Security Through the Mouse

by Steve Rives

Have you ever wanted to write a program that could stop keyboard monitoring password stealers?  I did.  Most password stealers that I have seen/written, only capture key strokes.  It should be easy to beat these programs by simply having the user enter their password using more than the keyboard.  This line of thought caused me to write a program that would accept mouse clicks as a part of a passoword.  With my program, the user is able to enter keys and left and right mouise clicks for their password.  For example, a password might be:

F + I + S + H + mouse_left_click + mouse_left_click + mouse_right_click

Now that's a password!  My program allows the user to use the keyboard and the mouse to enter their password.  Not only does this program make life hard for keyboard monitors, but it also makes life hard for shoulder surfers.

I now present the basic program that implements this scheme.  Notice that this was written for PCs.  This program should help hackers to think of more robust password stealers.  And for those of you who need more password protection, consider using the simple functions provided in this program.

// MousePas.C
// To compile with Turbo C++
//     tcc MousePas.c
// To comlile with Borland C++
//     bcc MousePas.c
#include <dos.h>                // i86
#include <conio.h>              // kbhit()
#include <string.h>             // strcmp()
#include <stdio.h>              // printf()

void instructions()
{
  clrscr();
  printf("You will be prompted to enter a password.\n");
  printf("Click on the left and right mouse buttons.\n");
  printf("And their clicks will become part of the password.\n");
  printf("You must have a mouse driver loaded to use the mous.\n");
}

int get_button()
{
  struct REGPACK regs;
  regs.r_ax = 3;
  regs.r_bx = regs.r_cx = regs.r_dx = regs.r_es = 0;
  regs.r_es = 0;
  intr(0x33, &regs);
  return regs.r_bx;
}

void get_mouse_string(char *string, int maxlen)
{
  int i = 0, button;
  char key = 0;
  while (key != 13 && i < maxlen) {
    if (kbhit()) {
      key = getch();
      if (key != 13 && key > 2) {
        printf("*");
        string[i++] = key;
      }
    } else if ((button = get_button()) != 0) {
      if (button == 1)
        printf("L");
      else
        printf("R");
      string[i++] = button;
      while ((button = get_button()) != 0);
    }
  }
  string[i] = 0;
}

void main()
{
  char password[128];
  char validate[128];
  instructions();
  printf("Enter a password: ");
  get_mouse_string(password, 127);
  // This is the cool part!
  printf("\nValidate password: ");
  get_mouse_string(validate, 127);
  if (strcmp(password, validate))
    printf("\n\nValidation FAILED\n");
  else
    printf("\n\nValidation PASSWD\n");
}

Code: mousepas.c
Return to $2600 Index