Jump to content




KOS- Advanced Secure Handheld PC Operating System


40 replies to this topic

#21 Anavrins

  • Members
  • 775 posts

Posted 22 April 2015 - 01:18 AM

Little tip about storing passwords
https://www.youtube....h?v=8ZtInClXe1Q

Posting this since I am able, even as a Guest, to get the user's hashes.

Edited by Anavrins, 22 April 2015 - 01:18 AM.


#22 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 22 April 2015 - 11:53 AM

View PostAnavrins, on 22 April 2015 - 01:18 AM, said:

Little tip about storing passwords
https://www.youtube....h?v=8ZtInClXe1Q

Posting this since I am able, even as a Guest, to get the user's hashes.

Yea, I had thought of using a salt as well, but with a sha256 hash on a computercraft OS with no currently seen methods to access the hash without logging in, I am not too concerned. If you really need that much security, then don't allow guests.

My major concern is making sure there are no up front vulnerabilities and fixing any bugs that crash the OS or have unwanted results. I will come back and make it more secure but I would really like to move on to working on a GUI.

#23 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 22 April 2015 - 12:15 PM

Update: Fixed extend crashing on non numeric entry.

#24 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 22 April 2015 - 07:41 PM

Updated to 1.5! Added a basic GUI and framework. More to come, enjoy!

Edit: I used this (broken) API to help forge my GUI. I would like to credit account.username for the API. I did have to change it a lot though.

Edited by Kizz, 22 April 2015 - 07:53 PM.


#25 Creator

    Mad Dash Victor

  • Members
  • 2,168 posts
  • LocationYou will never find me, muhahahahahaha

Posted 22 April 2015 - 07:52 PM

I think your os is great. Get a +1. I think it is your fisrt +1

#26 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 22 April 2015 - 07:54 PM

;D Thanks Creator! It's got a long way to go, but it's making progress!

Edited by Kizz, 22 April 2015 - 07:54 PM.


#27 Creator

    Mad Dash Victor

  • Members
  • 2,168 posts
  • LocationYou will never find me, muhahahahahaha

Posted 22 April 2015 - 07:55 PM

It's kind of ironic that your setup says "Welcome to the user creator"

#28 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 22 April 2015 - 07:58 PM

Yea, I run the user creator if no users file exists. It's the first-use event. I should probably hide that for that instance ;D

My bad... your name is creator... you bolded creator... my brain... is slow!

Edited by Kizz, 22 April 2015 - 07:58 PM.


#29 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 24 April 2015 - 07:27 PM

Update 1.6!
  • Added a new GUI API (touchpoint)
  • Improved GUI
  • Added guest GUI support
  • Fixed several security bugs, improved gui support for programs


#30 biggest yikes

  • Members
  • 573 posts

Posted 24 April 2015 - 09:09 PM

For me it still says "KOS 1.4.2", even after reinstalling.

#31 Anavrins

  • Members
  • 775 posts

Posted 26 April 2015 - 07:47 PM

View PostKizz, on 22 April 2015 - 11:53 AM, said:

View PostAnavrins, on 22 April 2015 - 01:18 AM, said:

Little tip about storing passwords
https://www.youtube....h?v=8ZtInClXe1Q

Posting this since I am able, even as a Guest, to get the user's hashes.

Yea, I had thought of using a salt as well, but with a sha256 hash on a computercraft OS with no currently seen methods to access the hash without logging in, I am not too concerned. If you really need that much security, then don't allow guests.

My major concern is making sure there are no up front vulnerabilities and fixing any bugs that crash the OS or have unwanted results. I will come back and make it more secure but I would really like to move on to working on a GUI.
What an incompetent answer from a supposedly "Secure" OS, why make a "Guest" feature if it's downright insecure to do so...

#32 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 27 April 2015 - 11:48 AM

View PostAnavrins, on 26 April 2015 - 07:47 PM, said:

View PostKizz, on 22 April 2015 - 11:53 AM, said:

View PostAnavrins, on 22 April 2015 - 01:18 AM, said:

Little tip about storing passwords
https://www.youtube....h?v=8ZtInClXe1Q

Posting this since I am able, even as a Guest, to get the user's hashes.

Yea, I had thought of using a salt as well, but with a sha256 hash on a computercraft OS with no currently seen methods to access the hash without logging in, I am not too concerned. If you really need that much security, then don't allow guests.

My major concern is making sure there are no up front vulnerabilities and fixing any bugs that crash the OS or have unwanted results. I will come back and make it more secure but I would really like to move on to working on a GUI.
What an incompetent answer from a supposedly "Secure" OS, why make a "Guest" feature if it's downright insecure to do so...

Incompetent? Don't be an ass. If you re-read the main post, this is still in development. I'm no professional so stop expecting perfect. If you want perfect, go make it yourself.

View PostAtenefyr, on 24 April 2015 - 09:09 PM, said:

For me it still says "KOS 1.4.2", even after reinstalling.

Yea, I will fix this. Fixed

Edited by Kizz, 27 April 2015 - 12:03 PM.


#33 biggest yikes

  • Members
  • 573 posts

Posted 02 May 2015 - 06:29 PM

View PostKizz, on 27 April 2015 - 11:48 AM, said:

View PostAnavrins, on 26 April 2015 - 07:47 PM, said:

-snip-
What an incompetent answer from a supposedly "Secure" OS, why make a "Guest" feature if it's downright insecure to do so...

Incompetent? Don't be an ass. If you re-read the main post, this is still in development. I'm no professional so stop expecting perfect. If you want perfect, go make it yourself.
Not trying to be rude myself, but I think you should take the constructive criticism out of that and apply it (remove the Guest feature) or say otherwise that you're keeping it.
Also, the following code still breaks "master":
os.queueEvent("extendme", "foo")
Since the user can write programs, it's smart to patch it in the program handling the event aswell. :)

Edited by Atenefyr, 02 May 2015 - 06:32 PM.


#34 minebuild02

  • Members
  • 97 posts

Posted 07 June 2015 - 11:49 AM

Think it's kinda bordering on the malicious - you cannot terminate the programs, but the biggest thing is that you cannot delete the OS without getting to the computer folder and wiping the files.
But I bypassed this 'protection' by aliasing to /rom/programs/delete and /rom/programs/edit.

#35 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 10 June 2015 - 01:19 PM

Yea, sorry guys. Work has kept me too busy to update. Eventually I will get in and add some more security features. Again, as stated, I wanted to focus on features for a bit and get a basic GUI laid out.

At the moment, if you throw your tablet at a friend on your server, chances are, they won't be able to hack into it without being given the password. (Granted, the guest account still needs work.) My main goal was to have a secure login system, and I was never really interested in having file restrictions or the lot. It just fell into place due to the guest account.

Also Atenefyr, I took no offense to your criticism. I appreciate any suggestions as long as you don't simply insult me for not being an ace programmer.

#36 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 12 June 2015 - 01:05 PM

Minor update to improve local and global tag usage, and prevented users crashing the logout timer program.

#37 coolmark1995

  • Members
  • 25 posts

Posted 14 June 2015 - 02:05 AM

I love the OS and all but I dont see a guest account at all is it hidden or is there a special fix? also I think you need to add a cool little app market that downloads pastebin programs :) Also I think it would be cool if you added monitor support :) as well as a pocket version or pocket support :D

Edited by coolmark1995, 14 June 2015 - 02:10 AM.


#38 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 15 June 2015 - 12:26 PM

Actually, thank you Coolmark! I enjoy feature suggestions as I was unsure where to take the OS. The guest account does work, you have to simply make a new account and set the permission level to 0. This will mark the account as guest.

Be warned, however, as the guest account is still undergoing work to make it truly secure.

#39 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 15 June 2015 - 01:16 PM

View Postcoolmark1995, on 14 June 2015 - 02:05 AM, said:

as well as a pocket version or pocket support :D

This is actually designed for the advanced pocket computer. Haven't tested on a normal pocket computer, but it should work mostly. (Will need to remove color before it is supported by basic computers)

Edited by Kizz, 15 June 2015 - 01:52 PM.


#40 Kizz

  • Members
  • 99 posts
  • LocationLouisville, Kentucky

Posted 15 June 2015 - 07:46 PM

Things I am working on:
  • Automatic updates
  • Improving guest account
  • Addition of app store
  • General performance improvement and better code readability (Should help me troubleshoot and expand code more easily)
  • Improving UI usability and flow while improving multi-thread support (Switching between programs and never leaving the UI)
Hopefully this will be out within the week!





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users