Skip to content

Latest commit

 

History

History
113 lines (74 loc) · 5.33 KB

README.md

File metadata and controls

113 lines (74 loc) · 5.33 KB
Raw

DieKnow

A bypass of DyKnow, powered primarily by the Windows win32 API.

DieKnow will significantly improve the performance of your laptop by a large amount, especially on the CPU. However, it will use around 3% of the CPU when running. But this is minimal compared to DyKnow, which uses up to 15% of the CPU consistently, and on an Intel Core i3, there isn't much to spare. It's not lightweight for something to take screenshots of your entire device screen at 4K resolution and at sixty frames per second.

For ease of use, a beta GUI application is located in gui.py, powered by the Windows win32 API.

About this:

  • This DOES NOT need administrator privelleges, just a Python installation, which is often found in the Software Center.
  • It's very compact (just around 600 lines).
  • DOES NOT need a C++ compiler.
  • DOES NOT need to run an exectuable or a batch file, which is usually blocked by the school via Windows AppLocker.
  • DOES NOT have any external dependencies.

What can DyKnow do (or does do):

  • Monitor your device screen (including when you press "Show password" when typing a password)
  • Monitor your search history
  • Monitor what apps you've been on
  • Lock your device
  • Track your device's location
  • Make your computer really, really slow
  • Track your keystrokes
  • Make your computer useless

It's possible that this information could be sold to third-party advertisers for a way to generate revenue, as DyKnow is actually quite cheap for the school.

When it is running, you'll see the DyKnow icon dissapear from your taskbar. 💀

You'll have to type "exit" to exit the application or some lingering multitasking threads will continue to run in the background.

Installation

NOTE: this application only works on Windows, as it uses the Windows API.

For Python

  1. Install Python 3
  2. Click on Code image
  3. Click on Download Zip image
  4. Extract the compressed zip
  5. Double-click on the main.py file in the extracted folder.
  6. Enjoy :)

Commands

Quickstart

Double-click the main.py and type start to start the monitoring and closing of DyKnow. If a shell is too complicated for you, you can use the GUI application in gui.py by double-clicking it. Ensure Python is installed.

If you want to allow DyKnow to start up once the computer is logged on, you can perform the following steps:

  1. Create a shortcut to the main.py or gui.py file, depending if you want to start up with a GUI or a console.
  2. Cut the shortcut by pressing Ctrl-X.
  3. Press Windows-R to open up the Run window.
  4. Type shell:startup in the input box that appears.
  5. In the Windows Explorer dialog that appears, paste the shortcut you copied in step 2.

That's it! It may take around two minutes for it to start up.

start

Start the DieKnow process. DyKnow executables will be terminated forcefully every five seconds, or whatever is set in interval.txt, which is sufficient to keep DyKnow consistently closed down. If the delay was too low (or none at all), CPU usage would be very high, possibly as high or higher than DyKnow.

stop

Kill the DieKnow threads but keep the app running. Threads associated with DieKnow will be terminated.

count

Retrieve the number of executables killed by DieKnow.

directory

Retrieve the files in the DyKnow installation directory.

It should return something similar to this.

Files in C:/Program Files/DyKnow/Cloud/7.10.22.9:
amjbk.exe
Demo32_64.exe
Demo64_32.exe
dkInteractive.exe
DyKnowLogSender.exe
DyKnowTest.exe
kyplu.exe
MonitorStateReader.exe
winProcess.exe

Here, kyplu.exe and amjbk.exe are the main DyKnow monitoring executable, but as the name is changed randomly each time it’s restarted, it will vary.

exit

Exit the DieKnow application and destroy all threads associated with it.

DieKnow API

DieKnow provides an API that is accessible at dieknow.py, which just calls the C++ functions.

About

DyKnow creates executables dynamically. Once you kill its process using Task Manager or the taskkill command, it restarts right back up every few seconds, but with a modified executable name. How it does this is unknown, but it likely uses Task Scheduler. My approach leverages the Windows win32 API, specifically the TerminateProcess function, to repeatedly close DyKnow.

A ctypes precompiled C++ binary is located in api.dll, which is accessed by main.py to call the C++ functions. C++ is used as it lowers the CPU usage of DieKnow compared to Python. The DLL file is over 3 MBs because it is statically built (with use of the -static g++ option), allowing easy distribution of it and without having to manage all the dependencies, such as <windows>.

Using a command such as taskkill will result in an error: Access is Denied.

I was able to program this bypass not because I'm smart, but because the people who programmed DyKnow weren't or thought the students were stupid or both.