Convincingly "breaking" a system for a non technical user

86

51

For various reasons out of scope for Super User, I've been tasked with temporarily disabling one of my own systems. I have full admin control and own this system. It’s running Windows 7 SP1. I want to do this right—something believable, deniable and artistic. I took a look at these, but most of them aren't deniable.

Ideally, I'd like something I can trigger off at a scheduled time, and seem like a hardware error—BSODs, random reboots and the like, or random connectivity issues. I'd also like to be sneaky and not actually be at the system when this happens (I have a few hours to get this working, but I'd rather not actually be at the system when all hell breaks loose). How would I do this? I'd like to get the semblance of random errors, often enough to be annoying, rather than take down the system. I don't need it to pass muster with a technical user, I just need to have it as annoyingly broken as possible.

How would I do this?

Journeyman Geek

Posted 2014-01-09T15:20:57.440

Reputation: 119 122

See also this question: https://superuser.com/questions/1264734/how-can-i-provoke-windows-to-hang-freeze

– That Brazilian Guy – 2017-11-03T12:16:55.790

13Disable the firewall, and let the minions run amok! – James – 2014-01-09T16:38:05.953

1

You need something today... maybe a bit to soon of a turn around, but you could look into something like Simian Army/Chaos Monkey https://github.com/Netflix/SimianArmy/wiki (Or similar)

– WernerCD – 2014-01-09T17:47:03.890

36for a non-technical user, even a VB program that makes a message pop up saying "VIRUS, turn computer off and unplug all the cables" works fine, I did it once as a youngster. Teacher wasn't happy. Was quite amusing. They had to click OK then it said VIRUS VIRUS again. And then they had to click Next. It worked though. I think these answers are much better though! Sounds like the answers here might even fall technical users! – barlop – 2014-01-09T17:47:19.503

1My brother once wrote a program to do just this sort of thing, with his "disk cleaner" program he wrote. When "Disk Cleaner.exe" was run, it would spawn as a background process that would eject the disk drive at random intervals. – AJMansfield – 2014-01-09T19:52:58.453

14Another possible desirable effect is beeping the motherboard piezospeaker. – AJMansfield – 2014-01-09T19:54:09.083

2It was so much better in DOS times. One just could flip the screen top-down programmatically and prevent a hardware error. Well, some program that makes semitransparent windows over everything else and puts a noise into it simulating video failure? if it is DLL rather than EXE the harder it be to find – Arioch 'The – 2014-01-09T20:22:54.173

does your computer still have FDD ? a specially made FDD was known to crash windows just by attempt at reading it. dunno if it holds for modern windows though... – Arioch 'The – 2014-01-09T20:56:05.363

1Personally, I'd just swap in a dead cable -- power or network, depending on what you want to prevent them from doing. Or, to be perfectly frank, be up-front about it and yank the machine out of their office. – keshlam – 2014-01-09T22:30:10.837

delete hal.dll? does that still work? – 2rs2ts – 2014-01-10T03:25:51.317

6Oh, that happens without me anyway. In addition, I don't need job security here - Its family ;p. I was asked to find a technical non-solution to a petty family squabble. I've told my parents I don't feel comfortable doing it, its petty and will escalate things. I will be testing these on a VM as time permits for the hillarity of it. – Journeyman Geek – 2014-01-10T03:30:34.883

1You could just heat up a soldering iron, open up the cpu box and poke around somewhere and voila a broken system artistically done o_O – Gaurav Joseph – 2014-01-10T05:46:06.637

3I think overclocking is the best bet, if you have the option of upping clock speeds/lowering ram timings. You don't run a reasonable risk of damaging anything with just overclocking (or undervolting, for that matter). It'll definitely pretty random. – Shamtam – 2014-01-10T06:38:19.163

CTRL-ALT-DOWN ARROW and walk away. – Elliott Frisch – 2014-01-10T16:54:56.347

Answers

61

The command line interface for the DiskCryptor Open source partition encryption software includes a -bsod parameter, the wiki says it will

Erase all keys in memory and generate BSOD

(emphasis mine).

