StrokesPlus.net
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
randomConstant  
#1 Posted : Saturday, March 19, 2022 2:26:09 PM(UTC)
randomConstant

Rank: Advanced Member

Reputation:

Groups: Translators, Approved
Joined: 7/17/2021(UTC)
Posts: 135

Thanks: 35 times
Was thanked: 18 time(s) in 15 post(s)
Hi Rob

I know that the password input box is there in that particular layout and dimensions to maintain consistency but I was wondering if we could have an alternate option with minimal layout.

Also this one is mostly security through obscurity but if its possible to have a fake/dummy/misleading password input UI which a non-tech person might ignore or might not be able to relate to S+ directly would be great option to have IMO.

Ideally, now that S+ is running on startup and is password protected, I would like to press a certain shortcut after Windows start to bring up S+ password input, enter password, and enable S+ to run that way. (S+ is running in silent mode already)

Maybe its feasible, maybe not. Please let me know your thoughts Smile

Rob  
#2 Posted : Sunday, March 20, 2022 9:27:42 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 1,349
United States
Location: Tampa, FL

Thanks: 28 times
Was thanked: 416 time(s) in 354 post(s)
Honestly, your best bet (and easiest for me...) is to have two configs - one which is just the default S+ with a single hotkey and SilentStart set to true, and the other is your real config.

Let's say the default config is StrokesPlus.net.json (no password) and the real one is StrokesPlus.net.secure (this one is already password protected).

When S+ loads, it runs the standard config and when you press the hotkey, you just rename:
  • StrokesPlus.net.json to StrokesPlus.net.default
  • StrokesPlus.net.secure to StrokesPlus.net.json

Then call sp.Reload();

You could use a phony dialog like below when you press the hotkey which has its own username/password you're checking in script first, like:
Code:
var frm = new Ookii.Dialogs.WinForms.CredentialDialog();
frm.Target = "StrokesPlus_Login_target";
frm.MainInstruction = "Login required";
frm.ShowDialog();

// For testing
StrokesPlus.Console.Log('User: ' + frm.UserName);
StrokesPlus.Console.Log('Pass: ' + frm.Password);

// If the correct values aren't correct, do nothing 

// otherwise rename files here
// then reload, which will show the normal S+ password dialog
sp.Reload();


On Unload:
Code:
sp_config.Save();
// Then rename the files back to their default state
// So next run will start with the default config

randomConstant  
#3 Posted : Monday, March 21, 2022 10:51:47 AM(UTC)
randomConstant

Rank: Advanced Member

Reputation:

Groups: Translators, Approved
Joined: 7/17/2021(UTC)
Posts: 135

Thanks: 35 times
Was thanked: 18 time(s) in 15 post(s)
Thanks a lot for the suggestion Rob.

Unfortunately, there seem to be some issues with this approach. (I'm on a portable version of S+)

There is a StrokesPlus.net.bin and a StrokesPlus.net.json file in S+ directory. I only had .bin file but realized that S+ fresh copy gives .json file.
Correct me if I'm wrong but I think S+ first looks for .json(to run from and save data into) and then .bin file. I'm not sure at what point my .json file got converted into .bin file(maybe after making it password protected?)
If it finds .json, it overrides it, even if we ran S+ with .bin file(and later added a .json file to S+ directory)

So I decided to go with both .bin files because the .bin(original encrypted) and .json(newly added dummy/default) combination would override the .json file and make it an encrypted one with the .bin file data whenever I turned PC off(.bin was loaded in S+ at that time)

But even after making two .bin files, .bin encrypted and .bin default(unencrypted) file, S+ would still override .bin default whenever I turned PC off.

Here is the sequence of steps:
  • PC ON
  • S+ loads (unencrypted .bin loads, encrypted .bin is present in directory renamed as .binSecure so it doesn't load)
  • Shortcut is pressed which does the following:
  • rename .bin to .binDefault
  • rename .binSecure to .bin
  • reload S+
  • As a result the password prompt pops up, and encrypted .bin is usable.
  • When its time to close PC, either from unload or from a custom shortcut, the following happens:
  • save S+ config(saves to currently loaded .bin which is .binSecure)
  • rename .bin to .binSecure
  • rename .binDefault to .bin (so it can be loaded next time PC starts, it is unencrypted)
  • But right after these last 2 steps, .binSecure is successfully renamed, and .binDefault is now .bin as intended BUT its size is that of .binSecure and so are its content(meaning it is now encrypted and acting as a copy of .binSecure) Scared


I've tried inserting sleep pauses in between steps and tried a bunch of combinations but no luck, at one point a very interesting thing happened where
.bin (.binDefault) which normally has size of .binSecure after last 2 steps, actually had its original size and content but it was encrypted with .binSecure password.

So in short, my brain is fried and I've realized something important which is..
even if it works as intended, S+ default would not be password protected and anyone can examine it, it would require a shortcut to open S+ encrypted and managing backups would get complex as S+ versions change (since im only backing up encrypted .bin right now and would need to manage 2 at that time)
Therefore, since S+ is already pinned to the Start menu, why not press Win key and click on its icon which is right there(I use full screen Start menu).
It would take almost the same time as waiting for S+ default to load and pressing shortcut to open S+ encrypted but its much more cleaner.

So that's what I'm doing for now, I've set S+ startup status to disabled and manually start S+ from Start menu when PC startsLaugh

Honestly a feature could be added to S+ dealing with profiles which are password protected and switchable but that feature is lacking even in browsers(where its much needed) so I wouldn't expect it in S+ so soon. But password protected encrypted profiles are useful for people who use the same copy of S+ for work and home.

Also a question about unload, I think unload executes when S+ is exited, unlike load which is executed when S+ starts as well as every time S+ reloads.
Does unload execute when we turn off PC while S+ is running? meaning does it execute all of its code and then lets the PC turn off? If there was a sp.Pause(10) in S+ unload, would PC turn off after 10 seconds?

Thanks for reading the rant.
Rob  
#4 Posted : Monday, March 21, 2022 1:33:46 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 1,349
United States
Location: Tampa, FL

Thanks: 28 times
Was thanked: 416 time(s) in 354 post(s)
Quote:
which normally has size of .binSecure after last 2 steps, actually had its original size and content but it was encrypted with .binSecure password.

Ah, yeah after it executes Unload, it has one last step of saving the config, which uses the settings in memory.

If you call this after renaming the files, it should load the default one back into memory before saving - this tells S+ to load the settings based on the same rules as when it starts.
Code:
sp_config.Load();


Quote:
Does unload execute when we turn off PC while S+ is running? meaning does it execute all of its code and then lets the PC turn off? If there was a sp.Pause(10) in S+ unload, would PC turn off after 10 seconds?

Yes, upon receiving the WM_ENDSESSION message, S+ calls the same code as clicking Exit from the tray icon. So it would pause based on the script, but Windows can still decide it's taking too long and force close the app.
randomConstant  
#5 Posted : Monday, March 21, 2022 1:59:01 PM(UTC)
randomConstant

Rank: Advanced Member

Reputation:

Groups: Translators, Approved
Joined: 7/17/2021(UTC)
Posts: 135

Thanks: 35 times
Was thanked: 18 time(s) in 15 post(s)
Great!

Thanks for the clarification Rob. Laugh
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.