Undertaker Posted June 30, 2017 Share Posted June 30, 2017 26 minutes ago, dcs18 said: If Tonec releases the V7, we'll do the new improvised IDM guide IDM v7 is a myth, never gonna happen. The Mayan calendar ends at IDM v6.xx Pls do adblocking after acronis. Link to comment Share on other sites More sharing options...
Dukun Cabul Posted July 1, 2017 Share Posted July 1, 2017 Finally home again ....... and had a chance to test Internet Lock (deeper) Okay guys, for those who have their PC already contaminated by IDM, if you want to use Internet Lock then here's all you have to do: 1. Cleanup your registry/system using IDM_Cleaner.bat 2. Delete all "empty CLSID key" using RTKF That's all ! Then this is my all test with Internet Lock Block 3 domains name (using wildcard): *internetdownloadmanager.com *registeridm.com *tonec.com TEST 1. Register IDM with any fake serial (Successful) 2. Check for updates (Blocked) 3. Visitting IDM Home Page (http://www.internetdownloadmanager.com), download installer (Blocked) 4. Visitting Tonec Home Page (http://www.tonec.com), download installer (Blocked) 5. Turn Off/Turn On IDM (No issue) 6. Restart PC (No issue) 7. Turn Off/Turn On PC (No issue) 8. Launch IDM on startup (No issue) 9. Download files from multiple sites (No issue) 10. Accessing/download from these URL (Blocked) http://50.97.82.44/idman628build15.exe http://169.55.0.224/idman628build15.exe http://169.55.40.5/idman628build15.exe http://50.97.82.44/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe http://169.55.0.224/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe http://169.55.40.5/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe And this one is my last test, not recommended, unless you're willing to take risks - You have been warned ! Blocked 2 domains name only (using wildcard): *internetdownloadmanager.com *registeridm.com The result is the same as blocking 3 domains name, except for these test: - Visitting Tonec Home Page (http://www.tonec.com), download installer (Successful but no issue) - Accessing/download from http://50.97.82.44/idman628build15.exe (Successful but no issue) - Accessing/download from http://50.97.82.44/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe (Successful but no issue) The feature which I like most is "Log" feature. With this feature I'm able to monitor/record all connection event and knowing exactly which program/Domain/IP dealing with the connection. Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 12 minutes ago, Dukun Cabul said: Block 3 domains name (using wildcard): *internetdownloadmanager.com *registeridm.com *tonec.com Blocked 2 domains name only (using wildcard): *internetdownloadmanager.com *registeridm.com Blocking just these domains mentioned works with any of the methods published recently, ATM — however, it's important to understand that those domains are completely under the control of Tonec, (not us) and that they can switch them, at will . . . . . . leading to a deactivation. While this might not matter much to a Home User, it would prove catastrophic to folks who administrate multiple clients machines. Link to comment Share on other sites More sharing options...
Undertaker Posted July 1, 2017 Share Posted July 1, 2017 Are we analysing which is the best method? Because my method totally rocks Link to comment Share on other sites More sharing options...
Dukun Cabul Posted July 1, 2017 Share Posted July 1, 2017 Volunteer needed I need someone to improve my script .... TIA Empty CLSID Key Finder Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 5 minutes ago, Dukun Cabul said: Volunteer needed I need someone to improve my script .... TIA Empty CLSID Key Finder Link to comment Share on other sites More sharing options...
Dukun Cabul Posted July 1, 2017 Share Posted July 1, 2017 15 minutes ago, Undertaker said: Are we analysing which is the best method? Because my method totally rocks How come ? I thought mine ... Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 17 minutes ago, Undertaker said: Are we analysing which is the best method? Because my method totally rocks Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional? Link to comment Share on other sites More sharing options...
Undertaker Posted July 1, 2017 Share Posted July 1, 2017 2 minutes ago, dcs18 said: Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional? Gotta try it to believe it. Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 9 minutes ago, Undertaker said: 12 minutes ago, dcs18 said: Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional? Gotta try it to believe it. Already did and discovered that it lacks anti-DNS spoofing and anti-ARP cache poisoning capabilities. Link to comment Share on other sites More sharing options...
