Allow Steam full access to keyboard / mouse

If it's not about a problem in the program
Post Reply
demoQQ
Posts: 27
Joined: Fri Oct 04, 2013 1:43 pm

Allow Steam full access to keyboard / mouse

Post by demoQQ » Sat Nov 07, 2015 7:02 pm

I have in home streaming enabled. I have Steam installed to Sandboxie

What settings do I need to enable to allow Steam to interact with other programs running in another sandbox or running without sandbox supervision. For example I need to control Explorer, Firefox, etc basically everything that uses the mouse / keyboard. I have Steam in sandboxie to disallow registry / file changes. I only want to allow full keyboard and mouse control.

I have Windows 7 x64. Sandbox Lifetime v5.06

My current config

Code: Select all

[SteamGames]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=IExplore_Favorites_RecoverFolder
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#FFFF00,ttl
ForceFolder=E:\demoqq\SteamGames
ForceFolder=C:\Steam
BoxNameTitle=n
CopyLimitKb=839850
OpenPipePath=E:\demoqq\SteamGames\
OpenPipePath=C:\Steam\
OpenPipePath=%Personal%\
OpenPipePath=E:\demoqq\GameSaves\
OpenPipePath=C:\Users\demoqq\Documents\
OpenPipePath=E:\demoqq\GameMods\
OpenPipePath=C:\Users\demoqq\Saved Games\
OpenPipePath=E:\demoqq\SteamTools\
NeverDelete=y
LingerProcess=Setup.exe
LingerProcess=vcredist_x86.exe
LingerProcess=VCREDI~3.EXE
NotifyStartRunAccessDenied=y

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: Allow Steam full access to keyboard / mouse

Post by Craig@Invincea » Mon Nov 09, 2015 2:32 pm

The whole purpose of SBIE is to isolate a program running in a sandbox from your host and/or other sandboxes.

demoQQ
Posts: 27
Joined: Fri Oct 04, 2013 1:43 pm

Re: Allow Steam full access to keyboard / mouse

Post by demoQQ » Mon Nov 09, 2015 4:53 pm

This doesn't solve my problem

BlockFakeInput=N and OpenWinClass=* are not letting key press through.

X-Gamer
Posts: 28
Joined: Thu Apr 21, 2016 9:38 am

Re: Allow Steam full access to keyboard / mouse

Post by X-Gamer » Thu Apr 21, 2016 8:49 pm

Hello,

I have same problem here.

Nobody can help ?


That steam in sandboxie has access outsite of sandboxie with mouse and keyboard ?


Because use my PC for work etc and in living room otherone can play with steam but when there an error or something mouse not work keyboard not work only in windows that are sandboxied !

Tryed many thing like a accessibilty enabled but also not work mouse keyboard and brings other problems . also Openwinclass=*


How can steam in sanboxie access other programms outside sanboxie ???


Hope someone can help use !?


Regards

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: Allow Steam full access to keyboard / mouse

Post by Craig@Invincea » Thu Apr 21, 2016 11:32 pm

The whole purpose of SBIE is to isolate sandboxes from one another. That's the primary point.

The openwinclass punches holes in that isolation, so you might as well not run in a sandbox then. It defeats the purpose.

X-Gamer
Posts: 28
Joined: Thu Apr 21, 2016 9:38 am

Re: Allow Steam full access to keyboard / mouse

Post by X-Gamer » Fri Apr 22, 2016 3:02 pm

Craig@Invincea wrote:The whole purpose of SBIE is to isolate sandboxes from one another. That's the primary point.

The openwinclass punches holes in that isolation, so you might as well not run in a sandbox then. It defeats the purpose.

Yes but with Sandboxie no way for that ? Like i asked the questions !?

Or any other software or trick with sandboxie or a new feature in sandboxxie that steam can have access to outside sandboxie ? because there ar eno settings in sandboxie for steam.

regards

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: Allow Steam full access to keyboard / mouse

Post by Craig@Invincea » Sat Apr 23, 2016 2:35 am

X-Gamer wrote:
Craig@Invincea wrote:The whole purpose of SBIE is to isolate sandboxes from one another. That's the primary point.

The openwinclass punches holes in that isolation, so you might as well not run in a sandbox then. It defeats the purpose.

Yes but with Sandboxie no way for that ? Like i asked the questions !?

Or any other software or trick with sandboxie or a new feature in sandboxxie that steam can have access to outside sandboxie ? because there ar eno settings in sandboxie for steam.

regards
Not that I know of. The OpenFilePath is from a SB to your host machine. (Thus the hole punch)
SB are independent of one another. That's how SBIE is designed.
Sandboxie is designed to protect you online. Originally it was Internet Explorer (SandboxIE) that expanded over the years. Gaming isn't really something we're focused on at this time. As Steam is well known and secure as anything else and not something we'd consider SB'ing. We also don't routinely test Steam any longer given the changes that they have made and the fact they now report SBIE as a "cheat" software.

