2012-03-11 01:55:25 +00:00
/*
* Rufus : The Reliable USB Formatting Utility
2012-11-08 01:20:48 +00:00
* Networking functionality ( web file download , check for update , etc . )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
* Copyright © 2012 - 2019 Pete Batard < pete @ akeo . ie >
2012-03-11 01:55:25 +00:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
/* Memory leaks detection - define _CRTDBG_MAP_ALLOC as preprocessor macro */
# ifdef _CRTDBG_MAP_ALLOC
# include <stdlib.h>
# include <crtdbg.h>
# endif
# include <windows.h>
2012-11-08 01:20:48 +00:00
# include <wininet.h>
2012-03-11 01:55:25 +00:00
# include <stdio.h>
2012-11-08 01:20:48 +00:00
# include <malloc.h>
2012-03-11 01:55:25 +00:00
# include <string.h>
2012-11-08 01:20:48 +00:00
# include <inttypes.h>
2018-06-29 17:19:05 +00:00
# include <assert.h>
2012-03-11 01:55:25 +00:00
# include "rufus.h"
2016-02-24 16:10:54 +00:00
# include "missing.h"
2012-03-11 01:55:25 +00:00
# include "resource.h"
2016-02-20 22:52:32 +00:00
# include "msapi_utf8.h"
2013-10-15 21:58:27 +00:00
# include "localization.h"
2019-03-23 13:59:20 +00:00
# include "bled/bled.h"
2012-11-08 01:20:48 +00:00
2016-02-20 22:52:32 +00:00
# include "settings.h"
2012-11-08 01:20:48 +00:00
/* Maximum download chunk size, in bytes */
2020-02-23 16:29:16 +00:00
# define DOWNLOAD_BUFFER_SIZE (10*KB)
2012-11-08 01:20:48 +00:00
/* Default delay between update checks (1 day) */
# define DEFAULT_UPDATE_INTERVAL (24*3600)
2014-08-05 23:57:32 +00:00
DWORD DownloadStatus ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
BYTE * fido_script = NULL ;
2019-04-01 15:37:43 +00:00
HANDLE update_check_thread = NULL ;
2014-08-05 23:57:32 +00:00
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
extern loc_cmd * selected_locale ;
extern HANDLE dialog_handle ;
2019-04-01 15:37:43 +00:00
extern BOOL is_x86_32 , close_fido_cookie_prompts ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
static DWORD error_code , fido_len = 0 ;
2012-12-09 20:36:29 +00:00
static BOOL force_update_check = FALSE ;
2020-05-30 18:35:49 +00:00
static const char * request_headers = " Accept-Encoding: gzip, deflate " ;
2012-11-08 01:20:48 +00:00
2012-03-11 01:55:25 +00:00
/*
2012-11-08 01:20:48 +00:00
* FormatMessage does not handle internet errors
2018-07-24 13:07:08 +00:00
* https : //docs.microsoft.com/en-us/windows/desktop/wininet/wininet-errors
2012-03-11 01:55:25 +00:00
*/
2012-11-08 01:20:48 +00:00
const char * WinInetErrorString ( void )
2012-03-11 01:55:25 +00:00
{
2012-11-08 01:20:48 +00:00
static char error_string [ 256 ] ;
DWORD size = sizeof ( error_string ) ;
2018-06-05 12:02:28 +00:00
PF_TYPE_DECL ( WINAPI , BOOL , InternetGetLastResponseInfoA , ( LPDWORD , LPSTR , LPDWORD ) ) ;
PF_INIT ( InternetGetLastResponseInfoA , WinInet ) ;
2012-03-11 01:55:25 +00:00
2013-11-30 17:39:38 +00:00
error_code = HRESULT_CODE ( GetLastError ( ) ) ;
2012-03-11 01:55:25 +00:00
2012-11-08 01:20:48 +00:00
if ( ( error_code < INTERNET_ERROR_BASE ) | | ( error_code > INTERNET_ERROR_LAST ) )
2012-03-11 01:55:25 +00:00
return WindowsErrorString ( ) ;
switch ( error_code ) {
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_OUT_OF_HANDLES :
2012-03-11 01:55:25 +00:00
return " No more handles could be generated at this time. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_TIMEOUT :
2012-03-11 01:55:25 +00:00
return " The request has timed out. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_INTERNAL_ERROR :
2012-03-11 01:55:25 +00:00
return " An internal error has occurred. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_INVALID_URL :
2012-03-11 01:55:25 +00:00
return " The URL is invalid. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_UNRECOGNIZED_SCHEME :
2012-03-11 01:55:25 +00:00
return " The URL scheme could not be recognized or is not supported. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_NAME_NOT_RESOLVED :
2012-03-11 01:55:25 +00:00
return " The server name could not be resolved. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_PROTOCOL_NOT_FOUND :
return " The requested protocol could not be located. " ;
case ERROR_INTERNET_INVALID_OPTION :
return " A request specified an invalid option value. " ;
case ERROR_INTERNET_BAD_OPTION_LENGTH :
return " The length of an option supplied is incorrect for the type of option specified. " ;
case ERROR_INTERNET_OPTION_NOT_SETTABLE :
2012-03-11 01:55:25 +00:00
return " The request option cannot be set, only queried. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_SHUTDOWN :
return " The Win32 Internet function support is being shut down or unloaded. " ;
case ERROR_INTERNET_INCORRECT_USER_NAME :
return " The request to connect and log on to an FTP server could not be completed because the supplied user name is incorrect. " ;
case ERROR_INTERNET_INCORRECT_PASSWORD :
return " The request to connect and log on to an FTP server could not be completed because the supplied password is incorrect. " ;
case ERROR_INTERNET_LOGIN_FAILURE :
return " The request to connect to and log on to an FTP server failed. " ;
case ERROR_INTERNET_INVALID_OPERATION :
return " The requested operation is invalid. " ;
case ERROR_INTERNET_OPERATION_CANCELLED :
2014-05-20 18:28:46 +00:00
return " The operation was cancelled, usually because the handle on which the request was operating was closed before the operation completed. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_INCORRECT_HANDLE_TYPE :
2012-03-11 01:55:25 +00:00
return " The type of handle supplied is incorrect for this operation. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_INCORRECT_HANDLE_STATE :
2012-03-11 01:55:25 +00:00
return " The requested operation cannot be carried out because the handle supplied is not in the correct state. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_NOT_PROXY_REQUEST :
return " The request cannot be made via a proxy. " ;
case ERROR_INTERNET_REGISTRY_VALUE_NOT_FOUND :
return " A required registry value could not be located. " ;
case ERROR_INTERNET_BAD_REGISTRY_PARAMETER :
return " A required registry value was located but is an incorrect type or has an invalid value. " ;
case ERROR_INTERNET_NO_DIRECT_ACCESS :
return " Direct network access cannot be made at this time. " ;
case ERROR_INTERNET_NO_CONTEXT :
return " An asynchronous request could not be made because a zero context value was supplied. " ;
case ERROR_INTERNET_NO_CALLBACK :
return " An asynchronous request could not be made because a callback function has not been set. " ;
case ERROR_INTERNET_REQUEST_PENDING :
return " The required operation could not be completed because one or more requests are pending. " ;
case ERROR_INTERNET_INCORRECT_FORMAT :
return " The format of the request is invalid. " ;
case ERROR_INTERNET_ITEM_NOT_FOUND :
return " The requested item could not be located. " ;
case ERROR_INTERNET_CANNOT_CONNECT :
2012-03-11 01:55:25 +00:00
return " The attempt to connect to the server failed. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_CONNECTION_ABORTED :
2012-03-11 01:55:25 +00:00
return " The connection with the server has been terminated. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_CONNECTION_RESET :
return " The connection with the server has been reset. " ;
case ERROR_INTERNET_FORCE_RETRY :
return " Calls for the Win32 Internet function to redo the request. " ;
case ERROR_INTERNET_INVALID_PROXY_REQUEST :
return " The request to the proxy was invalid. " ;
case ERROR_INTERNET_HANDLE_EXISTS :
return " The request failed because the handle already exists. " ;
2018-07-24 13:07:08 +00:00
case ERROR_INTERNET_SEC_INVALID_CERT :
return " The SSL certificate is invalid. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_SEC_CERT_DATE_INVALID :
return " SSL certificate date that was received from the server is bad. The certificate is expired. " ;
case ERROR_INTERNET_SEC_CERT_CN_INVALID :
2012-03-11 01:55:25 +00:00
return " SSL certificate common name (host name field) is incorrect. " ;
2018-07-24 13:07:08 +00:00
case ERROR_INTERNET_SEC_CERT_ERRORS :
return " The SSL certificate contains errors. " ;
case ERROR_INTERNET_SEC_CERT_NO_REV :
return " The SSL certificate was not revoked. " ;
case ERROR_INTERNET_SEC_CERT_REV_FAILED :
