I got ya — A story of Croissants, Easter Eggs, a Keylogger, and IT security.
If you are reading this article it’s because you might have asked yourself:
what the heck have in common croissants and IT security?!
Spoiler alert: this article is not about breakfasts nor about food in general but it’s about me hacking stuff for the sake of it.
All started a couple of weeks ago, when the head of the IT security in the company where I work for decided to start a funny game to let workers understand the importance of locking our computers when we leave them unattended.
The rules are simple: if someone will be able to post the word “Gipfeli” (Croissants in Swiss German) with your account in our #general chat channel while you are not around, the day after you will need to bring Croissants to the whole team.
This game was created with good intentions and it’s meant to improve our security standards but since I am rioter, love golang having few chances to use it at work and like Easter Eggs I decided to start my counter game.
My goal was to lock automatically my mac as soon as someone wrote the “Gipfeli” string with my keyboard.
I wrote my first keylogger in go and C four years ago but I never had the chance to use it for something meaningful. But in this case it became the core of my Easter Egg.
After a hour of work on it I could detect a list of blacklisted words and I could spawn bash terminal commands just using native golang modules, pretty neat! If a blacklisted word was detected I could spawn “pmset sleepnow” to let my mac sleep.
Once the script was ready and well tested I could finally launch it automatically on boot in a daemon process on my mac.
Conclusion
Once installed i-got-ya on my machine I have left it unattended waiting that someone could trigger my Easter Egg that of course didn’t work because It can’t detect typos yet 😅 and I had to bring the 🥐 for everyone (again).
I had so much fun developing something in go taking a break from javascript for a day. Of course making this script doesn’t mean that I will not lock my computer in future indeed I have learned that security comes always first!
Here you can have a look at source code of the script.
