Jump to content











Photo
* * * - - 2 votes

PEPassPass


  • Please log in to reply
92 replies to this topic

#26 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 17 September 2014 - 03:32 PM

PEPassPass v1.0.3 is now hosted on my blog. For the sake of completeness, I have added PassPassLive and PassPassLive_E2B. Due credits have been given. Please check if I have forgot to mention someone's contribution or something technically crucial.



#27 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 September 2014 - 03:53 PM

Well, I still completely fail to understand any practical use (apart the fun :) and the nice PoC) of PassPassLive. :frusty: , notwithstanding how nice the little tool is, I wouldn't go around "publicizing it" as likely you will be flooded with questions on why it doesn't work or how to use it.

 

And of course PassPassLive_E2B does not really exist :whistling:

 

While you are at it, you could correct also the (defamatory :w00t: :ph34r:) reference to Kon-boot you made here:

http://www.sherlock..../#comment-62123

 

As soon as boulcat will be able to fix the initial post, I would find it better to remove the download from your post, replacing it with the download page on reboot.pro where boulcat will be able to add (and update directly when needed) the thingy.

 

BTW, and OT :ph34r:, if you or any of the other kids (boulcat :thumbsup: is of course invited specifically to this, but anyone is welcome) are still willing (and have the time) to play, we have still to finalize and make into something usable this:

http://reboot.pro/to...or-a-challenge/

 

:duff:

Wonko



#28 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 17 September 2014 - 04:06 PM

While you are at it, you could correct also the (defamatory :w00t: :ph34r:) reference to Kon-boot you made here:

http://www.sherlock..../#comment-62123

 

Will fix it soon.

 

 

As soon as boulcat will be able to fix the initial post, I would find it better to remove the download from your post, replacing it with the download page on reboot.pro where boulcat will be able to add (and update directly when needed) the thingy.

 

Agreed.

 

 

 

BTW, and OT  :ph34r:, if you or any of the other kids (boulcat  :thumbsup: is of course invited specifically to this, but anyone is welcome) are still willing (and have the time) to play, we have still to finalize and make into something usable this:

 

I'll be much free to get myself involved into it once again after first week of December. Mean time, I'll keep an eye on if some progress takes place.



#29 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 18 September 2014 - 09:37 AM

First post missing explanation to what the program does.

PEPassPass - Bypass the Windows logon Password (supports both 32-bit as well as 64-bit versions of Windows XP/Vista/7/8/8.1)

 

Bypass which versions of Windows logon Password

 

Does it also work on Windows 8 / 8.1

 

 

 

 

Download link not working on first post. Read all threads. See that original poster needs 10 more post to be to get to edit and update links.

 

http://www.sherlock....s-the-password/

 

PassPass

Meet PassPass (Bypass the Password), a nifty Grub4DOS batch script to disable/re-enable Windows logon password validation. The latest version supports both 32-bit as well as 64-bit versions of Windows XP/Vista/7/8/8.1. Credit (as well as dis-credit) is to be equally shared between Wonko the Sane a.k.a. jaclaz and Holmes.Sherlock for the idea and coding respectively. We appreciate any success/failure report mentioning the following:

  • Windows version (e.g. XP, Vista, 7)
  • Service pack, if any
  • Architecture (e.g. 32-bit/64-bit)
  • msv1_0.dll version (e.g. 6.1.7600.16525) along with MD5 checksum, if possible

Technical Details: The script tries to locate all existing Windows installations and corresponding Windows editions as well. Thereafter, it replaces the CMP instruction responsible for password verification with a ‘benign’ sequence of bytes. For reverting back the changes, the process is just the opposite. The whole idea is derived from WindowsGate and Astr0baby’s tutorial.

Usage:

  1. Install Grub4DOS. You may prefer using RMPrepUSB. Script tested with Grub4DOS v0.4.5c-2013-03-03.
  2. Download grubutils and copy WENV binary on the root of the boot media. Script tested with grubutils-2011-06-27.
  3. Copy PassPass, PassPass.bak and menu.lst on the root of the boot volume.
  4. Boot
  5. Ideally ‘Autodetect’ mode should be able to list out all existing Windows installation. For buggy BIOS-es, try appropriate <Disk#> and <Partition#> to ‘Forcedetect’ Windows installations.
  6. Choose either ‘Patch’ or ‘Unpatch’ respectively for disabling/re-enabling password verification.
  7. Reboot and boot into target Windows.

