1000 and 1 way to bypass Safe Exam Browser

7 min


Okay, not 1000 and 1 way, but there are quite a few of them! What are we talking about? The fact that the COVID-19 pandemic has made many changes in our lives, including in education – both school and university. Lessons, lectures and seminars have moved to the online format, but the question of how to deal with the control of progress remains. How can teachers make sure that the student taking the exam has not opened the cheat sheets in the next tab?

In Russia, this problem was solved using an open-source program. Safe Exam Browser (SEB)… It would seem that now not a single freebie seeker will be able to cheat, but is this “fortress” really so inaccessible? Come under the cut, today we will tell and show you a bunch of ways to cheat SEB!

The year was 2020 … The whole world is in a panic, the ruble is falling, states are going into emergency mode … Despite all this, the main desire of the average student remains the same – to pass the session with the least effort and time spent on preparation. It would seem that with the transition to distance learning, everything has become easier for the student – you just need to make a smart face when answering a question on a webcam, and you can read the material from a parallel open document on a computer. But it was not there!

Many Russian universities have implemented the Safe Exam Browser program to check student progress, which prevents almost all attempts to cheat. Of course, this is not an obstacle for resourceful students – you can google the answers to the test on a second computer (or ask a friend to google it).

But, since we are labor at heart, we decided to check how much this SEB really helps in conducting exams and how to programmatically bypass its sensitive control (provided that the student has basic computer skills, does not get horrified by the words β€œ virtual machine ”and knows how to install the plug-in for the Mozilla Firefox browser). Ready? Go!

What is Safe Exam Browser (SEB)?

Safe Exam Browser (SEB) is a program for conducting exams, tests, etc. in online mode. Provides protection against:

  • opening extraneous applications (video and voice communication);
  • parallel search for information in a web browser;
  • launching an application in a virtual machine;
  • going to certain sites;
  • saving information in the clipboard before entering the program.

SEB’s architecture includes two parts: a desktop application and a browser. The application runs on the student’s computer and blocks all other applications except those required to pass the exam. Interaction over the network is only possible with the SEB browser, while the browser connects to the educational platform on which the test or exam is hosted (for example, Moodle). The examiner can allow third-party applications, such as Excel or a calculator, to be used during the exam, and then the student will be able to launch them. All such permissions and other settings are performed using the SEB Configurator and are written to a configuration file that is subsequently launched by the desktop application.

The SEB Configurator is an application with an intuitive interface:

Here you can set the URL of the exam resource, the list of allowed / prohibited applications and sites, permissions to download files from the Internet, work in a virtual machine, etc.

A lot of room for creativity and imagination, isn’t it?) Well, let’s get started.
For testing, we need: SEB program, virtual machine (VmWare, VirtualBox), Mozilla Firefox browser, something to compile a large project in C # (the author used Visual Studio Code), some educational resource (for example, a Moodle test configured only for work with SEB).

Disclaimer: helped the author a lot when writing an article this article

1. Changing the browser user-agent

Practically no knowledge and tools are required to implement this method. Let’s check how the Moodle test reacts when launched through an ordinary web browser:

As you can see from the screenshot, SEB does not allow access to the test from a regular browser.
According to the documentation, as a web browser SEB uses XULRunner – the Gecko engine of the Mozilla browser. Let’s try to replace the user-agent of the Mozilla browser with the user-agent specified in the SEB configurator:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 SEB

Let’s install some plugin to replace the user-agent, for example, User-Agent Switcher, and add the following option to it:

Sleight of hand and a little fraud – and now you can safely proceed to the test, while simultaneously opening Google in the next tab! πŸ™‚

2. Changing the configuration file of the virtual machine

The previous method, of course, is very simple and straightforward, but a situation may well arise that the examiner also collects the exam logs – and SEB just logs all its events: turning off unauthorized processes, clearing the clipboard and much more. Therefore, we need to find a way to cheat with SEB enabled!

First, we decided to see if SEB could be enabled in a virtual machine. Here, unfortunately, we failed – in such conditions SEB does not even allow itself to be launched. But somehow he realizes that a virtual machine is being used!

