"Compilation Of Tutorials, Guides, Tips & Updates"

[Undertaker]

26 minutes ago, dcs18 said:

If Tonec releases the V7, we'll do the new improvised IDM guide

IDM v7 is a myth, never gonna happen. The Mayan calendar ends at IDM v6.xx

Pls do adblocking after acronis.

[Dukun Cabul]

Finally home again .......

and had a chance to test Internet Lock (deeper)

 

Okay guys, for those who have their PC already contaminated by IDM, if you want to use Internet Lock then here's all you have to do:

1. Cleanup your registry/system using IDM_Cleaner.bat

2. Delete all "empty CLSID key" using RTKF

That's all !

 

Then this is my all test with Internet Lock

Block 3 domains name (using wildcard):
   *internetdownloadmanager.com
   *registeridm.com
   *tonec.com

 

TEST
1. Register IDM with any fake serial (Successful)
2. Check for updates (Blocked)
3. Visitting IDM Home Page (http://www.internetdownloadmanager.com), download installer (Blocked)
4. Visitting Tonec Home Page (http://www.tonec.com), download installer (Blocked)
5. Turn Off/Turn On IDM (No issue)
6. Restart PC (No issue)
7. Turn Off/Turn On PC (No issue)
8. Launch IDM on startup (No issue)
9. Download files from multiple sites (No issue)
10. Accessing/download from these URL (Blocked)
    http://50.97.82.44/idman628build15.exe
    http://169.55.0.224/idman628build15.exe
    http://169.55.40.5/idman628build15.exe
    http://50.97.82.44/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe
    http://169.55.0.224/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe
    http://169.55.40.5/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe

 

 

And this one is my last test, not recommended, unless you're willing to take risks - You have been warned !

 

Blocked 2 domains name only (using wildcard):
    *internetdownloadmanager.com
    *registeridm.com

 

The result is the same as blocking 3 domains name, except for these test:
- Visitting Tonec Home Page (http://www.tonec.com), download installer (Successful but no issue)
- Accessing/download from http://50.97.82.44/idman628build15.exe (Successful but no issue)
- Accessing/download from http://50.97.82.44/updates/dfghrtv3465773FRJD843dedhx250dlAsb/idmupdt.exe (Successful but no issue)

The feature which I like most is "Log" feature. With this feature I'm able to monitor/record all connection event and knowing exactly which program/Domain/IP dealing with the connection.

[dcs18]

12 minutes ago, Dukun Cabul said:

Block 3 domains name (using wildcard):

   *internetdownloadmanager.com
   *registeridm.com
   *tonec.com

 

Blocked 2 domains name only (using wildcard):
    *internetdownloadmanager.com
    *registeridm.com

Blocking just these domains mentioned works with any of the methods published recently, ATM — however, it's important to understand that those domains are completely under the control of Tonec, (not us) and that they can switch them, at will . . . . . . leading to a deactivation.

 

While this might not matter much to a Home User, it would prove catastrophic to folks who administrate multiple clients machines. 

[Undertaker]

Are we analysing which is the best method?

Because my method totally rocks

[Dukun Cabul]

Volunteer needed

 

I need someone to improve my script .... TIA

Empty CLSID Key Finder

 

[dcs18]

5 minutes ago, Dukun Cabul said:

Volunteer needed

 

I need someone to improve my script .... TIA

Empty CLSID Key Finder

 

[Dukun Cabul]

15 minutes ago, Undertaker said:

Are we analysing which is the best method?

Because my method totally rocks

 

How come  ? I thought mine ...

[dcs18]

17 minutes ago, Undertaker said:

Are we analysing which is the best method?

Because my method totally rocks

Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional?

[Undertaker]

2 minutes ago, dcs18 said:

Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional?

Gotta try it to believe it.

[dcs18]

9 minutes ago, Undertaker said:

12 minutes ago, dcs18 said:

Hmmm. . . . . . what method — if you were referring to the Acrylic DNS, how can one analyze something that's fictional?

