def test_replace_string(self):
print("Is Platform x64: %s" % system_utils.is_x64os())
print("Platform version: %s" % system_utils.platform_version())
print("Platform system: %s" % system_utils.platform_system())
self.assertTrue(system_utils.is_x64os())
self.assertTrue(system_utils.platform_version())
self.assertTrue(system_utils.platform_system())
def write_value(key_hive, key_path, value_name, value_type, key_value, access_type=Wow64RegistryEntry.KEY_WOW64):
"""
:param key_hive: Windows registry hive to edit, e.g. HKEY_CURRENT_USER
:param key_path: Path Windows registry key inside the hive, for example "SOFTWARE\Microsoft\Windows"
:param value_name: Value name to edit
:param value_type: Value type, e.g. REG_SZ, REG_DWORD, REG_BINARY... Could be both RegistryKeyType or winreg type
:param key_value: Actual value we want to write
:param access_type: Access type for 32/64 bit registry sub-entries in HKLM/SOFTWARE key.
Exclusively 32/64 bit, or both. Does not affect 32-bit system and in other cases which are not applicable
:return: Boolean success flag, True if succeed, False otherwise
"""
if is_x64os() and access_type == Wow64RegistryEntry.KEY_WOW32_64:
write_value(key_hive, key_path, value_name, value_type, key_value, Wow64RegistryEntry.KEY_WOW32)
write_value(key_hive, key_path, value_name, value_type, key_value, Wow64RegistryEntry.KEY_WOW64)
return
registry_key = None
wow64_flags = WOW64_MAP[access_type]
try:
key_hive_value = HIVES_MAP[key_hive]
if isinstance(value_type, RegistryKeyType):
value_type = TYPES_MAP[value_type]
registry_key = winreg.OpenKey(key_hive_value, key_path, 0, (wow64_flags | winreg.KEY_WRITE))
winreg.SetValueEx(registry_key, value_name, 0, value_type, key_value)
winreg.CloseKey(registry_key)
return True
except WindowsError as e:
logger.error("Unable to write to registry path %s\\%s with LastError=%d [%s]",
key_hive, key_path, e.winerror, e.strerror)
if registry_key is not None:
winreg.CloseKey(registry_key)
return False
def read_value(key_hive, key_path, value_name, access_type=Wow64RegistryEntry.KEY_WOW64):
"""
:param key_hive: Windows registry hive to edit, e.g. HKEY_CURRENT_USER
:param key_path: Path Windows registry key inside the hive, for example "SOFTWARE\Microsoft\Windows"
:param value_name: Value name we want to read
:param access_type: Access type for 32/64 bit registry sub-entries in HKLM/SOFTWARE and HKCU/SOFTWARE keys.
Exclusively 32/64 bit, or both. Does not affect 32-bit system and in other cases which are not applicable
:return: Tuple if succeed, 4 values (2 tuples by 2) if both WOW64_32 and WOW64_64 registry entries requested,
2 values otherwise. None if read operation failed
"""
if is_x64os() and access_type == Wow64RegistryEntry.KEY_WOW32_64:
value32, regtype32 = read_value(key_hive, key_path, value_name, Wow64RegistryEntry.KEY_WOW32)
value64, regtype64 = read_value(key_hive, key_path, value_name, Wow64RegistryEntry.KEY_WOW64)
return (value32, regtype32), (value64, regtype64)
wow64_flags = WOW64_MAP[access_type]
registry_key = None
try:
key_hive_value = HIVES_MAP[key_hive]
registry_key = winreg.OpenKey(key_hive_value, key_path, 0, (wow64_flags | winreg.KEY_READ))
value, regtype = winreg.QueryValueEx(registry_key, value_name)
winreg.CloseKey(registry_key)
return value, regtype
except WindowsError as e:
logger.error("Unable to read from registry path %s\\%s with LastError=%d [%s]",
key_hive, key_path, e.winerror, e.strerror)
if registry_key is not None:
winreg.CloseKey(registry_key)
return None
def generate_hardware_fingerprint():
"""
Generate hardware-related identifiers:
HwProfileGuid
MachineGuid
Volume ID
SusClientId
SusClientIDValidation
"""
hardware_fp = hardware_fingerprint.HardwareFingerprint()
hive = "HKEY_LOCAL_MACHINE"
# Hardware profile GUID
logger.debug("Hardware Profiles\\0001 HwProfileGuid")
registry_helper.write_value(
key_hive=hive,
key_path=
"SYSTEM\\CurrentControlSet\\Control\\IDConfigDB\\Hardware Profiles\\0001",
value_name="HwProfileGuid",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_hw_profile_guid())
# Machine GUID
logger.debug("Microsoft\\Cryptography MachineGuid")
registry_helper.write_value(key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Cryptography",
value_name="MachineGuid",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_machine_guid())
# Windows Update GUID
logger.debug("CurrentVersion\\WindowsUpdate SusClientId")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate",
value_name="SusClientId",
value_type=RegistryKeyType.REG_SZ,
key_value=hardware_fp.random_win_update_guid())
logger.debug("CurrentVersion\\WindowsUpdate SusClientIDValidation")
registry_helper.write_value(
key_hive=hive,
key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate",
value_name="SusClientIDValidation",
value_type=RegistryKeyType.REG_BINARY,
key_value=random_utils.bytes_list_to_array(
hardware_fp.random_client_id_validation()))
dir_name = os.path.join(os.path.dirname(__file__), "bin")
volume_id = random_utils.random_volume_id()
logger.info("VolumeID={0}".format(volume_id))
volume_id_path = os.path.join(
dir_name, "VolumeID{0}.exe C: {1}".format("64" if is_x64os() else "",
volume_id))
os.system(volume_id_path)
logger.info("Random Hardware profile GUID {0}".format(
hardware_fp.random_hw_profile_guid()))
logger.info("Random Hardware CKCL GUID {0}".format(
hardware_fp.random_performance_guid()))
logger.info("Random Machine GUID {0}".format(
hardware_fp.random_machine_guid()))
logger.info("Random Windows Update GUID {0}".format(
hardware_fp.random_win_update_guid()))
logger.debug("Random Windows Update Validation ID {0}".format(
hardware_fp.random_win_update_guid()))