return " The revocation check of the SSL certificate failed. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_HTTP_TO_HTTPS_ON_REDIR :
return " The application is moving from a non-SSL to an SSL connection because of a redirect. " ;
case ERROR_INTERNET_HTTPS_TO_HTTP_ON_REDIR :
return " The application is moving from an SSL to an non-SSL connection because of a redirect. " ;
case ERROR_INTERNET_MIXED_SECURITY :
return " Some of the content being viewed may have come from unsecured servers. " ;
case ERROR_INTERNET_CHG_POST_IS_NON_SECURE :
return " The application is posting and attempting to change multiple lines of text on a server that is not secure. " ;
case ERROR_INTERNET_POST_IS_NON_SECURE :
return " The application is posting data to a server that is not secure. " ;
case ERROR_FTP_TRANSFER_IN_PROGRESS :
return " The requested operation cannot be made on the FTP session handle because an operation is already in progress. " ;
case ERROR_FTP_DROPPED :
return " The FTP operation was not completed because the session was aborted. " ;
case ERROR_GOPHER_PROTOCOL_ERROR :
case ERROR_GOPHER_NOT_FILE :
case ERROR_GOPHER_DATA_ERROR :
case ERROR_GOPHER_END_OF_DATA :
case ERROR_GOPHER_INVALID_LOCATOR :
case ERROR_GOPHER_INCORRECT_LOCATOR_TYPE :
case ERROR_GOPHER_NOT_GOPHER_PLUS :
case ERROR_GOPHER_ATTRIBUTE_NOT_FOUND :
case ERROR_GOPHER_UNKNOWN_LOCATOR :
2013-02-01 22:59:46 +00:00
return " Gopher? Really??? What is this, 1994? " ;
2012-11-08 01:20:48 +00:00
case ERROR_HTTP_HEADER_NOT_FOUND :
return " The requested header could not be located. " ;
case ERROR_HTTP_DOWNLEVEL_SERVER :
return " The server did not return any headers. " ;
case ERROR_HTTP_INVALID_SERVER_RESPONSE :
return " The server response could not be parsed. " ;
case ERROR_HTTP_INVALID_HEADER :
return " The supplied header is invalid. " ;
case ERROR_HTTP_INVALID_QUERY_REQUEST :
return " The request made to HttpQueryInfo is invalid. " ;
case ERROR_HTTP_HEADER_ALREADY_EXISTS :
return " The header could not be added because it already exists. " ;
case ERROR_HTTP_REDIRECT_FAILED :
return " The redirection failed because either the scheme changed or all attempts made to redirect failed. " ;
2017-07-20 16:42:53 +00:00
case ERROR_INTERNET_SECURITY_CHANNEL_ERROR :
return " This system's SSL library is too old to be able to access this website. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED :
2012-03-11 01:55:25 +00:00
return " Client Authentication certificate needed " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_BAD_AUTO_PROXY_SCRIPT :
2012-03-11 01:55:25 +00:00
return " Bad auto proxy script. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_UNABLE_TO_DOWNLOAD_SCRIPT :
2012-03-11 01:55:25 +00:00
return " Unable to download script. " ;
2012-11-08 01:20:48 +00:00
case ERROR_INTERNET_NOT_INITIALIZED :
return " Internet has not be initialized. " ;
case ERROR_INTERNET_UNABLE_TO_CACHE_FILE :
return " Unable to cache the file. " ;
case ERROR_INTERNET_TCPIP_NOT_INSTALLED :
return " TPC/IP not installed. " ;
case ERROR_INTERNET_DISCONNECTED :
return " Internet is disconnected. " ;
case ERROR_INTERNET_SERVER_UNREACHABLE :
return " Server could not be reached. " ;
case ERROR_INTERNET_PROXY_SERVER_UNREACHABLE :
return " Proxy server could not be reached. " ;
case ERROR_INTERNET_FAILED_DUETOSECURITYCHECK :
return " A security check prevented internet connection. " ;
case ERROR_INTERNET_NEED_MSN_SSPI_PKG :
return " This connection requires an MSN Security Support Provider Interface package. " ;
case ERROR_INTERNET_LOGIN_FAILURE_DISPLAY_ENTITY_BODY :
return " Please ask Microsoft about that one! " ;
case ERROR_INTERNET_EXTENDED_ERROR :
2018-06-05 12:02:28 +00:00
if ( pfInternetGetLastResponseInfoA ! = NULL ) {
pfInternetGetLastResponseInfoA ( & error_code , error_string , & size ) ;
return error_string ;
}
// fall through
2012-03-11 01:55:25 +00:00
default :
2017-08-10 18:43:04 +00:00
static_sprintf ( error_string , " Unknown internet error 0x%08lX " , error_code ) ;
2012-11-08 01:20:48 +00:00
return error_string ;
2012-03-11 01:55:25 +00:00
}
}
2019-03-07 16:29:43 +00:00
static char * GetShortName ( const char * url )
{
static char short_name [ 128 ] ;
char * p ;
size_t i , len = safe_strlen ( url ) ;
if ( len < 5 )
return NULL ;
2019-03-12 14:20:19 +00:00
for ( i = len - 2 ; i > 0 ; i - - ) {
2019-03-07 16:29:43 +00:00
if ( url [ i ] = = ' / ' ) {
i + + ;
break ;
}
}
2020-04-10 16:59:12 +00:00
memset ( short_name , 0 , sizeof ( short_name ) ) ;
2019-03-07 16:29:43 +00:00
static_strcpy ( short_name , & url [ i ] ) ;
// If the URL is followed by a query, remove that part
// Make sure we detect escaped queries too
p = strstr ( short_name , " %3F " ) ;
if ( p ! = NULL )
* p = 0 ;
p = strstr ( short_name , " %3f " ) ;
if ( p ! = NULL )
* p = 0 ;
for ( i = 0 ; i < strlen ( short_name ) ; i + + ) {
if ( ( short_name [ i ] = = ' ? ' ) | | ( short_name [ i ] = = ' # ' ) ) {
short_name [ i ] = 0 ;
break ;
}
}
return short_name ;
}
2019-03-04 19:14:54 +00:00
// Open an Internet session
static HINTERNET GetInternetSession ( BOOL bRetry )
{
int i ;
char agent [ 64 ] ;
2020-05-30 18:35:49 +00:00
BOOL r , decodingSupport = TRUE ;
DWORD dwFlags , dwTimeout = NET_SESSION_TIMEOUT , dwProtocolSupport = HTTP_PROTOCOL_FLAG_HTTP2 ;
2019-03-04 19:14:54 +00:00
HINTERNET hSession = NULL ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetGetConnectedState , ( LPDWORD , DWORD ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , InternetOpenA , ( LPCSTR , DWORD , LPCSTR , LPCSTR , DWORD ) ) ;
2019-03-05 16:25:14 +00:00
PF_TYPE_DECL ( WINAPI , BOOL , InternetSetOptionA , ( HINTERNET , DWORD , LPVOID , DWORD ) ) ;
2019-03-04 19:14:54 +00:00
PF_INIT_OR_OUT ( InternetGetConnectedState , WinInet ) ;
PF_INIT_OR_OUT ( InternetOpenA , WinInet ) ;
2019-03-05 16:25:14 +00:00
PF_INIT_OR_OUT ( InternetSetOptionA , WinInet ) ;
2019-03-04 19:14:54 +00:00
for ( i = 0 ; i < = WRITE_RETRIES ; i + + ) {
r = pfInternetGetConnectedState ( & dwFlags , 0 ) ;
if ( r | | ! bRetry )
break ;
Sleep ( 1000 ) ;
}
if ( ! r ) {
// http://msdn.microsoft.com/en-us/library/windows/desktop/aa384702.aspx is wrong...
SetLastError ( ERROR_INTERNET_NOT_INITIALIZED ) ;
uprintf ( " Network is unavailable: %s " , WinInetErrorString ( ) ) ;
goto out ;
}
static_sprintf ( agent , APPLICATION_NAME " /%d.%d.%d (Windows NT %d.%d%s) " ,
rufus_version [ 0 ] , rufus_version [ 1 ] , rufus_version [ 2 ] ,
nWindowsVersion > > 4 , nWindowsVersion & 0x0F , is_x64 ( ) ? " ; WOW64 " : " " ) ;
hSession = pfInternetOpenA ( agent , INTERNET_OPEN_TYPE_PRECONFIG , NULL , NULL , 0 ) ;
2019-03-05 16:25:14 +00:00
// Set the timeouts
pfInternetSetOptionA ( hSession , INTERNET_OPTION_CONNECT_TIMEOUT , ( LPVOID ) & dwTimeout , sizeof ( dwTimeout ) ) ;
pfInternetSetOptionA ( hSession , INTERNET_OPTION_SEND_TIMEOUT , ( LPVOID ) & dwTimeout , sizeof ( dwTimeout ) ) ;
pfInternetSetOptionA ( hSession , INTERNET_OPTION_RECEIVE_TIMEOUT , ( LPVOID ) & dwTimeout , sizeof ( dwTimeout ) ) ;
2020-05-30 18:35:49 +00:00
// Enable gzip and deflate decoding schemes
pfInternetSetOptionA ( hSession , INTERNET_OPTION_HTTP_DECODING , ( LPVOID ) & decodingSupport , sizeof ( decodingSupport ) ) ;
// Enable HTTP/2 protocol support
pfInternetSetOptionA ( hSession , INTERNET_OPTION_ENABLE_HTTP_PROTOCOL , ( LPVOID ) & dwProtocolSupport , sizeof ( dwProtocolSupport ) ) ;
2019-03-04 19:14:54 +00:00
out :
return hSession ;
}
2015-10-18 20:31:47 +00:00
/*
2018-06-29 17:19:05 +00:00
* Download a file or fill a buffer from an URL
2012-11-08 01:20:48 +00:00
* Mostly taken from http : //support.microsoft.com/kb/234913
2018-06-29 17:19:05 +00:00
* If file is NULL , a buffer is allocated for the download ( that needs to be freed by the caller )
2012-12-06 01:40:44 +00:00
* If hProgressDialog is not NULL , this function will send INIT and EXIT messages
* to the dialog in question , with WPARAM being set to nonzero for EXIT on success
* and also attempt to indicate progress using an IDC_PROGRESS control
2019-03-12 14:20:19 +00:00
* Note that when a buffer is used , the actual size of the buffer is one more than its reported
* size ( with the extra byte set to 0 ) to accomodate for calls that need a NUL - terminated buffer .
