Convincingly "breaking" a system for a non technical user

Question

For various reasons out of scope for Super User, I've been tasked with temporarily disabling one of my own systems. I have full admin control and own this system. It’s running Windows 7 SP1. I want to do this right—something believable, deniable and artistic. I took a look at these, but most of them aren't deniable.

Ideally, I'd like something I can trigger off at a scheduled time, and seem like a hardware error—BSODs, random reboots and the like, or random connectivity issues. I'd also like to be sneaky and not actually be at the system when this happens (I have a few hours to get this working, but I'd rather not actually be at the system when all hell breaks loose). How would I do this? I'd like to get the semblance of random errors, often enough to be annoying, rather than take down the system. I don't need it to pass muster with a technical user, I just need to have it as annoyingly broken as possible.

How would I do this?

Answer 1

The command line interface for the DiskCryptor Open source partition encryption software includes a -bsod parameter, the wiki says it will

Erase all keys in memory and generate BSOD

(emphasis mine).

You can use Windows Task Scheduler to schedule its execution at a given time, and it should generate a BSOD as desired. I have not tested this solution, as I am not currently on Windows, but it is stated to work in 32 and 64 bit versions of Windows 2000, XP, Server 2003, Vista, Server 2008, and 7.

But don't stop at that:

You can use this reboot tool to display custom cryptic-looking messages that ask for a reboot and perform it after X seconds. Set X to a really low value. Set multiple events in the Task Scheduler. Alternatively, use a reboot tool that will display no message, or the builtin shutdown function.

Finally, there is also NotMyFault

Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems.

Answer 2

An AutoHotKey script I often used during dorm parties to stop drunk people messing with my PC while keeping it on for music.

a::return
;...
; repeat for other lowercase letters
z::return
A::return
; repeat for other uppercase letters
Z::return
1::return
;...
0::return

f1::return
;...
f12::return

LButton::return
RButton::return
MButton::return
#::return
#r::return
Delete::return
Enter::return
^!Delete::return
^+Esc::return
Space::return
LWin::return
!f4::return
Up::return
Down::return
Left::return
Right::return

;hold appskey and press z and 9 to unlock
;picked those three because they are far away from each other and unlikely to be pressed simultaneously even when buttonmashing
appskey & z::
  If GetKeyState("9","P")
  Suspend
  ExitApp
return

Put it in autostart and the computer will not react to any input (all buttons are remapped to do nothing, all you can do is move the mouse). The only way to fix it is to restart Windows in safe mode with autostart disabled or by knowing the secret combination.

There is another way by using:

f11::blockinput,on
f12::blockinput,off

But it might require admin privileges (and therefore can be simply chosen not to be executed when prompted after a restart) plus it does not disable Ctrl+Alt+Del.

Answer 3

How about BlueScreen? This screensaver was running once on a PC of a colleague. The crash was so convincing that I resetted his PC while he was away. I thought I do him a favor by not letting himself wait for the boot process :-)

Running Notmyfault /crash should also generate a BSOD. Be sure to configure Windows not to reboot, so that it actually shows the blue screen.

This piece of C++ code runs 8 threads in realtime priority, so it should cause a 100% CPU hang even on modern i7 processors. You can do nothing but press the reset button.

void WasteTime()
{
    int priority = 15;
    ::SetThreadPriority(::GetCurrentThread(), priority);
    while (true)
    {
    }
}
int _tmain(int argc, _TCHAR* argv[])
{

    ::SetPriorityClass(::GetCurrentProcess(), 0x100);
    for(int i=0; i<7; i++)
    {
        LPDWORD threadid = 0;
        ::CreateThread(NULL, 64*1024, (LPTHREAD_START_ROUTINE)&WasteTime, NULL, 0, threadid);
    }
WasteTime();

return 0;

}

Answer 4

Well, this is something you don't see often on SU. To stage a real BSOD on a computer, use the kbdhidregistry key. The complete article where I am finding this is at http://pcsupport.about.com/od/tipstricks/ht/makebsodxp.htm Note that you have to use Ctrl+Scroll Lock to initiate the actual BSOD following those instructions. That's not an issue, if you couple this with task scheduler functionality and VBScript or other scripting. Using VBScript, you can simulate keypresses. So, at the time you want everything to happen, call such a VBScript file, simulate the Ctrl+Scroll Lock keypress, and you have a BSOD. Also, this BSOD has "MANUALLY_INITIATED"or something along those lines, but a non-technical user probably wouldn't notice that.

