pascal/lazarus-ccr
1
0
Fork 0
Code Issues Releases Activity

Initial commit.

Browse Source 
Fakecmd is a windows cmd.exe replacement intended to frustrate tech support scammers.  See readme.txt or use the command 'help' within cmd.exe for more details.
Compiles in Laz 2.x target=win32.


git-svn-id: https://svn.code.sf.net/p/lazarus-ccr/svn@6701 8e941d3f-bd1b-0410-a28a-d453659cc2b4
This commit is contained in:
gbamber
2018-10-31 08:26:11 +00:00
parent 3317b03e1d
commit a12042b8e6
6 changed files with 970 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
applications/fakecmd/cmd.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 KiB

117
applications/fakecmd/cmd.lpi Normal file
View File

@ -0,0 +1,117 @@
<?xml version="1.0" encoding="UTF-8"?>
<CONFIG>
<ProjectOptions>
<Version Value="11"/>
<PathDelim Value="\"/>
<General>
<Flags>
<MainUnitHasCreateFormStatements Value="False"/>
<MainUnitHasScaledStatement Value="False"/>
</Flags>
<SessionStorage Value="InProjectDir"/>
<MainUnit Value="0"/>
<Title Value="Command"/>
<Scaled Value="True"/>
<UseAppBundle Value="False"/>
<ResourceType Value="res"/>
<Icon Value="0"/>
</General>
<VersionInfo>
<UseVersionInfo Value="True"/>
<MajorVersionNr Value="10"/>
<RevisionNr Value="17134"/>
<BuildNr Value="1"/>
<StringTable CompanyName="Microsoft Corporation" FileDescription="Windows Command Processor" InternalName="cmd" LegalCopyright="\xA9 Microsoft Corporation. All rights reserved." OriginalFilename="Cmd.Exe" ProductName="Microsoft\xAE Windows\xAE Operating System" ProductVersion="10.0.17134.1"/>
</VersionInfo>
<BuildModes Count="2">
<Item1 Name="Debug" Default="True"/>
<Item2 Name="Release">
<CompilerOptions>
<Version Value="11"/>
<PathDelim Value="\"/>
<Target>
<Filename Value="cmd"/>
</Target>
<SearchPaths>
<IncludeFiles Value="$(ProjOutDir)"/>
<UnitOutputDirectory Value="lib\$(TargetCPU)-$(TargetOS)"/>
</SearchPaths>
<CodeGeneration>
<SmartLinkUnit Value="True"/>
<TargetCPU Value="i386"/>
<TargetOS Value="win32"/>
<Optimizations>
<OptimizationLevel Value="3"/>
</Optimizations>
</CodeGeneration>
<Linking>
<Debugging>
<GenerateDebugInfo Value="False"/>
</Debugging>
<LinkSmart Value="True"/>
</Linking>
</CompilerOptions>
</Item2>
</BuildModes>
<PublishOptions>
<Version Value="2"/>
<DestinationDirectory Value="$(ProjPath)\published\"/>
</PublishOptions>
<RunParams>
<FormatVersion Value="2"/>
<Modes Count="0"/>
</RunParams>
<Units Count="1">
<Unit0>
<Filename Value="cmd.lpr"/>
<IsPartOfProject Value="True"/>
</Unit0>
</Units>
</ProjectOptions>
<CompilerOptions>
<Version Value="11"/>
<PathDelim Value="\"/>
<Target>
<Filename Value="cmd"/>
</Target>
<SearchPaths>
<IncludeFiles Value="$(ProjOutDir)"/>
<UnitOutputDirectory Value="lib\$(TargetCPU)-$(TargetOS)"/>
</SearchPaths>
<Parsing>
<SyntaxOptions>
<IncludeAssertionCode Value="True"/>
</SyntaxOptions>
</Parsing>
<CodeGeneration>
<Checks>
<IOChecks Value="True"/>
<RangeChecks Value="True"/>
<OverflowChecks Value="True"/>
<StackChecks Value="True"/>
</Checks>
<VerifyObjMethodCallValidity Value="True"/>
</CodeGeneration>
<Linking>
<Debugging>
<DebugInfoType Value="dsDwarf2Set"/>
<UseHeaptrc Value="True"/>
<TrashVariables Value="True"/>
<UseExternalDbgSyms Value="True"/>
</Debugging>
</Linking>
</CompilerOptions>
<Debugging>
<Exceptions Count="3">
<Item1>
<Name Value="EAbort"/>
</Item1>
<Item2>
<Name Value="ECodetoolError"/>
</Item2>
<Item3>
<Name Value="EFOpenError"/>
</Item3>
</Exceptions>
</Debugging>
</CONFIG>

576
applications/fakecmd/cmd.lpr Normal file
View File

@ -0,0 +1,576 @@
program cmd;
(*
= Version 0.0.1.
