Security Challenge #3 (Activation) (1 Viewer)

Status
Not open for further replies.

isladogs

CID VIP
Local time
Today, 23:26
Joined
Jan 14, 2017
Messages
14,016
This sample database is the third in a series of security challenges that are being posted on several forums
See the links in my signature line below if you want to try the earlier challenges

All are designed to show ways of making Access apps reasonably secure as well as (hopefully) being a 'fun' challenge to solve.

As with the previous challenges:
1. The application is an ACCDE file so all VBA code has been removed.
The file has been renamed as a runtime file (ACCDR). It will not run if the file type is changed.

2. Startup properties have been modified e.g. shift bypass disabled. It will not run if this is re-enabled
There is no access to the navigation pane, ribbon or the rest of the application window
The taskbar and all desktop items are also removed. These are restored automatically when the application is closed using the Quit button

3. Mouse movement is confined within the active form

4. The app is password protected and the password is NoDBG. It will not run if this is altered or removed

5. No changes are made to your computer by running this app. There are no restrictions on the number of times it can be run

Solving this will require some different methods to those used in the previous challenges
Once again the app includes 'special tables' - both read only and deep hidden

The app contains 3 forms - this is the first form



At first the Click Me button will be disabled, locked and hidden.

The other 2 forms CANNOT be opened directly

The main parts of the challenge are to:
a) find out how to show/enable/unlock the Click Me button on the main form
b) change the properties of a read only table and modify its contents
c) use VBA functions to obtain various info and use this to generate an ActivationID specific to your workstation

The challenge is intended to be solvable without hacking.
Indeed trying to hack it will probably make it harder to solve.
Follow the clues provided in this thread and the challenge itself

You may need to search online for solutions to certain parts of the challenge


I hope you enjoy puzzling out this challenge

If you succeed, please send me a private message or email me using the link in my signature line.
Please include the answers to a, b & c together with how you solved the challenge and the approximate time taken.

Please do NOT post your solution in this thread or it will spoil the challenge for others

NOTE: Access databases, including this one, can NEVER be made 100% secure
A capable and determined hacker can break any Access database given time


Both 32-bit and 64-bit versions have been provided

UPDATE 16/08/2018
Apologies to those who have already downloaded this
The attached zip files both contain a bug which prevents them being solved
Instead, please use the updated versions in post #2
 

Attachments

  • ActivationChallenge32.zip
    1 MB · Views: 208
  • ActivationChallenge64.zip
    1.2 MB · Views: 157
  • Form1B.PNG
    Form1B.PNG
    79.6 KB · Views: 603
Last edited:

isladogs

CID VIP
Local time
Today, 23:26
Joined
Jan 14, 2017
Messages
14,016
Apologies to anyone who has been trying this challenge

Unfortunately there was a bug in the initial release of the activation challenge which prevented it being solved.
The bug affected both 32-bit & 64-bit versions
This was due to me forgetting to add error handling to a specific routine.

Many thanks to insane_ai for alerting me to the issue

If you downloaded the first version, this should be deleted

Attached are UPDATED VERSIONS for 32-bit & 64-bit with the bugs fixed.
I’ve tested all the way through as an end user & it now seems to be error free! PHEW!

There are a few changes from the first version.
You will need slightly different conditions to click the button on form1.
I’ve also removed a couple of security loopholes that I overlooked.
For example, the privacy options menu has now been REMOVED.

The challenge is still solvable but certain steps have been made intentionally quite challenging to do.
As before, using skill, knowledge & common sense rather than hacking is your best bet!


Good luck & let me know via PM how you get on with this

NOTE: It may be useful to read this thread: Purpose of system tables
 

Attachments

  • ActivationChallenge32_v2.zip
    1.2 MB · Views: 124
  • ActivationChallenge64_v2.zip
    1.3 MB · Views: 114
Last edited:

isladogs

CID VIP
Local time
Today, 23:26
Joined
Jan 14, 2017
Messages
14,016
This is just to inform forum members that this activation challenge has now been solved by 2 people: insane_ai here at AWF and TheDBGuy at UA.

Congratulations to both :cool:

The first part of the challenge seems to have been the trickiest part to solve.
There were 2 different solutions to depending on the computer system used (HINT)

Without in any way belittling his skills in finding the solution, TheDBGuy was fortunate in that respect in that he could apply the less challenging solution. By comparison, Insane_ai had the trickier version to deal with and it took him a while to complete!

For anyone still looking at this challenge, once the first part has been completed, the rest is just a matter of applying knowledge of some of the hidden recesses of Access, researching several VBA solutions where necessary.
 
Last edited:
Status
Not open for further replies.

Users who are viewing this thread

Top Bottom