2012-03-11 01:55:25 +00:00
*/
2019-03-12 14:20:19 +00:00
uint64_t DownloadToFileOrBuffer ( const char * url , const char * file , BYTE * * buffer , HWND hProgressDialog , BOOL bTaskBarProgress )
2012-03-11 01:55:25 +00:00
{
2014-03-14 23:08:49 +00:00
const char * accept_types [ ] = { " */* \0 " , NULL } ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
const char * short_name ;
2012-11-08 01:20:48 +00:00
unsigned char buf [ DOWNLOAD_BUFFER_SIZE ] ;
2019-03-04 19:14:54 +00:00
char hostname [ 64 ] , urlpath [ 128 ] , strsize [ 32 ] ;
BOOL r = FALSE ;
DWORD dwSize , dwWritten , dwDownloaded ;
HANDLE hFile = INVALID_HANDLE_VALUE ;
2012-11-08 01:20:48 +00:00
HINTERNET hSession = NULL , hConnection = NULL , hRequest = NULL ;
URL_COMPONENTSA UrlParts = { sizeof ( URL_COMPONENTSA ) , NULL , 1 , ( INTERNET_SCHEME ) 0 ,
hostname , sizeof ( hostname ) , 0 , NULL , 1 , urlpath , sizeof ( urlpath ) , NULL , 1 } ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
uint64_t size = 0 , total_size = 0 ;
2012-03-11 01:55:25 +00:00
2018-06-05 12:02:28 +00:00
// Can't link with wininet.lib because of sideloading issues
PF_TYPE_DECL ( WINAPI , BOOL , InternetCrackUrlA , ( LPCSTR , DWORD , DWORD , LPURL_COMPONENTSA ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , InternetConnectA , ( HINTERNET , LPCSTR , INTERNET_PORT , LPCSTR , LPCSTR , DWORD , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetReadFile , ( HINTERNET , LPVOID , DWORD , LPDWORD ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetCloseHandle , ( HINTERNET ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , HttpOpenRequestA , ( HINTERNET , LPCSTR , LPCSTR , LPCSTR , LPCSTR , LPCSTR * , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpSendRequestA , ( HINTERNET , LPCSTR , DWORD , LPVOID , DWORD ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpQueryInfoA , ( HINTERNET , DWORD , LPVOID , LPDWORD , LPDWORD ) ) ;
PF_INIT_OR_OUT ( InternetCrackUrlA , WinInet ) ;
PF_INIT_OR_OUT ( InternetConnectA , WinInet ) ;
PF_INIT_OR_OUT ( InternetReadFile , WinInet ) ;
PF_INIT_OR_OUT ( InternetCloseHandle , WinInet ) ;
PF_INIT_OR_OUT ( HttpOpenRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpSendRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpQueryInfoA , WinInet ) ;
2018-06-30 21:45:15 +00:00
FormatStatus = 0 ;
2018-06-29 17:19:05 +00:00
DownloadStatus = 404 ;
2019-08-20 17:06:07 +00:00
if ( hProgressDialog ! = NULL )
UpdateProgressWithInfoInit ( hProgressDialog , FALSE ) ;
2012-03-11 01:55:25 +00:00
2018-06-30 21:45:15 +00:00
assert ( url ! = NULL ) ;
2019-03-04 19:14:54 +00:00
if ( buffer ! = NULL )
* buffer = NULL ;
2015-08-10 22:19:57 +00:00
2018-06-29 17:19:05 +00:00
short_name = ( file ! = NULL ) ? PathFindFileNameU ( file ) : PathFindFileNameU ( url ) ;
2014-01-21 17:08:41 +00:00
2018-07-03 21:54:06 +00:00
if ( hProgressDialog ! = NULL ) {
2018-06-29 17:19:05 +00:00
PrintInfo ( 0 , MSG_085 , short_name ) ;
2018-07-03 21:54:06 +00:00
uprintf ( " Downloading %s " , url ) ;
}
2012-03-11 01:55:25 +00:00
2018-06-05 12:02:28 +00:00
if ( ( ! pfInternetCrackUrlA ( url , ( DWORD ) safe_strlen ( url ) , 0 , & UrlParts ) )
2014-05-09 21:05:25 +00:00
| | ( UrlParts . lpszHostName = = NULL ) | | ( UrlParts . lpszUrlPath = = NULL ) ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Unable to decode URL: %s " , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
2013-01-09 21:54:28 +00:00
hostname [ sizeof ( hostname ) - 1 ] = 0 ;
2012-03-11 01:55:25 +00:00
2019-03-04 19:14:54 +00:00
hSession = GetInternetSession ( TRUE ) ;
2012-11-08 01:20:48 +00:00
if ( hSession = = NULL ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Could not open Internet session: %s " , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
2018-06-05 12:02:28 +00:00
hConnection = pfInternetConnectA ( hSession , UrlParts . lpszHostName , UrlParts . nPort , NULL , NULL , INTERNET_SERVICE_HTTP , 0 , ( DWORD_PTR ) NULL ) ;
2012-11-08 01:20:48 +00:00
if ( hConnection = = NULL ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Could not connect to server %s:%d: %s " , UrlParts . lpszHostName , UrlParts . nPort , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
2018-06-05 12:02:28 +00:00
hRequest = pfHttpOpenRequestA ( hConnection , " GET " , UrlParts . lpszUrlPath , NULL , NULL , accept_types ,
2016-05-31 15:35:48 +00:00
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS |
INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI | INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_HYPERLINK |
( ( UrlParts . nScheme = = INTERNET_SCHEME_HTTPS ) ? INTERNET_FLAG_SECURE : 0 ) , ( DWORD_PTR ) NULL ) ;
2012-11-08 01:20:48 +00:00
if ( hRequest = = NULL ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Could not open URL %s: %s " , url , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
2020-05-30 18:35:49 +00:00
if ( ! pfHttpSendRequestA ( hRequest , request_headers , - 1L , NULL , 0 ) ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Unable to send request: %s " , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
2012-11-08 01:20:48 +00:00
// Get the file size
2014-08-05 23:57:32 +00:00
dwSize = sizeof ( DownloadStatus ) ;
2018-06-05 12:02:28 +00:00
pfHttpQueryInfoA ( hRequest , HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER , ( LPVOID ) & DownloadStatus , & dwSize , NULL ) ;
2014-08-05 23:57:32 +00:00
if ( DownloadStatus ! = 200 ) {
2012-11-08 01:20:48 +00:00
error_code = ERROR_INTERNET_ITEM_NOT_FOUND ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
SetLastError ( ERROR_SEVERITY_ERROR | FAC ( FACILITY_HTTP ) | error_code ) ;
2018-06-29 17:19:05 +00:00
uprintf ( " Unable to access file: %d " , DownloadStatus ) ;
2012-11-08 01:20:48 +00:00
goto out ;
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
dwSize = sizeof ( strsize ) ;
if ( ! pfHttpQueryInfoA ( hRequest , HTTP_QUERY_CONTENT_LENGTH , ( LPVOID ) strsize , & dwSize , NULL ) ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Unable to retrieve file length: %s " , WinInetErrorString ( ) ) ;
2012-03-11 01:55:25 +00:00
goto out ;
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
total_size = ( uint64_t ) atoll ( strsize ) ;
2019-03-07 16:29:43 +00:00
if ( hProgressDialog ! = NULL ) {
char msg [ 128 ] ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
uprintf ( " File length: %s " , SizeToHumanReadable ( total_size , FALSE , FALSE ) ) ;
2019-03-20 13:28:42 +00:00
if ( right_to_left_mode )
static_sprintf ( msg , " (%s) %s " , SizeToHumanReadable ( total_size , FALSE , FALSE ) , GetShortName ( url ) ) ;
else
static_sprintf ( msg , " %s (%s) " , GetShortName ( url ) , SizeToHumanReadable ( total_size , FALSE , FALSE ) ) ;
2019-03-07 16:29:43 +00:00
PrintStatus ( 0 , MSG_085 , msg ) ;
}
2012-03-11 01:55:25 +00:00
2018-06-29 17:19:05 +00:00
if ( file ! = NULL ) {
hFile = CreateFileU ( file , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ , NULL , CREATE_ALWAYS , FILE_ATTRIBUTE_NORMAL , NULL ) ;
if ( hFile = = INVALID_HANDLE_VALUE ) {
uprintf ( " Unable to create file '%s': %s " , short_name , WinInetErrorString ( ) ) ;
goto out ;
}
} else {
if ( buffer = = NULL ) {
uprintf ( " No buffer pointer provided for download " ) ;
goto out ;
}
2019-03-12 14:20:19 +00:00
// Allocate one extra byte, so that caller can rely on NUL-terminated text if needed
* buffer = calloc ( ( size_t ) total_size + 1 , 1 ) ;
2018-06-29 17:19:05 +00:00
if ( * buffer = = NULL ) {
uprintf ( " Could not allocate buffer for download " ) ;
goto out ;
}
2012-03-11 01:55:25 +00:00
}
// Keep checking for data until there is nothing left.
