Use ICMP instead of HTTP for testing the connection

packages/fakenet-ng.vm/fakenet-ng.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
   <metadata>
     <id>fakenet-ng.vm</id>
-    <version>3.3.0.20250117</version>
+    <version>3.3.0.20250128</version>
     <description>FakeNet-NG is a dynamic network analysis tool.</description>
     <authors>Mandiant</authors>
     <dependencies>

packages/fakenet-ng.vm/tools/chocolateyinstall.ps1

@@ -37,8 +37,8 @@ try {
 
   # Replace `default.ini` with our modified one that includes change for 'internet_detector'.
   # IMPORTANT: Keep our modified `default.ini` in-sync on updates to package.
-  $fakenetConfigDir = Get-ChildItem "C:\Tools\fakenet\*\configs"
-  Copy-Item "$packageToolDir\default.ini" -Destination $fakenetConfigDir
+  # Do not remove the version in the path to avoid replacing the config file of another version.
+  Copy-Item "$packageToolDir\default.ini" -Destination "$Env:RAW_TOOLS_DIR\fakenet\fakenet3.3\configs"
 
   # Create shortcut in Desktop to FakeNet tool directory
   $desktopShortcut  = Join-Path ${Env:UserProfile} "Desktop\fakenet_logs.lnk"

packages/fakenet-ng.vm/tools/default.ini

@@ -116,9 +116,12 @@ DefaultUDPListener:    ProxyUDPListener
 BlackListPortsTCP: 139
 BlackListPortsUDP: 67, 68, 137, 138, 443, 1900, 5355
 
+# Specify ICMP IDs to be ignored when diverting the packets.
+# BlackListIDsICMP: 1234
+
 # Specify processes to ignore when diverting traffic. Windows example used
 # here.
-ProcessBlackList: internet_detector.exe
+# ProcessBlackList: java.exe
 
 # Specify processes to consider when diverting traffic (others will be
 # ignored). Linux examples used here.

packages/internet_detector.vm/internet_detector.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>internet_detector.vm</id>
-    <version>1.0.0.20241217</version>
+    <version>1.0.0.20250128</version>
     <authors>Elliot Chernofsky and Ana Martinez Gomez</authors>
     <description>Tool that changes the background and a taskbar icon if it detects internet connectivity</description>
     <dependencies>

packages/internet_detector.vm/tools/chocolateyinstall.ps1

@@ -5,17 +5,33 @@ $toolName = 'internet_detector'
 $category = 'Networking'
 $packageToolDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
 
+# Modify fakenet's configuration to ignore the internet detector traffic
+$fakenetConfig = "$Env:RAW_TOOLS_DIR\fakenet\fakenet3.3\configs\default.ini"
+VM-Assert-Path $fakenetConfig
+
+$IcmpID = Get-Random -Maximum 0x10000
+$config = Get-Content -Path $fakenetConfig
+$config = $config -replace '^.*BlackListIDsICMP.*$', "BlackListIDsICMP: $IcmpID"
+Set-Content -Path $fakenetConfig -Value $config -Encoding UTF8 -Force
+
 # Create tool directory
 $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName
 New-Item -Path $toolDir -ItemType Directory -Force -ea 0
 VM-Assert-Path $toolDir
 
 # Install pyinstaller 6.11.1 (needed to build the Python executable with a version capable of executing in admin cmd) and tool dependencies ('pywin32')
-$dependencies = "pyinstaller==6.11.1,pywin32"
+$dependencies = "pyinstaller==6.11.1,pywin32==308,icmplib==3.0.4"
 VM-Pip-Install $dependencies
 
+# Set the ICMP ID at the tool script
+$scriptPath = "$packageToolDir\internet_detector.pyw"
+$tempScript = Join-Path ${Env:TEMP} "temp_$([guid]::NewGuid())"
+$script = Get-Content -Path $scriptPath
+$script = $script -replace '^ICMP_ID.*$', "ICMP_ID = $IcmpID"
+Set-Content -Path $tempScript -Value $script -Encoding UTF8 -Force
+
 # This wrapper is needed because PyInstaller emits an error when running as admin and this mitigates the issue.
-Start-Process -FilePath 'cmd.exe' -WorkingDirectory $toolDir -ArgumentList "/c pyinstaller --onefile -w --log-level FATAL --distpath $toolDir --workpath $packageToolDir --specpath $packageToolDir $packageToolDir\internet_detector.pyw" -Wait
+Start-Process -FilePath 'cmd.exe' -WorkingDirectory "$toolDir" -ArgumentList "/c pyinstaller --onefile -w --log-level FATAL --distpath `"$toolDir`" --workpath `"$packageToolDir`" --specpath `"$packageToolDir`" `"$tempScript`"" -Wait
 