Beta Testing:

  1. Download latest version of the script.
  2. Backup //system32/msv1_0.dll of target installation.
  3. Patch it.
  4. Test whether the patch is working by being able to log on with arbitrary password.
  5. Note MD5 checksum of the DLL.
  6. Unpatch it.
  7. Test whether whether unpatch is working by being not able to log in with all but correct password.
  8. Note MD5 checksum of the DLL.
  9. Compare the MD5 hashes.
  10. Success is defined by the patch working at step #4, unpatch working at step #6 and hashes matching at step #9.
  11. Report success/failure in the format mentioned above.

Credits:

  • Wonko the sane – For ideas, code snippets, information. The script embeds his DLL version detection script.
  • Ectomorph a.k.a. Damian Bakowski – For his ‘unannounced’ patch for 32-bit version of msv1_0.dll.
  • Astr0baby – For his reversing tutorial
  • Steve Si – For including support for PassPass in his wonderful tool Easy2Boot.


#30 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 09:44 AM

 

For that I believe you need to ask Nuno, as you have not enough posts to have that privilege automatically (I seem to remember it is set to 50 posts).

 

Thank you for your understanding Nuno :)

I've updated the first post with the download link: Download section and Holmes.Sherlock's PassPass blog

and I removed PEPassPass versions scattered everywhere in this thread. ;)


#31 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 09:49 AM

PEPassPass Updated in v1.1.0
It browse all the folders now from the ready fixed drive and search if System32\msv1_0.dll exist to get the true "Windows" folder, an not the hardcoded "Windows" name (For 1.13% of guys who do not have the standard name  ;) ).
To optimize, it use now the values of the combo rather than looking again at host OS Version and OS Architecture.


#32 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 18 September 2014 - 09:55 AM

Some questions/suggestions when hovering mouse over buttons on gui. Screenshot below

 

 

passpass .jpg



#33 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 18 September 2014 - 09:56 AM

I've updated the first post with the download link: Download section and Holmes.Sherlock's PassPass blog

 

This is why I hate Download portal .Is the Download working for someone else?

 

PEPass_Pass_Download.png



#34 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 18 September 2014 - 10:02 AM

Really like the gui PEPassPass_v1.0.3

 

Same here for download portal.

 

 

 

Sorry, you don't have permission for that!
[#10870]

We could not find the file specified


Need Help?

 

  •  


#35 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 18 September 2014 - 10:04 AM

 

Really like the gui

 

Me too. Simple and easy to use for most of the non-techie users.

 

 

 

Same here for download portal.

 

A long-standing issue with the portal.



#36 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 18 September 2014 - 10:07 AM

Can the gui version cover questions on screenshot on post 32

http://reboot.pro/to...spass/?p=187571

 

 

first post needs link to PEPassPass v1.0.3



#37 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 18 September 2014 - 10:09 AM

Can the gui version cover questions on screenshot on post 32

http://reboot.pro/to...spass/?p=187571

 

Valid points raised, I hope boulcat will address these issues.



#38 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 10:21 AM

This is why I hate Download portal .Is the Download working for someone else?

 

Same here with IE11 and Opera 12.17 !

But it seems to work with Chrome.

 

Chrome_vs_IE11.jpg

 

I'll add also he latest version in the first post in 2 mn

 

Also, with IE11, I can not use copy/paste,  annoying ;)

I have the same too on other forums with IP.Board engine.



#39 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 18 September 2014 - 10:23 AM

But it seems to work with Chrome.

 

I used Chrome in the screenshot I posted. This is the reason why Download portal never became popular.



#40 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 September 2014 - 10:32 AM

Some questions on screenshot below

I can see ONLY otiose questions in it. :frusty:
 
The UI is NOT a §@ç#ing manual. :realmad:
 
If you know what the tool does (which you should have learned by reading the related threads/posts) every option is simple and self-explaining.
 
If you don't know what the tool does, you should NOT use it.
 
However, here is the complete Help text:
 

PEPassPass Manual
(if you have more than two neurons working you can skip this document as it contains only obvious info and truisms)
 
This tool may allow to access a Windows NT based system without providing a login password (or may completely fail at it).
To do this it changes a few bytes in a Windows dll, msv1_0.dll, this is called "to patch a binary file".

You will need a basic understanding of the English language in order to read this manual and to learn, after several hours of reading it, how to use this tool.

There are 5 (five) buttons on the UI (User interface).

