Sec, blogmal! - rev-eng - driversign



Dezember '14



Flattr me:

Flattr this

Wed, 07 Dec 2005

Installing unsigned drivers in Windows
If you install a Driver on Windows XP which is not "blessed" by Microsoft, you get a nasty Dialog box with a warning. - Microsoft tries to tell people this is for stability reasons - See [this blog entry]: at "The Old New Thing" for someone arguing for it, and read the comments for reasons why this idea only sounds good in writing. About a year ago this had also come up on the [OpenVPN]: mailinglist ([see here]: Someone in that thread pointed out, that Microsoft says [you can't change it in your program]: which tiggered my /hacker/ gene to see how this could be done anyways. Liberal usage of [regmon]: revealed that the value is indeed stored in the Policy key of "HKLM\Software\Microsoft\Driver Signing", but there was also a write to the PrivateHash key of "HKLM\Software\Microsoft\Windows\CurrentVersion\Setup". With the help of [apispy]: it was easily found out that the *PrivateHash* is an MD5 hash of the 4-byte-extended value of the Policy Key and some seed. The Seed is the 4-byte value of the "seed" key from "HKLM\System\WPA\PnP"). This was quickly written down in a small proof of concept [program]: - And please, don't even think about ugly things like automating a mouse click to acknowledge such a dialog box again. :) -- Sec
posted at: 17:53 | Category: /rev-eng | permanent link to this entry | 4 comments (trackback)

Your Comment
URL/Email: [http://... or mailto:you@wherever] (optional)
Title: (optional)
Save my Name and URL/Email for next time
(Note that comments will be rejected unless you enter 42 in the following box: )

powered by blosxom
in 0.00 s