Defeating the Respondus LockDown Browser

foreverrising, May 23, 2010

Update

I suggest to institutions not to use Respondus. I also suggest if you work for the developer, you should pay me for the workaround this time because your code is lazy.

I have now found a couple more workarounds for this software, just for the record. Well, it’s more of a “Haha, fudge you,” to the developer.

[Original Post]

While installing software for the semester on my home computer, I found a way around the Respondus LockDown Browser. As I don’t natively run Windows on my machine, I was installing it on my guest Windows XP system. Therein lies the workaround.

The browser attempts to prevent the user from opening new windows and keep users from multitasking while taking a “secure” test online. When running Respondus on a virtualized system, the most the browser can do is prevent multitasking on the guest OS, which doesn’t matter when the host OS is capable of doing so.

Try VMWare, VirtualBox, or VirtualPC and install Windows, then install the browser within it. Then pass the knowledge onto teachers to let them know the program is useless unless it is installed on a standalone school PC.

eRock


Update

I deleted the version of the Respondus Lockdown Browser that I had installed in XP inside of VirtualBox, and installed what they said was the ‘new’ version. Trying to run it did result in the message saying something along the lines of “Respondus cannot run in virtualization software such as VirtualPC, VMWare, or Parallels.”

That just tells me they added a function to test the virtual hardware to see if the program is running inside a virtual machine. All that tells me to do is think outside of the box.

If you can’t run an application, why not run a service? Install TightVNC and run a VNC viewer as a service. Then you would be able to connect to the computer that is taking a test and use the functionality of multitasking as well.

Then there is another way as well..

,,,

18 thoughts on “Defeating the Respondus LockDown Browser”

  1. Andy says:

    This is an amazing simple idea. I always hated that I couldn’t even change songs that I was playing while taking tests. Thanks for the insight. Next test im absolutely doing this.

  2. Rhegan says:

    eRock, have you actually tried this? I quickly tried running Lockdown Browser within VMWare and it immediately detected it when I started the browser. I thought it would be a work-around too, but it’s apparently not.

    Rhegan

  3. Yes, this works, but it seems that Respondus uses a couple methods to detect whether it is in certain virtual machines. It works for me in VirtualBox on a linux machine. For more information in regard to VMWare, see http://www.codeproject.com/KB/system/VmDetect.aspx

  4. Ken says:

    You know this program is pointless. I have a blackberry and another computer. If I really want to cheat then all I need to do is use my phone OR use my other computer. Whoever made this is foolish and our teachers are foolish for using it.

    1. There’s money in selling software to people who don’t know any better. Take Microsoft for example.

    2. omar khan says:

      not really i stupid concept when they use it in university, in a monitored classroom, not able to pull out blackberry or another computer :P

  5. Reblogged this on Marian-The-Duke and commented:
    Respondus to this. Such a stupid concept…always a way to circumvent these ridiculous measures…

  6. x says:

    Do you happen to have an old link to you’re version of lockdown browser? It doesn’t work with tightvnc for me when it’s ran as service and i’m not quite sure how to change service name or if that would have any affect

    1. I do not have a link to the version that I have. I still have it installed in a virtual machine which I cannot distribute, for obvious reasons. About renaming a service, maybe try this link: http://thomaskrehbiel.com/post/1733-how_to_rename_a_windows_service and please post back. I would change the port number that accepts the connection as well. Default is 5900. Use your head for that part, and remember: this article is more about how you cannot instill integrity with software. :) There are also other ways around this program, which I play with from time to time. Just throw it into a debugger.

      Respondus causes an exception when it loads, and checks to see if the exception is handled normally. If the exception is unhandled (which is the way a regular version of windows would do it), respondus sees that, but if a virtual machine handles the exception, then respondus sees that as a sign that it is in a virtual machine.

      As for how it may be currently checking to see if there is a VNC server installed, I’m not sure. I will probably check into this shortly in the future. Have you tried RDP (Remote Desktop) yet?

      I’m not even going to get into using wireshark in this reply.

      Happy circumvention!

  7. x says:

    Yeah i’ve tried RDP and i know about the vnc port just the current version of lockdown blocks tightvnc,teamviewer etc and also when i changed the service names it still managed to detect some how

    1. What OS and version are you running?

  8. x says:

    Windows 7 and i’m using the latest lockdown brower

  9. x says:

    have you had any luck?

    1. No luck. I have other projects going on, but I will explore further soon.

  10. x says:

    have you had a chance to look into it yet?

    1. Yes, I am happy to report I was successful. However, realizing that people who develop the software also have searched out this page, I am declining to further post the workarounds. Thus, maybe they will debug their code.

  11. Scott says:

    Will it detect another laptop running off of the same router??

    1. It will fail to detect a lot of stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>