-
Notifications
You must be signed in to change notification settings - Fork 3
UWP Targets
UWP Targets are, in general, less friendly to RemoteNET's interception.
This is intended behaviour as part of Microsoft's attempt to limit applications to only do certains things in the system.
Anyway, You'd need the following guides to work with a UWP app.
You'd also need enough permissions to uninstall the app then re-install it after modifying it bit.
Plus, you'd need Administartor permissions to run CheckNetIsolation.exe.
This will allow the injected DLL to launch a console so you can see debug messages.
-
Navigate to
C:\Program Files\WindowsApps. -
Locate your game/app folder.
-
Copy the entire folder to a location of your choice (e.g.,
C:\ModifiedGame\).If access is denied:
- Right-click
WindowsApps→ Properties → Security → Advanced. - Change the owner to your user account.
- Grant yourself full control.
- Right-click
- Open the copied game/app folder.
- Locate and delete
AppxSignature.p7x.
- Use the "Add or remove programs" settings page.
-
Open PowerShell as Administrator.
-
Enter the following command:
Add-AppxPackage -Register -Path
-
Drag and drop the
AppxManifest.xmlfile from the copied folder into the PowerShell window. -
Press Enter to execute the command.
Note: Ensure Developer Mode is enabled in Windows settings to allow the installation of unsigned UWP apps.
You might also want to throw the following networking capabilities in there for good luck:
(Add within the existin <Capabilities> tag)
<Capability Name="internetClient" />
<Capability Name="internetClientServer" />
<Capability Name="privateNetworkClientServer" />
Allow the app to connect (via a loopback adapter) to the Lifeboat proxy. Run in CMD (as admin):
> CheckNetIsolation.exe LoopbackExempt -a -n=<Package Family Name (See Below!)>
Make sure that it worked with this command.
> CheckNetIsolation.exe LoopbackExempt -s
List Loopback Exempted AppContainers
[1] -----------------------------------------------------------------
Name: <Package Family Name you entered. Should NOT be "AppContainer NOT FOUND">
SID: S-1-15-2-< ... rest of the SID ... >
OK.
If you don't know your target's "Package Family Name" use this powershell command (as admin):
PS > Get-AppxPackage
That'll print a long list of all installed apps.
You can combine it with a filter, check if the name contains some substring like this:
PS > Get-AppxPackage | Where-Object { $_.Name -like '*Your-Sub-String*'}
Within the results you should see a line for "PackageFamilyName". The value is the one you need to enter for CheckNetIsolation.exe.
Even after doing everything mentioned above, our UWP target still can't run a TCP listener (or a HTTP server).
Yet outgoing TCP connection are not allowed.
RemoteNET is built so the injected Diver is accepting HTTP requests and sends back responses.
To overcome this limitation, we're employing a a "reverse TCP connection".
To keep the RemoteNET client code simple, it is not running the server in this case. We're using a secondary process called Lifeboat.
Lifeboat is esentially a 2-way TCP listener. It accepts connection requests from both the injected Diver (in the target app) and RemoteNET.