
What does this app do?
It adds a second screen after you entered your password, asking for a pin. This pin can be generated by your mobile phone and only used once.
The screen will open everytime you login, even after Standby/Hibernate/LockScreen.
Who should use it?
Paranoid people like me, especially these that own a laptop. If someone gets your windowspassword via keylogger or phishing, he still can't login.
In addition you could use the Windows auto-login (loads up all your autostarts) and would be still required to enter a code.
Who shouldn't use it?
People who are working with restricted rights (no Admin/root rights!), as these won't get past the login screen ;-) (might be fixed in final).
People who have multiple accounts on their computer, as every user is required to enter the same pin (will be fixed in final).
People who think this adds an extreme amount of security. Even though it does work in failsafe mode, there are some ways to get around it. If the "bad guy" has physical access to your computer, this is almost as (un-)safe as the Windowspassword.
Installation
Extract all files from the zip to a folder, e.g. C:\IdislikeWindows\. Then run installtion.exe, make sure you run the installer with administrator rights. You need an internet connection for that, so the progamm can generate a QR Code, that you then scan with your phone (apk attached below).
After entering your first generated key you're good to go.
Make sure that you never remove or rename that folder or any files in it!
Removal
Just double click on Uninstall.exe. If you used the graphical login before, select that option. Make sure you run the uninstaller with administrator rights.
What works doesn't work (yet)
- Impress with a fancy UI
- It won't work on Windows 9x (won't be supported)
- Users can still Alt+Tab / Win+R
- Users can still open Taskmanager (this is done for debugging)
- Synchronize if you have to phones
- Multiple Accounts
- Non-admin Accounts
- Phone App stores only one passphrase
... and much more I guess.
Tested on
- Windows XP
For safety reasons, the Windows part won't work after 2nd of July. But I will upload a new version until then
So go ahead, test this app and report many bugs I bet there are a lot. In addition I'm curious if it works on Win7 and Vista as well.
If something goes wrong, you can always start uninstall.exe with your taskmanager.
I'm looking forward for your feedback!
Thanks,
Marc
Update 22/06/2011:
- added Vista/Win7 Manifests
- Ping not done via RawSocket, so it is possible to install on Vista/Win7
- Remote Sessions should trigger 2FA as well.
Screenshots:
forceu said:
2 Factor Authentication for Windows alpha
Hey folks,
this is my alpha preview of my 2Factor Authentication App for Android/Windows.
.......
What does this app do?
It adds a second screen after you entered your password, asking for a pin. This pin can be generated by your mobile phone and only used once.
The screen will open everytime you login, even after Standby/Hibernate/LockScreen.
Who should use it?
Paranoid people like me, especially these that own a laptop. If someone gets your windowspassword via keylogger or phishing, he still can't login.
In addition you could use the Windows auto-login (loads up all your autostarts) and would be still required to enter a code.
......
Click to expand...
Click to collapse
Man, you are a genius, I was really looking for something like this.
One question: does it work over RDP? I have a computer a work (encased in a rack in a renderfarm) and I work by log in with Remote Desktop Connection.
Cool... Will be keeping eye on this one!
daniel.mitran said:
Man, you are a genius, I was really looking for something like this.
One question: does it work over RDP? I have a computer a work (encased in a rack in a renderfarm) and I work by log in with Remote Desktop Connection.
Click to expand...
Click to collapse
It probably won't work, but I will try it today. And I know there is a way to trigger it after someone started a remote session. I guess I will have it coded today or tomorrow
I uploaded a zip, replace the service.exe with the one in your folder and try it. As I posted above, it is not tested, so I don't know if its actually working ;-)
Feedback is always appreciated.
/edit: Sorry for double post
Hey guys, I'm currently using a HTC sensation with the default browser.
The other day a website I was on redirected me to an untrustworthy site which then (via javascript) started an automatic download (virus) I quickly killed my connection and deleted the partial download.