Gotta try it to believe it.

Already did and discovered that it lacks anti-DNS spoofing and anti-ARP cache poisoning capabilities.

[Undertaker]

1 minute ago, dcs18 said:

Already did and discovered that it lacks anti-DNS spoofing and anti-ARP cache poisoning capabilities.

You can use DNSsec DNS servers in Acrylic if you want more security.

If it didn't protect my DNS, it would not have shown those error in connection for IDM like it did (last night screenshots)

 

Simple DNScrypt is also not without flaws, like we dicovered that it can not block IPs exclusively.

And I'm sure, if we google DNSsec/DNScrypt -  flaws/limitation/bypass, there would be hundreds of result.

[dcs18]

Just now, Undertaker said:

You can use DNSsec DNS servers in Acrylic if you want more security.

If it didn't protect my DNS, it would not have shown those error in connection for IDM like it did (last night screenshots)

Acrylic DNS cannot encrypt the packets.

 

 

Just now, Undertaker said:

Simple DNScrypt is also not without flaws, like we dicovered that it can not block IPs exclusively.

I do NOT want my IPs to be audited by any other tool other than my firewall.
 

[sledge101]

2 hours ago, Dukun Cabul said:

Volunteer needed

 

I need someone to improve my script .... TIA

Empty CLSID Key Finder

 

let me take a look.... im also working on it just like the vp protect before ... as i am improving the revising the reg block method of hamanokaito specific only for idm check . This is without using anymore a firewall or ip blocking . It is optional though --> users choice.  I think xanax release his own version of reg block  with the help of process detection of idman.exe . nevertheless, the basic concept is still the same with some twist .

 

Currently using RTK to detect 2 random keys generated once online uses for checking license ... 

 

 

[dcs18]

I'm sure you guys are already aware that Registry Trash Keys Finder locates this empty CLSID key (and much more,) as well:—

 

 

2 hours ago, dcs18 said:

 

[hamanokaito]

27 minutes ago, sledge101 said:

let me take a look.... im also working on it just like the vp protect before ... as i am improving the revising the reg block method of hamanokaito specific only for idm check . This is without using anymore a firewall or ip blocking . It is optional though --> users choice.  I think xanax release his own version of reg block  with the help of process detection of idman.exe . nevertheless, the basic concept is still the same with some twist .

 

Currently using RTK to detect 2 random keys generated once online uses for checking license ... 

 

 

 

Yes ! That's right.

Use search empty REG of @Dukun Cabul With Permission REG of @xanax , You would be astonishing to combine both. 

[sledge101]

42 minutes ago, dcs18 said:

I'm sure you guys are already aware that Registry Trash Keys Finder locates this empty CLSID key (and much more,) as well:—

 

 

yes dcs18, i am aware of that in fact rtkf makes it easier to find it . 

 

The workaround is simple actually but needs to do it manually even in contaminated idm, i want to script it for automated process without the help of RTKF  ...   

Here ( IDM already installed online or offline doesnt matter )

1. Run Dukuns Cleaner --> Remove unnecessary clsid and reset back

2. Run RTKF to double check --> Note for "empty clsid/fake clsid/ invalid clsid"  in 64/32 bit mode(impt)  .. If found, delete them all. Close RTKF

3. Register IDM in HKCU\Download Manager using registry importation( You can use /brand any keys and name you like). This is where you configure settings and on xanax advised for deletion of tvfrdt but used the old scansk

4.  Run IDM while online.

- Creates 6D(No MData yet), D5 keys but no additional 2 keys added.

5.  Now, download a file while online. Close IDM task tray

6.  6d key now creates Mdata then  2 additional keys.  If you open it IDM again, you will get the nag/counterfeit screen.

- To remove counterfeit nag :  Go to 6d key -->  Locate Mdata, delete it.

7. For additional keys, run RTKF , go to 32 bit mode , you will see 2 new empty keys , these  keys is the license check keys that needto be block. Do not delete it. We now filtered the 2 keys responsible for the nagging and deactivation.

