Jump to content











Photo
- - - - -

ConBoot - Unattended Win2k/XP/2k3/Vista/7/2k8 Password Bypass


  • Please log in to reply
44 replies to this topic

#1 c0rt3x

c0rt3x

    Newbie

  • Deactivated
  • 25 posts
  •  
    Germany

Posted 05 July 2012 - 12:38 PM

Hi,

I'd like to introduce you a new boot CD that allows you to easily and quietly bypass password protection on Win2k/XP/2k3/Vista/7/2k8

The main advantage compared to similar tools like KonBoot, NTPWEdit, or WinGate is that once you boot it everything else works automatically and invisibly.

It is based on a 2MB small hard disk image containing a patched version of MSDOS 7.0 which does not produce any visible text output while booting. When booted it loads a NTFS DOS driver, detects windows version and then replaces msv1_0.dll with a patched one in order to disable all password checks. Finally it makes use of a silent Grub4Dos version and boots windows.

Although it is not entirely finished yet, it is well working in most cases.
What is still missing is support for Windows 7.

Current version: 0.5

You can get the iso release file here: http://www.7ups.net/.../ConBoot-0.5.7z

Source files for building: http://www.7ups.net/...Boot-Sources.7z

Demo Video: http://www.firstcode...boot/demovideo/

Have fun... :)
  • Nuno Brito likes this

#2 alochet

alochet

    Newbie

  • Members
  • 11 posts

Posted 07 July 2012 - 06:05 PM

worked on win 7 64 bit.

thanks for the program, faster than konboot

#3 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10,210 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 07 July 2012 - 06:27 PM

Good work, it is really good to have an alternative that can be improved with the community feedback.

Why not making this tool available at the download center? This ensures more people notice it exists.

btw. Thanks for posting the video, really nice.

Take care!
:cheers:

#4 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,407 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 08 July 2012 - 12:15 PM

I tried this on a real XP system using the Zalman 200 to load the ISO and I get a Disk I/O error on boot.
I also tried a USB Flash drive and grub4dos

title ConBoot

map /iso/Conboot.iso (0xff)

map (hd0) (hd1)

map (hd1) (hd0)

map --hook

chainloader (0xff)
and it just reboots to the USB drive?

#5 alochet

alochet

    Newbie

  • Members
  • 11 posts

Posted 08 July 2012 - 08:45 PM

For some reason I got it to work using xboot, but it wont boot using sardu

Here is my config file when I added it to xboot

### MENU START
title ConBoot\n
ls /images/conboot.iso || find --set-root /images/conboot.iso
map --heads=0 --sectors-per-track=0 /images/conboot.iso (0xff) || map --heads=0 --sectors-per-track=0 --mem /images/conboot.iso (0xff)
map --hook
chainloader (0xff)
### MENU END

I found this thread that might help, it was for the other version konboot, it may work for this

http://www.sarducd.i...-boot-t274.html

#6 c0rt3x

c0rt3x

    Newbie

  • Deactivated
  • 25 posts
  •  
    Germany

Posted 10 July 2012 - 08:17 PM

"worked on win 7 64 bit."

Really? ôO

Thats interresting - as it actually does not contain any 64bit specific binary patches...


The ConBoot boot CD-ROM iso image file is based upon the rarely used hard disk emulation boot method. This might be the reason why it might cause compatibility problems when booted indirectly with bootloaders like GRUB4DOS.

Try to boot it from CD directly or test it in a virtual machine - which both should work.


Anyway I probably will soon release a new version here which will use the more common floppy disk emulation boot method.
I guess this will solve the boot loader compatibilty issues.

#7 sirgalahadcm

sirgalahadcm
  • Members
  • 1 posts
  •  
    United States

Posted 11 July 2012 - 03:27 PM

Once booted does it restore the original "msv1_0.dll" so there is no trace that any modification or access was made? If not, this should be added.

