Respondus LockDown Browser

Revised and updated version of this article. Newer version is much more enumerative and explanatory on steps.

The Respondus LockDown Browser is bullshit proprietary malware and should be circumvented by anyone to prove to retarded academics it is a scam. Here's how to do it:

The follow is a set of instructions on how to create an obscured or harder to detect Linux Virtual Machine that run’s Microsoft’s Windows Operating System. Prerequisites The following skills, software, and objects are needed as to be able to created an OLKVM:

• An understanding that this instruction set implies NO WARRANTY or other such protections as applicable by the law and is liable for NOTHING that you as an individual do with this information.

• A CPU and BIOS/UEFI that is capable of running Virtual Machines.

• A Kernel-based Virtual Machine (KVM) compatible Operating System (Such as, but not limited to, Devuan GNU/Linux, Debian GNU/Linux, Gentoo, Arch Linux, Ubuntu).

• A general understanding of computer jargon and a basic understanding of the GNU/Linux Operating system.

• A general understanding of how to install Windows 7.

• Root access OR the ability to run virtual machines granted to your user account.

• An internet connection (only required if software is not prepared beforehand and a means of offline transfer is created).

• An installed copy of virt-manager.

• A copy of Windows 7 (prefer Enterprise)[1]

Configuring The Virtual Machine

1. Open up virt-manager and click ‘Edit’ and then ‘Preferences’. From this menu, enable XML editing. After the XML editing icon has a blue check mark, click close once you’re done.

2. Create a virtual machine by clicking the Monitor with a play button and a shiny star.

3. From here, click local install media then click forward.

4. This menu should ask for an ISO file, find the Windows 7 ISO you downloaded with the browse button and then select that.

5. Next, you’ll be at a screen that asks for how much CPU and Memory should be used, leaving the software as default should be fine, however, if you wish, you may add more CPUs or RAM if you wish to speed up or allow the system to handle more memory.

6. After you’ll be asked to make a disk image for the VM, make one around 65GB or greater. If you don’t have that much space, then make one with 20 GB of space instead. Less space hurts your ability to not be detected so it is advisable to have a 65GB or greater VM.

7. Name the virtual machine whatever you wish to name it (so long as that name does not have spaces) and click finish.

8. From here, go through a normal Windows 7 install until you make it to the start screen.

Obfuscating the Operating System

1. Once here, open REGEDIT by clicking the Super key and R at the same time and typing in ‘REGEDIT’ (without the quotes).

   NOTE: This registry is NOT a file path, but rather the path to the location of something in the registry. Click the folders in REGEDIT, do not use your file manager for this.

2. Navigate to ‘HKEY_LOCAL_MACHINE/System/ControlSet001’ in the registry

3. Once this is achieved, right click the registry folder called "Enum" and click Permissions.

4. Click add and type your user name in the box provided.

5. Click ok, then click ‘Advanced’. A menu should pop up, from this menu click owner. Click on your user and then click the checkbox that says "Replace owner on subcontainers and objects". From here, click Apply, then OK, then click OK on the original permissions menu where you added yourself.

6. You should now be able to edit the registry. Open the Enum folder and locate the ‘IDE’ folder.

7. Open every folder in IDE and click on (BUT NOT OPEN) the folder inside all the folders in IDE. Each folder should have something with a human unreadable name like ‘5&2e0148db&01.0.0’ and have a list of editable registries on the right.

   NOTE: While yes you CAN name this whatever you want and yes it would work in most cases, it is not always the best to truly name something whatever you want. The name of other types of hardware is usually a good alternative.

8. Find the registry named "FriendlyName" and name it whatever you want, but make sure it doesn’t have QEMU in it once you edit.

9. Repeat the steps 7 and 8 for other folders in the IDE folder

10. For further reassurance, you may right click on the ‘Enum’ folder, click find, and type in QEMU and then change every element of FriendlyName that pops up with the word "QEMU", "Virtual Machine", or "Hypervisor" inside of it.

11. Once you are satisfied, shutdown Windows 7 and click the button next to the highlighted screen icon of the upper right of your virtual machine’s window.

Obfuscating the Hardware

1. Once here, you may see entries like "CPUs", "Memory", and "Mouse". If you see this, you figured your way to where you need to be.

2. Select "CPUs" and then click XML (that XML button should be next to the word "Details").

3. This should bring up an already filled text prompt of code. From here, you will be inserting and deleting lines in this text prompt.

4. Find all text from [⟨]{.math .inline}os[⟩]{.math .inline} to [⟨]{.math .inline}/os[⟩]{.math .inline} (including [⟨]{.math .inline}os[⟩]{.math .inline} and [⟨]{.math .inline}/os[⟩]{.math .inline}), delete it, and paste in the following:

   <sysinfo type="smbios">
       <bios>
         <entry name="vendor">Fake BIOS Vendor</entry>
         <entry name="version">Fake BIOS Version</entry>
       </bios>
       <system>
         <entry name="manufacturer">Fake Manufacturer</entry>
         <entry name="product">Fake Product</entry>
       </system>
     </sysinfo>
     <os>
       <type arch="x86_64" machine="pc-q35-6.1">hvm</type>
       <boot dev="hd"/>
       <smbios mode="sysinfo"/>
     </os>
   

5. Find all text from [⟨]{.math .inline}features[⟩]{.math .inline} to [⟨]{.math .inline}/features[⟩]{.math .inline} (inclusive), delete it, and replace it with the following:

     <features>
       <acpi/>
       <apic/>
       <hyperv>
         <relaxed state="on"/>
         <vapic state="on"/>
         <spinlocks state="on" retries="8191"/>
         <vendor_id state="on" value="132271374ch"/>
       </hyperv>
       <kvm>
         <hidden state="on"/>
       </kvm>
       <ioapic driver="kvm"/>
     </features>
   

6. Find all text from [⟨]{.math .inline}cpu[⟩]{.math .inline} to [⟨]{.math .inline}/cpu[⟩]{.math .inline} (or if this doesn’t exist, delete [⟨]{.math .inline}cpu ‘...’ /[⟩]{.math .inline} (the ... is not literal, it means anything in-between) and replace it with the following:

     <cpu mode="host-passthrough" check="none" migratable="on">
       <feature policy="disable" name="hypervisor"/>
     </cpu>
   

7. Once completed, click apply and then click the monitor icon in the top left that should be next to the highlighted icon indicating you are in the editing mode. This should bring you to a screen that says something along the lines of "Guest is not running".

8. Click the start button at the top to power on your computer and try out the browser, you should be able to use it without problem. If problems still exist, download this file, unzip it, and run the batch script in it as admin, restart, then try. If problems still persist, then do your own research or contact me about the issue to see if its universal.

Final Check

1. Download and compile pafish.

2. Run the software via terminal

3. If the output is mostly ‘OK’ (only one or two ’traced!’), then the Obfuscating was successful

Footnotes

1. [WARNING: It should be noted that your copy of Windows 7 MUST be a legal copy. Beware of pirated copies of Windows 7 (example here) as they are AGAINST THE LAW. Usage of illegal copies is at your own risk.]{#1}