Using KeyKey to Grab ScramDisk Passwords

Last updated: 23rd May 1999

Summary

It is possible to grab passwords as they are typed in by the user, even when the low-level RED SCREEN is being used for password entry.

Tested with version 2.02h of ScramDisk.

Demonstration

Download and install KeyKey (see links below)
Launch ScramDisk
Disable password entry via the RED SCREEN in ScramDisk
Launch Notepad
Activate KeyKey
Type "Before Windows password entry" into Notepad
Enter your passwords into ScramDisk via the Windows password entry dialog
Type "After Windows password entry" into Notepad
Type "Before RED SCREEN password entry" into Notepad
Enter your passwords into ScramDisk via the low-level RED SCREEN
Type "After RED SCREEN password entry" into Notepad
Deactivate KeyKey, generate and view KeyKey report

The report generated will show the text you typed into Notepad at stage 6, after which, you will see your passwords, as entered in stage 7. The report will also show the text you typed into Notepad at stage 9, and the passwords you entered into the RED SCREEN at stage 10.

Notes

It should be noted that if someone has the access to you computer required to install a program like "KeyKey" (be it through trojan software given to you, or by gaining physical access to your computer and putting in a 3.5" disk); a simpler attack would probably be to replace the ScramDisk VxD with a modified version, bypassing all of ScramDisk's security.

In summary; although ScramDisk's RED SCREEN does provide more protection against keyboard monitoring software (such as SKin98) than BestCrypt/PGPDisk do, this method of password entry should not be relied upon.

Links

KeyKey Homepage

KeyKey (v1.16) can also be downloaded from here

Note: Please register KeyKey if you find it useful. Support shareware!

Credits

Mikko Adhipurna Jodana (mikkoaj@mikkoaj.hypermart.net) - for writing KeyKey.

Email me at: sdean12@sdean12.org

Return to the Attacking OTFE; Known Security Flaws in Certain OTFE Systems page