A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #28371  by kz丶cn
 Fri Apr 22, 2016 3:21 pm
Hello,KernelMode.info
The following English translation from Google:
Thanks fyyre the bootloader v2, I use a method which was destroyed patchGruad, but did not crack the drive load signature (DSE), the success of my own research after cracks, will now talk about the method, it may be obsolete, since when I entertainment from the music, and just to exchange two strings SeInitializeCodeIntegrity under, and then create a boot when using bcdedit -set% ENTRY_GUID% testsigning 1, here is our patch trigger point, not really test mode, thanks again fyyre, God V (who is this? ha ha)
Image
Image
Image
Image

China:
感谢fyyre的bootloader_v2,我使用里面的方法废掉了patchGruad,但并没有破解驱动加载签名(DSE),我自己研究后成功破解,现在将方法说一说,可能已经过时了,就当我自娱自乐了,只需要将SeInitializeCodeIntegrity下的两个字符串交换,然后在创建引导的时候使用bcdedit -set %ENTRY_GUID% testsigning 1 ,这里只是触发我们的patch点,并不是真的测试模式,再次感谢fyyre,God V(这是谁?哈哈)
 #28389  by TSION
 Sun Apr 24, 2016 3:58 pm
kz丶cn wrote:Hello,KernelMode.info
The following English translation from Google:
Thanks fyyre the bootloader v2, I use a method which was destroyed patchGruad, but did not crack the drive load signature (DSE), the success of my own research after cracks, will now talk about the method, it may be obsolete, since when I entertainment from the music, and just to exchange two strings SeInitializeCodeIntegrity under, and then create a boot when using bcdedit -set% ENTRY_GUID% testsigning 1, here is our patch trigger point, not really test mode, thanks again fyyre, God V (who is this? ha ha)
kz\cn from your translated post it seems your trying to bypass Driver Signature Enforcement :mrgreen: I'll try to address your question to the best of my ability, to bypass DSE one method that I pubilicly know of is to use older/1-day exploits to bypass DSE for more information on this method link down below.

http://www.powerofcommunity.net/poc2012/mj0011.pdf
Last edited by EP_X0FF on Mon Apr 25, 2016 8:04 am, edited 1 time in total. Reason: overquote removed
 #28392  by kz丶cn
 Mon Apr 25, 2016 7:18 am
TSION wrote:
kz丶cn wrote:Hello,KernelMode.info
The following English translation from Google:
Thanks fyyre the bootloader v2, I use a method which was destroyed patchGruad, but did not crack the drive load signature (DSE), the success of my own research after cracks, will now talk about the method, it may be obsolete, since when I entertainment from the music, and just to exchange two strings SeInitializeCodeIntegrity under, and then create a boot when using bcdedit -set% ENTRY_GUID% testsigning 1, here is our patch trigger point, not really test mode, thanks again fyyre, God V (who is this? ha ha)
kz\cn from your translated post it seems your trying to bypass Driver Signature Enforcement :mrgreen: I'll try to address your question to the best of my ability, to bypass DSE one method that I pubilicly know of is to use older/1-day exploits to bypass DSE for more information on this method link down below.

http://www.powerofcommunity.net/poc2012/mj0011.pdf

You misunderstood my meaning, I this article to solve the win8 drive signature restrictions, fyyre provide the document is not resolved, I came here to add, as expected, translation is not very reliable, I still have to learn English
Last edited by EP_X0FF on Mon Apr 25, 2016 8:04 am, edited 1 time in total. Reason: overquote removed