Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-29-2021, 06:09
isdebuggerpresent isdebuggerpresent is offline
Friend
 
Join Date: Nov 2017
Posts: 10
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 8 Times in 5 Posts
isdebuggerpresent Reputation: 1
Windows 11: TPMs and Digital Sovereignty

https://secret.club/2021/06/28/windows11-tpms.html

There is a concern that Microsoft wants to lock down and control the whole PC platform with their Windows 11 TPM requirement.

What do you think?
Reply With Quote
  #2  
Old 06-29-2021, 08:02
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 618
Rept. Given: 17
Rept. Rcvd 41 Times in 25 Posts
Thanks Given: 566
Thanks Rcvd at 926 Times in 423 Posts
chants Reputation: 41
Linux is still a viable alternative. But I have been saying for years to enjoy unrestricted access to your PC because it will go away at some point. Fortunately there are techniques to recover the TPM keys but they are laboratory equipment level and require advanced tools.

This is just the first step. Wait until the hardware refuses to boot a non-approved signed OS. Even Linux will fall in line at some point or only run on inferior hardware.

The Wild West of PC and internet freedom are coming to a fast end. And year by year we literally witness this demise.

On the bright side, reversing skills will be in higher demand and perhaps unlocking techniques will become quite profitable. Lab equipment is expensive, it would be nice if labs would rent equipment or the whole laboratory space for periods of time. Otherwise, it would certainly be nice to be good friends with such a technician
Reply With Quote
  #3  
Old 06-29-2021, 10:25
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 344
Rept. Given: 25
Rept. Rcvd 110 Times in 54 Posts
Thanks Given: 49
Thanks Rcvd at 584 Times in 233 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Microsoft has confirmed already that you can install without the proper TPM setup but "it may not work as expected". Would assume it'd prevent things like additional sign-in options with NFC tags/cards, bio data (ie. fingerprints) and so on to not work as before. As well as probably not allowing drive encryption to work anymore.

Outside of that though, people already bypassed a lot of the installers other limitations for hardware requirements by just altering the ISO with Windows 10's installer media files for certain things. It'll fix the checks it has for other junk and allow you to install regardless.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #4  
Old 06-29-2021, 14:33
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 156
Rept. Given: 17
Rept. Rcvd 129 Times in 37 Posts
Thanks Given: 42
Thanks Rcvd at 255 Times in 58 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
What can you do with Windows 10 or 11 and can't do with Windows 7 ?

Regardless of the stupid "This software requires Windows 10" message that I see more these days
for unreasonable reasons, for example I had a software running like a charm for years on Windows 7, then the developers decided to use python 3.9 with the software which for unknown reasons doesn't work on Windows 7 !

I still can't see why people should always upgrade to the latest OS just because it has some new themes and wallpapers.
Reply With Quote
The Following User Says Thank You to Kurapica For This Useful Post:
niculaita (06-29-2021)
  #5  
Old 06-29-2021, 15:01
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 344
Rept. Given: 25
Rept. Rcvd 110 Times in 54 Posts
Thanks Given: 49
Thanks Rcvd at 584 Times in 233 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Most of the forced attempts at getting people to upgrade have just been for a means of new monetization. Since Windows 10 is 'free', Microsoft's goal was to get as many people onto it as possible to collect telemetry data instead, which is worth way more than the typical $100 for the OS.

This is generally done with misleading advertisements saying that systems 'cant' support Windows 10 when they perfectly can. For example, Microsoft added installer blocks to the OS's to try and force people to use Windows 10 on newer processors in a deal with Intel. So any chip that was made more recently would get an unsupported error and be 'forced' into using Windows 10. (The community has since made patches to get around this nonsense and allow older installs again.)

However, in that same deal, a lot of hardware manufacturers are in agreement to no longer make drivers for anything prior to Windows 10 on newer devices/hardware.

They also attempted to prevent certain frameworks/libraries from working on past versions of Windows or refused to update things further than a certain point to try and limit what people can do if they are still on Windows 7. (ie. Some games won't run by default, DirectX 12 isn't supported natively, newer .NET Frameworks aren't supported, etc. but all have varying community patches to allow/run etc.)

Ultimately, comes down to the user and what they feel is worth the effort to deal with all the workarounds required to keep using older operating systems. Windows 11 has already tried to do a similar tactic to force people into buying new hardware again with a non-legit requirement of newer CPUs and a TPM 2.0 module, both of which are not actually required.