{
= cmd.exe replacement
== Windows only! ==
= Purpose:
== To frustrate tech support scammers
= Documentation:
== see readme.txt file distributed with this application
= License:
== Copyright (C)2018 Gordon Bamber minesadorada AT charcodelvalle.com
This library is free software; you can redistribute it and/or modify it
under the terms of the GNU Library General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
for more details.
You should have received a copy of the GNU Library General Public License
along with this library; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1335, USA.
}
*)
{$mode objfpc}{$H+}
uses {$IFDEF UNIX} {$IFDEF UseCThreads}
cthreads, {$ENDIF} {$ENDIF}
Classes,
SysUtils,
CustApp, { you can add units after this }
strutils,
registry;
type
{ TMyCmd }
TMyCmd = class(TCustomApplication)
private
fCurrDir: string;
fCurrDrive: string;
fCurrFiledate: TDateTime;
fCommand: string;
fUserInput: string;
fNumFiles: integer;
fTotalSize: int64;
fregistry: TRegistry;
// Get/Set TheCurrDir property
function GetTheCurrDir: string;
procedure SetTheCurrDir(AValue: string);
procedure WaitABit; //Blocking pause
procedure CDDotDot; // Deal with cd.. command
procedure ChangeDir(Avalue: string); // Deal with cd and mkdir commands
procedure WriteDirectoryListing; // Listing is semi-random each time
function FetchNewFakeDirDate: string;
function FetchNewFakeFilesize: string;
procedure WriteFakeNetstat; // Entries are the same each time
procedure SetAutoRun(bCreateOrDelete: boolean); // If set, then real cmd.exe will automatically run this cmd.exe
procedure DisplayReadme; // either cmd -h or type 'help' at prompt
protected
procedure DoRun; override; // Add new commands in this procedure
public
constructor Create(TheOwner: TComponent); override;
destructor Destroy; override;
procedure WriteHelp; virtual;
// Property tracks the fake current directory displayed at the prompt
property TheCurrDir: string read GetTheCurrDir write SetTheCurrDir;
end;
const
// Hardcoded
C_FULLPROMPT = 'Microsoft Windows [Version 10.0.17134.345]' +
LineEnding + '(c) 2018 Microsoft Corporation. All rights reserved.' +
LineEnding + LineEnding;
C_BADCOMMAND =
'''%s'' is not recognized as an internal or external command,%soperable program or batch file.'
+ LineEnding + LineEnding;
C_DIRDATEFORMAT = 'ddddd hh:nn';
C_REG_AUTORUN = '\Software\Microsoft\Command Processor'; //HKEY_CURRENT_USER
//DEPRECATED: C_FullPrompt = 'Microsoft Windows [Version %d.%d.%d.%d]' + LineEnding +
// '(c) 2018 Microsoft Corporation. All rights reserved.' + LineEnding + LineEnding;
{ TMyCmd }
procedure TMyCmd.DisplayReadme;
// Displays readme.txt file in same folder as this app
var
F: TextFile;
s: string;
ct: integer;
begin
// Is readme.txt missing?
