1)偷懒的方法就是去下载俄罗斯的repacker版本,断更新断弹窗,与官方同步更新的速度也及时。
唯一的就是不知道这个版本是否有暗门。不过根据使用的情况好像还是很好的一个版本。
2)自己动手用官方的IDM来做
目标:a)能注册;b)不更新;c)无fake serial窗
2.1、先用hosts封掉IDM的相关域名,并锁定hosts的修改权限。封锁的域名主要是:
127.0.0.1 mirror.internetdownloadmanager.com 127.0.0.1 mirror1.internetdownloadmanager.com 127.0.0.1 mirror2.internetdownloadmanager.com 127.0.0.1 mirror3.internetdownloadmanager.com 127.0.0.1 mirror4.internetdownloadmanager.com 127.0.0.1 mirror5.internetdownloadmanager.com 127.0.0.1 mirror6.internetdownloadmanager.com 127.0.0.1 mirror7.internetdownloadmanager.com 127.0.0.1 mirror8.internetdownloadmanager.com 127.0.0.1 mirror9.internetdownloadmanager.com 127.0.0.1 mirror10.internetdownloadmanager.com 127.0.0.1 test.internetdownloadmanager.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 www.internetdownloadmanager.com 127.0.0.1 secure.registeridm.com 127.0.0.1 www.registeridm.com
目前检测到idm会访问 www.internetdownloadmanager.com 和 mirror5.internetdownloadmanager.com 这两个地址。(不同的版本会访问不同的mirror镜像站点,这些mirror不一定都是同一个ip)
锁定hosts的文件修改权限,bat文件,管理员模式运行
(这种锁定全局,不是仅针对IDM程序本身,如果要针对IDM程序本身修改hosts权限,可以用火绒的安全规则来实施,不过觉得没必要)
锁定代码:
attrib +r +a +s +h %windir%\system32\drivers\etc\hosts echo y|cacls %windir%\system32\drivers\etc\hosts /g everyone:r
恢复代码:
echo y|cacls %windir%\system32\drivers\etc\hosts /g everyone:f attrib -r -a -s -h %windir%\system32\drivers\etc\hosts
2.2、用系统自带的防火墙建立出站规则,封锁掉IDM访问的ip地址(hosts只能封锁域名,不能封锁ip。)
目前测试的ip地址主要有:
169.60.186.153
159.69.68.58
174.127.113.77
169.50.0.227
185.80.221.19
185.80.221.18
这些地址就是hosts中那些域名对应的ip地址。获得的方法可以通过ping或者网页查询ip的方法来获取。
将这些ip地址作为出站规则的作用域,设定IDM程序或者所有程序均阻止链接。
2.3、安装官方的IDM程序(这时候经过上面的两步,浏览器已经无法访问IDM的官方地址,也无法从官网下载IDM的安装程序,可以先下载后在封hosts与ip),正常安装。
2.4、用正确的序列号注册。IDM的序列号算法网上已经有源代码。或者搜索网上对应的idm注册码。注册的方法采用注册表文件合并的方法,reg文件,代码如下:。
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Internet Download Manager] "Lname"="Inc." "Fname"="Tonec" "Email"="info@tonec.com" "Serial"="COLB8-OI2BS-MSTTZ-KHSJ1" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Internet Download Manager] "Lname"="Inc." "Fname"="Tonec" "Email"="info@tonec.com" "Serial"="COLB8-OI2BS-MSTTZ-KHSJ1" [HKEY_CURRENT_USER\Software\DownloadManager] "Lname"="Inc." "Fname"="Tonec" "Email"="info@tonec.com" "Serial"="COLB8-OI2BS-MSTTZ-KHSJ1"
其中的前三项(姓名邮箱可以随便填写),导入后就可以注册。
2.5、按照道理这时候可能就顺利安装,也可能会遇到fake serial的弹窗(弹窗提示或者弹窗直接退出idm),这个属于idm检测了你的序列号为虚假的序列号(算法正确但是服务器上检测为非法序列号),这种情况多数是属于idm在某个时候联网检测了,并且在注册表中遗留了标记信息。这个时候可以通过清理注册表来实现。
bat文件代码:
set /a _Debug=0
::==========================================
@Echo OFF
:: AveYo: define USER before asking for elevation since it gets replaced for limited accounts
@if not defined USER for /f "tokens=2" %%s in ('whoami /user /fo list') do set "USER=%%s">nul
:: AveYo: ask for elevation passing arguments
@set "_=set USER=%USER%&&call "%~f0" %*"® query HKU\S-1-5-19>nul 2>nul||(
@powershell -nop -c "start -verb RunAs cmd -args '/d/x/q/r',$env:_"&exit)
::==========================================
CLS
Echo OFF
Color 07
Title IDM FS Cleaner v20.10.13
Echo::==================================================
Echo::
Echo::============ IDM FS Cleaner v20.10.13 ============
Echo::
Echo::== Contributors: @WindowsAddict, @BTJB, @Saheen ==
Echo::
Echo::========= Developer and Author: @yaschir =========
Echo::
Echo::===== * Special thanks to the Contributors * =====
Echo::
Echo::==================================================
Echo:
::CALLScript
CALL :ScriptA
CALL :ScriptB
CALL :ScriptEND
goto :eof
::
:ScriptA
::------------------------------------------------------------------------------------------------------------------------------------
::Reg-entries cleaning
::------------------------------------------------------------------------------------------------------------------------------------
set "nul=1>nul 2>nul"
setlocal EnableDelayedExpansion
for %%# in (
"HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
"HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
"HKLM\Software\Internet Download Manager"
"HKLM\Software\Wow6432Node\Internet Download Manager"
"HKLM\Software\Download Manager"
"HKLM\Software\Wow6432Node\Download Manager"
"HKLM\Software\DownloadManager"
"HKLM\Software\Wow6432Node\DownloadManager"
"HKCU\Software\Download Manager"
"HKCU\Software\Wow6432Node\Download Manager"
"HKCU\Software\Wow6432Node\DownloadManager"
"HKU\.DEFAULT\Software\Download Manager"
"HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
"HKU\.DEFAULT\Software\DownloadManager"
"HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
) do for /f "tokens=* delims=" %%A in ("%%#") do (
set "reg=%%#" &CALL :DELETE
)
Echo:
Exit /b
:DELETE
REG DELETE %reg% /f %nul%
if [%errorlevel%]==[0] (
set "status=powershell write-host 'Deleted ' -fore '"Green"' -NoNewline; write-host '""%reg%""' -fore '"White"'"
) else (
set "status=echo Not found %reg%"
)
reg query %reg% %nul%
if [%errorlevel%]==[0] (
set
"status=powershell write-host 'Deleted by taking ownership ' -fore
'"Yellow"' -NoNewline; write-host '""%reg%""' -fore '"White"'"
%nul% CALL :reg_takeownership "%reg%" "ReadPermissions, ReadKey" Allow %USER%
%nul% CALL :reg_takeownership "%reg%" "SetValue, Delete" Deny S-1-5-32-544 S-1-5-18
for /f "tokens=2 delims=:" %%s in ('sc showsid TrustedInstaller ^|findstr "S-1"') do set TI=%%s& call set TI=%%TI: =%%
%nul% CALL :reg_takeownership "%reg%" FullControl Allow S-1-5-32-544 %TI%
REG DELETE %reg% /f %nul%
)
reg query %reg% %nul%
if [%errorlevel%]==[0] (
powershell write-host 'Failed to delete ' -fore '"Red"' -NoNewline; write-host '""%reg%""' -fore '"White"'
) else (
%status%
)
Exit /b
:reg_takeownership key:"HKCU\Console" perm:"FullControl" access:"Allow" user:"S-1-5-32-544" owner(optional):"S-1-5-18"
powershell
-nop -c
"$A='%~1','%~2','%~3','%~4','%~5';iex(([io.file]::ReadAllText('%~f0')-split':regown\:.*')[1])"&exit/b:regown:
$D1=[IO.IODescriptionAttribute].Module.GetType('System.Diagnostics.Process').GetMethods(42)|where{$_.Name-eq'SetPrivilege'}
'SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege' |% {$D1.Invoke($null, @("$_",2))}
$rk=$A[0]-split'\\',2; switch -regex($rk[0]){'[mM]'{$HK='LocalMachine'};'[uU]'{$HK='CurrentUser'};default{$HK='ClassesRoot'};}
$key=$rk[1];$perm='FullControl',$A[1],$A[1];$access='Allow',$A[2],$A[2];$user=0,0,0; if($A[4]-eq''){$A[4]=$A[3]} ;$sec=0,0,0
$rule=0,0,0; $sid=$A[4],$A[3],'S-1-5-32-544'; 0,1,2 |% {$user[$_]=[System.Security.Principal.SecurityIdentifier]$sid[$_]
$rule[$_]=new-object System.Security.AccessControl.RegistryAccessRule($user[$_],$perm[$_],3,1,$access[$_])
$sec[$_]=new-object System.Security.AccessControl.RegistrySecurity}; $sec[0].SetOwner($user[0]); $sec[2].SetOwner($user[2])
function Reg_Own{param($hive,$key); $reg=[Microsoft.Win32.Registry]::$hive.OpenSubKey($key,'ReadWriteSubTree','TakeOwnership')
$reg.SetAccessControl($sec[2]); $rep=$reg.OpenSubKey('','ReadWriteSubTree','ChangePermissions'); $acl=$rep.GetAccessControl()
$acl.ResetAccessRule($rule[1]); $rep.SetAccessControl($acl); $acl=$sec[0]; $reg.SetAccessControl($acl)} ;Reg_Own $HK $key
$rec=[Microsoft.Win32.Registry]::$HK.OpenSubKey($key);foreach($sub in $rec.GetSubKeyNames()){Reg_Own $HK "$($key+'\\'+$sub)"}
Get-Acl $($rk[0]+':\\'+$rk[1])|fl #:regown: A lean and mean snippet by AveYo pastebin.com/XTPt0JSC
#-_-#
::
:ScriptB
::------------------------------------------------------------------------------------------------------------------------------------
::Reg-entries cleaning for current user info
::------------------------------------------------------------------------------------------------------------------------------------
REG DELETE "HKLM" /ve /f
REG DELETE "HKLM" /v "MData" /f
REG DELETE "HKLM" /v "Model" /f
REG DELETE "HKLM" /v "Therad" /f
REG DELETE "HKCU" /ve /f
REG DELETE "HKCU" /v "MData" /f
REG DELETE "HKCU" /v "Model" /f
REG DELETE "HKCU" /v "Therad" /f
REG DELETE "HKCU\Software\DownloadManager" /v "FName" /f
REG DELETE "HKCU\Software\DownloadManager" /v "LName" /f
REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
Exit /b
::
:ScriptEND
Echo:
Echo::===================================================
Echo::
Echo::======================= End =======================
Echo::
Echo::===================================================
Echo:
Echo:
powershell
write-host '.::' -fore '"Red"' -NoNewline; write-host ' Please don''t
forget to' -fore '"White"' -NoNewline; write-host ' re-register IDM'
-fore '"Green"' -NoNewline; write-host ' !' -fore '"White"' -NoNewline;
write-host ' ::.' -fore '"Red"'
Echo:
Echo:
Echo:Press any key to exit... & Pause >nul & Exit这段代码的重点地方应该是classes段落和最后的特殊字体段落。这时候重启IDM,再次注册表合并的方式注册,就能解决了。
2.6、网上现在对于IDM的几种方法是:
1)注册机算号,该方法已经无效,无法通过服务器序列号合法性检测。实际上用excel文件就可以算出成千上万个算法正确的号,但是能通过联网验证的几率极小。
2)删除IDMGrHlp.exe文件来禁用弹窗,该方案可能以前的版本有用,新版本(只测试了6.38.8版本及以后)已经无效。而且现在弹窗出来的进程已经是idman.exe。
3)一些patch的方法(安全性没有保障,未测试),反馈的有些也无法根治fake serial弹窗。(可能是用OD逆向进行jmp跳转的方法)
4)无限使用(trial reset),对新版本无效,可能在禁止联网的前提下不退出idm,但是还是有提示。
5)俄罗斯的repacker版本,这个版本应该是逆向了IDMAN程序本身。效果很好。