It's doing nothing but creating more e-waste at the expense of the customer only, just to line the pockets of all involved in the agreements to try and get people to buy newer generation hardware. It's basically them creating forced obsolescence to keep people spending money. Who knows how much new telemetry shit is baked into Windows 11 too.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following 2 Users Say Thank You to atom0s For This Useful Post:
Kurapica (06-29-2021), Pushad (07-19-2021)
  #6  
Old 06-29-2021, 15:21
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 282
Rept. Given: 104
Rept. Rcvd 62 Times in 40 Posts
Thanks Given: 132
Thanks Rcvd at 171 Times in 82 Posts
deepzero Reputation: 63
Unfortunately, locked down hardware and appstores are in the convenience interest of both companies and most standard customers.
Well, it was fun while it lasted!
Reply With Quote
  #7  
Old 06-29-2021, 19:36
user_hidden user_hidden is offline
Family
 
Join Date: May 2016
Posts: 99
Rept. Given: 0
Rept. Rcvd 13 Times in 10 Posts
Thanks Given: 142
Thanks Rcvd at 183 Times in 70 Posts
user_hidden Reputation: 13
How to install Windows 11 without TPM 2.0 and Secure Boot

language=Russian
Code:
https://tunecom.ru/windows-11/993-ustanovit-windows-11-bez-tpm.html
google translate to English
Code:
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Ftunecom.ru%2Fwindows-11%2F993-ustanovit-windows-11-bez-tpm.html
bypass.zip
Code:
https://tunecom.ru/uploads/files/2021-06/Bypass.zip
Reply With Quote
  #8  
Old 06-29-2021, 22:18
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 504
Rept. Given: 104
Rept. Rcvd 13 Times in 12 Posts
Thanks Given: 151
Thanks Rcvd at 186 Times in 122 Posts
bolo2002 Reputation: 13
Quote:
Originally Posted by user_hidden View Post
How to install Windows 11 without TPM 2.0 and Secure Boot

language=Russian
Code:
https://tunecom.ru/windows-11/993-ustanovit-windows-11-bez-tpm.html
google translate to English
Code:
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Ftunecom.ru%2Fwindows-11%2F993-ustanovit-windows-11-bez-tpm.html
bypass.zip
Code:
https://tunecom.ru/uploads/files/2021-06/Bypass.zip

Thanks for the info but why implement TMP 2 secureboot that anyone can disable with a registry keys?it will be be removed on final or updated version for sure.
__________________
I like this forum!
Reply With Quote
  #9  
Old 06-29-2021, 22:22
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 504
Rept. Given: 104
Rept. Rcvd 13 Times in 12 Posts
Thanks Given: 151
Thanks Rcvd at 186 Times in 122 Posts
bolo2002 Reputation: 13
Quote:
Originally Posted by atom0s View Post
....(ie. Some games won't run by default, DirectX 12 isn't supported natively, newer .NET Frameworks aren't supported, etc. but all have varying community patches to allow/run etc.)
You know a method to run games win10 only that require dx12 on win8 by example?
thanks by advance.
__________________
I like this forum!
Reply With Quote
  #10  
Old 06-30-2021, 02:45
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 344
Rept. Given: 25
Rept. Rcvd 110 Times in 54 Posts
Thanks Given: 49
Thanks Rcvd at 584 Times in 233 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by bolo2002 View Post
You know a method to run games win10 only that require dx12 on win8 by example?
thanks by advance.
This is one of the methods that people were sharing/discovered a while back. This works by attempting to block the DX12 DWM check that MS added to try and prevent things from running DX12 if an older OS is detected. (I cannot confirm these files work or are safe, use with caution and test in a VM etc.)

Code:
https://www.youtube.com/watch?v=HGuQ4SZVSWc&ab_channel=Jaguarek62
Keep in mind this may also require some additional work to the specific app/game too though depending on how its compiled and what libraries it uses. They may compile against a runtime that is designed for Windows 10 and has Win10 only API that you will either need to remove/bypass/emulate/etc. as well. They may also add their own checks for which OS is currently present to try and limit the game from running.

As an example, here is a project of mine that bypasses an application's limitation from running on anything but Windows 10. This is for Elgato's StreamDeck hardware/software. Elgato has the installer limited to only work on Windows 10 and also prevents the app from running properly in multiple ways. They attempt to block the app from working if it does not see its on Windows 10, it also does not show any plugins in the available list based on the OS information.

This is limited based on them using a newer version of Qt that is made for Windows 10 and also has its own code in place to check for a Windows 10 machine and not work for anything else.

My project emulates some of the API calls to fake which info is returned to make the software assume its Windows 10 and so on.

Code:
https://github.com/atom0s/ElgatoLegacy
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following 2 Users Gave Reputation+1 to atom0s For This Useful Post:
bolo2002 (06-30-2021), Kurapica (06-30-2021)
  #11  
Old 06-30-2021, 03:33
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 618
Rept. Given: 17
Rept. Rcvd 41 Times in 25 Posts
Thanks Given: 566
Thanks Rcvd at 926 Times in 423 Posts
chants Reputation: 41
Usually MS always tries to make complicated API and programming details with incompatibilities to justify and force these issues. And other projects like QT having special Win10 builds, etc. The changes are superficial or trivial, but it creates forward compatibility issues.