if not FileExists('readme.txt') then
begin
WriteLn('Help file ''readme.txt'' is missing');
exit;
end;
// OK. Now read and display;
try
System.Assign(F, 'readme.txt');
Reset(F);
ct := 0;
while not EOF(F) do
begin
Inc(ct);
if ct mod 15 = 0 then // Show 15 lines per screen
begin
WriteLn;
WriteLn('Press any key to continue');
Readln;
end
else
begin
// Read a line, then display a line
ReadLn(F, s);
WriteLn(s);
end;
end;
finally
Close(F);
end;
end;
procedure TMyCmd.SetAutoRun(bCreateOrDelete: boolean);
begin
fRegistry.RootKey := HKEY_CURRENT_USER;
if bCreateOrDelete = True then
begin
fregistry.OpenKey(C_REG_AUTORUN, True);
fRegistry.WriteString('Autorun', EXEname);
fregistry.CloseKey;
end
else
begin
fregistry.OpenKey(C_REG_AUTORUN, True);
fregistry.DeleteValue('Autorun');
fregistry.CloseKey;
end;
end;
procedure TMyCmd.WaitABit;
begin
Sleep(200);
end;
function TMyCmd.FetchNewFakeFilesize: string;
// 18 chars right aligned
var
fl: double;
begin
fl := Random * 1000000;
Result := Format('%.0n', [fl]);
Result := PadLeft(Result, 18);
Inc(fNumFiles);
Inc(fTotalSize, ROUND(fl));
end;
function TMyCmd.FetchNewFakeDirDate: string;
begin
fCurrFileDate := fCurrFileDate - Random * 20;
DateTimeToString(Result, C_DIRDATEFORMAT, fCurrFileDate, []);
end;
procedure TMyCmd.WriteDirectoryListing;
var
fOdds: single;
begin
fCurrFiledate := Now();
fOdds := 0.8;
fNumFiles := 0;
fTotalSize := 0;
WriteLn;
WriteLn(' Volume in drive ' + Upcase(fCurrDrive) + ' is WINDOWS');
WriteLn(' Volume Serial Number is 84A5-5539');
WriteLn;
WriteLn(' Directory of ' + fCurrDir);
WriteLn;
if Length(fCurrDir) > 3 then
begin
WriteLn(FetchNewFakeDirDate + ' <DIR> .');
WriteLn(FetchNewFakeDirDate + ' <DIR> ..');
end;
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Private');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Banking');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Logins');
if LeftStr(Upcase(fCurrDir), 8) = 'C:\USERS' then
begin
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Contacts');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Documents');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Downloads');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + ' <DIR> Pictures');
end;
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + FetchNewFakeFilesize + ' readme.txt');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + FetchNewFakeFilesize + ' bank details.doc');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + FetchNewFakeFilesize + ' accounts.xls');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + FetchNewFakeFilesize + ' passwords.doc');
if (Random > fOdds) then
WriteLn(FetchNewFakeDirDate + FetchNewFakeFilesize + ' ');
WriteLn(Format(' %d file(s) %d bytes', [fNumFiles, fTotalSize]));
WriteLn;
end;
procedure TMyCmd.WriteFakeNetstat;
begin
WriteLn;
WriteLn('Active Connections');
WriteLn;
WriteLn(' Proto Local Address Foreign Address State');
WriteLn(' TCP 192.168.0.9:49682 ec2-18-211-19-105:https CLOSE_WAIT');
WriteLn(' TCP 192.168.0.9:49876 40.67.248.104:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53636 8.36.80.215:https TIME_WAIT');
WaitABit;
WaitABit;
WaitABit;
WaitABit;
WriteLn(' TCP 192.168.0.9:53957 54.239.21.139:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53958 s3-us-west-2-w:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53959 54.239.21.125:https ESTABLISHED');
WaitABit;
WaitABit;
WriteLn(' TCP 192.168.0.9:53960 54.239.31.63:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53961 s3-us-west-2-w:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53962 54.239.31.63:https ESTABLISHED');
WaitABit;
WriteLn(' TCP 192.168.0.9:53963 a104-83-194-139:https ESTABLISHED');
WaitABit;
WaitABit;
WaitABit;
WriteLn(' TCP 192.168.0.9:53964 a104-83-194-139:https ESTABLISHED');
WaitABit;
WaitABit;
WriteLn(' TCP 192.168.0.9:53965 a104-83-194-139:https ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53966 server-52-85-46-242:http ESTABLISHED');
WriteLn(' TCP 192.168.0.9:53967 a84-53-129-220:http TIME_WAIT');
WaitABit;
WriteLn(' TCP 192.168.0.9:53968 93.184.220.29:http ESTABLISHED');
WaitABit;
WaitABit;
WriteLn(' TCP 192.168.0.9:53969 104.18.25.243:http ESTABLISHED');
WriteLn;
end;
procedure TMyCmd.ChangeDir(Avalue: string);
var
s: string;
begin
s := GetTheCurrDir;
if Length(AValue) > 0 then
begin
SetTheCurrDir(s + '\' + AValue);
fCurrDrive := LeftStr(fCurrDir, 1);
end;
end;
procedure TMyCmd.CDDotDot;
// Deal with cd.. command by changing fake Current Directory
var
s: string;
begin
s := GetTheCurrDir;
if RPos('\', s) > 0 then
begin
SetTheCurrDir(LeftStr(fCurrDir, RPos('\', s)));
fCurrDrive := LeftStr(fCurrDir, 1);
end;
end;
procedure TMyCmd.SetTheCurrDir(AValue: string);
begin
if fCurrDir <> AValue then
fCurrDir := AValue;
fCurrDrive := LeftStr(fCurrDir, 1);
end;
function TMyCmd.GetTheCurrDir: string;
begin
Result := ExcludeTrailingBackslash(fCurrDir);
end;
procedure TMyCmd.DoRun;
var
ErrorMsg, s: string;
ct: integer;
Parsed: boolean;
begin
// quick check parameters
ErrorMsg := CheckOptions('h', 'help');
if ErrorMsg <> '' then
begin
ShowException(Exception.Create(ErrorMsg));
Terminate;
Exit;
end;
// parse parameters
if HasOption('h', 'help') then
begin
WriteHelp;
Terminate;
Exit;
end;
{ add your program here }
// Deprecated:
// Write(Format(C_FULLPROMPT,[Win32Platform,Win32MajorVersion,Win32MinorVersion,Win32BuildNumber]) + TheCurrDir + '>');
Randomize; // For random datetimes, odds etc used in dir listings
// Show header info and command prompt
Write(C_FULLPROMPT + TheCurrDir + '>'); //hardcoded for windows 10
// Grab input
ReadLn(fUserInput);
Log(etInfo, 'Scammer typed ''%s''', [fUserInput]);
// Does nothing unless DoLog virtual procedure is overridden
fCommand := UpCase(fUserInput);
Parsed := False;
// Enter command loop
while fCommand <> 'EXIT' do
begin
// Parse various commands
// TODO: other commands
//Special commands
//SetAutoRun
if (fCommand = 'SETAUTORUN') and (Parsed = False) then
begin
Parsed := True;
SetAutoRun(True);
WriteLn('AutoRun set to ' + EXEName = ' successfully');
end;
//DelAutoRun
if (fCommand = 'DELAUTORUN') and (Parsed = False) then
begin
Parsed := True;
SetAutoRun(False);
WriteLn('AutoRun key deleted successfully');
end;
// Show help
if (fCommand = 'HELP') and (Parsed = False) then
begin
Parsed := True;
WriteHelp;
WriteLn;
end;
// format: Do a fake format of the drive
if (Pos('FORMAT', fCommand) > 0) and (Parsed = False) then
begin
Parsed := True;
WriteLn('This command will erase the contents of the specified disk.');
WriteLn('WARNING: This action cannot be undone. Are you sure? Y/N');
ReadLn(s);
if UpCase(s) = 'Y' then
begin
Write('Please wait. Formatting..');
for ct := 1 to 30 do
begin
WaitABit;
Write('.');
end;
Writeln('Format complete');
end
else
Writeln('Command canceled.');
WriteLn;
end;
// syskey: Pretend to encrypt the system database
if (Pos('SYSKEY', fCommand) > 0) and (Parsed = False) then
begin
Parsed := True;
WriteLn('WARNING: The syskey utility will encrypt your system database');
WriteLn('The operation cannot be undone. Type ''yes'' to continue');
ReadLn(s);
if UpCase(s) = 'YES' then
begin
