Jump to content











Photo
* * * * - 3 votes

PassPass - Bypass the Password


  • Please log in to reply
430 replies to this topic

#51 guimenez

guimenez

    Frequent Member

  • Advanced user
  • 172 posts
  •  
    Portugal

Posted 12 June 2013 - 07:52 AM

Hi,

first of all many thanks for such application :D

 

I'm trying here but its not working.

 

I've put the commands on my menu.lst and the file Wenv and PassPass.g4b to the root of my pendrive.

When i try the menu, it always says "No Windows installation found" and i've try it in 2 pcs.

 

I've 2 partitions on my pendrive and the second its the boot one.

 

Hope someone help me.

 

Thanks



#52 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 12 June 2013 - 07:54 AM

I've put the commands on my menu.lst and the file Wenv and PassPass.g4b to the root of my pendrive.

 

Have you tried PassPass (Forcedetect) menu entry?



#53 guimenez

guimenez

    Frequent Member

  • Advanced user
  • 172 posts
  •  
    Portugal

Posted 12 June 2013 - 08:07 AM

Have you tried PassPass (Forcedetect) menu entry?

Thanks for replying.

 

Yes i've try it both.

 

this is my menu:

 

title PassPass - (Autodetect)
/PassPass.g4b
boot
 
title PassPass - (Forcedetect)
/PassPass.g4b 1 10
boot
 
thanks


#54 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 08:31 AM

Which Windows version?

On which Disk/partition?

 

Post a DIR of the root of the volume where Windows is (normally DIR C:\).

 

:cheers:

Wonko



#55 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 08:37 AM

The dll in system32 was changed it both cases. But in both cases the dll in syswow64 was not changed. Both are Win7x64 systems.

I have tested PassPass on my Win 7 64-bit SP1 system and it worked fine by just patching the system32 dll.

 

Maybe there is more than one Windows installation on the partitions - after all C:\Windows is only the default OS directory for a clean install...?



#56 guimenez

guimenez

    Frequent Member

  • Advanced user
  • 172 posts
  •  
    Portugal

Posted 12 June 2013 - 08:59 AM

Which Windows version?

On which Disk/partition?

 

Post a DIR of the root of the volume where Windows is (normally DIR C:\).

 

:cheers:

Wonko

I'm testing on Windows 7 32 bits and 64 bits.

 

 

14-07-2009  04:20    <DIR>          PerfLogs
07-06-2013  12:26    <DIR>          Program Files
11-06-2013  20:34    <DIR>          Program Files (x86)
05-06-2013  08:56    <DIR>          Users
11-06-2013  20:34    <DIR>          Windows

 

Maybe its because my pendrive as 2 partition and the second is the one that have boot?

But all programs i have there works perfectly.

Just neet to change to hd0,1 in some of them

 

thanks



#57 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 09:09 AM

Small bug in PassPass - if there is more than one Windows folder on the partition then you get two identical menu entries

 

e.g.

 

Windows XP at (hd1,0)

Windows XP at (hd1,0)

 

It would be better to display the Windows directory that is detected:

 

Windows XP at (hd1,0)\Windows

Windows XP at (hd1,0)\Windows.1

 

 

You just need to modify the line below:

 

:: Check for Windows version based on size of msv1_0.dll
call %0 findWinVer %dllPath%
set grubMenu = %grubMenu% %os% at %dllRoot%\\\\%2 \ncall %0 patchUnpatch %dllRoot% %2 \npause \nconfigfile /menu.lst
echo -e %grubMenu% >> %osDrv%   ## Write configfile to mem drive
goto :EOF

 

 

 

 

 



#58 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 09:26 AM

I have tested PassPass on my Win 7 64-bit SP1 system and it worked fine by just patching the system32 dll.

Really?

So is the 32 bit .dll used also on 64 bit systems? :dubbio:

 

Or maybe there are instances in which the 32 bit .dll is used initially? :unsure:

 

The SP1 64 bit .dll should be among the ones that were tested, it should be 6.1.7601.17514.

Are you sure that it hasn't been patched (the 64 bit version) on your system?

 

BTW, before we enter the usual madness about versions, patches and forks, I would kindly invite Holmes.Sherlock to become "diligent" in correcting the bugs and including the improvements Steve6375 proposes (and needed for compatibility with Easy2boot or whatever) and would appreciate if Steve6375 could use in his thingies the SAME "official" version of PassPass, or rename it to PassE2B (or whatever) otherwise in no-time we will have the usual chaos about versions and editions.

 

:cheers:

Wonko



#59 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 09:28 AM

sorry, I meant the system32 folder dll was patched  (PassPass only patches \%windir%\system32) - so the dll would be a 64-bit dll.



#60 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 09:43 AM

I'm testing on Windows 7 32 bits and 64 bits.