Undertaker Posted July 1, 2017 Share Posted July 1, 2017 1 minute ago, dcs18 said: Already did and discovered that it lacks anti-DNS spoofing and anti-ARP cache poisoning capabilities. You can use DNSsec DNS servers in Acrylic if you want more security. If it didn't protect my DNS, it would not have shown those error in connection for IDM like it did (last night screenshots) Simple DNScrypt is also not without flaws, like we dicovered that it can not block IPs exclusively. And I'm sure, if we google DNSsec/DNScrypt - flaws/limitation/bypass, there would be hundreds of result. Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 Just now, Undertaker said: You can use DNSsec DNS servers in Acrylic if you want more security. If it didn't protect my DNS, it would not have shown those error in connection for IDM like it did (last night screenshots) Acrylic DNS cannot encrypt the packets. Just now, Undertaker said: Simple DNScrypt is also not without flaws, like we dicovered that it can not block IPs exclusively. I do NOT want my IPs to be audited by any other tool other than my firewall. Link to comment Share on other sites More sharing options...
sledge101 Posted July 1, 2017 Share Posted July 1, 2017 2 hours ago, Dukun Cabul said: Volunteer needed I need someone to improve my script .... TIA Empty CLSID Key Finder let me take a look.... im also working on it just like the vp protect before ... as i am improving the revising the reg block method of hamanokaito specific only for idm check . This is without using anymore a firewall or ip blocking . It is optional though --> users choice. I think xanax release his own version of reg block with the help of process detection of idman.exe . nevertheless, the basic concept is still the same with some twist . Currently using RTK to detect 2 random keys generated once online uses for checking license ... Link to comment Share on other sites More sharing options...
dcs18 Posted July 1, 2017 Author Share Posted July 1, 2017 I'm sure you guys are already aware that Registry Trash Keys Finder locates this empty CLSID key (and much more,) as well:— 2 hours ago, dcs18 said: Link to comment Share on other sites More sharing options...
hamanokaito Posted July 1, 2017 Share Posted July 1, 2017 27 minutes ago, sledge101 said: let me take a look.... im also working on it just like the vp protect before ... as i am improving the revising the reg block method of hamanokaito specific only for idm check . This is without using anymore a firewall or ip blocking . It is optional though --> users choice. I think xanax release his own version of reg block with the help of process detection of idman.exe . nevertheless, the basic concept is still the same with some twist . Currently using RTK to detect 2 random keys generated once online uses for checking license ... Yes ! That's right. Use search empty REG of @Dukun Cabul With Permission REG of @xanax , You would be astonishing to combine both. Link to comment Share on other sites More sharing options...
sledge101 Posted July 1, 2017 Share Posted July 1, 2017 42 minutes ago, dcs18 said: I'm sure you guys are already aware that Registry Trash Keys Finder locates this empty CLSID key (and much more,) as well:— yes dcs18, i am aware of that in fact rtkf makes it easier to find it . The workaround is simple actually but needs to do it manually even in contaminated idm, i want to script it for automated process without the help of RTKF ... Here ( IDM already installed online or offline doesnt matter ) 1. Run Dukuns Cleaner --> Remove unnecessary clsid and reset back 2. Run RTKF to double check --> Note for "empty clsid/fake clsid/ invalid clsid" in 64/32 bit mode(impt) .. If found, delete them all. Close RTKF 3. Register IDM in HKCU\Download Manager using registry importation( You can use /brand any keys and name you like). This is where you configure settings and on xanax advised for deletion of tvfrdt but used the old scansk 4. Run IDM while online. - Creates 6D(No MData yet), D5 keys but no additional 2 keys added. 5. Now, download a file while online. Close IDM task tray 6. 6d key now creates Mdata then 2 additional keys. If you open it IDM again, you will get the nag/counterfeit screen. - To remove counterfeit nag : Go to 6d key --> Locate Mdata, delete it. 7. For additional keys, run RTKF , go to 32 bit mode , you will see 2 new empty keys , these keys is the license check keys that needto be block. Do not delete it. We now filtered the 2 keys responsible for the nagging and deactivation. 8. Block those 2 keys + the 6D + D5 keys = 4 keys total. Make sure, 6d has no Mdata on it - You can use the subinacl or the setacl to block those keys, once block, you get access denied. 9. Now time to open your idm . 10. Done! Note: Re -run RTFK , and you will see no recurrences of thrash keys Image Attached Still using my favorite key IDM62-XXXXX-XXXXX.... Registered to Nsane Forums Link to comment Share on other sites More sharing options...
