totsukawaii / undownunlock Goto Github PK

Originally posted by @Pratik7000 in #2 (comment)

after starting the controller and injector it worked fine however when i start the mock exam it shows this error :
after starting a mock exam it showed this error :
Warning: You are NOT permitted to use the swipe gesture or switch away from LockDown Browser. Doing so again will result in the browser closing and the event being reported to your instructor.
App: (ConsoleWindowClass) (Administrator: Controller)

Hello,
I have this problem when I run the injector:

What am I doing wrong?

I've had some issues setting it up but after rewriting the injector's code I got it to work fine. My question is how detectable is it? Assuming that the browser doesn't detect it and lets you switch windows means that it doesn't detect it but correct me if I'm wrong. Now missing 3 months of college isn't going to backfire. Thank you <3333

LDB is still asking me to end certain processes after DLL is injected and I can switch tabs fine. Wondering if this is a bug or normal?

Is the DLL malware? Yes. what do mean by that

Hi , first of all thanks for your amazing efforts

I followed all the mentioned steps and everything works. However, when the actual exam starts, this method does not work and it kicks me out of the test and gives me a warning.

Does this method work on all versions of Lockdown Browser? If not, please specify which version it works on?

I need your quick response, thanks

every thing run without errors but i didnot get this pop up after launching LDB

Hello my friend..thank you for this what you did is amazing
I'm using VMware virtual machine because i have webcam driver problem in the host system but my webcam work fine in the VM.

so dose it work on VM or not? if not can you make it work please

I would like to contact u on telegram or discord

Thx

The

ADDR_CLDBDOSOMESTUFF, ADDR_CLDBDOSOMEOTHERSTUFF, and ADDR_CLDBDOYETMORESTUFF

constants are defined but not used.

The

originalCreateFileA

function pointer is declared but not used.
The

originalBytesForOpenProcess, originalBytesForTerminateProcess, and originalBytesForExitProcess

arrays are defined but not used.

The InstallDllHook function is defined but not used, and the hooking functionality is implemented directly in the InstallHook and UninstallHook functions.

The MyGetForegroundWindow and MySetFocus functions have similar logic to find the main window, which could be refactored to avoid duplication.

The InstallHook and UninstallHook functions hook and unhook different sets of functions.

The InstallHook function hooks EmptyClipboard, GetForegroundWindow, TerminateProcess, and ExitProcess, while the UninstallHook function only unhooks SetClipboardData, EmptyClipboard, and GetForegroundWindow.

This inconsistency can lead to issues where some functions remain hooked even after calling UninstallHook

Lack of proper trampoline function:
To correctly hook a function, a trampoline function should be created that executes the stolen bytes (original instructions) and then jumps back to the remaining part of the target function.
The current code does not implement a trampoline function, which means the original functionality of the hooked functions is not preserved. this can cause crashes, detection, and even BSOD

The code attempts to hook various functions by overwriting the first 5 bytes of the target function with a jump instruction to the custom implementation. However, it does not properly handle the stolen bytes (original instructions) from the target function.

void* targetGetForegroundWindow = GetForegroundWindow;
DWORD jumpGetForeground = (DWORD)MyGetForegroundWindow - (DWORD)targetGetForegroundWindow - 5;
memcpy(originalBytesForGetForeground, targetGetForegroundWindow, sizeof(originalBytesForGetForeground));
VirtualProtect(targetGetForegroundWindow, sizeof(originalBytesForGetForeground), PAGE_EXECUTE_READWRITE, &oldProtect);
((BYTE)targetGetForegroundWindow) = 0xE9;
((DWORD)((BYTE*)targetGetForegroundWindow + 1)) = jumpGetForeground;
VirtualProtect(targetGetForegroundWindow, sizeof(originalBytesForGetForeground), oldProtect, &oldProtect);

Check the return value of VirtualProtect and handle any errors appropriately.
Add error logging or reporting mechanisms to help diagnose issues.