Sandboxie is designed as an isolation "container" (A sandbox). Plain and simple. We have nothing built into it to directly support Steam.

BUCKAROO
Posts: 206
Joined: Sun Oct 24, 2010 3:13 am

Re: Allow Steam full access to keyboard / mouse

Post by BUCKAROO » Sat Apr 23, 2016 5:18 am

The responsible exe on server must have uiAccess="true" in its manifest. Steam apparently doesn't.

No solution for you, demoQQ.

Not a simple one at least...

*** BYPASS SANDBOXIE BYPASS ***

ForceProcess=uiAccess.exe

Interact with Any window!

https://autohotkey.com/board/topic/7044 ... -programs/

As example, first endow AutoHotkey with special privilege:
AutoHotkeyU32.exe EnableUIAccess.ahk AutoHotkeyU32.exe "C:\Program Files (x86)\uiAccess.exe"

Create a script uiAccess.ahk in same directory.

Code: Select all

Loop
{
Send()
if(GetKeyState("Esc","P"))
break
Sleep,2000
}

Send()
{
SendInput SendInput
SendPlay SendPlay
SendEvent SendEvent
ControlSend,,ControlSend,A
}
Now let ForceProcess launch uiAccess.exe

Exploit via (ahk script) SendPlay.
OpenWinClass=* opens up SendInput and SendEvent as well.

uiAccess.exe (example) must reside under Program Files* or System32.

ForceProcess doesn't apply to Sandboxed items so whether this exploit can reside in Sandbox mirror location is not determinable to me.

If it weren't for requisite ForceProcess launch, Sandboxed program could easily start and hijack Sandboxed process of anyone sporting uiAccess or his own binary:

TabTip.exe
TabTip32.exe
AuditShD.exe
EaseOfAccessDialog.exe
F12Chooser.exe
Magnify.exe
msra.exe
Narrator.exe
osk.exe
psr.exe
rdpinput.exe
RdpSa.exe

No one is vulnerable by default settings as far as I know.

Any sibling program of a successfully UIA enabled process, can inherit UIA interaction! I think therein is one peculiar thing about ForceProcess, that it is spawned twice, the second instance from the parent (?) who may possess some special rights. [In some instances the first P/ID lingers though relevant only to programs that must wait on a worker process.]

BUCKAROO
Posts: 206
Joined: Sun Oct 24, 2010 3:13 am

Re: Allow Steam full access to keyboard / mouse

Post by BUCKAROO » Sun Apr 24, 2016 9:30 am

@demoQQ:

1. Download AutoHotkey portable and also EnableUIAccess script (extract preserving folder structure).

2. Build uiAccess.exe (best of luck...)
AutoHotkeyU32.exe EnableUIAccess.ahk AutoHotkeyU32.exe "C:\Program Files (x86)\uiAccess.exe"

3. Add to your [SteamGames] Sandbox.
OpenPipePath=\Device\QWAVEdrv
ForceProcess=uiAccess.exe
OpenWinClass=*

4. Save uiAccess.ahk (just one line) to Program Files as above.
Run,C:\Program Files (x86)\Steam\Steam.exe

5. Launch uiAccess.exe (Steam must NOT already be running/in the background.)

It works. Type into and manipulate even Elevated process' window via Sandboxed Steam Streaming.

X-Gamer
Posts: 28
Joined: Thu Apr 21, 2016 9:38 am

Re: Allow Steam full access to keyboard / mouse

Post by X-Gamer » Mon Apr 25, 2016 6:43 am

BUCKAROO wrote:@demoQQ:

1. Download AutoHotkey portable and also EnableUIAccess script (extract preserving folder structure).

2. Build uiAccess.exe (best of luck...)
AutoHotkeyU32.exe EnableUIAccess.ahk AutoHotkeyU32.exe "C:\Program Files (x86)\uiAccess.exe"

3. Add to your [SteamGames] Sandbox.
OpenPipePath=\Device\QWAVEdrv
ForceProcess=uiAccess.exe
OpenWinClass=*

4. Save uiAccess.ahk (just one line) to Program Files as above.
Run,C:\Program Files (x86)\Steam\Steam.exe

5. Launch uiAccess.exe (Steam must NOT already be running/in the background.)

It works. Type into and manipulate even Elevated process' window via Sandboxed Steam Streaming.

Thanks i tryed but not work Steam in Sanboxie can still not use Mouse or Keyboard outside sandboxied steam or explorer or windows or other software / programs.

the uiAccess.exe is closed fast after Steam.exe ist started also with the oth uiAccess.ahk with more lines and sendinput etc not working .


How it must be done that it work ?

BUCKAROO
Posts: 206
Joined: Sun Oct 24, 2010 3:13 am

Re: Allow Steam full access to keyboard / mouse

Post by BUCKAROO » Mon Apr 25, 2016 11:20 am

Sounds like you have done everything according to instruction.
Purpose of uiAccess.exe is merely to pass on uiAccess privilege.