So on my PC I run Google chrome with a "click to play" plugin to avoid rogue javascripts, I am looking for something similar for my phone.
I know chrome is available for my phone however it does not support flash player which is a requirement, I am aware my current browser has a "on demand" option for plugins but I have tested it and it doesn't work.
I tried opera today and couldn't get along with it.
Could anyone tell me the best way to control what gets downloaded from websites on my phone.
Thankyou in advance for any helpful replies. D
I mean, maybe I have been amiss, but I was under the longstanding impression that hijacks, viruses, and all such malware really didn't effect Linux systems. Like, at all.
Well I don't know much about these operating systems but an executable that downloads itself is not something I want on my phone, regardless of its capabilities.
It was an android application package I do not know if its able to extract itself or if it relies on the user to click on it in the download section, don't know what it installs but I'd rather not find out.
To start, this is not yet another SSH Server, it is more complete compared to other SSH daemons available. But of course that's up to you to decide.
Run multiple SSH Servers at the same time and have multiple users with public key authentication! No root is needed!
Here some cool features:
- Multiple users support
- Every user can have a password and/or public key for authentication
- For every user you can set a root directory, allow write access and force stay in the root directory for use in SFTP
- Optionally only allow access from certain IP's
- For every user (dis)allow X11, agent forwarding, inbound connections, outbound connections
- Run multiple SSH and/or telnet servers at the same time
- If you add a telnet server you can even optionally run it over SSL/TLS
- Support for Dynamic DNS so you can always access your server
- Set authorization timeout, idle timeout, maximum authorization requests, maximum concurrent sessions per user
And some more general features:
- Free
- Extensive logging
- Start on boot
- Start/stop on connect/disconnect WIFI network
- The servers can be accessed from the web (for example through your 3G connection) if supported by your mobile network
Notes:
- The Shell access only works on ARM devices, however, SFTP and SCP access works on all devices.
- When you type exit the users session shell will stop but the connection will stay open, untill you close it. That's a little bug we are working on, scroll down if you want to help Normally you wouldn't notice this small problem.
SSH Server can be found on Google Play:
SSH Server on Play
FAQ
How can I get a public key?
Use puttygen to generate a public and private key. Import the public key in SSH Server and use the private key on your side (for example with putty). For more help just ask here.
How come I can't run a server on a port below 1024?
That is a limitation of Android. However, you can try out our app Port Forwarder Ultimate which allows you to access the server on a port below 1024! So you can for example run it on port 22.
If you want to help fix the last bug in the app please continue reading:
The problem:
Typing exit in the shell doesn't close the connection but only the shell. If you close the shell connection everything will be stopped, so it's not a big bug since the app works just fine with it.
How come we can't fix it:
We can detect when the connection is closed, and when that happens we close the sessions shell (if it's still open) using the PID of the process. However, we cannot check whether the process is still running from java android code using the PID. We don't want to run a linux command, we want to check whether the process is still running from pure java (using the PID) since everything works from java. So if you know how to accomplish this please post a reply.
Feedback and questions are welcome so we can improve the app! If you need help, also just post a reply
Thanks.
Looks awesome! Much nicer feature set than other available SSH servers I've used. I know it's a feature to not need root, but would you consider adding in a root option to use port 22? Makes SSH and SCP much easier to use when you don't need to specify the port on the command-line or in a configuration file.
Se7enLC said:
Looks awesome! Much nicer feature set than other available SSH servers I've used. I know it's a feature to not need root, but would you consider adding in a root option to use port 22? Makes SSH and SCP much easier to use when you don't need to specify the port on the command-line or in a configuration file.
Click to expand...
Click to collapse
Ah, good questions, I forgot to add it to the description. The SSH server is fully functioning from java so it works on almost all devices but as you know it also has the limitation that only ports above 1024 can be used. However, I have also released a separate app called Ports Forwarder Ultimate which allows you to forward port 22 to for example 2222 internally. It uses iptables to do so and need a rooted phone.