Unused or ineffective code in MyTerminateProcess:

BOOL WINAPI MyTerminateProcess(HANDLE hProcess, UINT uExitCode) {
std::cout << "TerminateProcess hook called, but not terminating process." << std::endl;
// if (hProcess == OpenProcess(PROCESS_TERMINATE, FALSE, findDiscordProcessId())) {
// std::cout << "Discord process found, but not terminating process." << std::endl;
// return TRUE; // Simulate success
//}
return FALSE;
}

returning false will tell the browser it failed to kill a process which is a big red flag, change to TRUE

Redundant or unnecessary code in FindMainWindow and FindTargetWindow:

BOOL CALLBACK EnumWindowsCallback(HWND handle, LPARAM lParam) {
DWORD processID = 0;
GetWindowThreadProcessId(handle, &processID);
if (GetCurrentProcessId() == processID && IsMainWindow(handle)) {
// Stop enumeration if a main window is found, and return its handle
reinterpret_cast<HWND>(lParam) = handle;
return FALSE;
}
return TRUE;
}

HWND FindMainWindow() {
HWND mainWindow = NULL;
EnumWindows(EnumWindowsCallback, reinterpret_cast(&mainWindow));
return mainWindow;
}

The FindMainWindow function and its associated callback EnumWindowsCallback are not used effectively in the code. The IsMainWindow function used inside the callback is not defined, making the code incomplete. Similarly, the FindTargetWindow function and its callback TargetEnumWindowsCallback are not used anywhere in the code, making them redundant.

Inefficient or poorly implemented code in MyGetForegroundWindow and MySetFocus:

HWND WINAPI MyGetForegroundWindow() {
HWND hWnd = FindMainWindow();
if (hWnd != NULL) {
std::cout << "Returning the main window of the current application." << std::endl;
return hWnd;
}
std::cout << "Main window not found, returning NULL." << std::endl;
return NULL;
}

HWND WINAPI MySetFocus(HWND _hWnd) {
focusHWND = _hWnd;
HWND hWnd = FindMainWindow(); // Find the main window of the current process
if (hWnd != NULL) {
std::cout << "Returning the main window of the current application due to '[' key press." << std::endl;
return hWnd; // Return the main window handle if found
}
else {
std::cout << "Main window not found, returning NULL." << std::endl;
return NULL; // If main window is not found, return NULL
}
}

Both MyGetForegroundWindow and MySetFocus functions use the FindMainWindow function to find the main window of the current application. However, the FindMainWindow function itself is not properly implemented, making these functions ineffective.

you say you dont hardcode, but you cast the APIs to a void pointer instead of just calling GetProcAddress to dynamically resolve them. Enjoy your IAT scan and eventual ban.

as a public bypass these need to be addressed ASAP, this may seem mean but trust me its a lot nicer than the industry boys will treat this

Whenever I inject and right at the moment when the window pops up and ends process of 3rd party software such as discord, it does not close it. I also tested it streaming to my friends and it works. What else should I do to make it undetectable? is it gonna screenshot the stream or detect it? I was thinking since I am streaming to my friends they would just send me the answers on my phone and take a glimpse on my phone and look at the answer.

While opening these 2 bat files, it seems working - when I clicked DELETE the LDB was killed with taskbar disappeared. However other functions with the arrows do no work - in the bat it says that failed injecting DLL and the "'ascii' codec can't encode characters in position 31-40: ordinal not in range(128)" message. Anyone knows how to fix this?

Does this work with "Version 2.1.2.05"

i installed version 1.0.3 successfully and it showed message (injected) however i tried switching tabs using ctrl+up but it did not work

hey, most of my classes enable the camera for lockdown browser tests, so i wanted to know does the cam stay on when you switch between apps?

and this:
"Is the DLL malware?

• yes "

its a joke right? im honestly not in the right mind right now so i wanna make sure that this is a joke.

ty for answer in advance :)

Excuse me, I want to ask if you have a DLL suitable for win64. I have tested the following and found that the DLL is limited to Win32 version

Originally posted by @XEnoner6 in #19 (comment)

Works perfectly it seems so far, need to get into an actual t3st. Is there anywhere I can PM you, I'm wondering if you've bypassed the pr0fs ability to see the time we are off LDB.

I hope the author can develop a Mac version of it.

after running 'launch.bat' as admin it shows

Miniconda is already installed.
Running Injector...
Traceback (most recent call last):
  File "inject.py", line 1, in <module>
    import psutil  # You'll need to install psutil: pip install psutil
ModuleNotFoundError: No module named 'psutil'
Running Controller...

after running that command in windows terminal, i get:

Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: psutil in c:\users\USERNAME\appdata\local\packages\pythonsoftwarefoundation.python.3.12_qbz5n2kfra8p0\localcache\local-packages\python312\site-packages (5.9.8)