 

 

14-07-2009  04:20    <DIR>          PerfLogs
07-06-2013  12:26    <DIR>          Program Files
11-06-2013  20:34    <DIR>          Program Files (x86)
05-06-2013  08:56    <DIR>          Users
11-06-2013  20:34    <DIR>          Windows

 

Maybe its because my pendrive as 2 partition and the second is the one that have boot?

But all programs i have there works perfectly.

Just neet to change to hd0,1 in some of them

 

thanks

So do you see any strange error messages or anything when you run PassPass?



#61 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 09:49 AM

sorry, I meant the system32 folder dll was patched  (PassPass only patches \%windir%\system32) - so the dll would be a 64-bit dll.
That's much better. :)
AFAIK the tested (till now) 64 bit versions were:
 
6.1.7600.16420 <- this is an "important" security update kb975467
6.1.7600.20524 <- this is the same "important" security update kb975467
6.1.7601.17514  <- this is the SP1
 
The 6.1.7600.1385 is the RTM version (very short lived since RTM is July-October 2009 and the kb files are 09-Sep-2009). 
It is very possible that his RTM version uses a very  different code and thus another pattern needs to be added.
 
I'm testing on Windows 7 32 bits and 64 bits.
Why don't you provide (BTW as asked and highlighted ad-nauseam) the EXACT version of the .dll?
 
Do we really need to establish a "rule" along which each and every post on this thread MUST contain the exact version of the .dll or it will be ignored? :dubbio:
 
:cheers:
Wonko

#62 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 10:01 AM

Found this on Win8 patch - has PassPass on Win8 been tested yet?



#63 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 11:28 AM

Found this on Win8 patch - has PassPass on Win8 been tested yet?

Really? :unsure:
 
 

Technical details: The script tries to locate all existing Windows installations and corresponding Windows editions as well. Thereafter, it replaces the CMP instruction responsible for password verification with a 'benign' sequence of bytes. For reverting back the changes, the process is just the opposite. The whole idea is derived from WindowsGate and Astr0baby's tutorial.

 

Credits:

  • Wonko the sane - For ideas, code snippets, information. The script embeds his DLL version detection script.
  • Ectomorph a.k.a. Damian Bakowski - For his 'unannounced' patch for 32-bit version of msv1_0.dll.
  • Astr0baby - For his reversing tutorial
  • Steve Si – For including support for PassPass in his wonderful tool Easy2Boot.

 
Tested? NO.
Implemented? NO.
Ready for test? Yes. :)

If you are game for this, try instead of:







:64BitPatch
cat --hex --locate=\x48\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul

this





:64BitPatch
cat --hex --locate=\x49\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul

Maybe it works.

 

AFAIK Holmes:Sherlock is working on it :unsure:, of course when and if he has some time for this.

 

I saw this coming from a long distance, but Holmes wanted-wanted to release the thingy, to see what would have happened.

:cheers:
Wonko



#64 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 12 June 2013 - 11:29 AM

Justting putting things together. There is one bug report submitted today on my blog regarding PassPass not working on Win 8. See comment#3.

http://www.sherlock....s-the-password/

 

BTW, before we enter the usual madness about versions, patches and forks, I would kindly invite Holmes.Sherlock to become "diligent" in correcting the bugs and including the improvements Steve6375 proposes (and needed for compatibility with Easy2boot or whatever) and would appreciate if Steve6375 could use in his thingies the SAME "official" version of PassPass, or rename it to PassE2B (or whatever) otherwise in no-time we will have the usual chaos about versions and editions.

 

Though bearded uncle perfectly knows that Holmes.Sherlock has got his left shoulder fractured and dislocated by ~2mm on May 31, 2013 evening in a road accident and presently typing with right hand only with the other hand tied and hung from neck, I'd like to request him to take care of responding to people's concern on board (and if possible, on my blog, too) to minimize the wastage of time and pain on my end to type an extensive piece of text. By the time, I'll be working on fixing this script.

 

@Steve6375

I'll get in touch with you in PM for all the enhancements you have proposed throughout. I plan to roll out the next official version with the changes incorporated mentioning your name. Agreed?



#65 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 11:42 AM

Though bearded uncle perfectly knows that Holmes.Sherlock has got his left shoulder fractured and dislocated by ~2mm on May 31, 2013 evening in a road accident and presently typing with right hand only with the other hand tied and hung from neck, I'd like to request him to take care of responding to people's concern on board (and if possible, on my blog, too) to minimize the wastage of time and pain on my end to type an extensive piece of text. By the time, I'll be working on fixing this script.
Sure Wonko knows, but since your accident pertains to your privacy sphere, he didn't reveal about it.

The generic "when and if he has some time for this" covers also your temporary handicap.

BTW I hope you are getting better :).
 
:cheers:
Wonko

#66 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 12 June 2013 - 11:53 AM

Sure Wonko knows, but since your accident pertains to your privacy sphere, he didn't reveal about it.

The generic "when and if he has some time for this" covers also your temporary handicap.

 

:good: 

 

 

 

BTW I hope you are getting better  :).