2012-11-08 01:20:48 +00:00
while ( 1 ) {
2018-06-30 21:45:15 +00:00
// User may have cancelled the download
2012-03-11 01:55:25 +00:00
if ( IS_ERROR ( FormatStatus ) )
goto out ;
2018-06-05 12:02:28 +00:00
if ( ! pfInternetReadFile ( hRequest , buf , sizeof ( buf ) , & dwDownloaded ) | | ( dwDownloaded = = 0 ) )
2012-03-11 01:55:25 +00:00
break ;
2019-08-20 17:06:07 +00:00
if ( hProgressDialog ! = NULL )
UpdateProgressWithInfo ( OP_NOOP , MSG_241 , size , total_size ) ;
2018-06-29 17:19:05 +00:00
if ( file ! = NULL ) {
if ( ! WriteFile ( hFile , buf , dwDownloaded , & dwWritten , NULL ) ) {
uprintf ( " Error writing file '%s': %s " , short_name , WinInetErrorString ( ) ) ;
goto out ;
} else if ( dwDownloaded ! = dwWritten ) {
uprintf ( " Error writing file '%s': Only %d/%d bytes written " , short_name , dwWritten , dwDownloaded ) ;
goto out ;
}
} else {
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
memcpy ( & ( * buffer ) [ size ] , buf , dwDownloaded ) ;
2012-03-11 01:55:25 +00:00
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
size + = dwDownloaded ;
2012-03-11 01:55:25 +00:00
}
2012-11-08 01:20:48 +00:00
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
if ( size ! = total_size ) {
uprintf ( " Could not download complete file - read: %lld bytes, expected: %lld bytes " , size , total_size ) ;
2012-11-08 01:20:48 +00:00
FormatStatus = ERROR_SEVERITY_ERROR | FAC ( FACILITY_STORAGE ) | ERROR_WRITE_FAULT ;
goto out ;
} else {
2018-06-30 21:45:15 +00:00
DownloadStatus = 200 ;
2012-11-08 01:20:48 +00:00
r = TRUE ;
2018-06-29 17:19:05 +00:00
if ( hProgressDialog ! = NULL ) {
2019-08-20 17:06:07 +00:00
UpdateProgressWithInfo ( OP_NOOP , MSG_241 , total_size , total_size ) ;
2018-07-03 21:54:06 +00:00
uprintf ( " Successfully downloaded '%s' " , short_name ) ;
2018-06-29 17:19:05 +00:00
}
2012-11-08 01:20:48 +00:00
}
2012-03-11 01:55:25 +00:00
out :
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
error_code = GetLastError ( ) ;
2018-05-13 09:36:23 +00:00
if ( hFile ! = INVALID_HANDLE_VALUE ) {
// Force a flush - May help with the PKI API trying to process downloaded updates too early...
FlushFileBuffers ( hFile ) ;
CloseHandle ( hFile ) ;
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
if ( ! r ) {
if ( file ! = NULL )
DeleteFileU ( file ) ;
if ( buffer ! = NULL )
safe_free ( * buffer ) ;
}
2018-06-05 12:02:28 +00:00
if ( hRequest )
pfInternetCloseHandle ( hRequest ) ;
if ( hConnection )
pfInternetCloseHandle ( hConnection ) ;
if ( hSession )
pfInternetCloseHandle ( hSession ) ;
2012-11-08 01:20:48 +00:00
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
SetLastError ( error_code ) ;
return r ? size : 0 ;
2012-11-08 01:20:48 +00:00
}
2018-06-29 17:19:05 +00:00
// Download and validate a signed file. The file must have a corresponding '.sig' on the server.
2018-06-30 21:45:15 +00:00
DWORD DownloadSignedFile ( const char * url , const char * file , HWND hProgressDialog , BOOL bPromptOnError )
2018-06-29 17:19:05 +00:00
{
char * url_sig = NULL ;
BYTE * buf = NULL , * sig = NULL ;
DWORD buf_len = 0 , sig_len = 0 ;
DWORD ret = 0 ;
HANDLE hFile = INVALID_HANDLE_VALUE ;
2018-06-30 21:45:15 +00:00
assert ( url ! = NULL ) ;
2018-06-29 17:19:05 +00:00
url_sig = malloc ( strlen ( url ) + 5 ) ;
if ( url_sig = = NULL ) {
uprintf ( " Could not allocate signature URL " ) ;
goto out ;
}
strcpy ( url_sig , url ) ;
strcat ( url_sig , " .sig " ) ;
2019-03-07 16:29:43 +00:00
buf_len = ( DWORD ) DownloadToFileOrBuffer ( url , NULL , & buf , hProgressDialog , FALSE ) ;
2018-06-29 17:19:05 +00:00
if ( buf_len = = 0 )
goto out ;
2019-03-07 16:29:43 +00:00
sig_len = ( DWORD ) DownloadToFileOrBuffer ( url_sig , NULL , & sig , NULL , FALSE ) ;
2018-06-29 17:19:05 +00:00
if ( ( sig_len ! = RSA_SIGNATURE_SIZE ) | | ( ! ValidateOpensslSignature ( buf , buf_len , sig , sig_len ) ) ) {
2018-07-03 21:54:06 +00:00
uprintf ( " FATAL: Download signature is invalid ✗ " ) ;
2018-06-29 17:19:05 +00:00
DownloadStatus = 403 ; // Forbidden
2018-06-30 21:45:15 +00:00
FormatStatus = ERROR_SEVERITY_ERROR | FAC ( FACILITY_STORAGE ) | APPERR ( ERROR_BAD_SIGNATURE ) ;
2019-03-12 14:20:19 +00:00
SendMessage ( GetDlgItem ( hProgressDialog , IDC_PROGRESS ) , PBM_SETSTATE , ( WPARAM ) PBST_ERROR , 0 ) ;
SetTaskbarProgressState ( TASKBAR_ERROR ) ;
2018-06-29 17:19:05 +00:00
goto out ;
}
2018-07-03 21:54:06 +00:00
uprintf ( " Download signature is valid ✓ " ) ;
2018-06-29 17:19:05 +00:00
DownloadStatus = 206 ; // Partial content
hFile = CreateFileU ( file , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ , NULL , CREATE_ALWAYS , FILE_ATTRIBUTE_NORMAL , NULL ) ;
if ( hFile = = INVALID_HANDLE_VALUE ) {
uprintf ( " Unable to create file '%s': %s " , PathFindFileNameU ( file ) , WinInetErrorString ( ) ) ;
goto out ;
}
if ( ! WriteFile ( hFile , buf , buf_len , & ret , NULL ) ) {
uprintf ( " Error writing file '%s': %s " , PathFindFileNameU ( file ) , WinInetErrorString ( ) ) ;
ret = 0 ;
goto out ;
} else if ( ret ! = buf_len ) {
uprintf ( " Error writing file '%s': Only %d/%d bytes written " , PathFindFileNameU ( file ) , ret , buf_len ) ;
ret = 0 ;
goto out ;
}
DownloadStatus = 200 ; // Full content
out :
2018-06-30 21:45:15 +00:00
if ( hProgressDialog ! = NULL )
SendMessage ( hProgressDialog , UM_PROGRESS_EXIT , ( WPARAM ) ret , 0 ) ;
if ( ( bPromptOnError ) & & ( DownloadStatus ! = 200 ) ) {
PrintInfo ( 0 , MSG_242 ) ;
SetLastError ( error_code ) ;
MessageBoxExU ( hMainDialog , IS_ERROR ( FormatStatus ) ? StrError ( FormatStatus , FALSE ) : WinInetErrorString ( ) ,
lmprintf ( MSG_044 ) , MB_OK | MB_ICONERROR | MB_IS_RTL , selected_langid ) ;
}
2018-06-29 17:19:05 +00:00
safe_closehandle ( hFile ) ;
free ( url_sig ) ;
free ( buf ) ;
free ( sig ) ;
return ret ;
}
2012-12-06 01:40:44 +00:00
/* Threaded download */
2018-06-30 21:45:15 +00:00
typedef struct {
const char * url ;
const char * file ;
HWND hProgressDialog ;
BOOL bPromptOnError ;
} DownloadSignedFileThreadArgs ;
static DWORD WINAPI DownloadSignedFileThread ( LPVOID param )
2012-11-08 01:20:48 +00:00
{
2018-06-30 21:45:15 +00:00
DownloadSignedFileThreadArgs * args = ( DownloadSignedFileThreadArgs * ) param ;
ExitThread ( DownloadSignedFile ( args - > url , args - > file , args - > hProgressDialog , args - > bPromptOnError ) ) ;
2012-12-06 01:40:44 +00:00
}
2018-06-30 21:45:15 +00:00
HANDLE DownloadSignedFileThreaded ( const char * url , const char * file , HWND hProgressDialog , BOOL bPromptOnError )
2012-12-06 01:40:44 +00:00
{
2018-06-30 21:45:15 +00:00
static DownloadSignedFileThreadArgs args ;
args . url = url ;
args . file = file ;
args . hProgressDialog = hProgressDialog ;
args . bPromptOnError = bPromptOnError ;
return CreateThread ( NULL , 0 , DownloadSignedFileThread , & args , 0 , NULL ) ;
2012-12-06 01:40:44 +00:00
}
2012-12-07 00:54:40 +00:00
static __inline uint64_t to_uint64_t ( uint16_t x [ 4 ] ) {
int i ;
uint64_t ret = 0 ;
2015-02-08 22:36:57 +00:00
for ( i = 0 ; i < 3 ; i + + )
2012-12-07 00:54:40 +00:00
ret = ( ret < < 16 ) + x [ i ] ;
return ret ;
}
2012-12-06 01:40:44 +00:00
/*
* Background thread to check for updates
*/
static DWORD WINAPI CheckForUpdatesThread ( LPVOID param )
{
2019-02-05 17:49:27 +00:00
BOOL releases_only = TRUE , found_new_version = FALSE ;
2012-12-16 00:29:37 +00:00
int status = 0 ;
2018-03-27 21:03:51 +00:00
const char * server_url = RUFUS_URL " / " ;
2016-02-03 17:41:27 +00:00
int i , j , k , max_channel , verbose = 0 , verpos [ 4 ] ;
2018-10-22 16:42:40 +00:00
static const char * archname [ ] = { " win_x86 " , " win_x64 " , " win_arm " , " win_arm64 " , " win_none " } ;
2016-02-03 17:41:27 +00:00
static const char * channel [ ] = { " release " , " beta " , " test " } ; // release channel
2013-07-08 20:28:44 +00:00
const char * accept_types [ ] = { " */* \0 " , NULL } ;
2012-11-08 01:20:48 +00:00
char * buf = NULL ;
2018-10-16 20:51:40 +00:00
char agent [ 64 ] , hostname [ 64 ] , urlpath [ 128 ] , sigpath [ 256 ] ;
2019-03-04 19:14:54 +00:00
DWORD dwSize , dwDownloaded , dwTotalSize , dwStatus ;
BYTE * sig = NULL ;
2012-11-22 01:52:33 +00:00
OSVERSIONINFOA os_version = { sizeof ( OSVERSIONINFOA ) , 0 , 0 , 0 , 0 , " " } ;
2012-11-08 01:20:48 +00:00
HINTERNET hSession = NULL , hConnection = NULL , hRequest = NULL ;
URL_COMPONENTSA UrlParts = { sizeof ( URL_COMPONENTSA ) , NULL , 1 , ( INTERNET_SCHEME ) 0 ,
hostname , sizeof ( hostname ) , 0 , NULL , 1 , urlpath , sizeof ( urlpath ) , NULL , 1 } ;
SYSTEMTIME ServerTime , LocalTime ;
FILETIME FileTime ;
2012-12-06 01:40:44 +00:00
int64_t local_time = 0 , reg_time , server_time , update_interval ;
2012-11-08 01:20:48 +00:00
2018-06-05 12:02:28 +00:00
// Can't link with wininet.lib because of sideloading issues
PF_TYPE_DECL ( WINAPI , BOOL , InternetCrackUrlA , ( LPCSTR , DWORD , DWORD , LPURL_COMPONENTSA ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , InternetConnectA , ( HINTERNET , LPCSTR , INTERNET_PORT , LPCSTR , LPCSTR , DWORD , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetReadFile , ( HINTERNET , LPVOID , DWORD , LPDWORD ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetCloseHandle , ( HINTERNET ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , HttpOpenRequestA , ( HINTERNET , LPCSTR , LPCSTR , LPCSTR , LPCSTR , LPCSTR * , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpSendRequestA , ( HINTERNET , LPCSTR , DWORD , LPVOID , DWORD ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpQueryInfoA , ( HINTERNET , DWORD , LPVOID , LPDWORD , LPDWORD ) ) ;
PF_INIT_OR_OUT ( InternetCrackUrlA , WinInet ) ;
PF_INIT_OR_OUT ( InternetConnectA , WinInet ) ;
PF_INIT_OR_OUT ( InternetReadFile , WinInet ) ;
PF_INIT_OR_OUT ( InternetCloseHandle , WinInet ) ;
PF_INIT_OR_OUT ( HttpOpenRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpSendRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpQueryInfoA , WinInet ) ;
2015-01-25 00:56:38 +00:00
verbose = ReadSetting32 ( SETTING_VERBOSE_UPDATES ) ;
2014-03-17 20:42:10 +00:00
// Without this the FileDialog will produce error 0x8001010E when compiled for Vista or later
IGNORE_RETVAL ( CoInitializeEx ( NULL , COINIT_APARTMENTTHREADED ) ) ;
2012-12-09 20:36:29 +00:00
// Unless the update was forced, wait a while before performing the update check
if ( ! force_update_check ) {
// It would of course be a lot nicer to use a timer and wake the thread, but my
// development time is limited and this is FASTER to implement.
