Example_1.webm
This repo allows you to run the Respondus Lockdown Browser in an isolated sandbox, completely bypassing its “security measures.” Usually, the Lockdown Browser blocks you from running it if it detects that it is being virtualized. However, this tool bypasses the detection, allowing us to virtualize it.
First, I am uncomfortable installing random software on my computer. I only install software that is open source or from a trusted publisher, and this software is neither.
Second, the Lockdown Browser is essentially indistinguishable from malware. Read the following list of documented behaviors and see how similar these behaviors are to actual malware.
- They recommend disabling your antivirus software.
- The only way to exit it is to physically power off your computer.
- It disables the Task Manager.
- It tracks all open software.
And, of course, there are privacy issues. Cheating is no doubt an issue, but school-mandated surveillance software is a step too far. This is the most significant issue. I strongly recommend reading the following links from the EFF, a non-profit that focuses on defending digital privacy.
- Proctoring Apps Subject Students to Unnecessary Surveillance
- Students Are Pushing Back Against Proctoring Surveillance Apps
- Senate Letter to Proctoring Companies
This tool is not designed to facilitate cheating. Instead, I built it for three purposes:
First, it is designed to show school administrators that the Lockdown Browser is entirely ineffective. Respondus claims that it is the “gold standard” and that it cannot be bypassed, but that is false. I, a random University student, bypassed the Lockdown Browser in a single day. This removes all of the (supposed) benefits of the Lockdown Browser, and thus makes the issues look even worse.
Second, it is designed to prevent students from having to install invasive spyware on their personal computers. Sometimes, administrators won’t listen and will still force the Lockdown Browser on their students. This tool allows you to run the Lockdown Browser in an isolated sandbox, thus preventing the Lockdown Browser from modifying or spying on the rest of your computer. This tool is designed to run in the Windows Sandbox, but users should be able to adapt it to run in other Virtual Machine software quickly. This is especially valuable for Linux users since the Lockdown Browser does not run on Linux and otherwise refuses to run in a VM.
Finally, this tool allows you to take screenshots of the Lockdown Browser. Typically, the Lockdown Browser prevents you from taking screenshots of its window; however, this tool bypasses that restriction by running it inside the Windows Sandbox. Taking screenshots can provide accountability since nothing guarantees that no one changed your answers after submitting your test.
This repository does not contain any materials belonging to Respondus Inc. You must supply your legally-acquired Lockdown Browser .exe yourself. Any supporting and auxiliary files were either created by myself or gathered from various OSS projects with proper attribution. This project is not endorsed by Respondus Inc. or anyone except myself.
This project is intended merely as a proof-of-concept. While this tool could be used to facilitate cheating, this is not my intent. Any consequences of using this tool in a real exam are entirely your responsibility.
Also, I’d like to point out that Respondus has explicitly granted permission for this type of research. From their website:
Hacker Tested, Market Approved – Hundreds of universities and schools around the world use LockDown Browser. It seems that at least one person (or team) at each institution makes it a quest to “break out” or beat the system. Some of the best minds have taken our software to task over the years, and we’ve addressed each issue that’s been raised. (Yes, you have our blessing… go ahead and see if you can break it.)
-
Windows 10/11 Pro or Enterprise
(Make sure to include the “MSVC C++ build tools” and “Windows SDK” components.)
Make sure to clone the repository and run build.ps1. Then, install the Windows Sandbox. That’s it!
-
Build the project as shown above.
-
Download the Respondus Lockdown Browser and place it in
runtime_directory\. -
Double-click
Sandbox.wsb(it’s inruntime_directory\)(Alternative) If you want to pass your microphone and camera to the Lockdown Browser, run
Sandbox-with-Microphone-Camera.wsbinstead. -
Go to your test and open it. The Lockdown Browser will launch, and you can then use it to complete your test.
The release branch (default) always points to the latest stable
release. You should use this branch since it is the most
well-tested. To switch to this branch (not generally necessary since
it’s the default), run:
git switch releaseThe master branch will always point to the latest development version.