Port Forwarder Ultimate on Play
Let me know whether that works. I would also appreciate it if you could leave a review on Play or maybe let me know what you are still missing
Hi! Thanks for this great app. I was looking for a multi-user SSH server and I think I got it!
I would like to use your "Force stay in document root" functionality but when I log in with the user I created it does not put me in the right directory (it keeps me in / instead of say /data/local/tmp/user1) and of course I can browse everywhere.
It may be because the app does not have the right to go there? I may try on the sdcard as well?
Thanks.
saidelike said:
Hi! Thanks for this great app. I was looking for a multi-user SSH server and I think I got it!
I would like to use your "Force stay in document root" functionality but when I log in with the user I created it does not put me in the right directory (it keeps me in / instead of say /data/local/tmp/user1) and of course I can browse everywhere.
It may be because the app does not have the right to go there? I may try on the sdcard as well?
Thanks.
Click to expand...
Click to collapse
That's weird, could you try the sdcard as root directory? Let me know whether that does work.
Themuzz said:
That's weird, could you try the sdcard as root directory? Let me know whether that does work.
Click to expand...
Click to collapse
And did that work?
Themuzz said:
And did that work?
Click to expand...
Click to collapse
To be honest, I finally chose to use the dropbear ssh server that gave me everything I needed from the command line (not an app), but I need root access...
saidelike said:
To be honest, I finally chose to use the dropbear ssh server that gave me everything I needed from the command line (not an app), but I need root access...
Click to expand...
Click to collapse
SSH Server also supports root, just change the custom shell start command to /system/bin/su and the app will request root for the shell. Or type su during a session and the shell session will get root.
And if the problem is using a port below 1024 just try Port Forwarder Ultimate (a free app) which can link port 22 to a port above 1024 (which the server is running on).
Are you missing other features as well?
Is anyone else using the app? Does it work ok?
No feedback?
I used your app on a MINIX Neo X5, but it had problems with the auto start (even after changing the auto start options)... Any ideas?
.acy said:
I used your app on a MINIX Neo X5, but it had problems with the auto start (even after changing the auto start options)... Any ideas?
Click to expand...
Click to collapse
You mean with the start on boot? Or what option are you talking about? Let me know!
yes the "start on boot" option
very nice app!
Hi,
I've been using this app recently and like it a lot. I especially like the fact you allow to start the app even if our networking is turned off.
Most other server apps refuse to start when wifi is off, but in my case I often do bluetooth tethering between my laptop and my phone, with all networks off, and this app works! Or I sometimes test by ssh to localhost while in airplane mode. So thank you for allowing the server to start without insisting that network is on, so we have a choice to do what we want to do!
The info button is also fantastic, since tells me all IP addresses on the phone, including the bluetooth tethering IP, as well as the public IP if I'm in a NAT environment! Other apps only tell you your wifi IP and perhaps your mobile network IP, but nothing more.
I also like that you have the option to keep the screen turned on, as well as the scp support (most other ssh apps only have sftp for file transfer).
Finally, the live logging, showing you good and bad password attempts, color coded, as well as the option to vibrate on connection are very cool.
What can I say, I am very impressed, please keep it up! I considered your Ultimate Servers but it's more than I need, and requires too many permissions, so I will keep using your SSH Server app and recommending it to my friends!
One suggestion I have, is maybe you could change the notification icon color when a connection is active, so we can quickly see from the notification bar while the app is in the background, if someone is currently connected.
thanks for a very usefull app
now I can transfer files easily between my pc and my phone (using scp) or have a terminal on my phone with the user interface on the pc (keyboard, screen, mouse, etc ...) (using ssh)
just wanted to say thanks
Remote Commands
Sorry to bump an old thread, but I'm having issues with remote commands.
Getting a shell is no issue, but when I use SSH to issue a remote command, putty or the Debian SSH client errors out. Any idea what I can do to fix that?
Everything else works perfect on my Minix Neo X7.
