VMWare Stealth Setup

From PokerAI

This article (originally contributed by Folder on WinHoldEm and LabOne forums) describes how to install stealth setup using VMWare.

Prerequsites

• A version of Windows XP/2000 (prefereably a lite one)
• VMware Workstation (Note: the free VMWare version is slow and laggy; so you need to use the full version (Cough))

Bellow are the steps that you need to do.

Initial Setup

1. Install VMware software [1]
2. Create a new machine (Use for example standard 8GB Hard Disk size, 128 MB RAM per machine; do not split the disks up in 2 GB files).
3. Mount the Windows version (double click the CD-romdrive of the new virtual machine and choose to mount the image you want or put a Windows disk in your drive.)
4. Turn on the VMWare virtual machine. It will recognize the (mounted) Windows and start the installation. Install Windows like you would normally do it.
5. Log in as Administrator
6. Right-click on the VMware machine tab and locate the 'Install VMware tools' button
7. Install the VMWare tools (don't need to alter anything)
8. Reboot
9. Log in as Administrator
10. Create a Manager account with pass, admin user
11. Create a Ninja account with pass, restricted user
12. Restart machine
13. Login to the Ninja account
14. Logout the Ninja account (you needed to activate it so a folder is created).
15. Restart using safe mode (F8 on startup)
16. Login as Administrator

Setup of Safe Folder

"Safe folder" is a folder that is not going to be accessible by the Casino Software.

1. Go to the folder C:\Documents and Settings\Ninja and create a "Safe folder"
2. Select "properties" for the folder, select the security tab, add "ninja" to the access list, and grant "ninja" full control.
3. Remove all other users/groups from the access list. This will effectively shut out the entire world. There should be exactly one account in the access list and that account should be "<host>/ninja"
4. Uncheck/Unselect "Allow inheritable permissions from parent to propagate to this object". The reason for this is that you want this folder and it's permissions to be the root node for all children below it. If you dont do this then permissions defined for the parent above your root folder will filter down to your folder and the children in your folder and you dont want that.
5. Note that you cannot give ownership of objects in NTFS. You can only "take" ownership with the account you're currently using. you will take ownership of the folder later when you login to the "ninja" account.
6. Logout of the Administrator account
7. Login to your "ninja" account
8. Go to a folder, select Tools -> Folder options, select View tab.
9. Uncheck 'Hide extensions for known file types'
10. Scroll down all the way and uncheck 'use simple filesharing'
11. Select the properties for your "safe" folder and verify that "ninja" is the only account in the access list.
12. Click the advanced button and goto the owner tab and select the "ninja" account and check "Replace owner ..." and click "Apply". You should now be the full owner of your "safe" folder and everything below it.
13. Click the permissions tab and check "Reset permissions on all child objects ..." and uncheck "Allow inheritable permissions from parent ..." (note this should already be unchecked since you did that from the admin account), then click apply. This will go quickly if the folder is empty. it can take seconds or minutes or more depending on the children folder tree below you.
14. Create a test child folder inside your "safe" folder and then view the properites and verify that "ninja" is the owner with full control and that no other account has access. if this is not the case then you missed a step above (probably the "Allow inheritable permissions ..." in step 4 above)
15. Logout of the "ninja" account
16. Login to the admin account
17. Try to access the "safe" folder. You should not be able to access the contents of the folder nor modify the folder properties/permissions. As an admin you can still take ownership of the folder but until then the admin access is denied.

Make use of the safe folder

1. Login to Ninja account, download Bring, put it in the Safe folder and recheck if it is seen by anyone.
2. Create a casino account with restrictions when logged in as Manager
3. Log into Casino and create a text file on desktop, edit file and put this in it and save (this piece makes the window that the mouse is on active. It's not always necessary, but for certain sites(tars) you may need it):

 Windows Registry Editor Version 5.00 
 [HKEY_CURRENT_USER\Control Panel\Desktop] 
 "ActiveWindowTracking"=dword:00000001 
 "ActiveWndTrkTimeout"=dword:00000000 
 "UserPreferencesMask"=hex:9f,3e,00,80 

1. Rename file to Newdoc.reg (yes you want to make it another file type)
2. Double click the file to import it.
3. Make a snapshot of the machine
4. Download and install a pokersite (do the install with runas -> Manager)
5. Setup correct Windows settings (resolution, background, screensaver etc.)
6. If you want the screensize to be maximum (NOT needed with latest version of VMware,6 and up):
7. Turn off the Vmachine
8. Edit the .vmx file and put this in there and safe:

 svga.maxWidth = "2400" 
 svga.maxHeight = "1745" 
 (see here for extra memory to VGA, thanks to Igel) 

Finally

1. Make another VMWare snapshot
2. Clone the VMWare machine, if you want more than one
3. If you use a clone make sure to change the network/computer ID so you don't get any collissions on the network and you can easily recognize all the different machines on the network (comes in handy when sharing Hand history files) .
4. If you want a shortcut to shutdown a machine do the following: Right-click on desktop -> new -> shortcut. Then copy/paste this:

 shutdown -s -t 0 

and click next -> Finish (Now you don't need to do all the clicking and scrolling for that).

See also

• Anti detection