2012-12-06 01:40:44 +00:00
do {
2012-12-09 20:36:29 +00:00
for ( i = 0 ; ( i < 30 ) & & ( ! force_update_check ) ; i + + )
Sleep ( 500 ) ;
2019-08-22 13:04:41 +00:00
} while ( ( ! force_update_check ) & & ( ( op_in_progress | | ( dialog_showing > 0 ) ) ) ) ;
2012-12-09 20:36:29 +00:00
if ( ! force_update_check ) {
2015-01-25 00:56:38 +00:00
if ( ( ReadSetting32 ( SETTING_UPDATE_INTERVAL ) = = - 1 ) ) {
2018-06-29 17:19:05 +00:00
vuprintf ( " Check for updates disabled, as per settings. " ) ;
2012-12-09 20:36:29 +00:00
goto out ;
}
2015-01-25 00:56:38 +00:00
reg_time = ReadSetting64 ( SETTING_LAST_UPDATE ) ;
update_interval = ( int64_t ) ReadSetting32 ( SETTING_UPDATE_INTERVAL ) ;
2012-12-09 20:36:29 +00:00
if ( update_interval = = 0 ) {
2015-01-25 00:56:38 +00:00
WriteSetting32 ( SETTING_UPDATE_INTERVAL , DEFAULT_UPDATE_INTERVAL ) ;
2012-12-09 20:36:29 +00:00
update_interval = DEFAULT_UPDATE_INTERVAL ;
}
GetSystemTime ( & LocalTime ) ;
if ( ! SystemTimeToFileTime ( & LocalTime , & FileTime ) )
goto out ;
local_time = ( ( ( ( int64_t ) FileTime . dwHighDateTime ) < < 32 ) + FileTime . dwLowDateTime ) / 10000000 ;
2018-06-29 17:19:05 +00:00
vvuprintf ( " Local time: % " PRId64 , local_time ) ;
2012-12-09 20:36:29 +00:00
if ( local_time < reg_time + update_interval ) {
2018-06-29 17:19:05 +00:00
vuprintf ( " Next update check in % " PRId64 " seconds. " , reg_time + update_interval - local_time ) ;
2012-12-09 20:36:29 +00:00
goto out ;
}
2012-12-06 01:40:44 +00:00
}
2012-11-08 01:20:48 +00:00
}
2015-01-01 23:39:28 +00:00
PrintInfoDebug ( 3000 , MSG_243 ) ;
2012-12-16 00:29:37 +00:00
status + + ; // 1
2012-11-08 01:20:48 +00:00
2012-11-22 01:52:33 +00:00
if ( ! GetVersionExA ( & os_version ) ) {
2018-06-29 17:19:05 +00:00
uprintf ( " Could not read Windows version - Check for updates cancelled. " ) ;
2012-12-04 01:47:45 +00:00
goto out ;
2012-11-22 01:52:33 +00:00
}
2019-03-04 19:14:54 +00:00
if ( ! pfInternetCrackUrlA ( server_url , ( DWORD ) safe_strlen ( server_url ) , 0 , & UrlParts ) )
2012-11-08 01:20:48 +00:00
goto out ;
2013-01-09 21:54:28 +00:00
hostname [ sizeof ( hostname ) - 1 ] = 0 ;
2012-11-08 01:20:48 +00:00
2017-08-10 18:43:04 +00:00
static_sprintf ( agent , APPLICATION_NAME " /%d.%d.%d (Windows NT %d.%d%s) " ,
2016-02-08 18:55:52 +00:00
rufus_version [ 0 ] , rufus_version [ 1 ] , rufus_version [ 2 ] ,
nWindowsVersion > > 4 , nWindowsVersion & 0x0F , is_x64 ( ) ? " ; WOW64 " : " " ) ;
2019-03-04 19:14:54 +00:00
hSession = GetInternetSession ( FALSE ) ;
2012-11-08 01:20:48 +00:00
if ( hSession = = NULL )
goto out ;
2018-06-05 12:02:28 +00:00
hConnection = pfInternetConnectA ( hSession , UrlParts . lpszHostName , UrlParts . nPort , NULL , NULL , INTERNET_SERVICE_HTTP , 0 , ( DWORD_PTR ) NULL ) ;
2012-11-08 01:20:48 +00:00
if ( hConnection = = NULL )
goto out ;
2012-03-11 01:55:25 +00:00
2012-12-16 00:29:37 +00:00
status + + ; // 2
2019-02-05 17:49:27 +00:00
// BETAs are only made available for x86_32
if ( is_x86_32 )
releases_only = ! ReadSettingBool ( SETTING_INCLUDE_BETAS ) ;
2012-12-07 00:54:40 +00:00
2016-02-03 17:41:27 +00:00
// Test releases get their own distribution channel (and also force beta checks)
# if defined(TEST)
max_channel = ( int ) ARRAYSIZE ( channel ) ;
# else
max_channel = releases_only ? 1 : ( int ) ARRAYSIZE ( channel ) - 1 ;
# endif
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
vuprintf ( " Using %s for the update check " , RUFUS_URL ) ;
2016-02-03 17:41:27 +00:00
for ( k = 0 ; ( k < max_channel ) & & ( ! found_new_version ) ; k + + ) {
2019-10-24 12:05:07 +00:00
// Free any previous buffers we might have used
safe_free ( buf ) ;
safe_free ( sig ) ;
2018-06-29 17:19:05 +00:00
uprintf ( " Checking %s channel... " , channel [ k ] ) ;
2012-12-07 00:54:40 +00:00
// At this stage we can query the server for various update version files.
// We first try to lookup for "<appname>_<os_arch>_<os_version_major>_<os_version_minor>.ver"
2018-10-22 16:42:40 +00:00
// and then remove each of the <os_> components until we find our match. For instance, we may first
2012-12-07 00:54:40 +00:00
// look for rufus_win_x64_6.2.ver (Win8 x64) but only get a match for rufus_win_x64_6.ver (Vista x64 or later)
// This allows sunsetting OS versions (eg XP) or providing different downloads for different archs/groups.