Controller

'activate.bat' is not recognized as an internal or external command,
operable program or batch file.
Environment 'lockdown' not found. Creating...
'conda' is not recognized as an internal or external command,
operable program or batch file.
'activate.bat' is not recognized as an internal or external command,
operable program or batch file.
Requirement already satisfied: keyboard==0.13.5 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 1)) (0.13.5)
Requirement already satisfied: Pillow==10.2.0 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 2)) (10.2.0)
Requirement already satisfied: psutil==5.9.6 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 3)) (5.9.6)
Requirement already satisfied: PyQt5==5.15.10 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 4)) (5.15.10)
Requirement already satisfied: PyQt5_sip==12.13.0 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 5)) (12.13.0)
Requirement already satisfied: pywin32==306 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 6)) (306)
Requirement already satisfied: PyWinCtl==0.3 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements.txt (line 7)) (0.3)
Requirement already satisfied: PyQt5-Qt5>=5.15.2 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from PyQt5==5.15.10->-r requirements.txt (line 4)) (5.15.2)
Requirement already satisfied: typing-extensions>=4.4.0 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from PyWinCtl==0.3->-r requirements.txt (line 7)) (4.10.0)
Requirement already satisfied: pywinbox>=0.6 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from PyWinCtl==0.3->-r requirements.txt (line 7)) (0.6)
Requirement already satisfied: pymonctl>=0.6 in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from PyWinCtl==0.3->-r requirements.txt (line 7)) (0.7)
Running...

Inject

'activate.bat' is not recognized as an internal or external command,
operable program or batch file.
Environment 'lockdown32' not found. Creating...
'conda' is not recognized as an internal or external command,
operable program or batch file.
'activate.bat' is not recognized as an internal or external command,
operable program or batch file.
Requirement already satisfied: psutil in c:\users\query\appdata\local\packages\pythonsoftwarefoundation.python.3.11_qbz5n2kfra8p0\localcache\local-packages\python311\site-packages (from -r requirements32.txt (line 1)) (5.9.6)
Running...
Waiting for a LockDown Browser process to start...
Found LockDownBrowser.exe with PID: 14936
DLL injected successfully!
Press any key to continue . . .

Comment here with any socials where I can get InTouch for consulting. I have a job for you

hi guys just wanted to let you knew so that you don't caught red-handed

if want to do this bypass Your organization can enable screen recording and see you going into chatgt or what ever and you will be caught red-handed

do this if you are sure that they don,t record your screen or on face to face tests

here you can see
https://support.respondus.com/hc/en-us/articles/17641623561371-How-does-the-screen-recording-option-in-Respondus-Monitor-work

Do I need to give it admin every time or just the first time for the installs? I'm asking this because trying in my credentials twice is a lot to do at the beginning of class.

i just installed kali linux and i thought of using it as my primary os
so i installed Python and pips latest version in it
after installation as usual i stared to write my code
and tried to install SpeechRecognition module
i used pip install SpeechRecognition and this message poped up on the terminal
Defaulting to user installation because normal site-packages is not writeable
and then the installation happened as usual
but whenever i run my program i get module not found error
and i rechecked the installation using pip list
but SpeechRecognition was not installed
even if i did the pip install process again i got the same statement and error
someone please help me i am new to this

If I launch it when the exam active the script is not working, but when launching with respondus itselft its working

Still says the same thing and now the controller wont work.

The script works with Respondus itself, and open tabs over the window, but does not work during the actual test. When you are trying to open it on actual exam, the LockDown browser views a message something "You are not allowed to open tabs during the exam. If this will happen again, it will be reported to your institution". In case of the test with a camera and mic, it allows to switch tabs on registration step, but does not allow on actual test.

The Conroller window gives out the following output, after tries to open the windows. It tries to switch the tab multiple times, then automatically are folded with the following output:

1400, 'SetWindowPos', invalid window handle

Everytime I open up the controller and Inject batch files in adminstrator mode then go into lockdown browser it shows me Found Lockdown Browser then says The handle is invalid DLL Injection Failed trying in 1 second again.

I've already tried 1.02 as well and its the same issue.

However everytime I open up lockdown browser it still lets me use the cntrl left and right it just doesn't say dll injected when opening it.

I have my own hack I developed with a custom injector. everything was lovely until i got greedy and hid processes thru ntquery. not sure what happened but I was detected on a practice quiz. Happy to share what I've done to help u stay FUD, but be careful. I dont use a hooking library and I dont even use first line API hooks so they arent detecting hooking, its anomaly detection

shoot me an email [email protected] if you want to compare versions and know what I think got me flagged (opsec wink wink)

Can I copy text from lock down brower to chrome? If I can, how do I do it