#8 vander

vander
  • Members
  • 2 posts

Posted 11 July 2012 - 08:50 PM

...
The main advantage compared to similar tools like KonBoot, NTPWEdit, or WinGate is that once you boot it everything else works automatically and invisibly.
...


Umh... What is the advantage compared with KonBoot again, works automatically and invisible after boot ... sounds exactly like KonBoot to me?
How did u mean this?

@alochet
Btw, the whole procedure(booting MSDos7, loading NTFS driver, finding windows installation(which one if there is more than one?), replacing system dll with a patched one, starting via grub, all this is starting faster than KonBoot? I wonder how this should be possible, since KonBoot just start and loading a binary memory patch. Maybe it has some start delay for the text output, this might slow it down.

Guess I have to give it a try to see by myself, but the lack of Win7 compatibility (word from the author) make it pretty much useless for me.

#9 tismon

tismon
  • Members
  • 7 posts
  •  
    United States

Posted 11 July 2012 - 10:45 PM

This is great that there's a new tool being worked on, but I'm with sirgalahadcm. Is this a silent tool that possibly backs up the original before replacing and then restores somehow? If I understand how this one works, it replaces the dll via a script before loading windows via grub4dos and has nothing running along with windows. And I'm guessing that the dll has to still be in place while windows is running to be of any use. If this is the case, a second step would be needed to allow this process to be undone.

It could potentially operate like this:
Load MSDOS
Detect version
Copy msv1_0.dll to say C:conbackup with hidden attributes
Replace with patched version
Load grub4dos to load windows
Use normally

A second utility (or a second entry in a menu):
Load MSDOS
Replace msv1_0.dll from C:conbackup
Delete C:conbackup
Exit

Seems simple enough, but I'm sure that there may be more than this going on. Either way, thank you for your work so far. It has not gone unnoticed and is very much appreciated.

#10 ds2011

ds2011
  • Members
  • 6 posts
  •  
    Germany

Posted 12 July 2012 - 07:44 AM

Hi,
i use GRUB4DOS 0.4.4 to boot this ISO.

with the example from alochet

title ConBoot
ls /ConBoot.iso || find --set-root /ConBoot.iso
map --heads=0 --sectors-per-track=0 /ConBoot.iso (0xff) || map --heads=0 --sectors-per-track=0 --mem /ConBoot.iso (0xff)
map --hook
chainloader (0xff)


But i get this error:

Page Fault: cr2=00400000 at eip:419; flage 3206
...
...
bad command or filename
R:>


i looks like the tool: 7zdec.exe do crash
an the file: ram.7z i do not found on device: R:

Edited by ds2011, 12 July 2012 - 07:48 AM.


#11 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,407 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 12 July 2012 - 07:49 AM

Try latest version of grub4dos - overwrite your grldr file

#12 ds2011

ds2011
  • Members
  • 6 posts
  •  
    Germany

Posted 12 July 2012 - 08:02 AM

the same error with grub4dos 0.4.5c

if i burn the iso to a cd-r
and try to boot, only a black screen with a withe cursor but nothing happens
(on the harddisk ist a windows 7)

Edited by ds2011, 12 July 2012 - 08:06 AM.


#13 tismon

tismon
  • Members
  • 7 posts
  •  
    United States

Posted 12 July 2012 - 11:30 AM

I haven't tried it yet myself, but I'm sure that this question will come up.
Is the cursor moving around at all like on the video or is it just hanging there in the top left?

#14 ds2011

ds2011
  • Members
  • 6 posts
  •  
    Germany

Posted 12 July 2012 - 11:44 AM

hanging there in the top left?

i build a floppy-disk-image based on freeDOS

http://www.7ups.net/...conboot_dsk.IMA

but it did not work, only a black screen after loading the RAMDRIVE

Edited by ds2011, 12 July 2012 - 11:49 AM.


#15 tismon

tismon
  • Members
  • 7 posts
  •  
    United States

Posted 12 July 2012 - 11:57 AM

Just your standard blinking cursor.