You can use Windows Task Scheduler to schedule its execution at a given time, and it should generate a BSOD as desired. I have not tested this solution, as I am not currently on Windows, but it is stated to work in 32 and 64 bit versions of Windows 2000, XP, Server 2003, Vista, Server 2008, and 7.

But don't stop at that:

You can use this reboot tool to display custom cryptic-looking messages that ask for a reboot and perform it after X seconds. Set X to a really low value. Set multiple events in the Task Scheduler. Alternatively, use a reboot tool that will display no message, or the builtin shutdown function.

Finally, there is also NotMyFault

Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems.

That Brazilian Guy

Posted 2014-01-09T15:20:57.440

Reputation: 5 880

4It does seem to work on my windows 7 box. The fact that its scriptable, leaves a dump, and looks exactly like a hardware error is great. – Journeyman Geek – 2014-01-09T16:21:33.070

3Man, that's just awesome. You can bring someone to tears with such tools. – hijarian – 2014-01-10T07:26:36.163

1This would be convincing even for a lot of technical users. – Falcon Momot – 2014-01-12T00:28:35.430

20

An AutoHotKey script I often used during dorm parties to stop drunk people messing with my PC while keeping it on for music.

a::return
;...
; repeat for other lowercase letters
z::return
A::return
; repeat for other uppercase letters
Z::return
1::return
;...
0::return

f1::return
;...
f12::return

LButton::return
RButton::return
MButton::return
#::return
#r::return
Delete::return
Enter::return
^!Delete::return
^+Esc::return
Space::return
LWin::return
!f4::return
Up::return
Down::return
Left::return
Right::return

;hold appskey and press z and 9 to unlock
;picked those three because they are far away from each other and unlikely to be pressed simultaneously even when buttonmashing
appskey & z::
  If GetKeyState("9","P")
  Suspend
  ExitApp
return

Put it in autostart and the computer will not react to any input (all buttons are remapped to do nothing, all you can do is move the mouse). The only way to fix it is to restart Windows in safe mode with autostart disabled or by knowing the secret combination.

There is another way by using:

f11::blockinput,on
f12::blockinput,off

But it might require admin privileges (and therefore can be simply chosen not to be executed when prompted after a restart) plus it does not disable Ctrl+Alt+Del.

DenDenDo

Posted 2014-01-09T15:20:57.440

Reputation: 239

One problem, they can start osk (on-screen keyboard) from the accessibility tools. If someone really wants to mess up your PC they can. I would just make a seperate user account for the party that only has access to the music folder and non-admin access for running apps. – CausingUnderflowsEverywhere – 2016-07-17T14:25:10.237

18

How about BlueScreen? This screensaver was running once on a PC of a colleague. The crash was so convincing that I resetted his PC while he was away. I thought I do him a favor by not letting himself wait for the boot process :-)

Running Notmyfault /crash should also generate a BSOD. Be sure to configure Windows not to reboot, so that it actually shows the blue screen.

This piece of C++ code runs 8 threads in realtime priority, so it should cause a 100% CPU hang even on modern i7 processors. You can do nothing but press the reset button.

void WasteTime()
{
    int priority = 15;
    ::SetThreadPriority(::GetCurrentThread(), priority);
    while (true)
    {
    }
}

int _tmain(int argc, _TCHAR* argv[])
{   
    ::SetPriorityClass(::GetCurrentProcess(), 0x100);
    for(int i=0; i<7; i++)
    {
        LPDWORD threadid = 0;
        ::CreateThread(NULL, 64*1024, (LPTHREAD_START_ROUTINE)&WasteTime, NULL, 0, threadid);
    }

    WasteTime();

    return 0;
}

Thomas Weller

Posted 2014-01-09T15:20:57.440

Reputation: 4 102

1The same thing happened to me within the first week when I used that screensaver at work :( – Der Hochstapler – 2014-01-09T16:15:22.120

2But when the SYSINTERNALS_GREAT_SITE bluescreen appears, it should be obvious to almost everyone. – fNek – 2014-01-09T17:12:41.200

