«
»

Windows Vista 64-bit Driver Signing/PatchGuard Workaround

I’ve been sitting on this one for a while (over a year), awaiting confirmation of a final key component in the procedure, but I’ve now been able to test my method.
I will be spending tomorrow finishing up the paper and exploit code on my test Virtual PC image. Before you get all excited, please keep in mind this is a local, administrative-account-required workaround for the driver-signing requirement in Vista 64-bit and has no security implications what so ever.

Since I wasn’t able to get a working POC until now, I haven’t made a lot of noise about it… if I get it working right tomorrow, I will probably send a little note to Microsoft to make sure they don’t go medieval on my ass — it has zero customer impact so I don’t think they will, but I apologize if I’ll have to can it.

This entry was posted on Wednesday, January 17th, 2007 at 12:37 am and is filed under Coding and Reversing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Windows Vista 64-bit Driver Signing/PatchGuard Workaround”

  1. mgambrell says:
    January 29, 2007 at 3:05 pm

    Right on, brother, and well done. I’m tired of hitting F8 on my vista machine and eagerly await your specific workaround. And I will enjoy watching the ripples ^_^

  2. Duo315 says:
    January 29, 2007 at 7:12 pm

    Hey Alex,

    This is how you should do it. Tell Microsoft. Then tell them that they pay you a (large) sum of money and they pay you for the training of their staff at $5,000 a day. In return you don’t post the exploit and you make a large some of money and don’t get sent to jail if that’s what your afraid of.

    Duo

  3. Operativsystem » Blog Archive » DRM till Vista knäckt, kopieringsskyddet satt ur spel says:
    January 29, 2007 at 7:35 pm

    [...] Den kanadensiska forskaren Alex Ionescu hävdar att han framgÃ¥ngsrikt satt det mycket diskuterade (och kritiserade) DRM-skyddet i Windows Vista ur spel. Systemet ‘Protected Media Path’ (PMP) som hanterare DRM-skyddat material kan manipuleras efter att man först knäcker mekanismerna för drivrutiner, PatchGuard. Alex är rätt nervös för de juridiska konsekvenserna men kommer ändÃ¥ att publicera ett Proof-of-Concept under de kommande dagarna. (Via slashdot [...]

  4. DRM do Vista crackeada por pesquisador de segurança « Terramel says:
    January 29, 2007 at 10:14 pm

    [...] DRM do Vista crackeada por pesquisador de segurança O pesquisador de segurança Alex Ionescu afirma ter quebrado com sucesso a tão discutida proteção DRM do Windows Vista, chamada de Protected Media Path (PMP), que é designada para seriamente degradar a qualidade de qualquer vídeo ou áudio rodando em sistemas com componentes de hardware não aprovados explicitamente pela Microsoft. A quebra da proteção DRM foi conseguida quebrando a Assinatura de Driver / Proteção PatchGuard no novo sistema operacional. Alex está preocupado com o que um exército de advogados armados com leis de copyright draconianas poderia fazer com ele caso os detalhes fossem divulgados. [...]

  5. Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography) says:
    January 30, 2007 at 2:15 pm

    Vista DRM Cracked by Security Researcher.

  6. DenisO » Архив блога » Снятие защиты Windows Vista (DRM) - с этим справился школьник! says:
    February 5, 2007 at 3:55 pm

    [...] Windows Vista 64-bit Driver Signing/PatchGuard Workaround [...]

Leave a Reply

You must be logged in to post a comment.