2017-08-10 18:43:04 +00:00
static_sprintf ( urlpath , " %s%s%s_%s_%lu.%lu.ver " , APPLICATION_NAME , ( k = = 0 ) ? " " : " _ " ,
2018-10-22 16:42:40 +00:00
( k = = 0 ) ? " " : channel [ k ] , archname [ GetCpuArch ( ) ] , os_version . dwMajorVersion , os_version . dwMinorVersion ) ;
2018-06-29 17:19:05 +00:00
vuprintf ( " Base update check: %s " , urlpath ) ;
2012-12-07 00:54:40 +00:00
for ( i = 0 , j = ( int ) safe_strlen ( urlpath ) - 5 ; ( j > 0 ) & & ( i < ARRAYSIZE ( verpos ) ) ; j - - ) {
if ( ( urlpath [ j ] = = ' . ' ) | | ( urlpath [ j ] = = ' _ ' ) ) {
verpos [ i + + ] = j ;
}
2012-11-22 01:52:33 +00:00
}
2018-06-29 17:19:05 +00:00
assert ( i = = ARRAYSIZE ( verpos ) ) ;
2012-11-22 01:52:33 +00:00
2012-12-07 00:54:40 +00:00
UrlParts . lpszUrlPath = urlpath ;
UrlParts . dwUrlPathLength = sizeof ( urlpath ) ;
for ( i = 0 ; i < ARRAYSIZE ( verpos ) ; i + + ) {
2018-06-29 17:19:05 +00:00
vvuprintf ( " Trying %s " , UrlParts . lpszUrlPath ) ;
2018-06-05 12:02:28 +00:00
hRequest = pfHttpOpenRequestA ( hConnection , " GET " , UrlParts . lpszUrlPath , NULL , NULL , accept_types ,
2016-05-31 15:35:48 +00:00
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS |
INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI | INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_HYPERLINK |
( ( UrlParts . nScheme = = INTERNET_SCHEME_HTTPS ) ? INTERNET_FLAG_SECURE : 0 ) , ( DWORD_PTR ) NULL ) ;
2020-05-30 18:35:49 +00:00
if ( ( hRequest = = NULL ) | | ( ! pfHttpSendRequestA ( hRequest , request_headers , - 1L , NULL , 0 ) ) ) {
2017-07-20 16:42:53 +00:00
uprintf ( " Unable to send request: %s " , WinInetErrorString ( ) ) ;
2012-12-07 00:54:40 +00:00
goto out ;
2017-07-20 16:42:53 +00:00
}
2012-12-07 00:54:40 +00:00
// Ensure that we get a text file
dwSize = sizeof ( dwStatus ) ;
dwStatus = 404 ;
2018-06-05 12:02:28 +00:00
pfHttpQueryInfoA ( hRequest , HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER , ( LPVOID ) & dwStatus , & dwSize , NULL ) ;
2015-10-18 20:31:47 +00:00
if ( dwStatus = = 200 )
2012-12-07 00:54:40 +00:00
break ;
2018-06-05 12:02:28 +00:00
pfInternetCloseHandle ( hRequest ) ;
2012-12-07 00:54:40 +00:00
hRequest = NULL ;
safe_strcpy ( & urlpath [ verpos [ i ] ] , 5 , " .ver " ) ;
2012-12-06 01:40:44 +00:00
}
2012-12-07 00:54:40 +00:00
if ( dwStatus ! = 200 ) {
vuprintf ( " Could not find a %s version file on server %s " , channel [ k ] , server_url ) ;
if ( ( releases_only ) | | ( k + 1 > = ARRAYSIZE ( channel ) ) )
goto out ;
continue ;
2012-12-06 01:40:44 +00:00
}
2013-06-06 22:40:37 +00:00
vuprintf ( " Found match for %s on server %s " , urlpath , server_url ) ;
2012-11-08 01:20:48 +00:00
2018-10-16 20:51:40 +00:00
// We also get a date from the web server, which we'll use to avoid out of sync check,
2012-12-07 00:54:40 +00:00
// in case some set their clock way into the future and back.
// On the other hand, if local clock is set way back in the past, we will never check.
dwSize = sizeof ( ServerTime ) ;
// If we can't get a date we can trust, don't bother...
2018-06-05 12:02:28 +00:00
if ( ( ! pfHttpQueryInfoA ( hRequest , HTTP_QUERY_DATE | HTTP_QUERY_FLAG_SYSTEMTIME , ( LPVOID ) & ServerTime , & dwSize , NULL ) )
2012-12-07 00:54:40 +00:00
| | ( ! SystemTimeToFileTime ( & ServerTime , & FileTime ) ) )
goto out ;
server_time = ( ( ( ( int64_t ) FileTime . dwHighDateTime ) < < 32 ) + FileTime . dwLowDateTime ) / 10000000 ;
2018-06-29 17:19:05 +00:00
vvuprintf ( " Server time: % " PRId64 , server_time ) ;
2012-12-07 00:54:40 +00:00
// Always store the server response time - the only clock we trust!
2015-01-25 00:56:38 +00:00
WriteSetting64 ( SETTING_LAST_UPDATE , server_time ) ;
2012-12-07 00:54:40 +00:00
// Might as well let the user know
2012-12-09 20:36:29 +00:00
if ( ! force_update_check ) {
2013-06-06 22:40:37 +00:00
if ( ( local_time > server_time + 600 ) | | ( local_time < server_time - 600 ) ) {
2015-10-18 20:31:47 +00:00
uprintf ( " IMPORTANT: Your local clock is more than 10 minutes in the %s. Unless you fix this, " APPLICATION_NAME " may not be able to check for updates... " ,
2013-06-06 22:40:37 +00:00
( local_time > server_time + 600 ) ? " future " : " past " ) ;
2012-12-07 00:54:40 +00:00
}
}
dwSize = sizeof ( dwTotalSize ) ;
2018-06-05 12:02:28 +00:00
if ( ! pfHttpQueryInfoA ( hRequest , HTTP_QUERY_CONTENT_LENGTH | HTTP_QUERY_FLAG_NUMBER , ( LPVOID ) & dwTotalSize , & dwSize , NULL ) )
2012-12-07 00:54:40 +00:00
goto out ;
// Make sure the file is NUL terminated
buf = ( char * ) calloc ( dwTotalSize + 1 , 1 ) ;
2018-06-29 17:19:05 +00:00
if ( buf = = NULL )
goto out ;
2012-12-07 00:54:40 +00:00
// This is a version file - we should be able to gulp it down in one go
2018-06-05 12:02:28 +00:00
if ( ! pfInternetReadFile ( hRequest , buf , dwTotalSize , & dwDownloaded ) | | ( dwDownloaded ! = dwTotalSize ) )
2012-12-07 00:54:40 +00:00
goto out ;
2018-06-29 17:19:05 +00:00
vuprintf ( " Successfully downloaded version file (%d bytes) " , dwTotalSize ) ;
2012-12-07 00:54:40 +00:00
2018-06-29 17:19:05 +00:00
// Now download the signature file
static_sprintf ( sigpath , " %s/%s.sig " , server_url , urlpath ) ;
2019-03-07 16:29:43 +00:00
dwDownloaded = ( DWORD ) DownloadToFileOrBuffer ( sigpath , NULL , & sig , NULL , FALSE ) ;
2018-06-29 17:19:05 +00:00
if ( ( dwDownloaded ! = RSA_SIGNATURE_SIZE ) | | ( ! ValidateOpensslSignature ( buf , dwTotalSize , sig , dwDownloaded ) ) ) {
2019-03-04 19:14:54 +00:00
uprintf ( " FATAL: Version signature is invalid ✗ " ) ;
2018-06-29 17:19:05 +00:00
goto out ;
}
2019-03-04 19:14:54 +00:00
vuprintf ( " Version signature is valid ✓ " ) ;
2012-11-08 01:20:48 +00:00
2018-06-29 17:19:05 +00:00
status + + ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
parse_update ( buf , dwTotalSize + 1 ) ;
2012-11-12 01:53:34 +00:00
2018-06-29 17:19:05 +00:00
vuprintf ( " UPDATE DATA: " ) ;
vuprintf ( " version: %d.%d.%d (%s) " , update . version [ 0 ] , update . version [ 1 ] , update . version [ 2 ] , channel [ k ] ) ;
vuprintf ( " platform_min: %d.%d " , update . platform_min [ 0 ] , update . platform_min [ 1 ] ) ;
vuprintf ( " url: %s " , update . download_url ) ;
2012-12-07 00:54:40 +00:00
2013-10-22 21:46:59 +00:00
found_new_version = ( ( to_uint64_t ( update . version ) > to_uint64_t ( rufus_version ) ) | | ( force_update ) )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
& & ( ( os_version . dwMajorVersion > update . platform_min [ 0 ] )
| | ( ( os_version . dwMajorVersion = = update . platform_min [ 0 ] ) & & ( os_version . dwMinorVersion > = update . platform_min [ 1 ] ) ) ) ;
uprintf ( " N%sew %s version found%c " , found_new_version ? " " : " o n " , channel [ k ] , found_new_version ? ' ! ' : ' . ' ) ;
2012-12-07 00:54:40 +00:00
}
2012-11-08 01:20:48 +00:00
out :
safe_free ( buf ) ;
2018-06-29 17:19:05 +00:00
safe_free ( sig ) ;
2018-06-05 12:02:28 +00:00
if ( hRequest )
pfInternetCloseHandle ( hRequest ) ;
if ( hConnection )
pfInternetCloseHandle ( hConnection ) ;
if ( hSession )
pfInternetCloseHandle ( hSession ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
switch ( status ) {
2012-12-16 00:29:37 +00:00
case 1 :
2015-01-01 23:39:28 +00:00
PrintInfoDebug ( 3000 , MSG_244 ) ;
2012-12-16 00:29:37 +00:00
break ;
case 2 :
2015-01-01 23:39:28 +00:00
PrintInfoDebug ( 3000 , MSG_245 ) ;
2012-12-16 00:29:37 +00:00
break ;
case 3 :
2013-01-18 01:39:24 +00:00
case 4 :
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
PrintInfo ( 3000 , found_new_version ? MSG_246 : MSG_247 ) ;
2012-12-16 00:29:37 +00:00
default :
break ;
}
2012-12-07 00:54:40 +00:00
// Start the new download after cleanup
if ( found_new_version ) {
// User may have started an operation while we were checking
2019-08-22 13:04:41 +00:00
while ( ( ! force_update_check ) & & ( op_in_progress | | ( dialog_showing > 0 ) ) ) {
2012-12-09 20:36:29 +00:00
Sleep ( 15000 ) ;
2012-12-07 00:54:40 +00:00
}
DownloadNewVersion ( ) ;
2015-03-09 02:49:11 +00:00
} else if ( force_update_check ) {
PostMessage ( hMainDialog , UM_NO_UPDATE , 0 , 0 ) ;
2012-12-07 00:54:40 +00:00
}
2012-12-09 20:36:29 +00:00
force_update_check = FALSE ;
2019-04-01 15:37:43 +00:00
update_check_thread = NULL ;
2012-11-22 01:52:33 +00:00
ExitThread ( 0 ) ;
}
2012-12-06 01:40:44 +00:00
/*
* Initiate a check for updates . If force is true , ignore the wait period
*/
BOOL CheckForUpdates ( BOOL force )
2012-11-22 01:52:33 +00:00
{
2012-12-09 20:36:29 +00:00
force_update_check = force ;
2019-04-01 15:37:43 +00:00
if ( update_check_thread ! = NULL )
2012-12-06 01:40:44 +00:00
return FALSE ;
2019-04-01 15:37:43 +00:00
update_check_thread = CreateThread ( NULL , 0 , CheckForUpdatesThread , NULL , 0 , NULL ) ;
if ( update_check_thread = = NULL ) {
2013-06-06 22:40:37 +00:00
uprintf ( " Unable to start update check thread " ) ;
2012-12-04 01:47:45 +00:00
return FALSE ;
2012-11-22 01:52:33 +00:00
}
return TRUE ;
2012-03-11 01:55:25 +00:00
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
/*
* Download an ISO through Fido
*/
static DWORD WINAPI DownloadISOThread ( LPVOID param )
{
2019-03-15 10:57:17 +00:00
char locale_str [ 1024 ] , cmdline [ sizeof ( locale_str ) + 512 ] , pipe [ MAX_GUID_STRING_LENGTH + 16 ] = " \\ \\ . \\ pipe \\ " ;
2020-04-10 12:16:57 +00:00
char powershell_path [ MAX_PATH ] , icon_path [ MAX_PATH ] = { 0 } , script_path [ MAX_PATH ] = { 0 } ;
2019-03-07 16:29:43 +00:00
char * url = NULL , sig_url [ 128 ] ;
2019-03-23 13:59:20 +00:00
uint64_t uncompressed_size ;
int64_t size = - 1 ;
BYTE * compressed = NULL , * sig = NULL ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
HANDLE hFile , hPipe ;
2019-03-23 13:59:20 +00:00
DWORD dwExitCode = 99 , dwCompressedSize , dwSize , dwAvail , dwPipeSize = 4096 ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
GUID guid ;
2019-03-23 13:59:20 +00:00
dialog_showing + + ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
IGNORE_RETVAL ( CoInitializeEx ( NULL , COINIT_APARTMENTTHREADED ) ) ;
// Use a GUID as random unique string, else ill-intentioned security "researchers"
// may either spam our pipe or replace our script to fool antivirus solutions into
// thinking that Rufus is doing something malicious...