If you just want pesky little hardware errors that are annoying but not system fatal, you can probably script with VBScript to disable hardware interfaces here and there. I have personally played around with scripts that repeated turn on and off the Num, Cap, and Scroll locks, another that repeatedly opens and closes the CD drive, another that doesn't let the CD drive open, inverts the mouse, changes the keyboard layout, changes the color depth, changes the language, etc. Such scripts can be found pretty easily on the Internet (or a basic understanding of VBScript is all that is needed). Note that once such a script is enabled, the Script Host must be ended from the Task Manager for the effects to wear off, or you must log off/log back in or restart the computer. Proceed down this route with caution. Once you have all of your scripts, BSOD programs, or whatever stuff you want to deploy, simply use the task scheduling function built into Windows to schedule the stuff to run, and then just sit back and watch.

Answer 5

Connectivity could be done easily with a couple of batch files; one to ipconfig /release and one to ipconfig /renew at pre-determined times, scheduled in the windows task scheduler. There is even a checkbox on the 'Create Task' window at the lower left, for making the task hidden!

Answer 6

Easy… just delete C:\WINDOWS\SYSTEM32\ . It has the added benefit of improving your network speeds!

Answer 7

Just for kidding:

• Do a 'printscreen' of desktop. Then remove all icons, and put that image as wallpaper. The only device that can be damaged doing this, will be the mouse ...
• Replace every system sound from a 'Burp.wav'.

Good luck

Answer 8

System freezing is typically an annyoing behavior, especially when it's random.

Using devcon (and Sysinternal's psexec to access remotely if needed) you could do things like remove the USB root controller drivers. This would inexplicably disable any input devices such as mouse and keyboard until next reboot. You may have to disable trackpad drivers as well if this is a laptop.

Answer 9

Create a blank VB.Net form with WindowState set to Maximized and start up as maximized.

Then set formBorderStyle=None, and set its backcolor to Medium blue.

Set the following in the form load

me.TopMost = True    ' makes hover over top of normal windows.
me.ShowIcon = false  ' hide from user
me.ShowInTaskBar = false   ' hide from user
me.windowstate = Maximized ' Fill the screen

Add a timer with a short interval with code to bring the form to the top every 100 ms

me.BringToFront

Basically it will create a blue blank screen with no way to switch between apps (even with Ctrl+Tab)

Schedule it to run via task scheduler, or have it run on login and keep the form invisible for a random time then make it show.

You can also add some creative text or image to it easily.

Answer 10

You can just ssh into the box, and do pretty much anything from the command line. Want to reboot the pc? 'shutdown.exe /r'. I'm sure you can work some things out. A big plus for me would be that you can watch from a distance and improvise according to the behaviour of your victim(s). Super evil, but ooh so much fun :D

Answer 11

It may be too simple, but why not simply schedule "shutdown /r" in Windows Task Scheduler. Using the correct switches you can force it to reboot with no prompting. You can also set it to kick off an hour after the user connects to the local system. You should be able to remotely connect to that computer through your Task Scheduler to set it up as well.

Answer 12

• Screen
  • Set the screen resolution to the lowest it'll go
  • Turn on high contrast mode
• Mouse
  • Set the mouse to left handed mode (or vice-versa)
  • Change the pointer speed to either very high or very slow
  • Change the double click speed to to either very short (hard to double click) or very long (should cause long delays after each click as the system waits for a second click)
  • Turn on click lock
• Keyboard
  • Turn on sticky keys
  • Change the keyboard layout (from US to UK or vice-versa is good: it'll mostly work as expected, but the user will have some fun if their password contains any of the symbols that switch position between the two layouts)
• Desktop
  • If you want to pin the blame on a virus or similar, create a simple image in paint with a few words like "You have a virus" or similar and set it as the wallpaper
  • Take a screenshot of the desktop and set it as the wallpaper. Then move all the icons around. Repeat a few times. Then turn off "Show desktop icons".

