-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"LockDown Browser has been illicitly modified" message in v2.0.9.00 #6
Comments
Hey @gucci-on-fleek, I've stumped upon this post which refers to the same message error: Go down to "<:: MISC. DETECTIONS" and you will find how this is being done. The following message on that article is: Maybe looking into it we could probably know how they are checking the integrity. |
I can't tell exactly how they're detecting this, but my guess is that they're just detecting if Detours has been loaded or not. However they are doing it, they just started detecting this in this last update. Probably the "easiest" solution would be to patch the system file |
Wouldn’t it be possible to patch the DLL in memory theoretically? Also regarding the GetSystemMetrics, they could possibly also be looking into GetVersionEx (OSVERSIONINFOEX.wSuiteMask) but I’m not sure as I could be wrong. I’d need to fiddle around on that part, I’ll try getting around and see if I can do a real-time patch on that one with a DLL injector that I have laying around. Possibly even go the hard way of modifying LockdownBrowser.dll with a byte patch. |
That's essentially what this tool is doing right now (Detours docs). I'm not sure if the Browser is detecting if any of its code has been modified at runtime, or if it's just detecting if Detours has been loaded.
I don't think that there's anything particularly interesting in there, but I may be wrong. That only shows if terminal services are installed, not if they're active (I think...)
That's pretty challenging since the program detects it it's been modified. You could patch that out too, but it would be extra work. The reason that I'm thinking of patching the system |
Any update on the user32.dll's patch? |
@mayed505 It's somewhere on "the list", although not particularly high up. Realistically, I'm unlikely to start working on this until September, although I may end up with some spare time in the next couple of weeks. No solid plans at the moment, although it will probably get done eventually. |
@gucci-on-fleek I've attempted to play with the user.dll and all but it doesn't seem to work up correctly. The best bet is to leave it up to you because I'm probably doing something wrong here. |
Which |
I have no idea what I've done, but I updated the lockdown, and it seems to be working. It used to show that dialog upon the browser start-up. Checking the change log since July 26 reveals the following:
|
This probably should be closed. Issue hasn’t occurred since the issue was made. |
After updating the Lockdown Browser to version 2.0.9.00, the browser refuses to load and presents the following warning in a message box:
This is a known issue, with no current fix available. I am currently working on patching this; however, it may be some time until a fix is available. Any PRs to fix the issue will be greatly appreciated.
The text was updated successfully, but these errors were encountered: