Hello everyone! I’ve made a (hopefully useful) tutorial!
In this tutorial we will create a authentication system (per computer) for a desktop app.
DISCLAIMER: THIS ONLY WORKS ON WINDOWS
Note: Tested & Built on Windows 10
Step 1
First, we will need to open up Visual Studio. I’m using Visual Studio 2017 Community Edition
Now you will come to a screen similar to this.
In the top right corner go to File > New > Project
Once you have pressed that you should receive a dialog window that looks like this:
Select Visual C++ > Windows Desktop > Windows Desktop Wizard.
Then choose the name and path.
I’m going to call it Auth Example
Make sure Create directory for solution
is checked. If you know what your doing you may uncheck it
Now press OK
Step 2
A new screen will appear. It will look something like this:
Now, change all of the configuration in the window until it looks like the following image bellow:
(You can just check Empty Project
)
Now press OK
You will now reach a screen that looks like this:
In the sidebar right-click on Source Files
and then go to Add > New Item
Once clicking that you will be presented by another dialog.
Press C++ File (.cpp)
and change the name to main.cpp
Now press Add
In your main.cpp
file add the following code:
#include <Windows.h>
#include <String.h>
#include <iostream>
#include "Auth.h"
using namespace std;
bool auth()
{
string hostfile = "https://PRONAME.glitch.me/auth/authexploit?hid=";
string hwid = a_gethid();
if (hwid == "NULL")
{
return false;
}
string result = a_DownloadURL(hostfile + hwid);
if (result == "1") {
return true;
}
else {
return false;
}
};
void appmain(int argc, char **argv)
{
// Your app's code here
}
int main(int argc, char **argv)
{
if (auth())
{
MessageBox(NULL, L"You are whitelisted! Enjoy!", L"Info", MB_OK);
appmain(argc, argv);
}
else {
MessageBox(NULL, L"You don't own a copy of YOUR_APP_NAME either an unexpected error occured!", L"Info", MB_OK);
exit(10);
}
}
appmain
is the void/function that is called if the user is authorised to use your app. If not a message box will show.
Now, create a new file but choose a Header File (.h)
and name it Auth.h
Remove the #pragma once
from the file.
In it place the following code:
#pragma once
#define _WIN32_DCOM
#include <iostream>
using namespace std;
#include <comdef.h>
#include <Wbemidl.h>
#pragma once
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib, "wininet.lib")
#include <stdio.h>
#include <windows.h>
#include <TlHelp32.h>
#include <string>
#include <wininet.h>
#pragma comment(lib, "wbemuuid.lib")
string a_replaceAll(string subject, const string& search,
const string& replace) {
size_t pos = 0;
while ((pos = subject.find(search, pos)) != string::npos) {
subject.replace(pos, search.length(), replace);
pos += replace.length();
}
return subject;
}
string a_DownloadURL(string URL) {
HINTERNET interwebs = InternetOpenA("Mozilla/5.0", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, NULL);
HINTERNET urlFile;
string rtn;
if (interwebs) {
urlFile = InternetOpenUrlA(interwebs, URL.c_str(), NULL, NULL, NULL, NULL);
if (urlFile) {
char buffer[2000];
DWORD bytesRead;
do {
InternetReadFile(urlFile, buffer, 2000, &bytesRead);
rtn.append(buffer, bytesRead);
memset(buffer, 0, 2000);
} while (bytesRead);
InternetCloseHandle(interwebs);
InternetCloseHandle(urlFile);
string p = a_replaceAll(rtn, "|n", "\r\n");
return p;
}
}
InternetCloseHandle(interwebs);
string p = a_replaceAll(rtn, "|n", "\r\n");
return p;
}
std::string a_ws2s(const std::wstring& s)
{
int len;
int slength = (int)s.length() + 1;
len = WideCharToMultiByte(CP_ACP, 0, s.c_str(), slength, 0, 0, 0, 0);
char* buf = new char[len];
WideCharToMultiByte(CP_ACP, 0, s.c_str(), slength, buf, len, 0, 0);
std::string r(buf);
delete[] buf;
return r;
}
string a_gethid()
{
HRESULT hres;
// Step 1: --------------------------------------------------
// Initialize COM. ------------------------------------------
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
cout << "Failed to initialize COM library. Error code = 0x"
<< hex << hres << endl;
return "NULL"; // Program has failed.
}
// Step 2: --------------------------------------------------
// Set general COM security levels --------------------------
hres = CoInitializeSecurity(
NULL,
-1, // COM authentication
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
NULL, // Authentication info
EOAC_NONE, // Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
cout << "Failed to initialize security. Error code = 0x"
<< hex << hres << endl;
CoUninitialize();
return "NULL"; // Program has failed.
}
// Step 3: ---------------------------------------------------
// Obtain the initial locator to WMI -------------------------
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *)&pLoc);
if (FAILED(hres))
{
cout << "Failed to create IWbemLocator object."
<< " Err code = 0x"
<< hex << hres << endl;
CoUninitialize();
return "NULL"; // Program has failed.
}
// Step 4: -----------------------------------------------------
// Connect to WMI through the IWbemLocator::ConnectServer method
IWbemServices *pSvc = NULL;
// Connect to the root\cimv2 namespace with
// the current user and obtain pointer pSvc
// to make IWbemServices calls.
hres = pLoc->ConnectServer(
_bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (for example, Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
if (FAILED(hres))
{
cout << "Could not connect. Error code = 0x"
<< hex << hres << endl;
pLoc->Release();
CoUninitialize();
return "NULL"; // Program has failed.
}
//cout << "Connected to ROOT\\CIMV2 WMI namespace" << endl;
// Step 5: --------------------------------------------------
// Set security levels on the proxy -------------------------
hres = CoSetProxyBlanket(
pSvc, // Indicates the proxy to set
RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
NULL, // Server principal name
RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
NULL, // client identity
EOAC_NONE // proxy capabilities
);
if (FAILED(hres))
{
cout << "Could not set proxy blanket. Error code = 0x"
<< hex << hres << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return "NULL"; // Program has failed.
}
// Step 6: --------------------------------------------------
// Use the IWbemServices pointer to make requests of WMI ----
// For example, get the name of the operating system
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
bstr_t("SELECT * FROM Win32_OperatingSystem"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if (FAILED(hres))
{
cout << "Query for operating system failed."
<< " Error code = 0x"
<< hex << hres << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return "NULL"; // Program has failed.
}
// Step 7: -------------------------------------------------
// Get the data from the query in step 6 -------------------
IWbemClassObject *pclsObj = NULL;
ULONG uReturn = 0;
BSTR sernum = (BSTR)"NULL";
while (pEnumerator)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1,
&pclsObj, &uReturn);
if (0 == uReturn)
{
break;
}
VARIANT vtProp;
// Get the value of the Name property
hr = pclsObj->Get(L"SerialNumber", 0, &vtProp, 0, 0);
//wcout << " SerialNumber : " << vtProp.bstrVal << endl;
sernum = vtProp.bstrVal;
VariantClear(&vtProp);
pclsObj->Release();
}
// Cleanup
// ========
pSvc->Release();
pLoc->Release();
pEnumerator->Release();
CoUninitialize();
std::wstring ret(sernum, SysStringLen(sernum));
return a_ws2s(ret); // Program successfully completed.
}
You can now close the file (don’t forget to save it!)
Now, go to this link. It will remix a project for you. In the project open wlst.json
and edit the JSON file with the appropriate Serial Numbers’s
Now, copy the project name and open back up your main.cpp
file in Visual Studio.
Find the string hostfile = "https://PRONAME.glitch.me/auth/authexploit?hid=";
and replace PRONAME
with your project’s name.
Now you should be done!
Common Errors
Q) You don’t have the C++ project menu.
A) In the Visual Studio installer make sure you have the Desktop development with C++
box enabled.
Note: Visual Studio 2017 only works on Windows 10
Thanks for reading!
If you have any questions make a new thread and tag me. Please do not reply to this post as it clutters it up.