LockDownEscaper

A LockDown Browser Bypass (Archived)

Notice: This project is no longer maintained and does not support the latest LockDown Browser versions as of April 2023.

Overview

LockDownEscaper was a project designed to analyze and bypass various security mechanisms used by LockDown Browser (LDB). It was developed in C++ and primarily aimed at disabling detection techniques that prevent application switching, virtual machine usage, and other system modifications. This was done purely for educational purposes to explore how LDB enforces restrictions on a system.

How It Works

LockDownEscaper works by injecting a custom DLL into the LDB process, hooking and patching functions using Microsoft Detours. This allows the program to intercept Windows API calls made by LDB and modify their behavior. The injection process is handled by LDEInjector.exe, which launches LDB and then injects the DLL automatically.

Technical Details

• Hooks various Windows API functions to disable restrictions.
• Patches NTDLL hooks to prevent process detection.
• Disables anti-virtual machine checks (works with Parallels, not Hyper-V).
• Removes "always on top" flags, allowing alt-tabbing.
• Patches registry modifications to prevent task manager disabling.
• CMDlet provides real-time injection status updates.

Injection Process

The injection process follows a simple method:

1. User runs LDEInjector.exe.
2. The injector launches LockDown Browser.
3. The DLL is injected into the LDB process.
4. Windows API hooks are applied to disable restrictions.
5. The CMD window provides real-time status updates.

Source Code

You can download/view the source code for this project here.

Archived as of April 2023