Do you have an XP machine to test the floppy version on? I wonder if it is because it doesn't support 7 yet despite the title.
I really need to make some time to play with this. :smiling9:

#16 Michele13

Michele13

    Frequent Member

  • Tutorial Writer
  • 164 posts
  •  
    Italy

Posted 12 July 2012 - 12:54 PM

Once booted does it restore the original "msv1_0.dll" so there is no trace that any modification or access was made? If not, this should be added.


I have the same question :)

#17 ds2011

ds2011
  • Members
  • 6 posts
  •  
    Germany

Posted 12 July 2012 - 01:22 PM

now a litte step forward

http://www.7ups.net/...MEH6TY/test.IMA

i get a grub prompt

but the OS from DISK is not booting

Edited by ds2011, 12 July 2012 - 01:23 PM.


#18 injsu8ss

injsu8ss
  • Members
  • 7 posts
  •  
    United States

Posted 12 July 2012 - 03:17 PM

Can you make it available on a website that wants to make sign up for an account.
If you program is free, please find a way to bypass all the nonsesnse.
Mt anti-virus blocks the link to the website posted by you for the doanload.

#19 AMK

AMK

    Member

  • Members
  • 34 posts
  •  
    Tanzania

Posted 13 July 2012 - 01:56 PM

Does anybody else's antivirus detect the download link as a Malware?

Avast AntiVirus detects:

Infection: URL:Mal

:dubbio:

#20 TrywareDk

TrywareDk

    Newbie

  • Members
  • 26 posts
  •  
    Denmark

Posted 13 July 2012 - 07:54 PM

replaces msv1_0.dll with a patched one in order to disable all password checks.


It's useless unless the original msv1_0.dll is automatically restored, when you logoff again after using ConBoot

#21 c0rt3x

c0rt3x

    Newbie

  • Deactivated
  • 25 posts
  •  
    Germany

Posted 16 July 2012 - 08:35 AM

What did you exspect regarding Antivirus? That they confirm it as safe? :D


Note that the release above is actually only an alpha version build.
And yes a backup is created but not restored automatically yet.
But this was a very good idea indeed. =)

#22 tismon

tismon
  • Members
  • 7 posts
  •  
    United States

Posted 17 July 2012 - 01:13 AM

Hmm, well, profile status seems to be deactivated now. Dang, and this was starting to get interesting.

I've finally tried the original iso in a virtual win7 just to see what would happen and all that I get is an I/O disk error. Is that what anyone else gets? Perhaps its because it is virtual, but I doubt it.

#23 USBcarrierScott

USBcarrierScott
  • Members
  • 1 posts
  •  
    United States

Posted 18 July 2012 - 05:18 AM

Well thank you for putting all your effort into this c0rt3x. I know this will REALLY take off. Great job! Cant wait...

Scott

#24 ToRiaLai WaZiRy

ToRiaLai WaZiRy
  • Members
  • 1 posts
  • Location:Kabul
  •  
    Afghanistan

Posted 24 July 2012 - 01:52 PM

ConBoot Download Link (http://www.7ups.net/.../ConBoot-0.5.7z) is not safe!
Scan with Avast, AVG Online Virus Scanner or just click on this URL:
http://www.avgthreat.../www.avg.com.au

#25 c0rt3x

c0rt3x

    Newbie

  • Deactivated
  • 25 posts
  •  
    Germany

Posted 25 July 2012 - 03:09 PM

UPDATE: ConBoot v0.6


Changes:

- Uses now 1.44 MB floppy disk emulation for the boot CD iso. (This should improve compatibility with buggy BIOSes and boot loaders)
- Seperate 1.44 MB floppy disk image included (for Grub4Dos / USB Booting)
- UNDO Function:
  • Boot it once: Windows password protection disabled.
  • Boot it twice: Changes are undone.
Download:

http://firstcode-sof...ConBoot_v0.6.7z

NOTE: The archive is encrypted! pwd = "c0nb00t_v0.6" (without quotes)

Enjoy!