PDA

View Full Version : [Bypass] Windows 10 Restrictions (Templates,CongestionProvider) etc.



st1cky
04-17-21, 06:52 PM
I found a way to change the CongestionProvider and the Template and other Settings listed in TCP Stack. :eek:

My approach was simple, I Reversed the settings of Windows 10 Server and applied them to Windows 10 Pro, with success.

Normally you can change Settings with these commands, on some Windows 10 Builds(1607,1703,1709,1803,1809,1903,1909..) it will fail.

Example:


Powershell:
Set-NetTCPSetting -SettingName Internet -CongestionProvider CUBIC

Netsh:
netsh int tcp set supplemental Template=Internet CongestionProvider=CUBIC
netsh int tcp set supplemental Template=(Name)

Powershell Error Example:
https://i.ibb.co/7jZZfvX/ERROR-MESSAGE.png

Netsh Error Example:
https://i.ibb.co/CzGr0g9/ERROR-MESSAGE2.png

CongestionProvider is regulated in this way via netsh.
https://i.ibb.co/j5v4gww/2.png

st1cky
04-17-21, 07:04 PM
AutomaticUseCustom:

AutomaticUseCustom = Disabled
HKLM\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\28\0200 Data: B8 0B 00 00 01 00 00 00 00 00 00 00 00 00 00 00
HKLM\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\28\1700 Data: B8 0B 00 00 01 00 00 00 00 00 00 00 00 00 00 00

AutomaticUseCustom = Enabled
HKLM\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\28\0200 Data: B8 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\System\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\28\1700 Data: B8 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00

NetworkDirectDisable:

HKLM\System\CurrentControlSet\Services\NDIS\Parameters\NetworkDirectDisable -> 1

NetworkDirectAcrossIPSubnets (Allowed)

HKLM\System\CurrentControlSet\Services\NDIS\Parameters\NetworkDirectGlobalFlags -> 1
NetworkDirectAcrossIPSubnets (Blocked)

HKLM\System\CurrentControlSet\Services\NDIS\Parameters\NetworkDirectGlobalFlags -> 0

Complete overview:
https://i.ibb.co/prZsCvk/1.png


Be aware that not all parameters can be changed.

If you see LEDBAT has been removed from the Netsh context and is only available via Powershell.
I have not yet tried to force settings via wmi.

Still, I think it might be useful. :)

st1cky
04-17-21, 07:19 PM
Template is regulated in this way via netsh.

https://i.ibb.co/ncY7yvn/3.png



;;Internet 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:00,00,00,00,ff,ff,ff,ff

;;DataCenter 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:01,00,00,00,ff,ff,ff,ff

;;Compat 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:02,00,00,00,ff,ff,ff,ff

;;Custom 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:03,00,00,00,ff,ff,ff,ff

;;InternetCustom 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:04,00,00,00,ff,ff,ff,ff

;;Automatic 7 ( Removed? )
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:07,00,00,00,ff,ff,ff,ff

Philip
04-18-21, 09:53 AM
Very interesting, thanks for sharing! This should be very useful for some Windows Home Builds. My current machine is: Windows 10 Pro version 20H2 Build 19042.928, so I can modify most settings via netsh/PowerShell cmdlets, but here are my keys.

In Windows 10 Pro I only have the "00000000" and "04000000" templates it seems.. Hmm. If I change the CongestionProvider via netsh (netsh int tcp set supplemental template=internet congestionprovider=ctcp), then only the "00000000" binary value changes, not the "04000000".

My HKLM.../27 key seems to be completely empty by the way ([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27])

So, for reference, I tried changing the CongestionProvider with other templates (using netsh), and changing the CongestionProvider of the "InternetCustom" template changes the registry value ...\26"04000000".

With the default CUBIC/Automatic congestion provider


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\26]
"00000000"=hex:00,00,00,00,00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00



With CTCP (set via netsh, using: netsh int tcp set supplemental template=internet congestionprovider=ctcp)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\26]
"00000000"=hex:00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00


If the congestion provider binary value is set via the Registry Editor, reboot shows the new setting in PowerShell (using Get-NetTCPSetting -SettingName Internet)

So this seems to work great for setting congestion control provider at least, should be very useful if it works with older Windows 10 Home builds that don't allow modifying it using netsh or PowerShell.

st1cky
04-18-21, 10:39 PM
I think [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27] will only be created when using Netsh, since all these Parameters are from netsh.
Powershell uses WMI Context to change stuff.
"00000000" -> ;;Internet
"04000000" -> ;;InternetCustom

This key must be set before hand and the PC must be restarted in order to use the InternetCustom template. InternetCustom Template should then be used.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\27]
"06000000"=hex:04,00,00,00,ff,ff,ff,ff

What is even stranger is that there is no custom template in Powershell but in Netsh.
Why it might be good to change the template, because the Delayack & DelayFreq are set lower, I haven't found a way to change these 2 parameters yet. Even changing it manually via the registry does not work (Only on Server).

:)

st1cky
04-18-21, 10:54 PM
Registry-Files:
https://drive.google.com/file/d/1-okD9Zov1V64jpPiM15rsjAIPDJBAyxb/view?usp=sharing

Philip
04-19-21, 08:13 AM
I do have both Internet, and InternetCustom templates (along with: Automatic, Compat, Datacenter, DatacenterCustom) in Windows 10 Pro when listing them with PowerShell.
Trying to change CongestionProvider in PowerShell gives a "Read Only" error, so I use netsh to change the congestion provider (but not the template), and it was changing those "00000000" and "04000000" values in the "..\26" key, as in:

netsh int tcp set supplemental template=internetcustom congestionprovider=cubic



In Windows 8, there was a way to change the CongestionProvider to CTCP in the following key ("...\0" instead of "...\26"):



Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\0]
"0200"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"1700"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00


I don't remember exactly which pair, but likely the "02" is the congestion algorithm. This key also exists in Windows 10, not sure if/when it is used.