Deophius / rollcall

After WXB incident, perhaps such a tool is necessary, after all.
GNU General Public License v3.0
1 stars 0 forks source link

This piece of history should be remembered. #1

Open Deophius opened 4 years ago

Deophius commented 4 years ago

In 2019, the malicious prelude of a deadly pandemic was seen lurking across the city of Wu Han. As the winter wind started biting into the bodies and souls of us, it rooted deep across the world and began to sprout itself from the metropolitan, feeding upon the liveliness of the victims it sacrificed as its nutrient.

The traditional festival drew nearer and nearer. Never had I had such an experience: a common cold became pneumonia, a common pneumonia became a serious epidemic, and then a topic nearly everyone talked about on dinner tables, in the alleys and even across WeChat.

I was talking about it with Master when it suddenly struck me that this was not going to be an easy year. Everything was going wrong. And especially related to this project, is the course online that our school, Wensyo, decided to give.

Deophius commented 4 years ago

Hearing that substantial school was cancelled due to epidemic control reasons, I was ecstatic, but then jointly disappointed. The online courses were soon to arrive. Research on the course-streaming platform gathers nothing but criticism on the issues concerning privacy leakage.

The first two weeks was OK, when I skipped most of the lessons and listened to a few Chinese classes to improve on my reading comprehension skills. But two weeks later, things began to change. WXB, the platform, released a new version where 2 to 4 random rollcall dialog boxes would be displayed during class. If one failed to confirm any one of them, one's score for attentiveness in class would drop for 3 points and one would be reported to one's class teacher, and eventually one's parent.

Busying myself with chemistry experiments and further explorations, I got a warning from the WXB platform. At first, I didn't pay much attention to it, for to me it meant the equivalent of skipping classes to do homework at school. However, my parents asked me quite sternly why I didn't get a full mark on class attentiveness. I was very shocked and emotional at that time, so I had an outbreak and found myself in an awkward situation. Luckily, with all the problems I had with Wensyo, I managed to find a philosophical argument for my case, and tilted the conversation to that side.

Deophius commented 4 years ago

That evening, when I was taking the daily jog around the community, I tried to resolve my anger with my parents. That was when I suddenly realized what I needed to do. WXB is a platform that is completely insecure, and research had shown that someone had already invented a screen click rollcall resolver for this thing, just like this project. I estimated my computer's firmware and my programming skills, and realized that I could solve this problem, once and for all.

On March 2nd, Monday, I started the arduous development of this project. Technical details shall be omitted, by when the clicker functioned correctly, I almost burst into tears. That was really the first time I understood that knowledge is the most powerful tool in the battle of one against the opposing world, and if you have the courage to fight, you always stand a chance.

However, this didn't last long. After correctly launching and terminating the roll call auto-clicker, I began to be more aggressive in my optimizations and class-skipping. I created a new standard user where WXB was used, and used jumpstart.exe as administrator to handle the tasks. I switched to Administrator to entertain myself for the politics lesson, but got a warning again.

This mechanism is still undetermined.

Deophius commented 4 years ago

Lucky as I was, I couldn't avoid the common mistake: show off.

When Kelly asked me how I managed to do homework so quickly, I told her that I used a rollcall clicker, with no intention other than to lure her into playing with it. I gave her the source code and she couldn't compile it. I really felt great at that time, but later on I realized what danger this action might brought.

Also, when the Gang of Five asked me how I spent my chemistry classes, I told them about my tool. They used a primary approach: reminding each other to confirm the dialog box in a general-purpose communication program.

Deophius commented 4 years ago

Later on, when I studied the logs of WXB more carefully, I became more convinced of its nature: complicated in design, naive in programming, malicious in nature.

For the naive part, passwords are saved without encryption in the user directory. Wensyo used our ID card numbers for user account name. Most people only have one password for all their accounts. What would happen if anyone happens to steal this password?

The log files reveal almost all of iMeetings's runtime details. From such a file, I can determine who entered the classroom at what second, and the simulators WXB know about, the time rollcall dialogs appear, and the time they idle before disappearing.

It also gathers information such as camera, audio, microphone, etc. It even has the right to use devices without asking for permission, implying that it gathered the root permissions without explicit confirmation.

Also, it plants a virtual video card Mirage Driver in the system. The latter two can be used as evidence against WXB. Other talented people elsewhere also found similar evidence for WXB's mobile version.

Deophius commented 4 years ago

So now you should be able to understand what I meant in README; hope that the spirit of this project dies, but the spirit needed to forge it never ends!

Deophius, a member of HZEZ.