Windows Vista 64-bit Driver Signing/PatchGuard Workaround

I’ve been sitting on this one for a while (over a year), awaiting confirmation of a final key component in the procedure, but I’ve now been able to test my method.
I will be spending tomorrow finishing up the paper and exploit code on my test Virtual PC image. Before you get all excited, please keep in mind this is a local, administrative-account-required workaround for the driver-signing requirement in Vista 64-bit and has no security implications what so ever.

Since I wasn’t able to get a working POC until now, I haven’t made a lot of noise about it… if I get it working right tomorrow, I will probably send a little note to Microsoft to make sure they don’t go medieval on my ass — it has zero customer impact so I don’t think they will, but I apologize if I’ll have to can it.

6 Responses to “Windows Vista 64-bit Driver Signing/PatchGuard Workaround”

  1. mgambrell says:

    Right on, brother, and well done. I’m tired of hitting F8 on my vista machine and eagerly await your specific workaround. And I will enjoy watching the ripples ^_^

  2. Duo315 says:

    Hey Alex,

    This is how you should do it. Tell Microsoft. Then tell them that they pay you a (large) sum of money and they pay you for the training of their staff at $5,000 a day. In return you don’t post the exploit and you make a large some of money and don’t get sent to jail if that’s what your afraid of.


  3. [...] Den kanadensiska forskaren Alex Ionescu hävdar att han framgÃ¥ngsrikt satt det mycket diskuterade (och kritiserade) DRM-skyddet i Windows Vista ur spel. Systemet ‘Protected Media Path’ (PMP) som hanterare DRM-skyddat material kan manipuleras efter att man först knäcker mekanismerna för drivrutiner, PatchGuard. Alex är rätt nervös för de juridiska konsekvenserna men kommer ändÃ¥ att publicera ett Proof-of-Concept under de kommande dagarna. (Via slashdot [...]

  4. [...] DRM do Vista crackeada por pesquisador de segurança O pesquisador de segurança Alex Ionescu afirma ter quebrado com sucesso a tão discutida proteção DRM do Windows Vista, chamada de Protected Media Path (PMP), que é designada para seriamente degradar a qualidade de qualquer vídeo ou áudio rodando em sistemas com componentes de hardware não aprovados explicitamente pela Microsoft. A quebra da proteção DRM foi conseguida quebrando a Assinatura de Driver / Proteção PatchGuard no novo sistema operacional. Alex está preocupado com o que um exército de advogados armados com leis de copyright draconianas poderia fazer com ele caso os detalhes fossem divulgados. [...]

Leave a Reply

You must be logged in to post a comment.