1@fNek yeah, the fingerprint of the dreaded sysinternals malware, who can fix that?! ;-) – barlop – 2014-01-09T17:45:41.403

Oh, damn! you were 1st about realtime prio. But dynamic priorities would give user a chance to run TASKMGR and CMD and kill it. I believe that is to be combined with processes fork-bomb and each having exclusively opening a hundred of random files to exhaust sharing locks – Arioch 'The – 2014-01-09T20:54:36.157

I've just duplicated this answer, deleting, +1 to you. http://technet.microsoft.com/en-gb/sysinternals/bb897558.aspx

– Jodrell – 2014-01-10T10:26:29.833

13

Well, this is something you don't see often on SU. To stage a real BSOD on a computer, use the kbdhidregistry key. The complete article where I am finding this is at http://pcsupport.about.com/od/tipstricks/ht/makebsodxp.htm Note that you have to use Ctrl+Scroll Lock to initiate the actual BSOD following those instructions. That's not an issue, if you couple this with task scheduler functionality and VBScript or other scripting. Using VBScript, you can simulate keypresses. So, at the time you want everything to happen, call such a VBScript file, simulate the Ctrl+Scroll Lock keypress, and you have a BSOD. Also, this BSOD has "MANUALLY_INITIATED"or something along those lines, but a non-technical user probably wouldn't notice that.

If you just want pesky little hardware errors that are annoying but not system fatal, you can probably script with VBScript to disable hardware interfaces here and there. I have personally played around with scripts that repeated turn on and off the Num, Cap, and Scroll locks, another that repeatedly opens and closes the CD drive, another that doesn't let the CD drive open, inverts the mouse, changes the keyboard layout, changes the color depth, changes the language, etc. Such scripts can be found pretty easily on the Internet (or a basic understanding of VBScript is all that is needed). Note that once such a script is enabled, the Script Host must be ended from the Task Manager for the effects to wear off, or you must log off/log back in or restart the computer. Proceed down this route with caution. Once you have all of your scripts, BSOD programs, or whatever stuff you want to deploy, simply use the task scheduling function built into Windows to schedule the stuff to run, and then just sit back and watch.

Caleb Xu

Posted 2014-01-09T15:20:57.440

Reputation: 1 523

3Oh, I want actual BSODs, reboots and such. System Fatal is fine, as long as I'm not sitting at the system when it happens. I'm doing it addition to other bits of naughtiness like passing web traffic to a proxy so I can apply some aggressive traffic shaping. The tricky part here is getting all this to happen when I'm off the system. I won't need to fix it until the charade is over. I fix things, breaking things is hard. – Journeyman Geek – 2014-01-09T15:41:10.353

See my edited response on how to manually initiate an actual BSOD. – Caleb Xu – 2014-01-09T15:54:27.560

if something weird is running in TaskManager and can be tracked to cause those effects, can it be called "deniability" that TopicStarter wants? – Arioch 'The – 2014-01-09T20:33:07.570

Well, we are talking about a non-technical user here...so I assume they won't know what Task Manager is. – Caleb Xu – 2014-01-09T21:10:38.660

9

Connectivity could be done easily with a couple of batch files; one to ipconfig /release and one to ipconfig /renew at pre-determined times, scheduled in the windows task scheduler. There is even a checkbox on the 'Create Task' window at the lower left, for making the task hidden!

panhandel

Posted 2014-01-09T15:20:57.440

Reputation: 2 394

3

Or change the configuration via command line... One DNS server '0.0.0.0' to go... http://www.petri.co.il/configure_tcp_ip_from_cmd.htm

– WernerCD – 2014-01-09T17:42:19.010

8

Easy… just delete C:\WINDOWS\SYSTEM32\ . It has the added benefit of improving your network speeds!

Ashley Mills

Posted 2014-01-09T15:20:57.440

Reputation: 121

8

Just for kidding:

  • Do a 'printscreen' of desktop. Then remove all icons, and put that image as wallpaper. The only device that can be damaged doing this, will be the mouse ...
  • Replace every system sound from a 'Burp.wav'.

