diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c244bc..4d62b97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,11 +63,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - All 7 registry policies confirmed correct per MS Policy CSP docs - Version numbers aligned across all 50+ files -### 🔐 Verify Download -``` -SHA256: fdb364d48e67a6889b44a519ba061cd570411158b8bdeb9b91ec845b7e270d96 -``` - --- ## [2.2.0] - 2025-12-08 diff --git a/Core/Validator.ps1 b/Core/Validator.ps1 index 186eca4..df69127 100644 --- a/Core/Validator.ps1 +++ b/Core/Validator.ps1 @@ -174,8 +174,8 @@ function Test-InternetConnectivity { param() try { - # Using Google DNS (8.8.8.8) - intentional for internet connectivity check - $response = Test-Connection -ComputerName "8.8.8.8" -Count 1 -Quiet -ErrorAction Stop + # Using Microsoft NCSI endpoint - same as Windows uses for connectivity detection + $response = Test-Connection -ComputerName "www.msftconnecttest.com" -Count 1 -Quiet -ErrorAction Stop return $response } catch { diff --git a/SECURITY.md b/SECURITY.md index 8f5a7d4..2044910 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -92,9 +92,15 @@ NoID Privacy implements multiple security layers: ### Before Running 1. ✅ **Verify Script Integrity** ```powershell - # Check file hash (coming soon - SHA256 checksums in releases) + # Compare against CHECKSUMS.sha256 from GitHub Release Get-FileHash .\NoIDPrivacy.ps1 -Algorithm SHA256 + + # Or verify the entire release folder: + Get-ChildItem *.ps1, *.psm1 | ForEach-Object { + "$((Get-FileHash $_.FullName -Algorithm SHA256).Hash.ToLower()) $($_.Name)" + } ``` + Each GitHub release includes a `CHECKSUMS.sha256` file with SHA256 hashes of all release files. 2. ✅ **Review Code** - This is open-source - read the code! diff --git a/Start-NoIDPrivacy.bat b/Start-NoIDPrivacy.bat index 09eb3c1..54309b6 100644 --- a/Start-NoIDPrivacy.bat +++ b/Start-NoIDPrivacy.bat @@ -23,7 +23,7 @@ if %errorLevel% == 0 ( REM Already admin, run PowerShell script directly echo Running NoID Privacy Interactive Menu with Administrator privileges... echo. - powershell.exe -ExecutionPolicy Bypass -NoProfile -File "%SCRIPT_DIR%NoIDPrivacy-Interactive.ps1" %* + "%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "%SCRIPT_DIR%NoIDPrivacy-Interactive.ps1" %* pause exit /b ) @@ -33,7 +33,7 @@ echo Requesting Administrator privileges... echo. REM Use PowerShell to elevate and run the script -powershell.exe -Command "Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"%SCRIPT_DIR%NoIDPrivacy-Interactive.ps1\" %*' -Verb RunAs" +"%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Start-Process '%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"%SCRIPT_DIR%NoIDPrivacy-Interactive.ps1\" %*' -Verb RunAs" REM Exit this non-elevated instance exit /b diff --git a/Tools/Generate-ReleaseChecksums.ps1 b/Tools/Generate-ReleaseChecksums.ps1 new file mode 100644 index 0000000..3ddc0a5 --- /dev/null +++ b/Tools/Generate-ReleaseChecksums.ps1 @@ -0,0 +1,72 @@ +<# +.SYNOPSIS + Generates SHA256 checksums for release files. + +.DESCRIPTION + Creates a CHECKSUMS.sha256 file containing SHA256 hashes of all release files. + Used for verifying download integrity. + +.PARAMETER ReleasePath + Path to the release folder or ZIP file(s). + +.PARAMETER OutputFile + Output file for checksums. Default: CHECKSUMS.sha256 in the same directory. + +.EXAMPLE + .\Generate-ReleaseChecksums.ps1 -ReleasePath "C:\Release\NoIDPrivacy-v2.2.2" + +.EXAMPLE + .\Generate-ReleaseChecksums.ps1 -ReleasePath ".\NoIDPrivacy-v2.2.2.zip" +#> + +[CmdletBinding()] +param( + [Parameter(Mandatory = $true)] + [string]$ReleasePath, + + [Parameter(Mandatory = $false)] + [string]$OutputFile +) + +$ErrorActionPreference = 'Stop' + +Write-Host "`n=== NoID Privacy Release Checksum Generator ===" -ForegroundColor Cyan + +# Determine if path is file or directory +if (Test-Path $ReleasePath -PathType Container) { + $files = Get-ChildItem -Path $ReleasePath -File -Recurse | Where-Object { $_.Extension -in '.zip', '.exe', '.ps1', '.psm1' } + $basePath = $ReleasePath +} elseif (Test-Path $ReleasePath -PathType Leaf) { + $files = Get-Item $ReleasePath + $basePath = Split-Path $ReleasePath -Parent +} else { + Write-Error "Path not found: $ReleasePath" + exit 1 +} + +if (-not $OutputFile) { + $OutputFile = Join-Path $basePath "CHECKSUMS.sha256" +} + +Write-Host "Generating checksums for $($files.Count) file(s)..." -ForegroundColor Yellow + +$checksums = @() +$checksums += "# NoID Privacy Release Checksums" +$checksums += "# Generated: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss UTC' -AsUTC)" +$checksums += "# Verify with: Get-FileHash -Algorithm SHA256 " +$checksums += "" + +foreach ($file in $files) { + Write-Host " Hashing: $($file.Name)" -ForegroundColor Gray + $hash = (Get-FileHash -Path $file.FullName -Algorithm SHA256).Hash.ToLower() + $relativePath = $file.Name + $checksums += "$hash $relativePath" +} + +$checksums | Out-File -FilePath $OutputFile -Encoding utf8 + +Write-Host "`nChecksums written to: $OutputFile" -ForegroundColor Green +Write-Host "`nContents:" -ForegroundColor Cyan +Get-Content $OutputFile | ForEach-Object { Write-Host " $_" } + +Write-Host "`n=== Done ===" -ForegroundColor Cyan