 

Improving in a s-l-o-w pace.



#67 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 12:51 PM

Really? :unsure:
 
 

 

 
Tested? NO.
Implemented? NO.
Ready for test? Yes. :)

If you are game for this, try instead of:







:64BitPatch
cat --hex --locate=\x48\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul

this





:64BitPatch
cat --hex --locate=\x49\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul

Maybe it works.

 

AFAIK Holmes:Sherlock is working on it :unsure:, of course when and if he has some time for this.

 

I saw this coming from a long distance, but Holmes wanted-wanted to release the thingy, to see what would have happened.

:cheers:
Wonko

I have win 8 32-bit preview which I can test - what byte sequence should I look for and patch for that?



#68 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 12 June 2013 - 12:53 PM

I have win 8 32-bit preview which I can test - what byte sequence should I look for and patch for that?

 

cat --hex --locate=\x49\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul


#69 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 01:30 PM

I have win 8 32-bit preview which I can test - what byte sequence should I look for and patch for that?


Wait a minute.

We were - I thought :unsure: - agreeing that the info needed is 4 (four, numbered from 1 to 4) pieces of info, including EXACT DLL version.

The code posted, however AND the referenced article/tutorial is about the 64 Bit Version.

 

You asked before (and were replied to) about 64 bit version.

The Windows 8 32 bit version (all of them) should work "as is". (but it has to be tested).

 

If you prefer the 32 bit patch "as is" is "as generic as it can be" and should in theory with *everything* from Windows 2000 to Windows 8 (ONLY 32 bit).

 

Try the PassPass "as is" and report (besides if it worked or failed)

  1. Windows version (e.g. XP, Vista, 7)
  2. Service pack (e.g. SP0, SP1)
  3. Architecture (e.g. 32-bit/64-bit)
  4. msv1_0.dll version (e.g. 6.1.7600.16525) along with MD5 checksum, if possible ( i.e. the §@ç#ing EXACT DLL version you tested)

Why it is so difficult to avoid confusion? :frusty:

 

Maybe we should make a PassPass32 and a PassPass64, with two separate threads, the detecting code will be simplified, and the risk of mixning things together reduced. :dubbio:


:cheers:
Wonko


  • pscEx likes this

#70 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 12 June 2013 - 01:38 PM

Maybe we should make a PassPass32 and a PassPass64, with two separate threads, the detecting code will be simplified, and the risk of mixning things together reduced. :dubbio:

 

:good:

 

Peter :cheers:



#71 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 01:43 PM

:good:

 

Peter :cheers:

Quite :w00t: unexpected from someone that is after a PE builder capable of creating from *any* source. :dubbio:

 

We could also do:

PassPass2K32SP0

PassPass2K32SP1

PassPass2K32SP3

PassPass2K32SP4

PassPassXP32SP0

PassPassXP32SP1

PassPassXP32SP2

PassPassXP32SP3

PassPassVIsta <- Naah noone would sencefully want to start a Windows Vista ;)

etc.

etc.

but the idea of a "universal" tool would be seriously compromised. :whistling:

 

Just in case:

http://en.wikipedia....orical_question

 

:cheers:

Wonko



#72 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 12 June 2013 - 01:49 PM

That's from an engineer who likes / demands clear definitions and demarcations.

My opinion about ??? is not relevant here!

 

Peter :cheers:

 

EDIT: Sorry, the sence of the post is lost. After I replied, the One Line Post "Quite unexpected ..." has been expanded to a book chapter! :dubbio:

When such differentiation, as described in the book chapter, becomes necessary, I suggest to forget the whole project. :hyper:

Only some users will be able to download the batch which will handle their situation correctly.

 

Maybe somebody writes a batch which chooses the right batch after evaluating an XML answering a couple of questions!

 

Peter :yahoo:



#73 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 12 June 2013 - 02:00 PM

cat --hex --locate=\x49\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul

 

 

 

PassPass does not work on:

Win 8

32-bit

Win 8 Release Preview

dll version=6.2.8400.0  273,408 bytes

 

The patch in PassPass does patch the dll, but it seems to have no effect.

 

Cannot find that 49 3B C6 sequence either...



#74 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 June 2013 - 02:24 PM

The patch in PassPass does patch the dll, but it seems to have no effect.

Good :), then it doesn't work. :(

 

Cannot find that 49 3B C6 sequence either...

That sequence is ONLY on 64 bit :frusty:  :frusty: :frusty:

I thought that it was clear enough. :(

 

:cheers:

Wonko



#75 guimenez

guimenez

    Frequent Member

  • Advanced user
  • 172 posts
  •  
    Portugal

Posted 12 June 2013 - 03:10 PM

So do you see any strange error messages or anything when you run PassPass?

Nop,

only it says "No Windows Installation found".

I've tested now on 4 pcs and its the same.

 

What dll are every body talking?

Do i need to have it in my pendrive?

 

thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users