View Demo Video
Example_2.mp4
This repo allows you to run the Respondus Lockdown Browser in an isolated sandbox, thus completely bypassing its “security measures”. Normally, the Lockdown Browser blocks you from running it if it detects that it is being virtualized. However, this tool bypasses the detection, allowing us to virtualize it.
First, I am uncomfortable with installing random software on my computer. As I rule, I will only install software that is Open Source or that is from a trusted publisher. This is neither, so I am naturally a little uncomfortable installing it.
Second, the Lockdown Browser is essentially indistinguishable from malware. Read this following list of documented behaviors, and see how similar these behaviors are to actual malware.
- They recommend disabling your antivirus software.
- The only way to exit it is to physically power off your computer.
- It disables the Task Manager.
- It tracks all open software.
And of course, there are the privacy issues. Cheating is no doubt an issue, but school-mandated surveillance software is a step too far. As far as I am concerned, this is the most significant issue. I strongly recommend reading these following links from the EFF, a non-profit who focuses on defending digital privacy.
- Proctoring Apps Subject Students to Unnecessary Surveillance
- Students Are Pushing Back Against Proctoring Surveillance Apps
- Senate Letter to Proctoring Companies
This tool is not designed to facilitate cheating. Instead, I built it for two purposes:
First, it is designed to show school administrators that the Lockdown Browser is entirely ineffective. Respondus claims that it is the “gold standard” and that it cannot be bypassed, but that is clearly false. I, a random University student, managed to bypass the Lockdown Browser in a single day. This removes all of the (supposed) benefits of the Lockdown Browser, and thus makes the issues look even worse.
Second, it is designed to prevent students from having to install invasive spyware on their personal computers. Sometimes, administrators won't listen and will still force the Lockdown Browser on their students. This tool allows you to run the Lockdown Browser in an isolated sandbox, thus prevent the Lockdown Browser from modifying or spying on the rest of your computer. This tool is designed for to run in the Windows Sandbox, but users should be able to easily adapt it to run in other Virtual Machine software. This is especially valuable for the Linux users since the Lockdown Browser does not run on Linux and otherwise refuses to run in a VM.
This repository does not contain any materials belonging to Respondus Inc. You must supply your legally-acquired Lockdown Browser .exe
yourself. Any supporting and auxiliary files were either created by myself or gathered from various OSS projects with proper attribution. This project is not endorsed by Respondus Inc., nor by anyone except for myself.
Also, Respondus has explicitly granted permission for this type of research. From their website:
Hacker Tested, Market Approved – Hundreds of universities and schools around the world use LockDown Browser. It seems that at least one person (or team) at each institution makes it a quest to “break out” or beat the system. Some of the best minds have taken our software to task over the years, and we’ve addressed each issue that’s been raised. (Yes, you have our blessing… go ahead and see if you can break it.)
- Windows 10 Pro or Enterprise
- Visual Studio C++ Tools
- git
Clone the repository, then run build.ps1
. Then, install the Windows Sandbox. That's it!
- Build the project as shown above.
- Download the Respondus Lockdown Browser and place it in
runtime_directory\
. - Double-click
Sandbox.wsb
(it’s inruntime_directory\
) - Wait. It’ll take about a minute, but eventually the Lockdown Browser will open, completely automatically.
This repo consists of a few fairly simple tools cobbled together into a coherent package.
The Lockdown Browser detects a few BIOS-related registry keys in HKLM:\HARDWARE\DESCRIPTION
. Therefore, sandbox_run.ps1
deletes these keys/values.
The Lockdown Browser calls GetSystemMetrics(SM_REMOTESESSION)
to determine if it is running in and RDP session. Since this function is in user32.dll
, there aren’t any trivial ways to fix this. However, Microsoft Detours allows for you to intercept and replace any function in any .dll
. A small hook (GetSystemMetrics-Hook.cpp
) is used with Detours
to intercept the function call and return a false value.
Because this tool runs in the Windows Sandbox, no state is retained between sessions. Therefore, this tool provides a scripted installer for the Lockdown Browser. The Lockdown Browser’s installer is a little tricky to script, so the installation is a little hacky, but it works. And again, the Sandbox is completely isolated from the rest of your system, so the Lockdown Browser cannot cause any harm to your computer.