You have to wonder how many "features" are just forward compatibility tricks to force new DRM into Windows. Like atom0s says, emulating a lot of this is usually possible, depending on how well the complicated it. Probably a reason they redid the video card model in Win10 as well.

I imagine they will leave the TPM 2 stuff disable-able for testing, as putting in that requirement and the processor requirements would dramatically reduce the quality of the testing. They will probably initially release even with it easily able to be removed. Then after a year when enough people switch to Windows 11, they will enforce it. Microsoft usually does things slowly and steadily, not all dissimilar to the way powerful clever governments erode power from the people inch by inch over a drawn out period of time. But everyone sees the writing on the wall.

I'll probably stick with Windows 10 as long as possible, so long as it is under support at least.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
uranus64 (07-03-2021)
  #12  
Old 06-30-2021, 22:51
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 504
Rept. Given: 104
Rept. Rcvd 13 Times in 12 Posts
Thanks Given: 151
Thanks Rcvd at 186 Times in 122 Posts
bolo2002 Reputation: 13
Quote:
Originally Posted by chants View Post
... Then after a year when enough people switch to Windows 11, they will enforce it.
Oh yes probably,i didn't thought about this point,let the pc world install win11 ,despite them and when million users are using it(infected) then switching off ability to remove TMP
__________________
I like this forum!
Reply With Quote
  #13  
Old 07-01-2021, 11:33
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 344
Rept. Given: 25
Rept. Rcvd 110 Times in 54 Posts
Thanks Given: 49
Thanks Rcvd at 584 Times in 233 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
For the time being, it looks like Microsoft is 'somewhat' listening to the backlash in regards to the requirements, specifically the TPM 2.0 requirement for Windows 11. The new insider build has the requirement removed for now but they tried to justify its use in a new blog post. However, I think the post really helps show how out of touch they are in regards to why they are trying to require it in the first place with quotes like this:

Quote:
Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices.
Which implies anyone/everyone with Windows 8.1/10 that had support for thos stuff used it. Can't say I would even agree to them saying that 60% of the users on Windows 10 make use of things like Windows Hello or even have a device capable of doing it. Let alone using things like drive encryption or similar. General home users aren't using these things, or even know how to use them most of the time.

New requirements are listed here for now along with their reasonings behind them:
Code:
https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/
Given that all of these dumb requirements can already be bypassed pretty easily, and will continue to be bypassed, it wont do anything in a positive manner besides having people look for means/methods of getting around the dumb nonsense they want to try to force. For example, other requirements they wanted to push is that Windows Hello (and in turn an HD web camera) are required by any partner OEM that plans to ship new laptops with Windows 11 pre-installed.

Stuff like this being on-by-default and used by non-computer literate people just means more telemetry data for MS to collect and bank off of. Their requirements aren't made for security, or stability, it's entirely based around money.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
Kurapica (07-01-2021)
  #14  
Old 07-03-2021, 05:18
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 125
Rept. Given: 1
Rept. Rcvd 29 Times in 20 Posts
Thanks Given: 40
Thanks Rcvd at 268 Times in 84 Posts
DavidXanatos Reputation: 29
Quote:
Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices.
I'm, sure this 60% value is BS that's not possible most people will never benefit form TPM or secure boot.
Reply With Quote
  #15  
Old 07-04-2021, 12:16
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 344
Rept. Given: 25
Rept. Rcvd 110 Times in 54 Posts
Thanks Given: 49
Thanks Rcvd at 584 Times in 233 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by DavidXanatos View Post
I'm, sure this 60% value is BS that's not possible most people will never benefit form TPM or secure boot.
Yeah, it's more of Microsoft doing their typical 'buzzword' fear-mongering approach to advertisement. Scare the boomers with scary words that sound important and release a tool at the same time to induce fake panic to get people to go out and buy new hardware. It's a win/win for Microsoft and its partners. Partners sell more hardware that comes pre-installed with Windows 10 (in a ready-to-upgrade state) or now with 11, which in turns feeds Microsoft with all the new telemetry customers that they'll gain.

Would personally bet that they have no actual data to back up those numbers and base it on a large sample of bias data.

The main places that would even benefit from things like TPM 2.0, secure boot, full drive encryption, etc. are major companies/corps. that half the time are still running things like XP or Win7 because they wont spend the money to upgrade their backends to anything newer. A lot of them also do not want Win10 spying on their internal information/trade secrets, regardless of how many times MS wants to claim they aren't 'spying' on that kind of info.

Home users have literally no interest in those features for the 99%. The 1% are the nerd/neckbeards that have homelabs and think their side hobbies are targeted by foreign hackers lol. If they had real numbers to back up their claims, they'd share and post them, but instead like every other company that lies, they just throw out articles that try to fear people into upgrades.
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 14:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )