The Wholesome Hacker

A while back, I was approached by a coworker, and sort of friend, who wanted to know if my being a programmer meant I could break into a password-protected laptop. Apparently, she noticed that someone accidentally left his laptop behind when leaving a train, and it was a little too late to catch him before the train doors closed. She tried asking at the train station how to return it, but they were no help, so now she had a locked laptop in her possession and no clue what to do with it. She figured she might as well make use of it if she couldn’t return it.

I believed her story. She was a very kind and well-meaning person, and I had every confidence that she had made a sincere effort to return the laptop before coming to me. Still, I wasn’t all that comfortable with the idea of breaking into someone else’s laptop, and I originally argued that I didn’t know how to unlock it anyway.

But even as I was trying to point out that being a programmer didn’t make me a master hacker, the geek part of my brain couldn’t help but tackle the problem, and I quickly realized that not only could I probably unlock it, but I didn’t expect it to be all that difficult to do. Now I found myself tempted to help just so I could later joke that I broke into a computer with my 1337 H4x0r skills.

In the end, I agreed to try to do what my coworker wanted, but only on the condition that the first priority would be to return the laptop to the rightful owner and she would only get the laptop back if I couldn’t do so. My original plan for unlocking the machine involved a Linux boot disk, but I was saved from having to burn one by the fact that a quick Google search returned a straightforward step-by-step guide for how to get past Windows passwords.

It involved intentionally shutting the machine down wrong so it would offer to do a full scan of the hard drive when rebooted. When that scan was completed, it would give a message in Notepad about the results of the scan. If I then chose to save that message, the screen that would pop up to pick where I wanted to save the file also allowed me to do some other things, like renaming existing files, and because it opened in admin mode, I could even change files that were usually protected.

So, I replaced the “sticky keys” file that runs when you hit Tab five times in rapid succession with the program that would open a command line prompt. After another reboot, when I was prompted to enter a password I instead hit Tab until the computer tried to run “sticky keys”, and instead, it opened up a command line running in admin mode, at which point I effectively could do anything I wanted on the machine by typing the appropriate commands.

For those who are screaming, “How could Microsoft be so sloppy that you could just Google how to unlock their machines?!” I should first mention that this was a much older version of Windows, nothing you are likely to be running on your computer at home.  

More importantly, the truth is that no matter what operating system you are using, your data really isn’t secure; if this exploit hadn’t existed, I could have fallen back to my original plan to use a boot disk, after all.

I’m sure the folks at Microsoft looked at their password protection as a way to keep non-computer-savvy people away and to slow down savvy folks enough that they couldn’t break in while you were away at the bathroom. Since the exploit I used required waiting for a long hard disk scan first, the password protection still did its job of slowing hackers down, and that’s all they really could hope for.

Anyway, now that I had full access to the laptop, my goal was to try to figure out how to contact its owner with minimal invasion of privacy. I got lucky there when I almost immediately found a resume saved in his documents with a phone number and email address at the top.

Now I had a new problem: the minor detail that I’d just broken the law. At the time, the “anti-hacking” laws we had were excessively open-ended. There was no doubt that my intentional breaking into a laptop qualified, even if I had the best of intentions when doing it. So, I had to figure out how to return the thing without confessing to my evil criminal ways.

In the end, I created a dummy email account to message the person who owned the laptop about returning it. He was quite thankful. Apparently, he hadn’t backed up his computer and thought he had lost some valuable files. He asked me how I managed to contact him, but in my reply, I explained only how I had come by the laptop and glossed over how I’d figured out his email address, and he thankfully didn’t ask about the omission.

I politely declined to have him come pick up the laptop at my house — we master criminals have to hide our addresses, after all — so we settled on my dropping it off at the nearby rental office for the complex he lived in so he could pick it up there later.

My friend was a bit disappointed to discover she wasn’t getting a new laptop any time soon but admitted she couldn’t be too angry at me for managing to return it to its rightful owner.