hamanokaito Posted July 1, 2017 Share Posted July 1, 2017 @sledge101 Code A in All. You don't need repeat the steps. Just search and block it. And you got it Link to comment Share on other sites More sharing options...
sledge101 Posted July 1, 2017 Share Posted July 1, 2017 57 minutes ago, hamanokaito said: @sledge101 Code A in All. You don't need repeat the steps. Just search and block it. And you got it @hamano... i am showing the steps so for others to understand Counterfeit nag = mdata Block key nag upon opening idm and downloading process= 2 random keys DC can detect the 2 random keys on his script but needs some improvement... i'll c what i can help. I guess this is easier if i write it in vb.net Link to comment Share on other sites More sharing options...
sledge101 Posted July 1, 2017 Share Posted July 1, 2017 7 hours ago, Dukun Cabul said: Volunteer needed I need someone to improve my script .... TIA Empty CLSID Key Finder as per previous response.... i dont know if you like this ... you can modify it anyway... using your batch script mod some few codes using append method and the results for empty clsid below you may want to use the txt file to skip first line and use the 3 clsid keys to do what you want , delete ,block or whatever method. hmm some additional minor codes to add after appending all empty clsid keys ... i believe its much easier for you now .. Note: during running the batch file, the key is not show in cmd console but automatically saved in text file .... sorry i did not add additional codes for it like doing blocking method or delete it... afterwards. However, We can now incorporate/insert the cleaner , deleter or blocker UPDATES: you can retain tvfrdt in download manager without importing scansk. or deleting it. Activation retains. hope this helps you even a lil bit. Empty CLSID Key Finder - mod append method.bat Link to comment Share on other sites More sharing options...
Dukun Cabul Posted July 1, 2017 Share Posted July 1, 2017 37 minutes ago, sledge101 said: as per previous response.... i dont know if you like this ... you can modify it anyway... using your batch script mod some few codes using append method and the results for empty clsid below you may want to use the txt file to skip first line and use the 3 clsid keys to do what you want , delete ,block or whatever method. hmm some additional minor codes to add after appending all empty clsid keys ... i believe its much easier for you now .. Note: during running the batch file, the key is not show in cmd console but automatically saved in text file .... sorry i did not add additional codes for it like doing blocking method or delete it... afterwards. However, We can now incorporate/insert the cleaner , deleter or blocker UPDATES: you can retain tvfrdt in download manager without importing scansk. or deleting it. Activation retains. hope this helps you even a lil bit. Empty CLSID Key Finder - mod append method.bat Good job ! Gonna try it now ..... report later Link to comment Share on other sites More sharing options...
sledge101 Posted July 1, 2017 Share Posted July 1, 2017 4 minutes ago, Dukun Cabul said: Good job ! Gonna try it now ..... report later You can improve that much better especially your idm _aio which im currently modifying to fit my needs. I commend you for wrting batch scripts. Btw, DC, to query for the remaining key 6d key in windows x64 reg query HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID /s /f 0000 0 matches if its blocked 1 match found if its not then can delete it as part of removing counterfeit key upon opening idm Enjoy and have fun. Link to comment Share on other sites More sharing options...
