#1
|
|||
|
|||
TS-Fucker
Whats up folks,
this a known technique, still I'm sure you'll find some usefull code in my project. TS-Fucker will force your machine into TestSigning Mode without having to restart the machine. Theres a nice Symbol available in CI.dll - kernel module that makes this possible. Its just one nibble that needs to be changed. Code will download symbol file for CI.dll and with that get the Offset. So it will work on all versions that havent yet blocked dbutil.sys vulnerable driver. (except Win11 with or without vbs??? I've got told, but for whom is interested I can share an article that shows how to get around it for win11) https://github.com/Flerov/TS-Fucker Last edited by vitriol; 04-01-2023 at 22:47. |
The Following User Gave Reputation+1 to vitriol For This Useful Post: | ||
sh3dow (04-03-2023) |
#2
|
|||
|
|||
How is this different from using Poweshell?
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1" I don't have access to the attached file, and the reason I am asking. |
The Following User Says Thank You to Stingered For This Useful Post: | ||
niculaita (04-02-2023) |
#3
|
|||
|
|||
I added link to my GitHub so you can try it out. I have no Idea how to make the Attachment open for registered users.
But to come to your question, you are talking about something different. As far as I know the Reg-Entry you posted is to enable App Development without needing a Developer License. My code will put your Machine into TestSigning Mode (take a read here: ) usually you do this by issuing this command in an elevated CMD: bcdedit /debug on Thus enabling TestSigning-Mode and making the Machine open for Remote Kernel Debugger Connections such as through WinDbg. Enabling this mode requires you to restart your System. Then you will be able to load Drivers (.sys) files without a by microsoft issued license. My Patch will put your Machine into TestSigning-Mode at runtime, so you will be able to load unsigned kernel drivers without a license and without having to reboot the machine... |
#4
|
|||
|
|||
Quote:
|
#5
|
|||
|
|||
I would be also interested in the win 11 version, please.
PS: I see the hack changed the g_CiOptions I was under the impression that in recent windows versions this value is guarded by the patch guard, so changing it and leaving it changed will result in a BSOD sooner or later. Was this hack testes for its long therm stability? Last edited by DavidXanatos; 04-02-2023 at 05:06. |
The Following User Gave Reputation+1 to DavidXanatos For This Useful Post: | ||
user1 (03-26-2024) |
#6
|
|||
|
|||
Here folks check this out
https://blog.xpnsec.com/gcioptions-in-a-virtualized-world/ When I have some time again I will also add it to my projects code. And yes it can definitly trigger PG though I tested it on my Machine for days and didnt crash. I am also trying to find a way to disable PatchGuard, I'm currently resetting KTIMERs and next I'm trying to patch some bugcheck-functions though I'm completly stuck on there have some problems with patching ie KiRaiseSeucurityCheckFailure from my exploit code so dunno if that would be suffienct to handle PG |
Thread Tools | |
Display Modes | |
|
|