They have written on them a mnemonic connected to the action that will be performed when you click on them:

Backup <- will make a backup of the selected msv1_0.dll

Restore <- will restore the selected msv1_0.dll from it's backup, curiously named msv1_0.dll.bak

Patch <- will patch the selected msv1_0.dll

Unpatch <- will unpatch the selected msv1_0.dll

Exit <- will exit the program

It may be a good idea to make a backup (Backup button) of the dll before patching it (Patch button), though the program has the capability to revert the patching, unpatching it (Unpatch button).
Should, for any reason, the unpatching not work, if you made a backup, you can restore the original dll (Restore button).
Standard usage:

  • run the tool
  • select the Windows install to be accessed (there may be more than one Windows OS's installed)
  • click on the Patch button
  • Exit the tool by clicking on the Exit button
  • reboot to the OS and access it without providing the password

(optionally)

  • reboot to the PE
  • run the tool
  • select the same Windows install that was selected before
  • click on the Unpatch button
  • Exit the tool by clicking on the Exit button

Prudent usage:

  • run the tool
  • select the Windows install to be accessed (there may be more than one Windows OS's installed)
  • click on the Backup button
  • click on the Patch button
  • Exit the tool by clicking on the Exit button
  • reboot to the OS and access it without providing the password

(optionally)

  • reboot to the PE
  • run the tool
  • select the same Windows install that was selected before
  • click on the Unpatch button
  • IF you don't trust the above or you simply feel like it additionally or alternatively:
  • click on the Restore button
  • Exit the tool by clicking on the Exit button

The following line intentionally written to let the reader know that the manual ends here:

THE END

 

:duff:

Wonko



#41 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 10:59 AM

Some questions/suggestions when hovering mouse over buttons on gui. Screenshot below

 

TheHive.jpg

 

It is the same options as PassPass ;)

 

Q: Why ? and When ? to use options.

A: Just for fun ;)

    Because someone forgot the password coming back from holiday

    Obscure reasons !

    Because Windows forces me to regularly change my password and I forgot the last one, written  just before an

    evening watered  :lol:

 

Edit: Thanks Wonko for the PEPassPass Manual  :)



#42 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 11:49 AM

I recreated Downloads -> Security -> PEPassPass, in case I did something wrong the first time.
Once signing, PEPassPass is available here in the download section IE11, Chrome :)
 
For those who already downloaded it: 
I fixed a bug in passing, I forgot to change the version number  :blush:


#43 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 18 September 2014 - 11:52 AM

 

I recreated Downloads -> Security -> PEPassPass, in case I did something wrong the first time.
Once signing, PEPassPass is available here in the download section IE11, Chrome :)
 
For those who already downloaded it: 
I fixed a bug in passing, I forgot to change the version number  :blush:

 

 

Permission issue is still there in the Downloads portal. I have removed the app from my blog. Let the first post in this thread be the ONLY download source, nowhere else.



#44 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 18 September 2014 - 12:02 PM

Permission issue is still there in the Downloads portal. I have removed the app from my blog. Let the first post in this thread be the ONLY download source, nowhere else.

 

OK, Done :)

I let the file in the download section, for nowIf the issue persists, I'll remove it

Unless it is a recurring problem also for other downloads!

 

PEPassPass v1.1.0 is available on 1st post.

Let me know if you have any troubles or difficulty to read the funny manual, above ;)  I believe as final for now.



#45 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 September 2014 - 12:45 PM

Let me know if you have any troubles or difficulty to read the funny manual, above ;)  I believe as final for now.

UNfortunately :( it is not particularly funny, as a matter of fact it is a further sign that humanity is doomed, not entirely unlike the original instructions for use of toothpicks:
 

It seemed to me,' said Wonko the Sane, 'that any civilization that had so far lost its head as to need to include a set of detailed instructions for use in a package of toothpicks, was no longer a civilization in which I could live and stay sane.

An image of an original signed by Douglas Adams himself :worship:

Spoiler
http://homepage.ntlw...toothpicks2.png

:duff:
Wonko



#46 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 19 September 2014 - 10:31 AM

Something Like this

PassPassGui.jpg

 

 

Wonko, nice easy Manual to read :thumbup:

 

 

PEPassPass Manual Edited

PEPassPass is able to patch Windows XP/Vista/7/8/8.1 for both 32-bit and 64-bit versions

PEPassPass Manual
(PEPassPass = a Gui application to bypass Windows Login based on the original (PassPass (Bypass the Password) developed from Holmes.Sherlock's) 
 
This tool may allow to access a Windows NT based system without providing a login password (or may completely fail at it).
To do this, it changes a few bytes in a Windows dll, msv1_0.dll, this is called "to patch a binary file".