WriteLn('Type in the new password:');
ReadLn(s);
Write('Please wait. Encrypting..');
for ct := 1 to 30 do
begin
WaitABit;
Write('.');
end;
Writeln('Syskey encryption complete. Restart the computer to complete the operation');
end
else
Writeln('Syskey command canceled.');
WriteLn;
end;
// netstat
if (Pos('NETSTAT', fCommand) > 0) and (Parsed = False) then
begin
Parsed := True;
WriteFakeNetstat;
WriteLn('Scan foreign addresses for hackers? Y/N');
ReadLn(s);
if UpCase(s) = 'Y' then
begin
Write('Please wait. Scanning connections..');
for ct := 1 to 10 do
begin
WaitABit;
Write('.');
end;
Writeln('Complete.');
WriteLn('Scan reports that all current connections are safe');
end
else
Writeln('WARNING: Scan was intentionally canceled - please run netstat command again.');
WriteLn;
end;
// del, delete deltree and erase
if ((Pos('DEL', fCommand) > 0) or (Pos('ERASE', fCommand) > 0)) and
(Parsed = False) then
begin
Parsed := True;
WriteLn('This command will delete files. Are you sure? Y/N');
ReadLn(s);
if UpCase(s) = 'Y' then
begin
Write('Please wait. Deleting files..');
for ct := 1 to 10 do
begin
WaitABit;
Write('.');
end;
Writeln('Complete');
end
else
Writeln('Command canceled.');
end;
// Go To drive Root
if (fCommand = 'CD\') and (Parsed = False) then
begin
Parsed := True;
SetTheCurrDir(fCurrDrive + ':\');
end;
// Change Drive
if ((Pos(':', fCommand) > 0) and (Parsed = False)) then
begin
Parsed := True;
SetTheCurrDir(LeftStr(fCommand, 2));
end;
// tree and dir
// Construct fake listing (random contents)
// Force a 'scan for viruses'
// Proclaim everything is tickety-boo
if ((Pos('TREE', fCommand) > 0) or (Pos('DIR', fCommand) > 0)) and
(Parsed = False) then
begin
Parsed := True;
WriteDirectoryListing;
WriteLn('Scan this folder for infections? Y/N');
ReadLn;
WriteLn('Please wait. Scanning for viruses and trojans');
for ct := 1 to 20 do
begin
WaitABit;
Write('.');
end;
WriteLn('System scanned');
WriteLn('Viruses detected: 0');
WriteLn('Trojans detected: 0');
WriteLn('Contents of ' + fCurrDir + ' are clean and not infected.' +
LineEnding + LineEnding);
end;
if (fCommand = 'CD..') and (Parsed = False) then
begin
CDDotDot; // Change fake current directory to its fake parent
Parsed := True;
end;
// Change to another fake folder
if (Pos('CD', fCommand) > 0) and (Parsed = False) then
begin
Parsed := True;
ChangeDir(MidStr(fUserInput, 4, Length(fUserInput)));
end;
// Pretend to make a folder
if (Pos('MKDIR', fCommand) > 0) and (Parsed = False) then
begin
Parsed := True;
end;
// Unrecognised command fallback
if (Parsed=FALSE) AND (length(fUserInput) > 0) then
WriteLn(Format(C_BADCOMMAND, [fUserInput, LineEnding]));
// Show prompt
Write(TheCurrDir + '>');
// Fetch the next command
ReadLn(fUserInput);
fCommand := UpCase(fUserInput);
Parsed := False;
// Back to start of loop
// user types 'exit' to exit loop
end;
// stop program loop
Terminate;
end;
constructor TMyCmd.Create(TheOwner: TComponent);
begin
inherited Create(TheOwner);
StopOnException := True;
Title := 'C:\WINDOWS\system32\cmd.exe';
SetTheCurrDir(GetUserDir); // Set up fake Current Directory to a real one
fCurrDrive := LeftStr(TheCurrDir, 1);
fregistry := TRegistry.Create;
end;
destructor TMyCmd.Destroy;
begin
fregistry.Free;
inherited Destroy;
end;
procedure TMyCmd.WriteHelp;
begin
{ add your help code here }
writeln('Usage: ', ExeName, ' -h');
DisplayReadme;
writeln('Press any key to continue');
readln;
end;
var
Application: TMyCmd;
{$R *.res}
begin
Application := TMyCmd.Create(nil);
Application.Title:='Command';
Application.Run;
Application.Free;
end.