Good luck

Caveman

Posted 2014-01-09T15:20:57.440

Reputation: 131

8I've done this at work, w/ pseudoicons named things like "employee_salary_list.xls" to get people madly clicking. – Carl Witthoft – 2014-01-10T14:49:09.693

This answer is more of a practical joke for humour effect than actually breaking / disabling a system, preferencially hardware-related. – That Brazilian Guy – 2014-01-10T17:02:05.143

Obviously. But giving a hammer to user will get the real disabled effect indeed.... – Caveman – 2014-01-10T19:42:11.577

7

System freezing is typically an annyoing behavior, especially when it's random.

Using devcon (and Sysinternal's psexec to access remotely if needed) you could do things like remove the USB root controller drivers. This would inexplicably disable any input devices such as mouse and keyboard until next reboot. You may have to disable trackpad drivers as well if this is a laptop.

LawrenceC

Posted 2014-01-09T15:20:57.440

Reputation: 63 487

1"This would inexplicably disable any input devices such as mouse and keyboard until next reboot". Only if they don't use older PS/2 mouse and keyboards. – That Brazilian Guy – 2014-01-09T16:41:15.820

Remove those drivers too. :) – LawrenceC – 2014-01-09T16:42:30.673

Oh, all our gear is USB. :) – Journeyman Geek – 2014-01-09T16:46:28.663

ps/2 is cool @ThatBrazilianGuy that chip allows to press Reset programmatically and actually early Windows and OS/2 did it many times per second – Arioch 'The – 2014-01-09T20:25:28.587

cool idea, I also though of that. I also give you another idea here: remove driver of SATA/IDE/SCSI whatever controller system disk is attached to. Lack of system disk usually means lack of virtual memory (c:\pagefile.sys is usually the only holder of it) and immediate crash. If only windows would not say the driver is used and cannot be stopped – Arioch 'The – 2014-01-09T20:51:29.857

Rather ironic, the family has to be knowledgeable to use PS/2 devices when they discover usb devices don't work or enumerate anymore, or they have to be really unsavvy and resort to the old gear xD – Siidheesh – 2014-01-10T09:09:01.020

5

Create a blank VB.Net form with WindowState set to Maximized and start up as maximized.

Then set formBorderStyle=None, and set its backcolor to Medium blue.

Set the following in the form load

me.TopMost = True    ' makes hover over top of normal windows.
me.ShowIcon = false  ' hide from user
me.ShowInTaskBar = false   ' hide from user
me.windowstate = Maximized ' Fill the screen

Add a timer with a short interval with code to bring the form to the top every 100 ms

me.BringToFront

Basically it will create a blue blank screen with no way to switch between apps (even with Ctrl+Tab)

Schedule it to run via task scheduler, or have it run on login and keep the form invisible for a random time then make it show.

You can also add some creative text or image to it easily.

DarrenMB

Posted 2014-01-09T15:20:57.440

Reputation: 201

Ctrl+Shift+Esc or Ctrl+Alt+Del and kill it from Task Manager. Also Alt+F4 and Alt+Space/Alt+Dash – Arioch 'The – 2014-01-09T20:57:18.527

Non-technical users rarely know what those are. even in those cases you can override there operation inside the application in the keyup event handler in the form, if you really want to get involved. – DarrenMB – 2014-01-09T21:10:18.357

1then just (in 32-bit Windows) run CMD and Alt+Enter :-D – Arioch 'The – 2014-01-09T21:37:53.240

5

You can just ssh into the box, and do pretty much anything from the command line. Want to reboot the pc? 'shutdown.exe /r'. I'm sure you can work some things out. A big plus for me would be that you can watch from a distance and improvise according to the behaviour of your victim(s). Super evil, but ooh so much fun :D

Kevin

Posted 2014-01-09T15:20:57.440

Reputation: 139

14

+1 Compulsory xkcd.

