Comments (10)
mayed505
commented on July 16, 2024
Hey @gucci-on-fleek,
I've stumped upon this post which refers to the same message error:
https://systemfailu.re/2020/11/14/lockdownbrowser-analysis/
Go down to "<:: MISC. DETECTIONS" and you will find how this is being done.
The following message on that article is:
"The best assumption I could make about this function is that it ensure the name of the exe currently running is ‘LockDownBrowser.exe” and has not changed or been modified. If this returns false, meaning the module name is not the same, then it will send the modified message to the main loop."
Maybe looking into it we could probably know how they are checking the integrity.
from lockdown-browser.
gucci-on-fleek
commented on July 16, 2024
I can't tell exactly how they're detecting this, but my guess is that they're just detecting if Detours has been loaded or not. However they are doing it, they just started detecting this in this last update.
Probably the "easiest" solution would be to patch the system file user32.dll to make GetSystemMetrics(SM_REMOTESESSION) always return false. The patch itself should only need like 10 lines of assembly, but correctly applying the patch on a running system may be a little tricky.
from lockdown-browser.
mayed505
commented on July 16, 2024
Wouldn’t it be possible to patch the DLL in memory theoretically?
Also regarding the GetSystemMetrics, they could possibly also be looking into GetVersionEx (OSVERSIONINFOEX.wSuiteMask) but I’m not sure as I could be wrong.
I’d need to fiddle around on that part, I’ll try getting around and see if I can do a real-time patch on that one with a DLL injector that I have laying around. Possibly even go the hard way of modifying LockdownBrowser.dll with a byte patch.
from lockdown-browser.
gucci-on-fleek
commented on July 16, 2024
Wouldn’t it be possible to patch the DLL in memory theoretically?
That's essentially what this tool is doing right now (Detours docs). I'm not sure if the Browser is detecting if any of its code has been modified at runtime, or if it's just detecting if Detours has been loaded.
they could possibly also be looking into GetVersionEx (OSVERSIONINFOEX.wSuiteMask)
I don't think that there's anything particularly interesting in there, but I may be wrong. That only shows if terminal services are installed, not if they're active (I think...)
Possibly even go the hard way of modifying LockdownBrowser.dll with a byte patch.
That's pretty challenging since the program detects it it's been modified. You could patch that out too, but it would be extra work.
The reason that I'm thinking of patching the system .dll files is because it is completely insane. No one in their right mind would modify such a core file on a regular system; however, since we're in a disposable VM, we don't really need to worry about safety/sanity. I'm not sure if it's the best way forward, but it may be easier than trying to reverse-engineer some of the Browser code.
from lockdown-browser.
mayed505
commented on July 16, 2024
Any update on the user32.dll's patch?
from lockdown-browser.
gucci-on-fleek
commented on July 16, 2024
@mayed505 It's somewhere on "the list", although not particularly high up. Realistically, I'm unlikely to start working on this until September, although I may end up with some spare time in the next couple of weeks. No solid plans at the moment, although it will probably get done eventually.
from lockdown-browser.
mayed505
commented on July 16, 2024
@gucci-on-fleek I've attempted to play with the user.dll and all but it doesn't seem to work up correctly.
The best bet is to leave it up to you because I'm probably doing something wrong here.
from lockdown-browser.
gucci-on-fleek
commented on July 16, 2024
Which user32.dll were you modifying? You would need to patch the one in C:\Windows\SysWOW64, not the one in C:\Windows\System32.
from lockdown-browser.
mayed505
commented on July 16, 2024
I have no idea what I've done, but I updated the lockdown, and it seems to be working.
https://i.imgur.com/NzZjFQL.png
It used to show that dialog upon the browser start-up.
Checking the change log since July 26 reveals the following:
Version 2.0.9.03, 7-26-22
Improvements to security
from lockdown-browser.
mayed505
commented on July 16, 2024
This probably should be closed. Issue hasn’t occurred since the issue was made.
from lockdown-browser.
Related Issues (20)
- Error with date or firewall HOT 15
- Respondus Sandbox Assignment Submission Issue HOT 2
- ALEKS doesn't play well? HOT 5
- Project Status HOT 1
- Minimizing the Sandbox is detected by the Browser HOT 1
- Update server is not supplying update information, or the connection to Update server is blocked. Please try again later. HOT 3
- Does not work on VM HOT 8
- Issue when I click open from my school site HOT 4
- Can you help me because I don't know where to start and I have a lockdown browser Lab OEM and if you help me and it works, I can pay you. HOT 1
- Does Not Work For Lockdown Browser OEM HOT 1
- Using with versions ≥ `2.1.2.04` may get your account permanently banned. HOT 22
- HELP HELP HELP HOT 2
- "This browser can't be used while Remote Desktop or Terminal Services are active" HOT 3
- Update server is not supplying update information
- Lockdown Browser Account Banned HOT 2
- LockDown Browser May Be Banning Your Institutional Account HOT 1
- Audio from webcam not going through. HOT 1
- Getting a "Processing Your image" at the Face Detection. Doesn't go through. HOT 2
- While running build.ps1 script, completely errors out at line 40. HOT 1
- IMPORTANT: Using new versions of Respondus Lockdown browser does not work HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lockdown-browser.