def generate_hardware_fingerprint(): hardware_fp = hardware_fingerprint.HardwareFingerprint() hive = "HKEY_LOCAL_MACHINE" # Hardware profile GUID registry_helper.write_registry( hive, "SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\\0001", "HwProfileGuid", RegistryKeyType.REG_SZ, hardware_fp.random_hw_profile_guid()) # Machine GUID registry_helper.write_registry(hive, "SOFTWARE\Microsoft\Cryptography", "MachineGuid", RegistryKeyType.REG_SZ, hardware_fp.random_machine_guid()) # Windows Update GUID registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate", "SusClientId", RegistryKeyType.REG_SZ, hardware_fp.random_win_update_guid()) registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate", "SusClientIDValidation", RegistryKeyType.REG_BINARY, random_utils.bytes_list_to_array( hardware_fp.random_client_id_validation())) logger.info("Random Hardware profile GUID {0}".format( hardware_fp.random_hw_profile_guid())) logger.info("Random Hardware CKCL GUID {0}".format( hardware_fp.random_performance_guid())) logger.info("Random Machine GUID {0}".format( hardware_fp.random_machine_guid())) logger.info("Random Windows Update GUID {0}".format( hardware_fp.random_win_update_guid())) logger.debug("Random Windows Update Validation ID {0}".format( hardware_fp.random_win_update_guid()))
def generate_hardware_fingerprint(): """ Generate hardware-related identifiers: HwProfileGuid MachineGuid Volume ID SusClientId SusClientIDValidation """ hardware_fp = hardware_fingerprint.HardwareFingerprint() hive = "HKEY_LOCAL_MACHINE" # Hardware profile GUID logger.debug("Hardware Profiles\\0001 HwProfileGuid") registry_helper.write_value( key_hive=hive, key_path= "SYSTEM\\CurrentControlSet\\Control\\IDConfigDB\\Hardware Profiles\\0001", value_name="HwProfileGuid", value_type=RegistryKeyType.REG_SZ, key_value=hardware_fp.random_hw_profile_guid()) # Machine GUID logger.debug("Microsoft\\Cryptography MachineGuid") registry_helper.write_value(key_hive=hive, key_path="SOFTWARE\\Microsoft\\Cryptography", value_name="MachineGuid", value_type=RegistryKeyType.REG_SZ, key_value=hardware_fp.random_machine_guid()) # Windows Update GUID logger.debug("CurrentVersion\\WindowsUpdate SusClientId") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate", value_name="SusClientId", value_type=RegistryKeyType.REG_SZ, key_value=hardware_fp.random_win_update_guid()) logger.debug("CurrentVersion\\WindowsUpdate SusClientIDValidation") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate", value_name="SusClientIDValidation", value_type=RegistryKeyType.REG_BINARY, key_value=random_utils.bytes_list_to_array( hardware_fp.random_client_id_validation())) dir_name = os.path.join(os.path.dirname(__file__), "bin") volume_id = random_utils.random_volume_id() logger.info("VolumeID={0}".format(volume_id)) volume_id_path = os.path.join( dir_name, "VolumeID{0}.exe C: {1}".format("64" if is_x64os() else "", volume_id)) os.system(volume_id_path) logger.info("Random Hardware profile GUID {0}".format( hardware_fp.random_hw_profile_guid())) logger.info("Random Hardware CKCL GUID {0}".format( hardware_fp.random_performance_guid())) logger.info("Random Machine GUID {0}".format( hardware_fp.random_machine_guid())) logger.info("Random Windows Update GUID {0}".format( hardware_fp.random_win_update_guid())) logger.debug("Random Windows Update Validation ID {0}".format( hardware_fp.random_win_update_guid()))
def generate_windows_fingerprint(): """ Generate common Windows identifiers, responsible for fingerprinting: BuildGUID BuildLab BuildLabEx CurrentBuild CurrentBuildNumber CurrentVersion DigitalProductId DigitalProductId4 EditionID InstallDate ProductId ProductName IE SvcKBNumber IE ProductId IE DigitalProductId IE DigitalProductId4 IE Installed Date """ system_fp = system_fingerprint.WinFingerprint() # Windows fingerprint hive = "HKEY_LOCAL_MACHINE" version_path = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" logger.debug("Windows NT\\CurrentVersion BuildGUID") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="BuildGUID", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_build_guid(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion BuildLab") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="BuildLab", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_build_lab(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion BuildLabEx") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="BuildLabEx", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_build_lab_ex(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion CurrentBuild") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="CurrentBuild", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_current_build(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion CurrentBuildNumber") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="CurrentBuildNumber", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_current_build(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion CurrentVersion") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="CurrentVersion", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_current_version(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion DigitalProductId") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="DigitalProductId", value_type=RegistryKeyType.REG_BINARY, key_value=random_utils.bytes_list_to_array( system_fp.random_digital_product_id())) logger.debug("Windows NT\\CurrentVersion DigitalProductId4") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="DigitalProductId4", value_type=RegistryKeyType.REG_BINARY, key_value=random_utils.bytes_list_to_array( system_fp.random_digital_product_id4())) logger.debug("Windows NT\\CurrentVersion EditionID") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="EditionID", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_edition_id(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion InstallDate") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="InstallDate", value_type=RegistryKeyType.REG_DWORD, key_value=system_fp.random_install_date()) logger.debug("Windows NT\\CurrentVersion ProductId") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="ProductId", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_product_id(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Windows NT\\CurrentVersion ProductName") registry_helper.write_value(key_hive=hive, key_path=version_path, value_name="ProductName", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_product_name(), access_type=Wow64RegistryEntry.KEY_WOW32_64) # IE fingerprint logger.debug("Microsoft\\Internet Explorer svcKBNumber") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Internet Explorer", value_name="svcKBNumber", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_ie_service_update(), access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.debug("Microsoft\\Internet Explorer ProductId") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration", value_name="ProductId", value_type=RegistryKeyType.REG_SZ, key_value=system_fp.random_product_id()) logger.debug("Microsoft\\Internet Explorer DigitalProductId") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration", value_name="DigitalProductId", value_type=RegistryKeyType.REG_BINARY, key_value=random_utils.bytes_list_to_array( system_fp.random_digital_product_id())) logger.debug("Internet Explorer\\Registration DigitalProductId") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Registration", value_name="DigitalProductId4", value_type=RegistryKeyType.REG_BINARY, key_value=random_utils.bytes_list_to_array( system_fp.random_digital_product_id4())) ie_install_date = system_fp.random_ie_install_date() logger.info("IEDate={0}".format(ie_install_date)) logger.debug("Internet Explorer\\Migration IE Installed Date") registry_helper.write_value( key_hive=hive, key_path="SOFTWARE\\Microsoft\\Internet Explorer\\Migration", value_name="IE Installed Date", value_type=RegistryKeyType.REG_BINARY, key_value=ie_install_date, access_type=Wow64RegistryEntry.KEY_WOW32_64) logger.info("Random build GUID {0}".format(system_fp.random_build_guid())) logger.info("Random BuildLab {0}".format(system_fp.random_build_lab())) logger.info("Random BuildLabEx {0}".format( system_fp.random_build_lab_ex())) logger.info("Random Current Build {0}".format( system_fp.random_current_build())) logger.info("Random Current Build number {0}".format( system_fp.random_current_build())) logger.info("Random Current Version {0}".format( system_fp.random_current_version())) logger.info("Random Edition ID {0}".format(system_fp.random_edition_id())) logger.info("Random Install Date {0}".format( system_fp.random_install_date())) logger.info("Random product ID {0}".format(system_fp.random_product_id())) logger.info("Random Product name {0}".format( system_fp.random_product_name())) logger.debug("Random digital product ID {0}".format( system_fp.random_digital_product_id())) logger.debug("Random digital product ID 4 {0}".format( system_fp.random_digital_product_id4())) logger.debug("Random IE service update {0}".format( system_fp.random_ie_service_update())) logger.debug("Random IE install data {0}".format( system_fp.random_ie_install_date()))