2019-03-12 14:20:19 +00:00
IGNORE_RETVAL ( CoCreateGuid ( & guid ) ) ;
2019-03-15 10:57:17 +00:00
// coverity[fixed_size_dest]
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
strcpy ( & pipe [ 9 ] , GuidToString ( & guid ) ) ;
static_sprintf ( icon_path , " %s%s.ico " , temp_dir , APPLICATION_NAME ) ;
ExtractAppIcon ( icon_path , TRUE ) ;
2019-03-04 11:57:33 +00:00
//#define FORCE_URL "https://github.com/pbatard/rufus/raw/master/res/loc/test/windows_to_go.iso"
2019-03-07 16:29:43 +00:00
//#define FORCE_URL "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso"
2019-03-04 11:57:33 +00:00
# if !defined(FORCE_URL)
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
# if defined(RUFUS_TEST)
2019-05-03 22:51:05 +00:00
IGNORE_RETVAL ( hFile ) ;
IGNORE_RETVAL ( sig_url ) ;
IGNORE_RETVAL ( dwCompressedSize ) ;
IGNORE_RETVAL ( uncompressed_size ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
// In test mode, just use our local script
static_strcpy ( script_path , " D: \\ Projects \\ Fido \\ Fido.ps1 " ) ;
# else
// If we don't have the script, download it
2019-03-12 14:20:19 +00:00
if ( fido_script = = NULL ) {
2019-03-23 13:59:20 +00:00
dwCompressedSize = ( DWORD ) DownloadToFileOrBuffer ( fido_url , NULL , & compressed , hMainDialog , FALSE ) ;
if ( dwCompressedSize = = 0 )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
2019-03-04 19:14:54 +00:00
static_sprintf ( sig_url , " %s.sig " , fido_url ) ;
2019-03-07 16:29:43 +00:00
dwSize = ( DWORD ) DownloadToFileOrBuffer ( sig_url , NULL , & sig , NULL , FALSE ) ;
2019-03-23 13:59:20 +00:00
if ( ( dwSize ! = RSA_SIGNATURE_SIZE ) | | ( ! ValidateOpensslSignature ( compressed , dwCompressedSize , sig , dwSize ) ) ) {
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
uprintf ( " FATAL: Signature is invalid ✗ " ) ;
2019-03-12 14:20:19 +00:00
FormatStatus = ERROR_SEVERITY_ERROR | FAC ( FACILITY_STORAGE ) | APPERR ( ERROR_BAD_SIGNATURE ) ;
SendMessage ( hProgress , PBM_SETSTATE , ( WPARAM ) PBST_ERROR , 0 ) ;
SetTaskbarProgressState ( TASKBAR_ERROR ) ;
2019-03-23 13:59:20 +00:00
safe_free ( compressed ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
free ( sig ) ;
goto out ;
}
free ( sig ) ;
uprintf ( " Signature is valid ✓ " ) ;
2019-03-23 13:59:20 +00:00
uncompressed_size = * ( ( uint64_t * ) & compressed [ 5 ] ) ;
2020-06-10 19:00:47 +00:00
if ( ( uncompressed_size < 1 * MB ) & & ( bled_init ( _uprintf , NULL , NULL , NULL , NULL , & FormatStatus ) > = 0 ) ) {
2019-03-23 13:59:20 +00:00
fido_script = malloc ( ( size_t ) uncompressed_size ) ;
size = bled_uncompress_from_buffer_to_buffer ( compressed , dwCompressedSize , fido_script , ( size_t ) uncompressed_size , BLED_COMPRESSION_LZMA ) ;
bled_exit ( ) ;
}
safe_free ( compressed ) ;
if ( size ! = uncompressed_size ) {
uprintf ( " FATAL: Could not uncompressed download script " ) ;
safe_free ( fido_script ) ;
FormatStatus = ERROR_SEVERITY_ERROR | FAC ( FACILITY_STORAGE ) | ERROR_INVALID_DATA ;
SendMessage ( hProgress , PBM_SETSTATE , ( WPARAM ) PBST_ERROR , 0 ) ;
SetTaskbarProgressState ( TASKBAR_ERROR ) ;
goto out ;
}
fido_len = ( DWORD ) size ;
2019-03-04 11:57:33 +00:00
SendMessage ( hProgress , PBM_SETSTATE , ( WPARAM ) PBST_NORMAL , 0 ) ;
SetTaskbarProgressState ( TASKBAR_NORMAL ) ;
SetTaskbarProgressValue ( 0 , MAX_PROGRESS ) ;
SendMessage ( hProgress , PBM_SETPOS , 0 , 0 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
}
2019-03-12 14:20:19 +00:00
PrintInfo ( 0 , MSG_148 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
assert ( ( fido_script ! = NULL ) & & ( fido_len ! = 0 ) ) ;
static_sprintf ( script_path , " %s%s.ps1 " , temp_dir , GuidToString ( & guid ) ) ;
2019-03-27 12:21:41 +00:00
hFile = CreateFileU ( script_path , GENERIC_WRITE , FILE_SHARE_READ , NULL , CREATE_ALWAYS , FILE_ATTRIBUTE_READONLY , NULL ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
if ( hFile = = INVALID_HANDLE_VALUE ) {
uprintf ( " Unable to create download script '%s': %s " , script_path , WindowsErrorString ( ) ) ;
goto out ;
}
if ( ( ! WriteFile ( hFile , fido_script , fido_len , & dwSize , NULL ) ) | | ( dwSize ! = fido_len ) ) {
uprintf ( " Unable to write download script '%s': %s " , script_path , WindowsErrorString ( ) ) ;
goto out ;
}
2019-03-27 12:21:41 +00:00
// Why oh why does PowerShell refuse to open read-only files that haven't been closed?
// Because of this limitation, we can't use LockFileEx() on the file we create...
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
safe_closehandle ( hFile ) ;
# endif
static_sprintf ( powershell_path , " %s \\ WindowsPowerShell \\ v1.0 \\ powershell.exe " , system_dir ) ;
2019-03-12 14:20:19 +00:00
static_sprintf ( locale_str , " %s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s " ,
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
selected_locale - > txt [ 0 ] , lmprintf ( MSG_135 ) , lmprintf ( MSG_136 ) , lmprintf ( MSG_137 ) ,
2019-03-12 14:20:19 +00:00
lmprintf ( MSG_138 ) , lmprintf ( MSG_139 ) , lmprintf ( MSG_040 ) , lmprintf ( MSG_140 ) , lmprintf ( MSG_141 ) ,
lmprintf ( MSG_006 ) , lmprintf ( MSG_007 ) , lmprintf ( MSG_042 ) , lmprintf ( MSG_142 ) , lmprintf ( MSG_143 ) ,
lmprintf ( MSG_144 ) , lmprintf ( MSG_145 ) , lmprintf ( MSG_146 ) ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
hPipe = CreateNamedPipeA ( pipe , PIPE_ACCESS_INBOUND ,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT , PIPE_UNLIMITED_INSTANCES ,
dwPipeSize , dwPipeSize , 0 , NULL ) ;
if ( hPipe = = INVALID_HANDLE_VALUE ) {
uprintf ( " Could not create pipe '%s': %s " , pipe , WindowsErrorString ) ;
2019-03-27 12:21:41 +00:00
goto out ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
}
2019-06-05 16:00:21 +00:00
static_sprintf ( cmdline , " \" %s \" -NonInteractive -Sta -NoProfile – ExecutionPolicy Bypass "
" -File \" %s \" -DisableFirstRunCustomize -PipeName %s -LocData \" %s \" -Icon \" %s \" -AppTitle \" %s \" " ,
2019-03-12 14:20:19 +00:00
powershell_path , script_path , & pipe [ 9 ] , locale_str , icon_path , lmprintf ( MSG_149 ) ) ;
// Signal our Windows alert hook that it should close the IE cookie prompts from Fido
2019-03-05 12:41:10 +00:00
close_fido_cookie_prompts = TRUE ;
2019-03-14 18:53:08 +00:00
dwExitCode = RunCommand ( cmdline , app_dir , TRUE ) ;
uprintf ( " Exited download script with code: %d " , dwExitCode ) ;
2019-03-05 12:41:10 +00:00
close_fido_cookie_prompts = FALSE ;
2019-03-14 18:53:08 +00:00
if ( ( dwExitCode = = 0 ) & & PeekNamedPipe ( hPipe , NULL , dwPipeSize , NULL , & dwAvail , NULL ) & & ( dwAvail ! = 0 ) ) {
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
url = malloc ( dwAvail + 1 ) ;
2020-10-27 10:12:24 +00:00
dwSize = 0 ;
2019-03-04 11:57:33 +00:00
if ( ( url ! = NULL ) & & ReadFile ( hPipe , url , dwAvail , & dwSize , NULL ) & & ( dwSize > 4 ) ) {
# else
{ { url = strdup ( FORCE_URL ) ;
dwSize = ( DWORD ) strlen ( FORCE_URL ) ;
# endif
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
IMG_SAVE img_save = { 0 } ;
2020-10-27 10:12:24 +00:00
// WTF is wrong with Microsoft's static analyzer reporting a potential buffer overflow here?!?