– Vorac – 2014-01-10T09:49:46.877

4

It may be too simple, but why not simply schedule "shutdown /r" in Windows Task Scheduler. Using the correct switches you can force it to reboot with no prompting. You can also set it to kick off an hour after the user connects to the local system. You should be able to remotely connect to that computer through your Task Scheduler to set it up as well.

S Chase

Posted 2014-01-09T15:20:57.440

Reputation: 41

to obvious to see the reason. that line should go somewhere to crashing or killing some core windows service like LSASS or "NT Workstation". Without that windows actually reports critical system safety failure and shuts down. OTOH doing that is really not easy... Those critical services are usually protected well and even LOCAL_SYSTEM user sometimes I not enough – Arioch 'The – 2014-01-09T20:31:09.000

3

  • Screen
    • Set the screen resolution to the lowest it'll go
    • Turn on high contrast mode
  • Mouse
    • Set the mouse to left handed mode (or vice-versa)
    • Change the pointer speed to either very high or very slow
    • Change the double click speed to to either very short (hard to double click) or very long (should cause long delays after each click as the system waits for a second click)
    • Turn on click lock
  • Keyboard
    • Turn on sticky keys
    • Change the keyboard layout (from US to UK or vice-versa is good: it'll mostly work as expected, but the user will have some fun if their password contains any of the symbols that switch position between the two layouts)
  • Desktop
    • If you want to pin the blame on a virus or similar, create a simple image in paint with a few words like "You have a virus" or similar and set it as the wallpaper
    • Take a screenshot of the desktop and set it as the wallpaper. Then move all the icons around. Repeat a few times. Then turn off "Show desktop icons".

This perhaps isn't as subtle as causing random network outages, but to a non technical user it will likely appear that the computer is "broken". If you're happy having it pre-broken by the morning rather than triggered at some point during the day then this might do the job.

Warning: you will need to think about the order in which you apply the, as they get progressively harder to apply with each change. It will also take you a little time to "fix" the computer afterwards.

Brian Beckett

Posted 2014-01-09T15:20:57.440

Reputation: 117

US -> UK will only punish people that were smart enough to use symbols in their passwords. – Jon – 2014-04-01T19:06:37.173

1

What about disabling CPU cooling until it would run slow for throttling or would totally freeze ? SpeedFan is not opensource but maybe you'd be able to find a tool like that, having support for different mainboard chip and knowing how to turn fan into software-controlled mode and stop it ?

Also there are overclocking tools like SetFSB and AMD OverDrive and MSI AfterBurner and ... Just push your CPU or RAM over the limits so it would actually generate random errors.

Another thing would be some denial-of-service attacks onto some Windows resource exhaustion. Just think of some invisible process, running threads with "critical" priority on every CPU core in infinite loops, making other processes draaaaag. Combine it with fork-bomb concept, so they would not be easily killed from Task Manager. Also if each of them would be open and lock a hundred od random files it would be a bonus. I remember Windows 2000 crashed just because a program runned amok kept opening files until some critical Windows server could not open the file it needed

I also wonder if good old AT Keyboard chip is still emulated in its full capabilities on modern PCs, including programmatically pressing Reset. Google about i8042 and ports 0x60 and 0x64. Then you would have to run some drivers allowing for applications to hardware access, like the one installed by SpeedFan or PowerStrip. Hmmm.... what if those chip would allow you to re-program DMA Controller to do a random wiping of RAM content ? Sooner or later you would by chance destroy critical OS data. OTOH before you do it, you may damage some cache buffers so maybe OS would damage HDD content

Now... if you foe is a dummy, you can try yet another trick: make window having no desktop/taskbar. It is nothing for a slightly experienced user, but might confuse dummies.