SendInput stuff is there just to test without Steam involvement.

Steam.exe mustn't exist in the Sandbox ("Stream Launch Failed").
uiAccess.exe must exist in real Program Files * folder only.
uiAccess.exe must be trigger-started by ForceProcess.

If a single Win10 App is open and not minimized, it'll freeze up!
Have something like TightVNC installed to close problem windows.

It really works as I advertise. I can interact with the desktop & start menu.
I can hear videos, can't see them, games fail, but might be my mobile GPU.
(I know it is my GPU drivers for most part. Flash games stream fine. Heh)

I don't think it's worthwhile until Steam Streaming is built for this purpose.
X-Gamer wrote:Because use my PC for work etc and in living room otherone can play with steam but when there an error or something mouse not work keyboard not work only in windows that are sandboxied !
But it would - does for me in fact - solve this predicament ideally!

rpljhun
Posts: 203
Joined: Sat Jan 12, 2013 9:29 am

Re: Allow Steam full access to keyboard / mouse

Post by rpljhun » Mon May 02, 2016 4:30 am

By using OpenWinClass=* you are allowing direct access to Window Objects outside the sandbox and rely on Windows UIPI mechanism to mitigate attacks. Windows allows UIPI bypass with requirements.
1. Setting UIAccess attribute to true in program's application manifest.
2. Digitally signed and trusted in root certificate.
3. Must reside in %ProgramFiles% and its subdirectories. Or %WinDir% and its subdirectories.

These requires elevated rights to fulfill its requirements.

I think made a response in bellzemos about these. And I quoute.
rpljhun wrote:Bellzemos, using OpenWinClass=* in Windows XP is risky. For Windows Vista and above, the UIPI, UAC and the Untrusted Integrity Level(Lowest Level) of sandboxed application should prevent shatter attacks but that depends on how sandboxie handle application with manifest entry UIAccess="true" and passed UIPI requirements. If sandboxie removed this entry then shatter and shatter like attacks will be prevented while using OpenWinClass=*. Although without it being removed the risk is very low because malware will unlikely pass the requirements but still possible.
http://forums.sandboxie.com/phpBB3/view ... 04#p108994

X-Gamer
Posts: 28
Joined: Thu Apr 21, 2016 9:38 am

Re: Allow Steam full access to keyboard / mouse

Post by X-Gamer » Tue Jul 04, 2017 8:18 pm

BUCKAROO wrote:
Mon Apr 25, 2016 11:20 am
Sounds like you have done everything according to instruction.
Purpose of uiAccess.exe is merely to pass on uiAccess privilege.

SendInput stuff is there just to test without Steam involvement.

Steam.exe mustn't exist in the Sandbox ("Stream Launch Failed").
uiAccess.exe must exist in real Program Files * folder only.
uiAccess.exe must be trigger-started by ForceProcess.

If a single Win10 App is open and not minimized, it'll freeze up!
Have something like TightVNC installed to close problem windows.

It really works as I advertise. I can interact with the desktop & start menu.
I can hear videos, can't see them, games fail, but might be my mobile GPU.
(I know it is my GPU drivers for most part. Flash games stream fine. Heh)

I don't think it's worthwhile until Steam Streaming is built for this purpose.
X-Gamer wrote:Because use my PC for work etc and in living room otherone can play with steam but when there an error or something mouse not work keyboard not work only in windows that are sandboxied !
But it would - does for me in fact - solve this predicament ideally!
Thanks is there also a other solution because with OpenWinClass=* i always get BSOD since new sandboxie and Windows 10 CU .

X-Gamer
Posts: 28
Joined: Thu Apr 21, 2016 9:38 am

Re: Allow Steam full access to keyboard / mouse

Post by X-Gamer » Wed Jul 05, 2017 6:46 pm

rpljhun wrote:
Mon May 02, 2016 4:30 am
By using OpenWinClass=* you are allowing direct access to Window Objects outside the sandbox and rely on Windows UIPI mechanism to mitigate attacks. Windows allows UIPI bypass with requirements.
1. Setting UIAccess attribute to true in program's application manifest.
2. Digitally signed and trusted in root certificate.
3. Must reside in %ProgramFiles% and its subdirectories. Or %WinDir% and its subdirectories.

These requires elevated rights to fulfill its requirements.

I think made a response in bellzemos about these. And I quoute.
rpljhun wrote:Bellzemos, using OpenWinClass=* in Windows XP is risky. For Windows Vista and above, the UIPI, UAC and the Untrusted Integrity Level(Lowest Level) of sandboxed application should prevent shatter attacks but that depends on how sandboxie handle application with manifest entry UIAccess="true" and passed UIPI requirements. If sandboxie removed this entry then shatter and shatter like attacks will be prevented while using OpenWinClass=*. Although without it being removed the risk is very low because malware will unlikely pass the requirements but still possible.
http://forums.sandboxie.com/phpBB3/view ... 04#p108994

So how we can use it for that prupose how we need it ?


thanks

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest