def generate_hardware_fingerprint():
hardware_fp = hardware_fingerprint.HardwareFingerprint()
hive = "HKEY_LOCAL_MACHINE"
# Hardware profile GUID
registry_helper.write_registry(
hive,
"SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\\0001",
"HwProfileGuid", RegistryKeyType.REG_SZ,
hardware_fp.random_hw_profile_guid())
# Machine GUID
registry_helper.write_registry(hive, "SOFTWARE\Microsoft\Cryptography",
"MachineGuid", RegistryKeyType.REG_SZ,
hardware_fp.random_machine_guid())
# Windows Update GUID
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate",
"SusClientId", RegistryKeyType.REG_SZ,
hardware_fp.random_win_update_guid())
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate",
"SusClientIDValidation", RegistryKeyType.REG_BINARY,
random_utils.bytes_list_to_array(
hardware_fp.random_client_id_validation()))
logger.info("Random Hardware profile GUID {0}".format(
hardware_fp.random_hw_profile_guid()))
logger.info("Random Hardware CKCL GUID {0}".format(
hardware_fp.random_performance_guid()))
logger.info("Random Machine GUID {0}".format(
hardware_fp.random_machine_guid()))
logger.info("Random Windows Update GUID {0}".format(
hardware_fp.random_win_update_guid()))
logger.debug("Random Windows Update Validation ID {0}".format(
hardware_fp.random_win_update_guid()))
def generate_hardware_fingerprint():
"""
Generate hardware-related identifiers:
HwProfileGuid
MachineGuid
Volume ID
SusClientId
SusClientIDValidation
"""
hardware_fp = hardware_fingerprint.HardwareFingerprint()
hive = "HKEY_LOCAL_MACHINE"
# Hardware profile GUID
logger.debug("Hardware Profiles\\0001 HwProfileGuid")
registry_helper.write_value(
key_hive=hive,
key_path=
"SYSTEM\\CurrentControlSet\\Control\\IDConfigDB\\Hardware Profiles\\0001",
value_name="HwProfileGuid",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_hw_profile_guid())
# Machine GUID
logger.debug("Microsoft\\Cryptography MachineGuid")
registry_helper.write_value(key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Cryptography",
value_name="MachineGuid",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_machine_guid())
# Windows Update GUID
logger.debug("CurrentVersion\\WindowsUpdate SusClientId")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate",
value_name="SusClientId",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_win_update_guid())
logger.debug("CurrentVersion\\WindowsUpdate SusClientIDValidation")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate",
value_name="SusClientIDValidation",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
hardware_fp.random_client_id_validation()))
dir_name = os.path.join(os.path.dirname(__file__), "bin")
volume_id = random_utils.random_volume_id()
logger.info("VolumeID={0}".format(volume_id))
volume_id_path = os.path.join(
dir_name, "VolumeID{0}.exe C: {1}".format("64" if is_x64os() else "",
volume_id))
os.system(volume_id_path)
logger.info("Random Hardware profile GUID {0}".format(
hardware_fp.random_hw_profile_guid()))
logger.info("Random Hardware CKCL GUID {0}".format(
hardware_fp.random_performance_guid()))
logger.info("Random Machine GUID {0}".format(
hardware_fp.random_machine_guid()))
logger.info("Random Windows Update GUID {0}".format(
hardware_fp.random_win_update_guid()))
logger.debug("Random Windows Update Validation ID {0}".format(
hardware_fp.random_win_update_guid()))
def generate_windows_fingerprint():
"""
Generate common Windows identifiers, responsible for fingerprinting:
BuildGUID
BuildLab
BuildLabEx
CurrentBuild
CurrentBuildNumber
CurrentVersion
DigitalProductId
DigitalProductId4
EditionID
InstallDate
ProductId
ProductName
IE SvcKBNumber
IE ProductId
IE DigitalProductId
IE DigitalProductId4
IE Installed Date
"""
system_fp = system_fingerprint.WinFingerprint()
# Windows fingerprint
hive = "HKEY_LOCAL_MACHINE"
version_path = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"
logger.debug("Windows NT\\CurrentVersion BuildGUID")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="BuildGUID",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_build_guid(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion BuildLab")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="BuildLab",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_build_lab(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion BuildLabEx")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="BuildLabEx",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_build_lab_ex(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion CurrentBuild")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="CurrentBuild",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_current_build(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion CurrentBuildNumber")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="CurrentBuildNumber",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_current_build(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion CurrentVersion")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="CurrentVersion",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_current_version(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion DigitalProductId")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="DigitalProductId",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
system_fp.random_digital_product_id()))
logger.debug("Windows NT\\CurrentVersion DigitalProductId4")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="DigitalProductId4",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
system_fp.random_digital_product_id4()))
logger.debug("Windows NT\\CurrentVersion EditionID")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="EditionID",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_edition_id(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion InstallDate")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="InstallDate",
value_type=RegistryKeyType.REG_DWORD,
key_value=system_fp.random_install_date())
logger.debug("Windows NT\\CurrentVersion ProductId")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="ProductId",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_product_id(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Windows NT\\CurrentVersion ProductName")
registry_helper.write_value(key_hive=hive,
key_path=version_path,
value_name="ProductName",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_product_name(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
# IE fingerprint
logger.debug("Microsoft\\Internet Explorer svcKBNumber")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Internet Explorer",
value_name="svcKBNumber",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_ie_service_update(),
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.debug("Microsoft\\Internet Explorer ProductId")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration",
value_name="ProductId",
value_type=RegistryKeyType.REG_SZ,
key_value=system_fp.random_product_id())
logger.debug("Microsoft\\Internet Explorer DigitalProductId")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration",
value_name="DigitalProductId",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
system_fp.random_digital_product_id()))
logger.debug("Internet Explorer\\Registration DigitalProductId")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration",
value_name="DigitalProductId4",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
system_fp.random_digital_product_id4()))
ie_install_date = system_fp.random_ie_install_date()
logger.info("IEDate={0}".format(ie_install_date))
logger.debug("Internet Explorer\\Migration IE Installed Date")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Migration",
value_name="IE Installed Date",
value_type=RegistryKeyType.REG_BINARY,
key_value=ie_install_date,
access_type=Wow64RegistryEntry.KEY_WOW32_64)
logger.info("Random build GUID {0}".format(system_fp.random_build_guid()))
logger.info("Random BuildLab {0}".format(system_fp.random_build_lab()))
logger.info("Random BuildLabEx {0}".format(
system_fp.random_build_lab_ex()))
logger.info("Random Current Build {0}".format(
system_fp.random_current_build()))
logger.info("Random Current Build number {0}".format(
system_fp.random_current_build()))
logger.info("Random Current Version {0}".format(
system_fp.random_current_version()))
logger.info("Random Edition ID {0}".format(system_fp.random_edition_id()))
logger.info("Random Install Date {0}".format(
system_fp.random_install_date()))
logger.info("Random product ID {0}".format(system_fp.random_product_id()))
logger.info("Random Product name {0}".format(
system_fp.random_product_name()))
logger.debug("Random digital product ID {0}".format(
system_fp.random_digital_product_id()))
logger.debug("Random digital product ID 4 {0}".format(
system_fp.random_digital_product_id4()))
logger.debug("Random IE service update {0}".format(
system_fp.random_ie_service_update()))
logger.debug("Random IE install data {0}".format(
system_fp.random_ie_install_date()))
def generate_windows_fingerprint():
system_fp = win_fingerprint.WinFingerprint()
# Windows fingerprint
hive = "HKEY_LOCAL_MACHINE"
version_path = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
registry_helper.write_registry(hive, version_path, "BuildGUID",
RegistryKeyType.REG_SZ,
system_fp.random_build_guid(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "BuildLab",
RegistryKeyType.REG_SZ,
system_fp.random_build_lab(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "BuildLabEx",
RegistryKeyType.REG_SZ,
system_fp.random_build_lab_ex(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "CurrentBuild",
RegistryKeyType.REG_SZ,
system_fp.random_current_build(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "CurrentBuildNumber",
RegistryKeyType.REG_SZ,
system_fp.random_current_build(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "CurrentVersion",
RegistryKeyType.REG_SZ,
system_fp.random_current_version(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(
hive, version_path, "DigitalProductId", RegistryKeyType.REG_BINARY,
random_utils.bytes_list_to_array(
system_fp.random_digital_product_id()))
registry_helper.write_registry(
hive, version_path, "DigitalProductId4", RegistryKeyType.REG_BINARY,
random_utils.bytes_list_to_array(
system_fp.random_digital_product_id4()))
registry_helper.write_registry(hive, version_path, "EditionID",
RegistryKeyType.REG_SZ,
system_fp.random_edition_id(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "InstallDate",
RegistryKeyType.REG_DWORD,
system_fp.random_install_date())
registry_helper.write_registry(hive, version_path, "ProductId",
RegistryKeyType.REG_SZ,
system_fp.random_product_id(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(hive, version_path, "ProductName",
RegistryKeyType.REG_SZ,
system_fp.random_product_name(),
Wow64RegistryEntry.KEY_WOW32_64)
# IE footprint
registry_helper.write_registry(hive,
"SOFTWARE\Microsoft\Internet Explorer",
"svcKBNumber", RegistryKeyType.REG_SZ,
system_fp.random_ie_service_update(),
Wow64RegistryEntry.KEY_WOW32_64)
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Internet Explorer\Registration", "ProductId",
RegistryKeyType.REG_SZ, system_fp.random_product_id())
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Internet Explorer\Registration",
"DigitalProductId", RegistryKeyType.REG_BINARY,
random_utils.bytes_list_to_array(
system_fp.random_digital_product_id()))
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Internet Explorer\Registration",
"DigitalProductId4", RegistryKeyType.REG_BINARY,
random_utils.bytes_list_to_array(
system_fp.random_digital_product_id4()))
ie_install_date = system_fp.random_ie_install_date()
registry_helper.write_registry(
hive, "SOFTWARE\Microsoft\Internet Explorer\Migration",
"IE Installed Date", RegistryKeyType.REG_BINARY,
struct.pack(">LL", ie_install_date[0],
ie_install_date[1]), Wow64RegistryEntry.KEY_WOW32_64)
logger.info("Random build GUID {0}".format(system_fp.random_build_guid()))
logger.info("Random BuildLab {0}".format(system_fp.random_build_lab()))
logger.info("Random BuildLabEx {0}".format(
system_fp.random_build_lab_ex()))
logger.info("Random Current Build {0}".format(
system_fp.random_current_build()))
logger.info("Random Current Build number {0}".format(
system_fp.random_current_build()))
logger.info("Random Current Version {0}".format(
system_fp.random_current_version()))
logger.info("Random Edition ID {0}".format(system_fp.random_edition_id()))
logger.info("Random Install Date {0}".format(
system_fp.random_install_date()))
logger.info("Random product ID {0}".format(system_fp.random_product_id()))
logger.info("Random Product name {0}".format(
system_fp.random_product_name()))
logger.debug("Random digital product ID {0}".format(
system_fp.random_digital_product_id()))
logger.debug("Random digital product ID 4 {0}".format(
system_fp.random_digital_product_id4()))
logger.debug("Random IE service update {0}".format(
system_fp.random_ie_service_update()))
logger.debug("Random IE install data {0}".format(
system_fp.random_ie_install_date()))