205
applications/fakecmd/cmd.lps Normal file
View File

@ -0,0 +1,205 @@
<?xml version="1.0" encoding="UTF-8"?>
<CONFIG>
<ProjectSession>
<PathDelim Value="\"/>
<Version Value="11"/>
<BuildModes Active="Release"/>
<Units Count="8">
<Unit0>
<Filename Value="cmd.lpr"/>
<IsPartOfProject Value="True"/>
<IsVisibleTab Value="True"/>
<TopLine Value="499"/>
<CursorPos X="21" Y="501"/>
<UsageCount Value="118"/>
<Loaded Value="True"/>
</Unit0>
<Unit1>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\sysutils.pp"/>
<UnitName Value="SysUtils"/>
<EditorIndex Value="4"/>
<TopLine Value="284"/>
<CursorPos X="18" Y="294"/>
<UsageCount Value="59"/>
<Loaded Value="True"/>
</Unit1>
<Unit2>
<Filename Value="D:\lazarustrunk\fpcsrc\packages\fcl-base\src\custapp.pp"/>
<UnitName Value="CustApp"/>
<EditorIndex Value="3"/>
<TopLine Value="255"/>
<CursorPos X="27" Y="270"/>
<UsageCount Value="59"/>
<Loaded Value="True"/>
</Unit2>
<Unit3>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\objpas\sysutils\sysutils.inc"/>
<EditorIndex Value="6"/>
<TopLine Value="196"/>
<CursorPos X="11" Y="602"/>
<UsageCount Value="59"/>
<Loaded Value="True"/>
</Unit3>
<Unit4>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\objpas\objpas.pp"/>
<EditorIndex Value="-1"/>
<TopLine Value="73"/>
<CursorPos X="19" Y="287"/>
<UsageCount Value="1"/>
</Unit4>
<Unit5>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\windirs.pp"/>
<UnitName Value="WinDirs"/>
<EditorIndex Value="5"/>
<TopLine Value="27"/>
<CursorPos X="15" Y="54"/>
<UsageCount Value="59"/>
<Loaded Value="True"/>
</Unit5>
<Unit6>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\objpas\sysutils\finah.inc"/>
<EditorIndex Value="2"/>
<CursorPos X="16" Y="22"/>
<UsageCount Value="58"/>
<Loaded Value="True"/>
</Unit6>
<Unit7>
<Filename Value="D:\lazarustrunk\fpcsrc\packages\fcl-registry\src\registry.pp"/>
<UnitName Value="Registry"/>
<EditorIndex Value="1"/>
<TopLine Value="102"/>
<CursorPos X="21" Y="130"/>
<UsageCount Value="33"/>
<Loaded Value="True"/>
</Unit7>
</Units>
<JumpHistory Count="30" HistoryIndex="29">
<Position1>
<Filename Value="cmd.lpr"/>
<Caret Line="445" Column="20" TopLine="412"/>
</Position1>
<Position2>
<Filename Value="cmd.lpr"/>
<Caret Line="70" Column="20" TopLine="48"/>
</Position2>
<Position3>
<Filename Value="cmd.lpr"/>
<Caret Line="95" Column="13" TopLine="76"/>
</Position3>
<Position4>
<Filename Value="cmd.lpr"/>
<Caret Line="97" Column="35" TopLine="73"/>
</Position4>
<Position5>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\sysutils.pp"/>
<Caret Line="20" Column="7" TopLine="19"/>
</Position5>
<Position6>
<Filename Value="cmd.lpr"/>
<Caret Line="97" Column="41" TopLine="72"/>
</Position6>