8. Block those 2 keys + the 6D + D5 keys = 4 keys total. Make sure, 6d has no Mdata on it

- You can use the subinacl or the setacl  to block those keys, once block, you get access denied.

9.  Now time to open your idm . 

10. Done!

 

Note:  Re -run RTFK  , and you will see  no recurrences of thrash keys

 

Image Attached Still using my favorite key IDM62-XXXXX-XXXXX.... Registered to Nsane Forums

[hamanokaito]

@sledge101

Code A in All. You don't need repeat the steps. Just search and block it. And you got it

[sledge101]

57 minutes ago, hamanokaito said:

@sledge101

Code A in All. You don't need repeat the steps. Just search and block it. And you got it

@hamano...  i am showing the steps so for others to understand 

Counterfeit nag = mdata

Block key nag upon opening idm and downloading process= 2 random keys 

 

DC can detect the 2 random keys on his script but needs some improvement... i'll c what i can help. I guess this is easier if i write it in vb.net 

[sledge101]

7 hours ago, Dukun Cabul said:

Volunteer needed

 

I need someone to improve my script .... TIA

Empty CLSID Key Finder

 

as per previous response....   i dont know if you like this ... you can modify it anyway... using your batch script mod some few codes using append method and the results for empty clsid below

 

you may want to use the txt file to skip first line and use the 3 clsid keys to do what you want , delete ,block or whatever method.

 

hmm  some additional minor codes to add after appending all empty clsid keys ...  i believe its much easier for you now .. 

 

Note: during running the batch file,  the key is not show in cmd console but automatically saved in text file .... sorry i did not add additional codes for it like doing blocking method  or delete it...  afterwards. However, We can now incorporate/insert  the cleaner , deleter or blocker  

 

 

UPDATES:  you can retain tvfrdt  in download manager without importing scansk. or deleting it.   Activation retains.

 

hope this helps you even a lil bit.

Empty CLSID Key Finder - mod append method.bat

[Dukun Cabul]

37 minutes ago, sledge101 said:

as per previous response....   i dont know if you like this ... you can modify it anyway... using your batch script mod some few codes using append method and the results for empty clsid below

 

you may want to use the txt file to skip first line and use the 3 clsid keys to do what you want , delete ,block or whatever method.

 

hmm  some additional minor codes to add after appending all empty clsid keys ...  i believe its much easier for you now .. 

 

Note: during running the batch file,  the key is not show in cmd console but automatically saved in text file .... sorry i did not add additional codes for it like doing blocking method  or delete it...  afterwards. However, We can now incorporate/insert  the cleaner , deleter or blocker  

 

 

UPDATES:  you can retain tvfrdt  in download manager without importing scansk. or deleting it.   Activation retains.

 

hope this helps you even a lil bit.

Empty CLSID Key Finder - mod append method.bat

 

Good job !

Gonna try it now ..... report later

[sledge101]

4 minutes ago, Dukun Cabul said:

 

Good job !

Gonna try it now ..... report later

You can improve that much better especially your idm _aio which im currently modifying to fit my needs. I commend you for wrting batch scripts.

 

Btw, DC, to query for the remaining key 6d key in windows x64

reg query HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID /s /f 0000

0 matches if its blocked

1 match found if its not then can delete it as part of removing counterfeit key upon opening idm

 

Enjoy and have fun.

 

[Dukun Cabul]

3 hours ago, sledge101 said:

You can improve that much better especially your idm _aio which im currently modifying to fit my needs. I commend you for wrting batch scripts.

 

Btw, DC, to query for the remaining key 6d key in windows x64

reg query HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID /s /f 0000

0 matches if its blocked

1 match found if its not then can delete it as part of removing counterfeit key upon opening idm

 

Enjoy and have fun.

 

 

Spoiler

@echo off
echo.
if exist "%SYSTEMROOT%\SysWOW64\" (
set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\Wow6432Node\CLSID
) else (
set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID
)
SetLocal EnableDelayedExpansion
for /f "eol=E tokens=1" %%a in ('reg query %ROOT% /s /f 0000 /t REG_NONE') do if !VAR1!X==X set VAR1=%%a
if defined VAR1 (
echo Are you searching for this key?
echo.
echo %VAR1%
) else (
echo Found nothing
)
echo.
echo.
echo Press any key to exit . . .
pause >nul

 

[ashish1989]

On 05/10/2017 at 3:59 PM, dcs18 said:

"Installing Greenify (Donate) On Privileged (ROM-integrated) Mode"

 

 

The Objective:

 

  Reveal hidden contents

 

 

 

 

 

 

The Uninstall:

 

  Reveal hidden contents

It's advisable to uninstall Greenify before installing every new update/upgrade. Generally, Greenify uses some higher level of permissions, we're gonna deactivate the following 3 of those elevations:—

 

Device administrator:

Navigate to Settings >> Security >> Device administrators >> Greenify Automator >> (if the box is checked, un-check the box) >> Deactivate this device administrator >> OK (ensure visually that the Greenify Automator >> is indeed deactivated.)

 

Apps with usage access:

Navigate to Settings >> Security >> Apps with usage access >> Greenify >> (if it's set to On) >> Permit usage access >> (disable) >> (ensure visually that Greenify >> is now reflected as Off.)

 

Accessibility:

Navigate to Settings >> Accessibility >> Greenify - Automated Hibernation >> (if it's set to On switch it to Off) >> OK >> (ensure visually that Greenify - Automated Hibernation >> is now reflected as Off.)

 

Navigate to Settings >> Apps >> Greenify >> Force Stop >> OK >> Storage >> Clear Data >> OK >> UNINSTALL >> OK >> (restart the device.)

 

 

 

The Elevation:

 

  Reveal hidden contents

Install the Greenify update but don't tap Open at the end of installation — tap Done, instead.

 

Run Lucky Patcher >> locate Greenify and hold it down >> (as per the following figure) tap Move to /system/app >> Yes >> (wait patiently without interrupting the process) >> (after Lucky Patcher has done it's thing, tap Yes to reboot.)



 

Next, before configuring Greenify, ensure activation of the following 3 elevations by reversing the corresponding steps mentioned on the beginning of this tutorial:—

1. Device administrator:
2. Apps with usage access:
3. Accessibility:

Whenever you run your Greenify next, you'll be welcomed by a setup wizard — configure as per your ROM status and after you're done, navigate from (the 3 dot) Menu to Settings >>----> Working Mode {if successful, you should see the Privileged (ROM-integrated) Mode status — as illustrated on the opening screenshot.}

 

Bro but what about xposed based features

[sledge101]

6 hours ago, Dukun Cabul said:

 

  Hide contents

@echo off
echo.
if exist "%SYSTEMROOT%\SysWOW64\" (
set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\Wow6432Node\CLSID
) else (
set ROOT=HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID
)
SetLocal EnableDelayedExpansion
for /f "eol=E tokens=1" %%a in ('reg query %ROOT% /s /f 0000 /t REG_NONE') do if !VAR1!X==X set VAR1=%%a
if defined VAR1 (
echo Are you searching for this key?
echo.
echo %VAR1%
) else (
echo Found nothing
)
echo.
echo.
echo Press any key to exit . . .
pause >nul

 

Great.

thats the retail key and everytime idm opens it will be recreated even with del permission  there are 2 keys - 6d and d5 key  - they are parent keys unless blocked....  6d key in retail creates model and therad unless devs change the parent key but for now can detect that or simple search existence of  mdata directly  can also be done:

 

:REG QUERY %ROOT% /v /f MData /t REG_NONE /s
The code above will find existence mdata and find the respective key

 

This is very useful, to prevent counterfeit key upon opening idm and of course if the default key 6d will change then find where mdata is located or changed.

 

 

 

[sledge101]

@dukun cabul , i am almost finish with the batch script process ,i want you to inspect it later if u do have time....  1 script for idm activation.