 

It may be a good idea to make a backup (Backup button) of the dll before patching it (Patch button), though the program has the capability to revert the patching, unpatching it (Unpatch button).
Should, for any reason, the unpatching not work, if you made a backup, you can restore the original dll (Restore button).

 

There are 5 (five) buttons on the UI (User interface).

These are the actions that will be performed when you click on them:

Backup <- will make a backup of the unmodified OS original msv1_0.dll file

Restore <- will restore the original unmodified msv1_0.dll from it's backup, curiously named msv1_0.dll.bak

Patch <- will patch the selected msv1_0.dll  and allow access without providing a login password
Unpatch <- will unpatch the selected msv1_0.dll and ?????? (Why would you unpatch it, will it bring the msv1_0.dll back to where you need to type in the original pass to log in or what)

Exit <- will exit the program

Standard usage:

  • run the tool
  • select the Windows install to be accessed (there may be more than one Windows OS's installed)
  • click on the Patch button
  • Exit the tool by clicking on the Exit button
  • reboot to the OS and access it without providing the password

(optionally)

  • reboot to the PE
  • run the tool
  • select the same Windows install that was selected before
  • click on the Unpatch button
  • Exit the tool by clicking on the Exit button

Prudent usage:

  • run the tool
  • select the Windows install to be accessed (there may be more than one Windows OS's installed)
  • click on the Backup button
  • click on the Patch button
  • Exit the tool by clicking on the Exit button
  • reboot to the OS and access it without providing the password

(optionally)

  • reboot to the PE
  • run the tool
  • select the same Windows install that was selected before
  • click on the Unpatch button
  • IF you don't trust the above or you simply feel like it additionally or alternatively:
  • click on the Restore button
  • Exit the tool by clicking on the Exit button

The following line intentionally written to let the reader know that the manual ends here:

THE END

 

 

The guy looks peculiar but demos why instructions are sometimes good to read. Then again some people are just born smart. Like the second Video.

 

Point comes across around 2:30



#47 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 19 September 2014 - 10:50 AM

Unpatch <- will unpatch the selected msv1_0.dll and ?????? (Why would you unpatch it, will it bring the msv1_0.dll back to where you need to type in the original pass to log in or what)

 

Yes, and what ???  it's good to accept to lose face.

Create a new user, make a backup and ???



#48 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 September 2014 - 11:19 AM

Dear Mr. TheHive,

first thing let me thank you for your question.  :)
 
From the guide. a few snippets:
 
 

... 
To do this it changes a few bytes in a Windows dll, msv1_0.dll, this is called "to patch a binary file".

You will need a basic understanding of the English language in order to read this manual and to learn, after several hours of reading it, how to use this tool.

...
It may be a good idea to make a backup (Backup button) of the dll before patching it (Patch button), though the program has the capability to revert the patching, unpatching it (Unpatch button).
...

 

heavily highlighted for your convenience. 

 

You may want to check in your dictionary the meaning of the verb to revert, should the RAM-ROT volume of your dictionary have been lost or chewed by your dog, here is valid reference:

http://www.thefreedi...nary.com/revert

 

Also, more loosely, check also the accepted meaning of the prefix un-:

http://dictionary.ca...an-english/un_1

 

Finally also note how the use of the Unpatch button has been, in both usage cases depicted, listed under the:

(optionally)

 

tag, another little word (an adverb in this case) that you might need to look up:

http://www.thefreedi...ry.com/optional

 

Unfortunately our support staff cannot process lousy videos that the user submits to attempt supporting his/her m00t points, we only process text.

 

It has been a pleasure to hear from you, we hope that our answers to your enquiry have been satisfactory, feel free to submit further requests for clarifications.

 

Your credit card will be billed for the agreed sum of US$ 430,00 for the consultancy (standard fee of US$ 10,00 + 420% surcharge for stupid or otiose questions).

 

Have a nice day.

 

 

:duff:

Wonko



#49 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 19 September 2014 - 08:36 PM

This consultation is to expensive but here, keep the change.

 

 

Thanks for taking the time. ;)



#50 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 September 2014 - 10:21 AM

This consultation is to expensive but here, keep the change.

 

You are a bit "old style".:w00t: 

 

You seemingly missed a new, very useful device on Kickstarter :unsure:

 

Here ;):

https://www.kickstar...1/the-money-gun

 

I wonder how people can do without one ... :whistling:

 

:duff:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users