This branch has been tested and should generally be safe to use, but
it will often have minor issues that have not been fixed yet. You should
use this branch if it contains a feature or fix you need that is not in
the release branch or if the release branch isn’t working for you
and you’re feeling adventurous. To switch to this branch, run the following:
git switch masterThe dev branch contains in-progress work, is often broken, and should
only be used if you were specifically asked to test it. To switch to
this branch, run the following:
git switch devIf something isn’t working but was previously, you can always switch to a previous release by running:
git switch --detach <tag>where <tag> is the tag of the release you want to switch to. You can
browse the list of releases on
GitHub in
case you’re unsure which tag to choose.
This tool does not support having the Lockdown Browser update itself. Instead, whenever an update is available for the Browser, you should download a fresh installer from wherever you originally downloaded it. The URL should be similar in format to:
https://download.respondus.com/lockdown/download7.php?id=XXXXXXXXX
If the Lockdown Browser fails to launch, you can open the shortcut on the VM’s desktop. If you are on an older version, you’ll need to instead open a PowerShell prompt inside the VM and run:
cd C:\Users\WDAGUtilityAccount\Desktop\runtime_directory\
.\withdll.exe /d:GetSystemMetrics-Hook.dll "C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe"(OEM versions of the Lockdown Browser must have a URL at the end; ldb:dh%7BKS6poDqwsi1SHVGEJ+KMYaelPZ56lqcNzohRRiV1bzFj3Hjq8lehqEug88UjowG1mK1Q8h2Rg6j8kFZQX0FdyA==%7D is a good default)
Of course, this is usually symptomatic of another issue, so please ensure you have followed all the earlier instructions.
If you have to build issues, please run .\build.ps1 -Clean to reset your workplace to a fresh start.
If you still have issues, run .\build.ps1 -Logs for logging into one file you can send us.
If you have made sure that you have followed all the instructions, please feel free to open a new issue. Ensure you include any error messages and your Lockdown Browser version.
This repo consists of simple tools cobbled together into a coherent package.
The Lockdown Browser detects a few BIOS-related registry keys in HKLM:\HARDWARE\DESCRIPTION. Therefore, sandbox_run.ps1 deletes these keys/values.
- When the Lockdown Browser detects that
VmComputeAgent.exeis running, it realizes it is in a VM and refuses to launch. This program is part of the Windows Sandbox, and cannot be stopped without crashing the VM. However, when the Browser checks all the running programs, it also opens and examines each image file. Ifsandbox_run.ps1deletes the image file, the Lockdown Browser acts like the program isn’t even running.
The Lockdown Browser calls GetSystemMetrics(SM_REMOTESESSION) to determine if it runs in an RDP session. Since this function is in user32.dll, there aren’t any trivial ways to fix this. However, Microsoft Detours allows you to intercept and replace any function in any .dll. A small hook (GetSystemMetrics-Hook.cpp) is used with Detours to intercept the function call and return a false value.
Because this tool runs in the Windows Sandbox, no state is retained between sessions. Therefore, this tool provides a scripted installer for the Lockdown Browser. The Lockdown Browser’s installer is a little tricky to script, so the installation is a little hacky, but it works. And again, the Sandbox is completely isolated from the rest of your system, so the Lockdown Browser cannot cause any harm to your computer.
If you’re having any difficulties installing the prerequisites or have any other questions, please start a new discussion, and we’ll be happy to help. If you’re experiencing any bugs while building the project or running the Windows Sandbox, please open a new issue. If you want to submit a patch, please open a new pull request.
I will also usually reply to emails, but I have a very busy schedule, so it may take a while (many months) for me to respond, and I will often ask you to post an issue on GitHub. So, to reiterate, the best way to get support is to post an issue or a discussion here on GitHub.
All code is licensed under the Mozilla Public License, version 2.0 or greater. The documentation is licensed under CC-BY-SA, version 4.0 or greater, in addition to the MPL. The Detours submodule has an MIT licence as detailed in Detours/LICENSE.md.
In addition to the formal licence terms, I would appreciate it if users do not distribute any binaries: I intend this project to be merely a proof-of-concept, and any binaries circulating on the internet diminish this status. Of course, you are well within your rights to ignore this request, but I would appreciate it if you would respect my wishes. Thanks!