Dukun Cabul Posted July 1, 2017 Share Posted July 1, 2017 3 hours ago, sledge101 said: You can improve that much better especially your idm _aio which im currently modifying to fit my needs. I commend you for wrting batch scripts. Btw, DC, to query for the remaining key 6d key in windows x64 reg query HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID /s /f 0000 0 matches if its blocked 1 match found if its not then can delete it as part of removing counterfeit key upon opening idm Enjoy and have fun. Spoiler @echo off echo. if exist "%SYSTEMROOT%\SysWOW64\" ( set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\Wow6432Node\CLSID ) else ( set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID ) SetLocal EnableDelayedExpansion for /f "eol=E tokens=1" %%a in ('reg query %ROOT% /s /f 0000 /t REG_NONE') do if !VAR1!X==X set VAR1=%%a if defined VAR1 ( echo Are you searching for this key? echo. echo %VAR1% ) else ( echo Found nothing ) echo. echo. echo Press any key to exit . . . pause >nul Link to comment Share on other sites More sharing options...
ashish1989 Posted July 1, 2017 Share Posted July 1, 2017 On 05/10/2017 at 3:59 PM, dcs18 said: "Installing Greenify (Donate) On Privileged (ROM-integrated) Mode" The Objective: Reveal hidden contents The Uninstall: Reveal hidden contents It's advisable to uninstall Greenify before installing every new update/upgrade. Generally, Greenify uses some higher level of permissions, we're gonna deactivate the following 3 of those elevations:— Device administrator:Navigate to Settings >> Security >> Device administrators >> Greenify Automator >> (if the box is checked, un-check the box) >> Deactivate this device administrator >> OK (ensure visually that the Greenify Automator >> is indeed deactivated.) Apps with usage access:Navigate to Settings >> Security >> Apps with usage access >> Greenify >> (if it's set to On) >> Permit usage access >> (disable) >> (ensure visually that Greenify >> is now reflected as Off.) Accessibility:Navigate to Settings >> Accessibility >> Greenify - Automated Hibernation >> (if it's set to On switch it to Off) >> OK >> (ensure visually that Greenify - Automated Hibernation >> is now reflected as Off.) Navigate to Settings >> Apps >> Greenify >> Force Stop >> OK >> Storage >> Clear Data >> OK >> UNINSTALL >> OK >> (restart the device.) The Elevation: Reveal hidden contents Install the Greenify update but don't tap Open at the end of installation — tap Done, instead. Run Lucky Patcher >> locate Greenify and hold it down >> (as per the following figure) tap Move to /system/app >> Yes >> (wait patiently without interrupting the process) >> (after Lucky Patcher has done it's thing, tap Yes to reboot.) Next, before configuring Greenify, ensure activation of the following 3 elevations by reversing the corresponding steps mentioned on the beginning of this tutorial:— Device administrator: Apps with usage access: Accessibility: Whenever you run your Greenify next, you'll be welcomed by a setup wizard — configure as per your ROM status and after you're done, navigate from (the 3 dot) Menu to Settings >>----> Working Mode {if successful, you should see the Privileged (ROM-integrated) Mode status — as illustrated on the opening screenshot.} Bro but what about xposed based features Link to comment Share on other sites More sharing options...
sledge101 Posted July 2, 2017 Share Posted July 2, 2017 6 hours ago, Dukun Cabul said: Hide contents @echo off echo. if exist "%SYSTEMROOT%\SysWOW64\" ( set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\Wow6432Node\CLSID ) else ( set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID ) SetLocal EnableDelayedExpansion for /f "eol=E tokens=1" %%a in ('reg query %ROOT% /s /f 0000 /t REG_NONE') do if !VAR1!X==X set VAR1=%%a if defined VAR1 ( echo Are you searching for this key? echo. echo %VAR1% ) else ( echo Found nothing ) echo. echo. echo Press any key to exit . . . pause >nul Great. thats the retail key and everytime idm opens it will be recreated even with del permission there are 2 keys - 6d and d5 key - they are parent keys unless blocked.... 6d key in retail creates model and therad unless devs change the parent key but for now can detect that or simple search existence of mdata directly can also be done: :REG QUERY %ROOT% /v /f MData /t REG_NONE /s The code above will find existence mdata and find the respective key This is very useful, to prevent counterfeit key upon opening idm and of course if the default key 6d will change then find where mdata is located or changed. Link to comment Share on other sites More sharing options...
sledge101 Posted July 2, 2017 Share Posted July 2, 2017 @dukun cabul , i am almost finish with the batch script process ,i want you to inspect it later if u do have time.... 1 script for idm activation. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.