def generate_windows_fingerprint(): system_fp = win_fingerprint.WinFingerprint() # Windows fingerprint hive = "HKEY_LOCAL_MACHINE" version_path = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" registry_helper.write_registry(hive, version_path, "BuildGUID", RegistryKeyType.REG_SZ, system_fp.random_build_guid(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "BuildLab", RegistryKeyType.REG_SZ, system_fp.random_build_lab(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "BuildLabEx", RegistryKeyType.REG_SZ, system_fp.random_build_lab_ex(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "CurrentBuild", RegistryKeyType.REG_SZ, system_fp.random_current_build(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "CurrentBuildNumber", RegistryKeyType.REG_SZ, system_fp.random_current_build(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "CurrentVersion", RegistryKeyType.REG_SZ, system_fp.random_current_version(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry( hive, version_path, "DigitalProductId", RegistryKeyType.REG_BINARY, random_utils.bytes_list_to_array( system_fp.random_digital_product_id())) registry_helper.write_registry( hive, version_path, "DigitalProductId4", RegistryKeyType.REG_BINARY, random_utils.bytes_list_to_array( system_fp.random_digital_product_id4())) registry_helper.write_registry(hive, version_path, "EditionID", RegistryKeyType.REG_SZ, system_fp.random_edition_id(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "InstallDate", RegistryKeyType.REG_DWORD, system_fp.random_install_date()) registry_helper.write_registry(hive, version_path, "ProductId", RegistryKeyType.REG_SZ, system_fp.random_product_id(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry(hive, version_path, "ProductName", RegistryKeyType.REG_SZ, system_fp.random_product_name(), Wow64RegistryEntry.KEY_WOW32_64) # IE footprint registry_helper.write_registry(hive, "SOFTWARE\Microsoft\Internet Explorer", "svcKBNumber", RegistryKeyType.REG_SZ, system_fp.random_ie_service_update(), Wow64RegistryEntry.KEY_WOW32_64) registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Internet Explorer\Registration", "ProductId", RegistryKeyType.REG_SZ, system_fp.random_product_id()) registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Internet Explorer\Registration", "DigitalProductId", RegistryKeyType.REG_BINARY, random_utils.bytes_list_to_array( system_fp.random_digital_product_id())) registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Internet Explorer\Registration", "DigitalProductId4", RegistryKeyType.REG_BINARY, random_utils.bytes_list_to_array( system_fp.random_digital_product_id4())) ie_install_date = system_fp.random_ie_install_date() registry_helper.write_registry( hive, "SOFTWARE\Microsoft\Internet Explorer\Migration", "IE Installed Date", RegistryKeyType.REG_BINARY, struct.pack(">LL", ie_install_date[0], ie_install_date[1]), Wow64RegistryEntry.KEY_WOW32_64) logger.info("Random build GUID {0}".format(system_fp.random_build_guid())) logger.info("Random BuildLab {0}".format(system_fp.random_build_lab())) logger.info("Random BuildLabEx {0}".format( system_fp.random_build_lab_ex())) logger.info("Random Current Build {0}".format( system_fp.random_current_build())) logger.info("Random Current Build number {0}".format( system_fp.random_current_build())) logger.info("Random Current Version {0}".format( system_fp.random_current_version())) logger.info("Random Edition ID {0}".format(system_fp.random_edition_id())) logger.info("Random Install Date {0}".format( system_fp.random_install_date())) logger.info("Random product ID {0}".format(system_fp.random_product_id())) logger.info("Random Product name {0}".format( system_fp.random_product_name())) logger.debug("Random digital product ID {0}".format( system_fp.random_digital_product_id())) logger.debug("Random digital product ID 4 {0}".format( system_fp.random_digital_product_id4())) logger.debug("Random IE service update {0}".format( system_fp.random_ie_service_update())) logger.debug("Random IE install data {0}".format( system_fp.random_ie_install_date()))