View Demo Video
Example_2.mp4
This repo allows you to run the Respondus Lockdown Browser in an isolated sandbox, completely bypassing its “security measures.” Usually, the Lockdown Browser blocks you from running it if it detects that it is being virtualized. However, this tool bypasses the detection, allowing us to virtualize it.
First, I am uncomfortable installing random software on my computer. I only install software that is open source or from a trusted publisher, and this software is neither.
Second, the Lockdown Browser is essentially indistinguishable from malware. Read the following list of documented behaviors and see how similar these behaviors are to actual malware.
- They recommend disabling your antivirus software.
- The only way to exit it is to physically power off your computer.
- It disables the Task Manager.
- It tracks all open software.
And, of course, there are privacy issues. Cheating is no doubt an issue, but school-mandated surveillance software is a step too far. This is the most significant issue. I strongly recommend reading the following links from the EFF, a non-profit that focuses on defending digital privacy.
- Proctoring Apps Subject Students to Unnecessary Surveillance
- Students Are Pushing Back Against Proctoring Surveillance Apps
- Senate Letter to Proctoring Companies
This tool is not designed to facilitate cheating. Instead, I built it for two purposes:
First, it is designed to show school administrators that the Lockdown Browser is entirely ineffective. Respondus claims that it is the “gold standard” and that it cannot be bypassed, but that is false. I, a random University student, bypassed the Lockdown Browser in a single day. This removes all of the (supposed) benefits of the Lockdown Browser, and thus makes the issues look even worse.
Second, it is designed to prevent students from having to install invasive spyware on their personal computers. Sometimes, administrators won't listen and will still force the Lockdown Browser on their students. This tool allows you to run the Lockdown Browser in an isolated sandbox, thus preventing the Lockdown Browser from modifying or spying on the rest of your computer. This tool is designed to run in the Windows Sandbox, but users should be able to adapt it to run in other Virtual Machine software quickly. This is especially valuable for Linux users since the Lockdown Browser does not run on Linux and otherwise refuses to run in a VM.
Finally, this tool allows you to take screenshots of the Lockdown Browser. Typically, the Lockdown Browser prevents you from taking screenshots of its window; however, this tool bypasses that restriction by running it inside the Windows Sandbox. Taking screenshots can provide accountability since otherwise, nothing guarantees that no one changed your answers after you submitted your test.
This repository does not contain any materials belonging to Respondus Inc. You must supply your legally-acquired Lockdown Browser .exe yourself. Any supporting and auxiliary files were either created by myself or gathered from various OSS projects with proper attribution. This project is not endorsed by Respondus Inc. or anyone except myself.
This project is intended merely as a proof-of-concept. While this tool could be used to facilitate cheating, this is not my intent. Any consequences of using this tool in a real exam are entirely your responsibility.
Also, I'd like to point out that Respondus has explicitly granted permission for this type of research. From their website:
Hacker Tested, Market Approved – Hundreds of universities and schools around the world use LockDown Browser. It seems that at least one person (or team) at each institution makes it a quest to “break out” or beat the system. Some of the best minds have taken our software to task over the years, and we’ve addressed each issue that’s been raised. (Yes, you have our blessing… go ahead and see if you can break it.)
- Windows 10 Pro or Enterprise
- Visual Studio C++ Tools
- (Make sure to include the “MSVC C++ build tools” and “Windows SDK” components.)
- git
Make sure to clone the repository and run build.ps1. Then, install the Windows Sandbox. That's it!
-
Build the project as shown above.
-
Download the Respondus Lockdown Browser and place it in
runtime_directory\. -
Double-click
Sandbox.wsb(it’s inruntime_directory\)(Alternative) If you want to pass your microphone and camera to the Lockdown Browser, run
Sandbox-with-Microphone-Camera.wsbinstead. -
Go to your test and open it. The Lockdown Browser will launch, and you can then use it to complete your test.
This tool does not support having the Lockdown Browser update itself. Instead, whenever an update is available for the browser, you should download a fresh installer from wherever you originally downloaded it. The URL should be similar in format to:
https://download.respondus.com/lockdown/download7.php?id=XXXXXXXXX
If the Lockdown Browser fails to launch, do not double-click the file on the VM's desktop. Instead, open a PowerShell prompt inside the VM and run:
cd C:\Users\WDAGUtilityAccount\Desktop\runtime_directory\
.\withdll.exe /d:GetSystemMetrics-Hook.dll "C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe"Of course, this is usually symptomatic of another issue, so please make sure you have followed all the earlier instructions.
If you have made sure that you have followed all the instructions, please feel free to open a new issue. Ensure you include any error messages and your Lockdown Browser version.
This repo consists of simple tools cobbled together into a coherent package.
The Lockdown Browser detects a few BIOS-related registry keys in HKLM:\HARDWARE\DESCRIPTION. Therefore, sandbox_run.ps1 deletes these keys/values.
When the Lockdown Browser detects that VmComputeAgent.exe is running, it realizes it is in a VM and refuses to launch. This program is part of the Windows Sandbox, and cannot be stopped without crashing the VM. However, when the Browser checks all the running programs, it also opens and examines each image file. If sandbox_run.ps1 deletes the image file, the Lockdown Browser acts as if the program isn't even running.
The Lockdown Browser calls GetSystemMetrics(SM_REMOTESESSION) to determine if it runs in an RDP session. Since this function is in user32.dll, there aren’t any trivial ways to fix this. However, Microsoft Detours allows you to intercept and replace any function in any .dll. A small hook (GetSystemMetrics-Hook.cpp) is used with Detours to intercept the function call and return a false value.
Because this tool runs in the Windows Sandbox, no state is retained between sessions. Therefore, this tool provides a scripted installer for the Lockdown Browser. The Lockdown Browser’s installer is a little tricky to script, so the installation is a little hacky, but it works. And again, the Sandbox is completely isolated from the rest of your system, so the Lockdown Browser cannot cause any harm to your computer.
All code is licensed under the Mozilla Public License, version 2.0 or greater. The documentation is licensed under CC-BY-SA, version 4.0 or greater, in addition to the MPL. The Detours submodule has an MIT licence as detailed in Detours/LICENSE.md.
In addition to the formal licence terms, I would appreciate it if users do not distribute any binaries: I intend for this project to be merely a proof-of-concept, and any binaries circulating on the internet diminish this status. Of course, you are well within your rights to ignore this request, but I would appreciate it if you respect my wishes. Thanks!