This perhaps isn't as subtle as causing random network outages, but to a non technical user it will likely appear that the computer is "broken". If you're happy having it pre-broken by the morning rather than triggered at some point during the day then this might do the job.

Warning: you will need to think about the order in which you apply the, as they get progressively harder to apply with each change. It will also take you a little time to "fix" the computer afterwards.

Answer 13

What about disabling CPU cooling until it would run slow for throttling or would totally freeze ? SpeedFan is not opensource but maybe you'd be able to find a tool like that, having support for different mainboard chip and knowing how to turn fan into software-controlled mode and stop it ?

Also there are overclocking tools like SetFSB and AMD OverDrive and MSI AfterBurner and ... Just push your CPU or RAM over the limits so it would actually generate random errors.

Another thing would be some denial-of-service attacks onto some Windows resource exhaustion. Just think of some invisible process, running threads with "critical" priority on every CPU core in infinite loops, making other processes draaaaag. Combine it with fork-bomb concept, so they would not be easily killed from Task Manager. Also if each of them would be open and lock a hundred od random files it would be a bonus. I remember Windows 2000 crashed just because a program runned amok kept opening files until some critical Windows server could not open the file it needed

I also wonder if good old AT Keyboard chip is still emulated in its full capabilities on modern PCs, including programmatically pressing Reset. Google about i8042 and ports 0x60 and 0x64. Then you would have to run some drivers allowing for applications to hardware access, like the one installed by SpeedFan or PowerStrip. Hmmm.... what if those chip would allow you to re-program DMA Controller to do a random wiping of RAM content ? Sooner or later you would by chance destroy critical OS data. OTOH before you do it, you may damage some cache buffers so maybe OS would damage HDD content

Now... if you foe is a dummy, you can try yet another trick: make window having no desktop/taskbar. It is nothing for a slightly experienced user, but might confuse dummies.

1. you make copies of EXPLORER.EXE into your custom name looking not-suspicious but not resembling any usual tern like "explorer" "shell" etc.
2. you make windows run that new copy instead of explorer.exe - that can be done by SHELL= parameter in WIN.INI or in registry. Google for custom shells.
3. after reboot you delete old EXPLORER.EXE (all the occurences) or replace them with CMD.EXE or some screensaver. SFC (windows file protection) would try to revert that change, you would have to tame it one way or another. Usually it can be done by changing also EXPLORER.EXE in WFP cache
4. by windows scheduler you just kill that process of renamed explorer and keep killing it if it would automatically restart itself. User would not be able to restart it manually as the EXPLORER.EXE file was substituted and perhaps he would not know the real name.

However for a more or less experienced person running CMD or task manager is enough to launch any program he would need.

Answer 14

Install the ol' winternals BSOD screensaver :-)

BlueScreen Screen Saver v3.2

Or... loosen the graphics card so it flickers when they knock the desk, though i hold no responsibility if this causes longer term issues :p

Answer 15

A very simple non-intrusive solution. Take a screenshot of the desktop. Make it the screensaver. Remove all icons from the desktop...click click...uh what?!?

Answer 16

http://krolik.net/post/Say-exe-a-simple-command-line-text-to-speech-program-for-Windows.aspx

Send remote commands to the machine via remote desktop connection or ssh and make the computer talk.

Now if it was a Mac...http://www.roblambert.com/2007/05/12/robs-practical-joke-of-the-week-fun-with-the-mac-say-command-and-ssh/

Answer 17

You might be looking for something a bit more drastic and automated than this. But, installing a VNC server (or other remote desktop sharing application) on the machine(s) upon which you want to wreak havoc, can be fun. Take control of their mouse, or keyboard, while they're doing something. There are even VNC clients for your phone, so you can do this while wandering around, and mess with their mouse in your pocket or something.

Change the keyboard layout to DVORAK (while the user has access to something other than a password field so they can see that the keys aren't what they should be.)

Rotate the display with Ctrl+Shift+arrow, although this won't look random and it'll have to be done while you're there.

Map common web hosts to bad URLs (or other common web hosts - map Google to Bing!) in your hosts file - %systemroot%\system32\drivers\etc\hosts.

Put a Remote Desktop connection to other machines on start-up. (See Use command line parameters with Remote Desktop Connection to build the command you'd need)