Max Murphy

Max Murphy

PhD, Bioengineering

Accidental Malware

Published:

Accidental Malware

After more-or-less finalizing several web-based clicking games to measure motor information throughput, I figured I should make it possible to interface to the tasks using more than just a mouse, trackpad, or touchscreen. My idea was to write a compiled c/c++ executable, which I could easily run from any Windows-11 device (i.e. most of my normal lab workstations), that would run in the background as a “controller emulator server.” I got to work writing an Input_Utilities code repository. You may have guessed where this is headed.

It works

I started out with a server utility that opens port 6053 and accepts websocket TCP/IP connections from any IP address that the program has access to. Once a socket connection is made, it indicates in the console that "XBOX controller connected." After that, it pretends to create Windows Gamepad events based on TCP char packets consisting of 'a1' (for “A-button” release) or '40' (for d-pad left press; full table here). So it lets you issue commands as if you were connected via an XBOX controller, simply by connecting to the socket and issuing the correct 2-char newline-terminated sequence. I thought this was pretty nifty since it allows me to, for example, do some decoding in MATLAB or Python, then from within that environment create a TCP/IP socket connection to the emulator and proceed to convert any decoder output into the appropriate character sequence. In turn, this allows me to interact with ALL the numerous types of applications that accept XBOX Gamepad inputs! Not bad. To keep it relatively “safe” I made sure the program exits once the socket has been closed. Of course, this gets annoying if you have to restart the server every time, so the next steps were:

  1. Add other forms of input emulation, and
  2. Add “server persistence” because I’m lazy.

Mouse Input Emulation

In the second version, I added mouse input emulation. This basically uses the same approach as before, but opens an additional socket connection on port 6054. Both of the sockets need to be connected for the main loop to run on the server application. The mouse inputs can emulate mouse movement events, left/right clicks, press and release, and mouse wheel scroll-up and scroll-down. The full API description for the mouse events is in the table here.

Adding Persistence

The final version, it basically just wraps the application in a while loop that allows it to cycle back into waiting for both of the client socket connections to complete so that the server application no longer closes when the socket connections are closed. I realized that, basically what I had made was an application that runs in the background and allows some other machine to take over the server application’s mouse, which sounds a little bit like malware but it’s for a good purpose. So I added some caveats about security and how it should be deployed along with some default .bat scripts to modify firewall rules for the ports used by the application in an attempt to make sure if anybody other than me uses this, hopefully “you’ve been warned.” Please read the safety concerns here, if you’re considering using it.