Tuesday, May 27, 2008

How to Cheat and Bypass Examsoft....

This guide will show you how to start Microsoft Word to view notes during a live Examsoft test.

-----


UPDATE: THIS NO LONGER WORKS WITH THE CURRENT VERSION OF EXAMSOFT. I WILL UPDATE AFTER FALL 2008 FINALS.


UPDATE 2: Yeah, I'm really not going to update this. I reiterate again, THIS METHOD DOES NOT WORK. Examsoft has addressed this issue. Pictures below do not work.


Sadly my days at Caltech are gone, and I no longer have the luxury of taking finals in bed or at the beach. Caltech has an honor code which makes all finals take home (or if in-class, unproctored). Instructions on which materials could or could not be used and time limits are written on the front of the final, and we were trusted to not cheat.

The thing that I hate the most about law school is the lack of trust. Proctors are hired every term to watch over us like hawks (sometimes making silly demands, but that's another post). No trust in law school. Not only is there a lack of trust, but we are forced to use a horrible piece of software called Examsoft (technically Softest is the client program that is used on student's computer, but most call the program by the name of the software publisher). The California bar also requires the use of Examsoft.

Examsoft is program that reboots your computer into a secure simple word processor. The goal of the software is to prevent the user from accessing any notes or the web in violation of testing regulations. I have seen the software fail many times, forcing classmates to handwrite their finals when they were planning to type. We all hold our breath when rebooting into Examsoft, hoping that it doesn't fail.

Last term (December 2007) I found a way to bypass the security in the program. I promptly reported this to the IT department at my school and nothing was done. This past month I reported this to Examsoft, and I did not get responses beyond a generic reply that they would look into the issue. I am writing this in hopes that by publishing this I am able to force Examsoft to address the security hole and to let them know how unsatisfied students are with their software. This "bypass", really takes no real hacking skills, or security expertise.

DISCLAIMER: I do not condone cheating. I am in no way encouraging anyone to actually use this walkthrough in a real live testing situation. The following is for informational purposes only. Attempting to actually use this guide in a real live situation may result in a report to your state bar examiner's office, which could in turn reject your moral character application. In other words, if you want to be a lawyer, don't do this.

Technical Information

Computer: Macbook Pro 15" (Using Bootcamp)

Operating System: Windows Vista Business (SP1 not installed), with two user accounts created.

Examsoft Version: 8.5

Note: I have not had a chance to duplicate this on a non-Mac computer. It is quite possible that this will only work on a mac. I also would like to apologize for the screenshots, they were taken with a camera since I could not run screenshot taking software while doing this. I tried to minimize glare as much as possible.

Walkthrough

Boot into Examsoft in the usual way. This is the typical window you will see. We should all be familiar with this.
IMG_0113

Type "begin" and access the word processor.

IMG_0120



Press "Ctrl-Alt-Del," the Windows security dialog screen comes up as shown below.

IMG_0124



Click in "Switch User", to get the screen below. In my case I have two accounts "Franklin" which is the account I used to run the exam and the "Guest" account which is currently not logged in.

IMG_0125

Click on "Guest" (or any other account on the computer) to log in that account. Logging in shown below.

IMG_0127

Vista tries to run Examsoft, but since it is already running in the background it will fail and you will get the following error message below ("There was a problem starting Softest. If this continues to occur, please contact Examsoft Support"). This is expected, just click OK.



IMG_0128

No programs will be allowed to start, and all you will see is a blank screen like below.

IMG_0131

At this point press ctrl-alt-del again to get the security dialog screen again (see previous picture). This time instead of clicking on switch user, click on "Start Task Manager." The task manager should pop-up as shown below.

IMG_0133

Click on File>New Task to get the following dialog below.

IMG_0137

Here is the tricky part. Click on browse and find a Word document containing your outline/notes. Press OK. Word opens below as shown.

IMG_0139

You can now read all your notes and refer to them. Now start the process to go back to the exam. Press ctrl-alt-del to see the security dialog screen again and this time click on "Switch User."

IMG_0141



You should see this screen showing two accounts logged on. Click the original account, in my example "Franklin."

IMG_0143

You should now be back at Examsoft, ready to type your answers with a refreshed memory from your notes.

IMG_0145

End of walkthrough.

Final notes

There are some limitations to this method. You cannot copy and paste when switching between accounts. This may be possible with 3rd party software. Also, on my computer it takes between 4-7 seconds to switch between accounts, not an ideal setup with proctors walking around. It will be slower with older computers.

An easier way to cheat would also be to replace the background image of the security dialog screen. This is just an image file in a system folder that can be replaced with an image filled with text/notes. This means that ctrl-alt-del will now show you your notes, no need to switch between accounts.