<Position7>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\sysutils.pp"/>
<Caret Line="4" Column="17"/>
</Position7>
<Position8>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\sysutils.pp"/>
<Caret Line="1245" Column="33" TopLine="1209"/>
</Position8>
<Position9>
<Filename Value="cmd.lpr"/>
<Caret Line="356" Column="35" TopLine="271"/>
</Position9>
<Position10>
<Filename Value="cmd.lpr"/>
<Caret Line="117" Column="38" TopLine="96"/>
</Position10>
<Position11>
<Filename Value="cmd.lpr"/>
<Caret Line="294" Column="39" TopLine="261"/>
</Position11>
<Position12>
<Filename Value="cmd.lpr"/>
<Caret Line="106" Column="11" TopLine="87"/>
</Position12>
<Position13>
<Filename Value="cmd.lpr"/>
<Caret Line="41" Column="11" TopLine="19"/>
</Position13>
<Position14>
<Filename Value="D:\lazarustrunk\fpcsrc\packages\fcl-base\src\custapp.pp"/>
<Caret Line="277" Column="10" TopLine="251"/>
</Position14>
<Position15>
<Filename Value="D:\lazarustrunk\fpcsrc\rtl\win\sysutils.pp"/>
<Caret Line="547" Column="20"/>
</Position15>
<Position16>
<Filename Value="cmd.lpr"/>
<Caret Line="95" Column="61" TopLine="61"/>
</Position16>
<Position17>
<Filename Value="cmd.lpr"/>
<Caret Line="65" Column="29" TopLine="41"/>
</Position17>
<Position18>
<Filename Value="cmd.lpr"/>
<Caret Line="104" Column="45" TopLine="71"/>
</Position18>
<Position19>
<Filename Value="cmd.lpr"/>
<Caret Line="102" Column="37" TopLine="80"/>
</Position19>
<Position20>
<Filename Value="cmd.lpr"/>
<Caret Line="113" Column="34" TopLine="79"/>
</Position20>
<Position21>
<Filename Value="cmd.lpr"/>
<Caret Line="111" Column="21" TopLine="91"/>
</Position21>
<Position22>
<Filename Value="cmd.lpr"/>
<Caret Line="96" Column="12" TopLine="84"/>
</Position22>
<Position23>
<Filename Value="cmd.lpr"/>
<Caret Line="106" Column="29" TopLine="84"/>
</Position23>
<Position24>
<Filename Value="cmd.lpr"/>
<Caret Line="96" Column="11" TopLine="88"/>
</Position24>
<Position25>
<Filename Value="cmd.lpr"/>
<Caret Line="95" Column="11" TopLine="84"/>
</Position25>
<Position26>
<Filename Value="cmd.lpr"/>
<Caret Line="106" Column="29" TopLine="84"/>
</Position26>
<Position27>
<Filename Value="cmd.lpr"/>
<Caret Line="95" Column="11" TopLine="84"/>
</Position27>
<Position28>
<Filename Value="cmd.lpr"/>
<Caret Line="105" Column="45" TopLine="84"/>
</Position28>
<Position29>
<Filename Value="cmd.lpr"/>
<Caret Line="106" Column="14" TopLine="84"/>
</Position29>
<Position30>
<Filename Value="cmd.lpr"/>
<Caret Line="120" Column="19" TopLine="88"/>
</Position30>
</JumpHistory>
<RunParams>
<FormatVersion Value="2"/>
<Modes Count="1" ActiveMode="default">
<Mode0 Name="default"/>
</Modes>
</RunParams>
</ProjectSession>
</CONFIG>

BIN
applications/fakecmd/cmd.res Normal file
View File

Binary file not shown.

