-
Notifications
You must be signed in to change notification settings - Fork 0
proctortrack
This write-up is a description of how I bypassed the VM detection of the online exam proctoring software Proctortrack from Verificient Technologies. The software is meant to prevent cheating for students taking online exams. It records your screen, your webcam, and microphone during the exam and prevents you from using non approved software while taking it. The software has protections in place to make sure it is not run in a virtual machine. If a student were able to run the software in a VM, it would render the software useless since they could escape the VM and do whatever they wanted without the software having the ability to track or prevent it. For example, they could open a web browser in their host OS and google the subject of an exam question, or chat online with other students taking the exam.
In short, I bypassed the checks that the software does to determine if it is in a VM by opening the executable up in a disassembler (like Ida, Binary Ninja, etc) and searched for the string in the message box that basically says "You're in a VM, quitting program". From there I traced the calls back until I found the point where it branches based on the result of the VM checks and simply changed one instruction from a conditional jump to jump always. This one change completely bypassed the checks and let me open the software right up in a Windows VM.