Results 1 to 5 of 5

A Security Challenge

  1. #1
    ridders52's Avatar
    ridders52 is offline Voodoo Is Practised
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    2,475

    A Security Challenge

    Attached is a 'security challenge' for anyone interested in finding the solution.

    I originally wrote this for another forum as a 'fun challenge' whilst demonstrating various methods of making apps reasonably secure

    It is NOT intended to be a completely locked down database that is impossible to crack (if indeed such a thing exists)

    It is intended to be solvable and I have provided various clues which are intended to help achieve a solution.
    The app is password protected but all the information to obtain that has been provided in this thread ... if you look and think carefully

    A password cracking utility is NOT required ... and using one will be considered as cheating!
    Similarly, please do not use any tools to deconstruct (hack) the database. It isn't necessary


    The challenge is to:


    a) unlock the database, obtain the name and contents of the hidden table
    b) open the main form and find out how to enable the 'Click Me' button
    c) work out the meaning of the message displayed

    The first part should be relatively simple if approached in the correct way.
    The rest of this MAY be a little harder to accomplish.

    Obtaining the full solution will need a mixture of problem solving skills and knowledge of some of the deeper recesses of databases

    NOTE:
    You can only run this application FOUR TIMES once you have deduced the correct password.
    After that it will be disabled, so plan carefully

    If you succeed, please follow the supplied instructions to provide feedback.
    Please do NOT post your solution in this thread or it will spoil the challenge for others

    If you get totally stuck, you can send me a PM - I may provide hints later

    A further reminder that Access databases, including this one, can NEVER be made 100% secure
    A capable and determined hacker can break any Access database given sufficient time

    Both 32-bit & 64-bit versions have been supplied

    I hope you enjoy puzzling out a solution
    Attached Files Attached Files
    Colin (Mendip Data Systems), Website, email
    If this has helped, please click the star button and leave a comment

  2. #2
    ridders52's Avatar
    ridders52 is offline Voodoo Is Practised
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    2,475
    Only 2 downloads so far. That's disappointing ....

    Here are a few hints which should help you deduce the password:

    HINT #1
    Always read the small print

    HINT #2
    The first clue is in each of my posts in this thread including this one

    HINT #3
    A good way to remember a password is to make use of a phrase that can act as a memory aid

    HINT #4
    Think what it tells you about capitalisation

    That should hopefully be more than enough to solve the first step
    Please PM me when you've worked out this part with the password and a screenshot of the form
    Last edited by ridders52; 07-13-2018 at 04:32 AM.
    Colin (Mendip Data Systems), Website, email
    If this has helped, please click the star button and leave a comment

  3. #3
    ridders52's Avatar
    ridders52 is offline Voodoo Is Practised
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    2,475
    And here's a spoiler....

    HINT #5
    Bill Murray, Scarlett Johannson, Tokyo, 2003

    Is that clear now?
    Colin (Mendip Data Systems), Website, email
    If this has helped, please click the star button and leave a comment

  4. #4
    Micron is offline Virtually Inert Person
    Windows 10 Access 2016
    Join Date
    Jun 2014
    Location
    Ontario, Canada
    Posts
    4,474
    So I'm at the point where I've broken in and can see the objects. Not sure which is the "main form" and there doesn't appear to be any tables - hidden or otherwise. See image below. You would think that if I've gotten this far (you can see that the nav pane view of the forms suggest that they are no longer hidden) that I would see any tables if there were any. Perhaps I've missed that setting. Also, getting around the 3 or 4 limit is easy (I won't post how here). What I'm not liking is that when fooling around like this, your code doesn't always restore my task bar, which is a real PITA. Not sure I agree with the need for that in an exercise like this. That's why I haven't tried to figure the rest of the challenge out before this post. If I open a form, lose my taskbar and don't get it back, I'm afraid there isn't enough incentive to continue. If you want to turn this into a paid job, then that would change things!

    Click image for larger version. 

Name:	MDSdb.jpg 
Views:	53 
Size:	19.7 KB 
ID:	34736
    EDIT: I replaced the version by unzipping again because I got an error message saying the application has been modified, and I can only close it. No difference with the new unzipped file, even when I didn't do anything to it, so I don't seem to be able to get past that problem.
    Last edited by Micron; 07-15-2018 at 08:47 PM.

  5. #5
    ridders52's Avatar
    ridders52 is offline Voodoo Is Practised
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    2,475
    Hi Micron
    Glad you deduced the password but unsure why you posted here rather than continuing our PM exchange.

    I'm going to send a more detailed reply by PM to avoid anyone reading things into my replies.
    However, there definitely is a deep hidden table. Your first task is to work out how to view it.
    Everything I've done is this challenge has been done for a reason ...including hiding the taskbar.
    If you close the app 'nicely' the taskbar should return immediately.
    If you hack the app or crash it to try and circumvent security, that may not happen until you restart Windows.
    However I can supply the code used to restore he taskbar by PM

    A further reminder that is designed to be solvable.
    Every security feature can be circumvented if you know how, including the 4 attempt limit, some more easily than others.
    However, there is no need to do so and focusing on such workrounds may make the intended solution harder to find.

    More to follow by PM.
    Colin (Mendip Data Systems), Website, email
    If this has helped, please click the star button and leave a comment

Please reply to this thread with any new information or opinions.

Similar Threads

  1. DLookup expression challenge
    By RJB in forum Access
    Replies: 16
    Last Post: 06-29-2018, 12:30 PM
  2. joining different reports challenge!
    By agosfernandes in forum Reports
    Replies: 4
    Last Post: 01-25-2017, 07:53 AM
  3. Printer Form Challenge
    By RA99 in forum Reports
    Replies: 10
    Last Post: 07-11-2014, 01:35 PM
  4. Database challenge: can you find the answer?
    By Cholomanchuten in forum Access
    Replies: 5
    Last Post: 08-05-2011, 11:27 AM
  5. Anyone fancy a challenge????!!!!!!
    By gregh in forum Database Design
    Replies: 1
    Last Post: 03-14-2011, 04:36 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Tech Forums: Microsoft Office Forums