# if defined(_MSC_VER)
# pragma warning(disable: 6386)
# endif
url [ min ( dwSize , dwAvail ) ] = 0 ;
# if defined(_MSC_VER)
# pragma warning(default: 6386)
# endif
2019-03-07 16:29:43 +00:00
EXT_DECL ( img_ext , GetShortName ( url ) , __VA_GROUP__ ( " *.iso " ) , __VA_GROUP__ ( lmprintf ( MSG_036 ) ) ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
img_save . Type = IMG_SAVE_TYPE_ISO ;
img_save . ImagePath = FileDialog ( TRUE , NULL , & img_ext , 0 ) ;
if ( img_save . ImagePath = = NULL ) {
goto out ;
}
// Download the ISO and report errors if any
2019-03-07 16:29:43 +00:00
SendMessage ( hMainDialog , UM_PROGRESS_INIT , 0 , 0 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
FormatStatus = 0 ;
2019-03-04 11:57:33 +00:00
SendMessage ( hMainDialog , UM_TIMER_START , 0 , 0 ) ;
2019-03-07 16:29:43 +00:00
if ( DownloadToFileOrBuffer ( url , img_save . ImagePath , NULL , hMainDialog , TRUE ) = = 0 ) {
SendMessage ( hMainDialog , UM_PROGRESS_EXIT , 0 , 0 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
if ( SCODE_CODE ( FormatStatus ) = = ERROR_CANCELLED ) {
uprintf ( " Download cancelled by user " ) ;
Notification ( MSG_INFO , NULL , NULL , lmprintf ( MSG_211 ) , lmprintf ( MSG_041 ) ) ;
2019-03-07 16:29:43 +00:00
PrintInfo ( 0 , MSG_211 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
} else {
2019-03-07 16:29:43 +00:00
Notification ( MSG_ERROR , NULL , NULL , lmprintf ( MSG_194 , GetShortName ( url ) ) , lmprintf ( MSG_043 , WinInetErrorString ( ) ) ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
PrintInfo ( 0 , MSG_212 ) ;
}
2019-03-07 16:29:43 +00:00
} else {
// Download was successful => Select and scan the ISO
image_path = safe_strdup ( img_save . ImagePath ) ;
PostMessage ( hMainDialog , UM_SELECT_ISO , 0 , 0 ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
}
safe_free ( img_save . ImagePath ) ;
}
}
out :
if ( icon_path [ 0 ] ! = 0 )
DeleteFileU ( icon_path ) ;
# if !defined(RUFUS_TEST)
2019-03-27 12:21:41 +00:00
if ( script_path [ 0 ] ! = 0 ) {
SetFileAttributesU ( script_path , FILE_ATTRIBUTE_NORMAL ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
DeleteFileU ( script_path ) ;
2019-03-27 12:21:41 +00:00
}
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
# endif
free ( url ) ;
SendMessage ( hMainDialog , UM_ENABLE_CONTROLS , 0 , 0 ) ;
2019-03-23 13:59:20 +00:00
dialog_showing - - ;
2019-03-14 18:53:08 +00:00
ExitThread ( dwExitCode ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
}
BOOL DownloadISO ( )
{
if ( CreateThread ( NULL , 0 , DownloadISOThread , NULL , 0 , NULL ) = = NULL ) {
uprintf ( " Unable to start Windows ISO download thread " ) ;
FormatStatus = ERROR_SEVERITY_ERROR | FAC ( FACILITY_STORAGE ) | APPERR ( ERROR_CANT_START_THREAD ) ;
SendMessage ( hMainDialog , UM_ENABLE_CONTROLS , 0 , 0 ) ;
return FALSE ;
}
return TRUE ;
}
2019-03-04 19:14:54 +00:00
BOOL IsDownloadable ( const char * url )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
{
2019-03-04 19:14:54 +00:00
DWORD dwSize , dwTotalSize = 0 ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
const char * accept_types [ ] = { " */* \0 " , NULL } ;
2019-03-04 19:14:54 +00:00
char hostname [ 64 ] , urlpath [ 128 ] ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
HINTERNET hSession = NULL , hConnection = NULL , hRequest = NULL ;
URL_COMPONENTSA UrlParts = { sizeof ( URL_COMPONENTSA ) , NULL , 1 , ( INTERNET_SCHEME ) 0 ,
hostname , sizeof ( hostname ) , 0 , NULL , 1 , urlpath , sizeof ( urlpath ) , NULL , 1 } ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetCrackUrlA , ( LPCSTR , DWORD , DWORD , LPURL_COMPONENTSA ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , InternetConnectA , ( HINTERNET , LPCSTR , INTERNET_PORT , LPCSTR , LPCSTR , DWORD , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , InternetCloseHandle , ( HINTERNET ) ) ;
PF_TYPE_DECL ( WINAPI , HINTERNET , HttpOpenRequestA , ( HINTERNET , LPCSTR , LPCSTR , LPCSTR , LPCSTR , LPCSTR * , DWORD , DWORD_PTR ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpSendRequestA , ( HINTERNET , LPCSTR , DWORD , LPVOID , DWORD ) ) ;
PF_TYPE_DECL ( WINAPI , BOOL , HttpQueryInfoA , ( HINTERNET , DWORD , LPVOID , LPDWORD , LPDWORD ) ) ;
PF_INIT_OR_OUT ( InternetCrackUrlA , WinInet ) ;
PF_INIT_OR_OUT ( InternetConnectA , WinInet ) ;
PF_INIT_OR_OUT ( InternetCloseHandle , WinInet ) ;
PF_INIT_OR_OUT ( HttpOpenRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpSendRequestA , WinInet ) ;
PF_INIT_OR_OUT ( HttpQueryInfoA , WinInet ) ;
2019-03-04 19:14:54 +00:00
if ( url = = NULL )
return FALSE ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
FormatStatus = 0 ;
DownloadStatus = 404 ;
if ( ( ! pfInternetCrackUrlA ( url , ( DWORD ) safe_strlen ( url ) , 0 , & UrlParts ) )
2019-03-04 19:14:54 +00:00
| | ( UrlParts . lpszHostName = = NULL ) | | ( UrlParts . lpszUrlPath = = NULL ) )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
hostname [ sizeof ( hostname ) - 1 ] = 0 ;
// Open an Internet session
2019-03-04 19:14:54 +00:00
hSession = GetInternetSession ( FALSE ) ;
if ( hSession = = NULL )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
hConnection = pfInternetConnectA ( hSession , UrlParts . lpszHostName , UrlParts . nPort , NULL , NULL , INTERNET_SERVICE_HTTP , 0 , ( DWORD_PTR ) NULL ) ;
2019-03-04 19:14:54 +00:00
if ( hConnection = = NULL )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
hRequest = pfHttpOpenRequestA ( hConnection , " GET " , UrlParts . lpszUrlPath , NULL , NULL , accept_types ,
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS |
INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI | INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_HYPERLINK |
( ( UrlParts . nScheme = = INTERNET_SCHEME_HTTPS ) ? INTERNET_FLAG_SECURE : 0 ) , ( DWORD_PTR ) NULL ) ;
2019-03-04 19:14:54 +00:00
if ( hRequest = = NULL )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
2020-05-30 18:35:49 +00:00
if ( ! pfHttpSendRequestA ( hRequest , request_headers , - 1L , NULL , 0 ) )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
// Get the file size
dwSize = sizeof ( DownloadStatus ) ;
pfHttpQueryInfoA ( hRequest , HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER , ( LPVOID ) & DownloadStatus , & dwSize , NULL ) ;
2019-03-04 19:14:54 +00:00
if ( DownloadStatus ! = 200 )
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
goto out ;
dwSize = sizeof ( dwTotalSize ) ;
2019-03-04 19:14:54 +00:00
pfHttpQueryInfoA ( hRequest , HTTP_QUERY_CONTENT_LENGTH | HTTP_QUERY_FLAG_NUMBER , ( LPVOID ) & dwTotalSize , & dwSize , NULL ) ;
[net] add Windows retail ISO downloads
* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
2019-03-02 23:28:56 +00:00
out :
if ( hRequest )
pfInternetCloseHandle ( hRequest ) ;
if ( hConnection )
pfInternetCloseHandle ( hConnection ) ;
if ( hSession )
pfInternetCloseHandle ( hSession ) ;
return ( dwTotalSize > 0 ) ;
}