There was a concern that SEB was using methods that were not very pleasant for a student, such as detecting processes and services of a virtual machine (VM) in the system, but when studying the source code, it was found that the check for launching from a VM occurs in the IsInsideVM () function of the SEBWindowsClientMain.cs file:

private static bool IsInsideVM()
        {
            using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
            {
                using (var items = searcher.Get())
                {
                    foreach (var item in items)
                    {
                        Logger.AddInformation("Win32_ComputerSystem Manufacturer: " + item["Manufacturer"].ToString() + ", Model: " + item["Model"].ToString(), null, null);

                        string manufacturer = item["Manufacturer"].ToString().ToLower();
                        string model = item["Model"].ToString().ToLower();
                        if ((manufacturer == "microsoft corporation" && !model.Contains("surface"))
                            || manufacturer.Contains("vmware")
                            || manufacturer.Contains("parallels software") 
                            || manufacturer.Contains("xen")
                            || model.Contains("xen"))
                            || model.Contains("virtualbox"))
                        {
                            return true;
                        }
                    }
                }
            }
            return false;
        }

We see that SEB is able to detect virtual machines from manufacturers that are listed in the code! But what if we change the virtual machine config, thereby changing the manufacturer?

No sooner said than done! Open the VmWare config file and add the following line:

Now the manufacturer model of the virtual machine will be the same as that of the main machine. We start the virtual machine, turn on SEB on it and try to access the test – everything works!

3. Compilation of new versions of SEB

And now let’s move on to the fun part – compilation of β€œour” version of SEB! Source code available here… The most interesting thing is that the SEB configuration file does not track the integrity of the desktop application (or it keeps track of so that we could change most of the code without any problems, hee-hee), while the integrity of the configuration file sent by the examiner is checked more strictly.

3.1 Running in a virtual machine

We already changed the manufacturer in step 2, but how cool would it be to create a version of SEB that runs in any virtual machine, right? In addition, this is more than easy to do (except for dancing with a tambourine when trying to compile a project for the first time – and all because of the dissimilarity of .NET platforms).

So, you just need to comment out the line with the desired VM in the above code:

In this case, we have compiled the program in such a way that it does not react at all when launched in the VirtualBox virtual machine. But there is one important note: if our readers decide to use this method, then it is necessary to remove / change event logging! The virtual machine will start without problems, but the launch through VirtualBox will be reflected in the logs.

3.2 Clearing the clipboard

When SEB is powered on, it automatically clears the clipboard. Thus, everything that the student copied before the launch of SEB will not get into SEB. Well, the challenge is accepted!

There are two ways to go here:

  1. Dig into the SEBClipboard.cs file, remove error logging or slightly change the clipboard clearing algorithm.
  2. Comment out the line in the SEBWindowsClientMain.cs file:
    
                 // Clean clipboard
                //SEBClipboard.CleanClipboard();
                Logger.AddInformation("Clipboard cleaned.", null, null);

    At the same time, it is better to leave the subsequent logging – so that the examiner does not understand that with you at SEB you have brought something-which-cannot-be-used-at-the-exam πŸ™‚

Using any of these methods, you can get the desired result:

Thus, you can bring with you to SEB any text, picture – in a word, a cheat sheet that can be placed on the clipboard.

3.3 Help from a friend or remove the ban on Discord

SEB looks like a very moody woman – with Skype, Discord, etc. on. it will not turn on, but will present you with a choice: either me or them.
Well, let’s try to reduce the degree of stress in such a situation.

There is room for a flight of imagination, but, in general, it is enough to comment out lines that are appropriate in their meaning like “processToClose.Kill ();” in the SEBNotAllowedProcessController.cs file.
We also recommend considering the lines “SetForegroundWindow (windowHandle);”, “BringWindowToTop (windowHandle);” and the WatchDog service. Competent building of application and logging logic is the key to success!
And in the meantime, we got Discord running with SEB running:

What else can enthusiasts try?

There are enough options left, enough for 1000 and 1 sleepless night at the computer. For example, you can recompile SEB so that it does not run on top of all windows, and can be minimized like a normal application.

You can also try to run SEB on other OSs (incredible, but true: eyewitnesses claim that the standard university config for SEB on OS X cannot even stop voice communication via Discord!).

So, there are a great many ways to assemble SEB with reduced functionality, everything here rests only on the imagination of creative and hardworking students!

Let’s finish the article folk wisdom: only a bigger freebie can stop a student in search of a freebie!


0 Comments

Leave a Reply