 # Move images to %VM_COMMON_DIR% directory
 $imagesPath = Join-Path $packageToolDir "images"

packages/internet_detector.vm/tools/chocolateyuninstall.ps1

@@ -6,3 +6,8 @@ $category = 'Utilities'
 
 VM-Uninstall $toolName $category
 Unregister-ScheduledTask -TaskName 'Internet Detector' -Confirm:$false
+
+$fakenetConfig = "$Env:RAW_TOOLS_DIR\fakenet\fakenet3.3\configs\default.ini"
+$config = Get-Content -Path $fakenetConfig
+$config = $config -replace '^.*BlackListIDsICMP.*$', "# BlackListIDsICMP: 1234"
+Set-Content -Path $fakenetConfig -Value $config -Encoding UTF8 -Force

packages/internet_detector.vm/tools/internet_detector.pyw

@@ -1,4 +1,4 @@
-# This tool checks if internet connectivity exists by reaching out to specific websites and checking if they return expected values and
+# This tool checks if internet connectivity exists by pinging some of the well-known public DNS servers
 # display the current state via changes to the background, theme, and icon in the taskbar.
 #   * It works even with a tool like FakeNet running (provided it uses the default configuration)
 # If internet is detected, the tool:
@@ -20,8 +20,7 @@ import winerror
 import winreg
 
 import threading
-import requests
-import urllib3
+import icmplib
 import signal
 import ctypes
 import time
@@ -30,12 +29,20 @@ import re
 
 # Define constants
 CHECK_INTERVAL = 2  # Seconds
-CONNECT_TEST_URL_AND_RESPONSES = {
-    "https://www.msftconnecttest.com/connecttest.txt": "Microsoft Connect Test",  # HTTPS Test #1
-    "http://www.google.com": "Google",  # HTTP Test
-    "https://www.wikipedia.com": "Wikipedia",  # HTTPS Test #2
-    "https://www.youtube.com": "YouTube",  # HTTPS Test #3
-}
+
+# - ICMP is a faster and a more-efficient way for checking the connection
+#   as it has a minimal fingerprint of 2 packets (echo/reply) per request.
+# - IP addresses are used instead of well-known websites or domains so
+#   no DNS resolution is needed.
+# - The used IP addresses are some of the largest public DNS servers to
+#   ensure zero or minimal downtime.
+ICMP_ID = 1234
+TEST_IPS = [
+    "8.8.8.8",  # Google
+    "8.8.4.4",  # Google
+    "1.1.1.1",  # Cloudflare
+    "1.0.0.1"   # Cloudflare
+]
 SPI_SETDESKWALLPAPER = 20
 SPIF_UPDATEINIFILE = 0x01
 SPIF_SENDWININICHANGE = 0x02
@@ -306,12 +313,12 @@ def extract_title(data):
         return None
 
 def check_internet():
-    for url, expected_response in CONNECT_TEST_URL_AND_RESPONSES.items():
+    for ip_address in TEST_IPS:
         try:
             # Perform internet connectivity tests
-            response = requests.get(url, timeout=5, verify=False)
-            if expected_response in (extract_title(response.text) or response.text):
-                print(f"Internet connectivity detected via URL: {url}")
+            ip_host = icmplib.ping(ip_address, 1, id=ICMP_ID)
+            if ip_host.is_alive:
+                print(f"Internet connectivity detected via IP: {ip_address}")
                 return True
         except:
             pass
@@ -468,7 +475,6 @@ def main_loop():
 
 if __name__ == "__main__":
     signal.signal(signal.SIGINT, signal_handler)
-    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
     default_transparency = get_transparency_effects()
 
     # Try to load default settings from the registry

scripts/utils/update_package.py

@@ -39,9 +39,9 @@ def get_latest_version(org, project, version):
     latest_version = response.json()["tag_name"]
     # version excludes `v` from the capturing group in the regex in update_github_url therefore latest_version_match mustn't include `v` if the version starts with `v`. Otherwise the github URL would replace the version without the `v` with the github version tag with the `v` which will result in the wrong URL such as: https://github.com/jstrosch/sclauncher/releases/download/vv0.0.6/sclauncher.exe
     if latest_version.startswith('v'):
-    	return latest_version[1:]
+        return latest_version[1:]
     else:
-    	return latest_version
+        return latest_version
 
 
 # Get url response's content hash (SHA256)