You could also open up your default browser and access the internet by opening an HTML file instead of a Word file.

The fix to this cheat is easy. Disable the ability to bring up the security dialog screen with ctrl-alt-del.

Again, this is for informational purposes only. Don't be stupid and actually try this during a test. I'm curious to know if this will work on non-mac computers. Feel free to leave comment with your findings or any issues you encounter following this guide.

16 comments:

Michael Rhodes said...

"The fix to this cheat is easy. Disable the ability to bring up the security dialog screen with ctrl-alt-del."

I beliebe this isn't possible to do: Windows prevents any application having access to this key combination, so ExamSoft has no way to disable it and prevent the Switch User screen from appearing.

This is true for Windows XP, at least, and is a (supposed) security feature according to the help file.

From your write-up, it appears ExamSoft replaces the standard Windows shell, meaning it has no priviledged access above a normal user program.

Unfortunately for ExamSoft, the way to solve this issue probably involves not booting into Windows at all.

Rob Styles said...

have you considered simply running examosft in virtual machine?

On your mac the best would be VMWare Fusion, on Windows machines VMWare Player is free.

Just create a virtual windows machine, boot it, make it full screen.

On your mac (if you're running leopard) you can even use spaces to switch quickly (sub 1 second) between screens with a hot key - your notes on one and examsoft on another. I suspect copy & paste may even work that way as well...

I don't have a copy of examsoft to try it.

rob

jhjessup said...

The user agreement for examsoft specifically prohibits running it in an emulator. I'm going to have to buy a full copy of windows just to run this one program for three days.

Franklin said...

-Regardless of the user agreement, I am curious to see if it would work in a virtual os. I heard rumors that the software detects when it's being used in an emulator and refuses to work. This is something that I will have to test at some point.

-michael mentioned that windows will not let a program disable ctrl-alt-del. I am not sure if this is true. I tried to use this method with a windows xp installation back in the days and it didn't work. The key combination did not allow me to switch users. This was a while ago, so I may be mistaken and remember wrong, but something did stop me in XP.

Jeff said...

@Franklin- I believe one needs to have the "switch user" option enabled before this would work.

Otherwise, it's not an option.

About VMWAre Fusion, I read elsewhere that Exam soft knows how to detect it and stops working. I don't know about the other emulators though.

Would anyone happen to know where one can download ExamSoft software?
I don't think it would take very long for an experienced software hacker to crack it. There are so many techniques the curious might want to explore. Then again, Examsoft isn't something that's used everyday so there is little incentive.

kkell said...
This comment has been removed by the author.
Anonymous said...

Exam soft has disabled the control+alt+del action in the current version. The hack seems no longer viable.

Franklin said...

Previous commenter suggested that this no longer works. Do you happen to know the version number and when this version came out?

If this is correct, then I will be happy that they listened to me and fixed this. That was the whole point of my write-up.

Anonymous said...

Another step would be to check the output file for metadata or a keystroke log. They output file might show the switching between accounts.

Franklin said...

Good point anonymous! I will be installing the new version soon and checking to see if this even works anymore.

Anonymous said...

Fascinating discussion. Here is my concern/interest. Is there a way for students to open the exam file after time is up, but before submitting it to the administration? If they can open it, can they edit it? Just a thought. I know the completed exam file is a Microsoft access database, but I cant seem to open it, even with the password. Any thoughts?

Franklin said...

That is worth checking out. This is a hobby for after finals.

UPDATE: The Examsoft makes my bypass methods unless. I will be writing this up in about a week after finals.

Anonymous said...

another question, how can you view examsoft files after they have been turned in? just to view to see how you did, not change or anything?

Anonymous said...

I dont know if this still works but when I was in law school I had a problem with my screen saver popping up when I was in exam soft. It was always pictures of my friends and family. but theoretically if you were to save power point files with your notes on them as jpegs and then set the screensaver to look at those pictures instead of family and friends every time your screensaver came up you would see your notes. This could be dangerous if you dont know about it and have been using this as a way to study by keeping your notes in front of you when your comp goes into screensaver.

Anonymous said...

I was absolutely shocked when I read this, how could they have left such a gaping security hole wide open like this?

Anyways, FYI: This little "exploit" doesn't work anymore with ExamSoft v. 8.9 on Windows 7 Professional.

I HATE, HATE, HATE how they think it's cool to replace both the Logon screen and the logoff screen with their ugly ass logo!!

Anonymous said...

What you might not realize is that there are many features built into the software to catch mischievous behaviour. I'd be REALLY careful about how tampering with the software. It knows who you are.