Thanks for the awesome work!
Themuzz said:
Feedback and questions are welcome so we can improve the app! If you need help, also just post a reply
Click to expand...
Click to collapse
Does it work on X86 Android ? (ZE551ML)
Thanks
Hey guys! I've used the flash hack to enable flash on Chatroulette.com and Omegle.com and I can now access the websites, however I'm unable to get flash to find either the webcam or the microphone. I've gone into the flash settings on each website but flash cannot find either... Is there anyway I get can the webcam and mic to work with flashplayer? Any ideas?
It doesn't show up in devices and printers either!!!
Are you using the desktop or "modern" IE? The latter may be more limited. However, I seem to recall a rumor that the Flashplayer for Windows RT lacks the broker process which let it break out of the Protected Mode sandbox. This is a good thing in most ways (Flash being a steaming pile of security vulnerabilities), but it may make it unable to access the webcam.
You could *try* (I don't recommend this) adding chatroulette to the IE "Trusted Sites" security zone (under Internet Options -> Security), and making sure that Protected mode is disabled for Trusted Sites. This will require that the chatroulette tab be loaded in a separate process (but that's not a problem; IE has been able to handle multiple processes for a long time) and will be running with very low security for that tab, *but* that might just let the webcam be accessed by the Flashplayer plugin.
Thanks for the reply. I have tried adding both sites to "trusted sites" but its actually the Flash software that can't see the devices. I've been into the Flash settings in control panel and it can't find either webcam or microphone, the webcam isn't available in the devices and printer tab either. In all my other machines you can see them in that window. I'm guessing its something driver/Windows RT related. I've tried to get it work in both desktop and metro browsers and no joy at all, its as if its only accessible to trusted apps from the store.
Hello all,
I'm looking for an advanced security feature for my S21 Ultra without success; I'm reaching out to you, and hopefully, you'll have a working solution or thoughts on how to achieve my goal.
The problem:
My phone, like most, has a password manager holding all my accounts credentials, secured notes, crypto wallets, bank applications, and so on; although the phone protected by pin code and fingerprint, it doesn't solve the case of being forced by a law officer or worse, by gunpoint to unlock the phone.
The desired solution:
If any of you are familiar with the Nano Ledger (cold storage crypto wallet), they have implemented a "secret wallet", especially for the case of being forced to enter your pin code by bad actors; it works in such a way you set two different pin code; when using the first one the wallet has one amount, but when using the second pin code the wallet has a different amount, obviously, the bad actor has no idea you used a pin code that gives you access to $100 worth of crypto. In contrast, the other pin code would have given access to a million dollars worth of crypto.
I'm looking for the same behavior with my phone, meaning, if I use one pin code or fingerprint, I'll be logged in to my regular user settings and applications; however, if I'll enter a different pin code or fingerprint, I'll be logged into different user settings and applications.
Many thanks to you all,
Best,
Ram
I don't know an app with this feature. But you can use another (hidden) profile for this.
The "Shelter" app for example uses the built-in Andoid workprofile to run apps in an isolated environment, separated from the apps in the main profile. You can also use (a copy of) the password manager here.
You can easily disable the workprofile and enable it again.
It will not be visible for thiefs or police. Only forensics or persons with some IT-skills that are aware that you are using the workprofile would easily find it and try to force you to unlock it.
FeeMale said:
I don't know an app with this feature. But you can use another (hidden) profile for this.
The "Shelter" app for example uses the built-in Andoid workprofile to run apps in an isolated environment, separated from the apps in the main profile. You can also use (a copy of) the password manager here.
You can easily disable the workprofile and enable it again.
It will not be visible for thiefs or police. Only forensics or persons with some IT-skills that are aware that you are using the workprofile would easily find it and try to force you to unlock it.
Click to expand...
Click to collapse
thank you for your input! i'll defiantly look into that.
I appreciate your time in responding, once again, many thanks!
Best,
RS