  1. you make copies of EXPLORER.EXE into your custom name looking not-suspicious but not resembling any usual tern like "explorer" "shell" etc.
  2. you make windows run that new copy instead of explorer.exe - that can be done by SHELL= parameter in WIN.INI or in registry. Google for custom shells.
  3. after reboot you delete old EXPLORER.EXE (all the occurences) or replace them with CMD.EXE or some screensaver. SFC (windows file protection) would try to revert that change, you would have to tame it one way or another. Usually it can be done by changing also EXPLORER.EXE in WFP cache
  4. by windows scheduler you just kill that process of renamed explorer and keep killing it if it would automatically restart itself. User would not be able to restart it manually as the EXPLORER.EXE file was substituted and perhaps he would not know the real name.

However for a more or less experienced person running CMD or task manager is enough to launch any program he would need.

Arioch 'The

Posted 2014-01-09T15:20:57.440

Reputation: 123

2Wouldn't stopping the CPU fan possibly result in permanent hardware damage if done incorrectly? OP asked for "temporary" stint, and I don't think burning/melting hardware would be good (I realize that hardware will auto-shutdown in extreme cases, but sometimes not before damage is done). – Caleb Xu – 2014-01-09T21:14:13.407

@CalebXu depends on the hardware. My Pentium MMX box worked about two weeks before I noticed that the cooler totally fallen from the CPU (not just the fan, the whole cooler). And since P4 all Intel CPUs are throttling. But I generally agree other methods are better. Like overclocking+undervoltage, that I think can be pushed to extremes, so OS would BSOD in few seconds (OTOH will it halt hardware after RAM-dumping or would it stay overclocked before manually reset? Play, undervoltage should be a safety net there) – Arioch 'The – 2014-01-09T21:31:24.227

I see. The last time my laptop overheated, it just straight out turned off. – Caleb Xu – 2014-01-09T21:31:59.290

My mother's laptop died. Thermo-tube just stopped working for no visible reason and CPU and North Bridge are in eternal throttling. Could not find a replacement tube :-/ Otherwise the notebook was doing great... – Arioch 'The – 2014-01-09T21:33:40.140

Most modern systems will throttle. I considered this pretty seriously until I realised the sheer inelegance of it. I could actually afford to have the system get permadead, but meh, that would be wasteful. – Journeyman Geek – 2014-01-09T23:59:34.410

1

Install the ol' winternals BSOD screensaver :-)

BlueScreen Screen Saver v3.2

Or... loosen the graphics card so it flickers when they knock the desk, though i hold no responsibility if this causes longer term issues :p

Sam Jones

Posted 2014-01-09T15:20:57.440

Reputation: 101

1

A very simple non-intrusive solution. Take a screenshot of the desktop. Make it the screensaver. Remove all icons from the desktop...click click...uh what?!?

James

Posted 2014-01-09T15:20:57.440

Reputation: 240

4at least three people have suggested this. Do so many people live entirely by double clicking things on their desktop? I essentially never do that. If you played this trick on me I literally would not notice for weeks. – Kate Gregory – 2014-01-10T16:46:46.783

I've used it at work, when people have failed to lock their computers. They have then generally kept programs running, too, and of course the desktop image of those programs don't accept input. Usually I've only needed to do this once per user in order to make them learn to lock their computers. – Jenny D – 2014-04-29T06:50:24.187

0

abrosis

Posted 2014-01-09T15:20:57.440

Reputation: 1

0

You might be looking for something a bit more drastic and automated than this. But, installing a VNC server (or other remote desktop sharing application) on the machine(s) upon which you want to wreak havoc, can be fun. Take control of their mouse, or keyboard, while they're doing something. There are even VNC clients for your phone, so you can do this while wandering around, and mess with their mouse in your pocket or something.

Change the keyboard layout to DVORAK (while the user has access to something other than a password field so they can see that the keys aren't what they should be.)

Rotate the display with Ctrl+Shift+arrow, although this won't look random and it'll have to be done while you're there.

Map common web hosts to bad URLs (or other common web hosts - map Google to Bing!) in your hosts file - %systemroot%\system32\drivers\etc\hosts.

Put a Remote Desktop connection to other machines on start-up. (See Use command line parameters with Remote Desktop Connection to build the command you'd need)

TheTinyMan

Posted 2014-01-09T15:20:57.440

Reputation: 101