72
applications/fakecmd/readme.txt Normal file
View File

@ -0,0 +1,72 @@
Fake cmd console application by minesadorada
============================================
Installation
============
The command processor (cmd.exe) is located in your Windows\System32 folder.
There are 2 ways to replace it with this fake anti-scammer version.
1. Make a backup of your real cmd.exe file, and copy over it with this version.
* You will need to be logged on as administrator in order to do this.
* Only do this in a Virtual Machine!
* The tech scammer has no access to the real cmd.exe - so it is safer.
or
2. Copy the file cmd.com to your Windows\System32 folder. (you can rename cmd.exe to cmd.com and Windows doesn't complain)
* Windows will always prefer to run a .com file before an .exe file.
* If you type 'cmd' in the run dialog (Win key + r), the cmd.com (fake app) will run.
* To run the real cmd.exe, just type 'cmd.exe' in the run dialog.
* There is a small risk that the tech scammer wont be lazy, and types the full 'cmd.exe' command.
* Normally they type 'cmd' or ask you to type 'cmd' - which will run the fake cmd.com app.
Purpose
=======
This is designed to frustrate and fool Tech Support scammers.
If you let them connect remotely to your computer then they typically run DOS (cmd) commands like:
1. netstat - the list of usually perfectly legitimate TCP connections are declared by the tech scammer to be 'hackers'
who have 'taken control of your system' as a 'proof' that your computer is infected with viruses.
This version of cmd.exe shows a random list of connections, then offers to 'Scan foreign addresses for hackers'
The scan always shows all the connections are safe of course.
If the tech scanner refuses the scan, then 'WARNING: Scan was intentionally canceled - please run netstat command again' is displayed.
2. dir or tree - this innocent command to list all the files in the current folder is used bt the tech scammer as a distraction.
He/she waits for the listing to finish, then copy/pastes a fake warning message at the end which is supposed to scare the user.
Two can play that game :)
This version of cmd.exe shows simulated directory listing with random folders and filenames (different every time).
Some of the folders and files will look very tempting to the tech scammer (e.g. bank details.doc, paswwords.doc)
Unfortunately (for the scammer) at the end of the listing the 'helpful' prompt 'Scan this folder for infections? Y/N' is shown.
Any key at all will start the scan, which of course will report all is clean and safe. The scammers warning message is made impotent.
3. cd.. or cd\ or D:, E: etc - the tech scammer may attempt to change the current folder or drive before listing files etc.
This version of cmd.exe starts in the genuine users folder for your system, but of course this is a distraction to convince the tech scammer.
He/she can try to navigate using directory commands, but everything is fake. All that is happening is that the prompt text changes.
At no time will this cmd.exe allow genuine access to your disk - its all an illusion to frustrate the scammer.
4. format, syskey del, delete, erase - if the tech scammer wants to 'punish' you, they may start cmd.exe and try to use it
to trash your system and/or erase files and folders.
Look and laugh! This version of cmd.exe will happily accept the commands, and appears to do the tech scammers ugly work
but..
Its all a fantasy of course. Your system is safe because this version of cmd.exe is just for show, and cannot access your system.
Whilst the tech scammer is 'formatting', 'deleting' etc all kinds of scary messages are shown but nothing actually happens.
Other fake cmd.exe replacements sometimes try to be amusing with wacky responses to DOS commands. Even the stupid tech scammers
will soon realise you are faking them, and wheres the fun in that?
This version tries to be realistic, but frustrating. It is designed to waste their time, and keep your system safe.
Replacing your windows\system32\cmd.exe with this fake version in your virtual machine will hopefully give you a laugh when the tech scammer
uses it, and will probably convince the technically incompetent ones (most of them) that they are accessing the genuine article.
This version of cmd.exe reports the system as 'Windows 10', and has all the correct versioninfo that shows in Task Manager. Icon is from the genuine cmd.exe.
It was written using lazarus/free pascal.
Released under LGPLv2 license.
======================
:minesadorada Nov 2018