ТунМиррор принцип КМС алата за активацију

Tunmirror Principle Kms Activation Tool



Именик чланака

Disclaimer: This article is for technical exchange only, and any legal copyright issues arising therefrom are not responsible, thank you. If you are involved in commercial applications, please buy genuine!

принцип рада

Вин8.1 и новије верзије ће проверити да ли се захтевани КМС сервер локално изводи, тако да надзор неће успети на 127.0.0.0/24 и локалном НИЦ-у.
Постоје отприлике два начина за заобилажење
1.Хоок функција система
2. Инсталирајте виртуелну мрежну картицу и заобиђите је помоћу тунмиррор-а



Овај код је декомпајлиран из ТунМиррор.еке и модификован



  • Увезите ВПН сертификат (да бисте спречили тиху инсталацију ВПН-а када се од вас затражи да инсталирате управљачки програм), инсталирајте ОпенВПН
  • Подесите одговарајућу ИП адресу и покрените услугу тунмиррор
  • Агент тунмиррор шаље захтев одговарајућем сегменту мреже на локални порт.

** ОпенВПН инсталациони пакет и сертификат могу се наћи на мрежи, као што је КМСПицо



ТунМиррор
слика

ТунТап.цс

using System using System.IO using System.Threading using System.Management using System.Text.RegularExpressions using System.Runtime.InteropServices using Microsoft.Win32.SafeHandles namespace TunMirror { class TunTap { // Fields private static int _bytesRead private static FileStream _tap private static EventWaitHandle _waitObject private static EventWaitHandle _waitObject2 private const uint FileAnyAccess = 0 private const int FileAttributeSystem = 4 private const uint FileDeviceUnknown = 0x22 private const int FileFlagOverlapped = 0x40000000 private const uint MethodBuffered = 0 public string IP public string MASK public TunTap(string ip, string mask) { IP = ip MASK = mask } // Methods [DllImport('Kernel32.dll', CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr CreateFile(string filename, [MarshalAs(UnmanagedType.U4)] FileAccess fileaccess, [MarshalAs(UnmanagedType.U4)] FileShare fileshare, int securityattributes, [MarshalAs(UnmanagedType.U4)] FileMode creationdisposition, int flags, IntPtr template) private static uint CtlCode(uint deviceType, uint function, uint method, uint access) (function << 2)) [DllImport('kernel32.dll', CharSet = CharSet.Auto, SetLastError = true, ExactSpelling = true)] private static extern bool DeviceIoControl(IntPtr hDevice, uint dwIoControlCode, IntPtr lpInBuffer, uint nInBufferSize, IntPtr lpOutBuffer, uint nOutBufferSize, out int lpBytesReturned, IntPtr lpOverlapped) private static string GetDeviceGuid() { ManagementObjectSearcher searcher = new ManagementObjectSearcher(@'rootCIMV2', 'SELECT GUID FROM Win32_NetworkAdapter WHERE ServiceName = 'tap0901'') foreach (ManagementObject obj2 in searcher.Get()) { if (obj2['GUID'].ToString() != string.Empty) { return obj2['GUID'].ToString() } } return string.Empty } private static uint TapControlCode(uint request, uint method) { return CtlCode(0x22, request, method, 0) } public static Int32 IPInfoToInt32(string s) { Regex regex = new Regex(@'d+.d+.d+.d+') if (!regex.IsMatch(s)) { Console.WriteLine(String.Format('{0} format is incorrect', s)) Environment.Exit(1) } string[] sList = s.Split('.') Int32 ret = 0 try { for (int i = 0 i < 4 i++) { Int32 j = System.Convert.ToInt32(sList[i]) if (j > 255) { throw new FormatException() } ret += j * (int)Math.Pow(256, i) } } catch (FormatException) { Console.WriteLine(String.Format('{0} format is incorrect', s)) Environment.Exit(1) } return ret } [STAThread] public void ThreadLoop() { int num string deviceGuid = GetDeviceGuid() IntPtr hDevice = CreateFile(@'\.Global' + deviceGuid + '.tap', FileAccess.ReadWrite, FileShare.ReadWrite, 0, FileMode.Open, 0x40000004, IntPtr.Zero) IntPtr ptr = Marshal.AllocHGlobal(4) Marshal.WriteInt32(ptr, 1) // TAP_IOCTL_CONFIG_POINT_TO_POINT = TAP_CONTROL_CODE(5, 0) // TAP_IOCTL_SET_MEDIA_STATUS = TAP_CONTROL_CODE(6, 0) // TAP_IOCTL_CONFIG_TUN = TAP_CONTROL_CODE(10, 0) // #define TAP_WIN_IOCTL_GET_MAC TAP_WIN_CONTROL_CODE (1, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_GET_VERSION TAP_WIN_CONTROL_CODE (2, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_GET_MTU TAP_WIN_CONTROL_CODE (3, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_GET_INFO TAP_WIN_CONTROL_CODE (4, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT TAP_WIN_CONTROL_CODE (5, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_SET_MEDIA_STATUS TAP_WIN_CONTROL_CODE (6, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_CONFIG_DHCP_MASQ TAP_WIN_CONTROL_CODE (7, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_GET_LOG_LINE TAP_WIN_CONTROL_CODE (8, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT TAP_WIN_CONTROL_CODE (9, METHOD_BUFFERED) // #define TAP_WIN_IOCTL_CONFIG_TUN TAP_WIN_CONTROL_CODE (10, METHOD_BUFFERED) // https://gist.github.com/glacjay/586892 // https://bbs.csdn.net/topics/392438702 DeviceIoControl(hDevice, TapControlCode(6, 0), ptr, 4, ptr, 4, out num, IntPtr.Zero) IntPtr ptr3 = Marshal.AllocHGlobal(12) Int32 ip = IPInfoToInt32(IP) Int32 mask = IPInfoToInt32(MASK) Marshal.WriteInt32(ptr3, 0, ip) Marshal.WriteInt32(ptr3, 4, ip & mask) Marshal.WriteInt32(ptr3, 8, mask) DeviceIoControl(hDevice, TapControlCode(10, 0), ptr3, 12, ptr3, 12, out num, IntPtr.Zero) // _tap = new FileStream(hDevice, FileAccess.ReadWrite, true, 0x2710, true) _tap = new FileStream(new SafeFileHandle(hDevice, true), FileAccess.ReadWrite, 0x2710, true) byte[] buffer = new byte[0x2710] object state = 0 _waitObject = new EventWaitHandle(false, EventResetMode.AutoReset) object obj3 = 0 _waitObject2 = new EventWaitHandle(false, EventResetMode.AutoReset) AsyncCallback callback = new AsyncCallback(TunTap.ReadDataCallback) AsyncCallback callback2 = new AsyncCallback(TunTap.WriteDataCallback) while (Thread.CurrentThread.IsAlive) { _tap.BeginRead(buffer, 0, 0x2710, callback, state) _waitObject.WaitOne() string src = String.Format('{0}.{1}.{2}.{3}', buffer[12], buffer[13], buffer[14], buffer[15]) string dst = String.Format('{0}.{1}.{2}.{3}', buffer[16], buffer[17], buffer[18], buffer[19]) string srcPort = String.Format('{0}', Convert.ToInt32(buffer[20]) * 256 + Convert.ToInt32(buffer[21])) string dstPort = String.Format('{0}', Convert.ToInt32(buffer[22]) * 256 + Convert.ToInt32(buffer[23])) for (int i = 0 i < 4 i++) { byte num3 = buffer[12 + i] buffer[12 + i] = buffer[0x10 + i] buffer[0x10 + i] = num3 } Console.WriteLine(String.Format('Data frame {0}: {1} -> {2}: {3} converted to {4}: {5} -> {6}: {7} total {8} bytes', src, srcPort, dst, dstPort, dst, srcPort, src, dstPort, _bytesRead)) _tap.BeginWrite(buffer, 0, _bytesRead, callback2, obj3) _waitObject2.WaitOne() } } public static void ReadDataCallback(IAsyncResult asyncResult) { try { _bytesRead = _tap.EndRead(asyncResult) } catch { } _waitObject.Set() } public static void WriteDataCallback(IAsyncResult asyncResult) { try { _tap.EndWrite(asyncResult) } catch { } _waitObject2.Set() } } }

Програм.цс

using System using System.Threading using System.Diagnostics using System.Management namespace TunMirror { class Program { static void Main(string[] args) { Console.Title = 'Leo's TunMirror' Console.ForegroundColor = ConsoleColor.Green if(args.Length != 0 && args.Length != 2 && !(args.Length == 1 && args[0] == '/u')) { Console.WriteLine(@' Usage: TunMirror.exe without any parameters Perform the installation and set the default IP address: 10.3.0.1 Subnet mask: 255.255.255.0 TunMirror.exe IP address Subnet mask EX: TunMirror.exe 192.168.1.1 255.255.255.0 Perform the installation and set the VPN NIC address according to the parameters. TunMirror.exe /u If it detects that the openvpn virtual network card is installed, uninstall it! ') Console.ReadKey() Environment.Exit(0) } if(args.Length == 1 && args[0] == '/u') { UninstallVPN() Environment.Exit(0) } TunTap tun if(args.Length == 2) { tun = new TunTap(args[0], args[1]) } else { tun = new TunTap('10.3.0.1', '255.255.255.0') } // Install VPN and set IP bool bInstalled = IsVPNInstalled() if(!bInstalled) { InstallCert() } InstallVPN(tun.IP, tun.MASK, bInstalled) / / Start the thread Console.WriteLine('Starting the TunMirror service.... ') Thread th = new Thread(tun.ThreadLoop) th.Start() Console.WriteLine('TunMirror service has started... ') Console.ForegroundColor = ConsoleColor.Yellow } public static bool IsVPNInstalled() { ManagementClass objMC = new ManagementClass('Win32_NetworkAdapterConfiguration') ManagementObjectCollection objMCC = objMC.GetInstances() foreach (ManagementObject objMO in objMCC) { if (((string)objMO['Description']).Contains('TAP-Windows')) { return true } } return false } public static void InstallCert() { ProcessStartInfo procInfo = new ProcessStartInfo { FileName = 'certutil', Arguments = '-addstore -f 'TrustedPublisher' '' + Environment.CurrentDirectory + '\TrustTAP.cer'', WorkingDirectory = Environment.CurrentDirectory, CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden } Process ps = new Process { StartInfo = procInfo } Console.WriteLine('Installing certificate:') Console.WriteLine(procInfo.FileName + ' ' + procInfo.Arguments + ' ') try { ps.Start() ps.WaitForExit() } catch { } } public static void UninstallVPN() { ProcessStartInfo procInfo = new ProcessStartInfo { FileName = Environment.GetEnvironmentVariable('SystemDrive') + '\Program Files\TAP-Windows\Uninstall.exe', Arguments = '/S', WorkingDirectory = Environment.GetEnvironmentVariable('SystemDrive') + '\Program Files\TAP-Windows', } Console.WriteLine('Uninstalling VPN...') Process ps = new Process { StartInfo = procInfo } try { ps.Start() ps.WaitForExit() } catch { } } public static void InstallVPN(string ip, string mask, bool bInstall) { if (bInstall) { goto SETIP } ProcessStartInfo procInfo = new ProcessStartInfo { FileName = Environment.CurrentDirectory + '\tap.exe', Arguments = '/S', WorkingDirectory = Environment.CurrentDirectory, } Process ps = new Process { StartInfo = procInfo } Console.WriteLine('Installing OpenVPN Virtual NIC... ') try { ps.Start() ps.WaitForExit() } catch { } Thread.Sleep(4000) // set ip SETIP: Console.WriteLine('Setting IP address for virtual NIC... ') ManagementClass objMC = new ManagementClass('Win32_NetworkAdapterConfiguration') ManagementObjectCollection objMCC = objMC.GetInstances() foreach (ManagementObject objMO in objMCC) { if (((string)objMO['Description']).Contains('TAP-Windows')) { ManagementBaseObject newIP = objMO.GetMethodParameters('EnableStatic') newIP['IPAddress'] = new string[] { ip } newIP['SubnetMask'] = new string[] { mask } objMO.InvokeMethod('EnableStatic', newIP, null) objMO.InvokeMethod('EnableStatic', newIP, null) break } } Thread.Sleep(4000) } } }

Пример

Виртуелни НИЦ је постављен на 10.3.0.1
слика

Покрените ТунМиррор и извршите команду за активирање



слика

слика