PassPass - Bypass the Password

[HolmesSherlock]

Meet PassPass (Bypass the Password), a nifty Grub4DOS batch script to disable/re-enable Windows logon password validation. Credit (as well as dis-credit) is to be equally shared between jaclaz and Holmes.Sherlock for the idea and coding respectively. We appreciate any success/failure report mentioning the following:

• Windows version (e.g. XP, Vista, 7)
• Architecture (e.g. 32-bit/64-bit)
• msv1_0.dll version (e.g. 6.1.7600.16525) along with MD5 checksum, if possible

Technical details: The script tries to locate all existing Windows installations and corresponding Windows editions as well. Thereafter, it replaces the CMP instruction responsible for password verification with a 'benign' sequence of bytes. For reverting back the changes, the process is just the opposite. The whole idea is derived from WindowsGate and Astr0baby's tutorial.
Usage:

• Install Grub4DOS. You may prefer using RMPrepUSB. Script tested with Grub4DOS v0.4.5c-2013-03-03.
• Download grubutils and copy WENV binary on the root of the boot media. Script tested with grubutils-2011-06-27.
• Copy PassPass.g4b and menu.lst on the root of the boot volume.
• Boot.
• Ideally 'Autodetect' mode should be able to list out all existing Windows installation. For buggy BIOS-es, try appropriate <Disk#> and <Partition#> to 'Forcedetect' Windows installations.
• Choose either 'Patch' or 'Unpatch' respectively for disabling/re-enabling password verification.
• Reboot and boot into target Windows.

Credits:

• jaclaz - For ideas, code snippets, information. The script embeds his DLL version detection script.
• Ectomorph a.k.a. Damian Bakowski - For his 'unannounced' patch for 32-bit version of msv1_0.dll.
• Astr0baby - For his reversing tutorial

Download: http://www.sherlock....s-the-password/

Development: https://code.google....pts/source/list

Edited June 3, 2013 by HolmesSherlock

[roman2018]

PassPass is a new tool and it can't compete with PCUnlocker currently. But PassPass is free and it should attract more attentions in future. Keep up your work!

[MrJinje]

Sounds cool. Will have to check this out and report back.

[jaclaz]

PassPass is a new tool and it can't compete with PCUnlocker currently.

Oh, yes it can .

Whether it will win or not, that's another thing .

The important thing in life is not victory but combat; it is not to have vanquished but to have fought well.

I find strangely "queer" that someone joins a board only to mention how a specific Commercial tool is "better".

Particularly because nothing but a bootable PE of *any kind* (with no added tool of any kind) is needed to reset a Windows password.

Needing (or supporting) a 30 Mb+ piece of bloat (payed for - additionally) to do something that can be done with a tool that anyone should have (a suitable bootable PE or the OS install CD/DVD/USB) seems to me like overkill.

And I won' t even touch the topic of re-distributing non-redistributable MS files or distributing GNU licensed software (Syslinux/Memdisk) without providing the License nor the source code.

And BTW, a minimal PE will have quite a few issues in booting and accessing a largish number of SATA hard disks equipped PC's.

But PassPass is free and it should attract more attentions in future. Keep up your work!

Will do, rest assured.

jaclaz

[jaclaz]

Just to keep the topic updated, PassPass now works also with Windows 8.1 (thanks Steve6375) and boulcat made an AutoIt version that can run in a PE (thus can be used also on UEFI machines that have not CSM/BIOS mode).

 

Link remains valid:

http://www.sherlock.reboot.pro/passpass-bypass-the-password/

 

To discuss/troubleshoot/whatever the AutoIt version PEPassPass, topic is here:

http://reboot.pro/topic/20045-pepasspass/

 

jaclaz

[dencorso]

[...] boulcat made an AutoIt version that can run in a PE (thus can be used also on UEFI machines that have not CSM/BIOS mode).

 

Would you please be so kind as to elaborate some more on why PEPassPass is needed? 

[jaclaz]

The "normal" PassPass is a grub4dos batch script.

Grub4dos needs BIOS services.

Some motherboards may have NOT a choice in their firmware to switch from UEFI to CSM (Compatibility Support Mode, aka BIOS).

 

As explained here:

http://reboot.pro/topic/18588-passpass-bypass-the-password/?p=187362

the grub4dos solution (where applicable) is more "elegant" because you boot, run the script, then continue booting, while the PE approach implies that you boot to the PE, run the tool, then reboot to the installed OS. 

 

Of course the choice of an AutoIt script to be run in a PE is arbitrary, as long as you boot *any* OS that has access to the internal installed OS disk, anything would do, batch, bash, DOS, Linux, etc.

 

jaclaz

 

 

P.S.: a manual on the use of PEPassPass has been in the meantime published, here :

http://reboot.pro/topic/20045-pepasspass/?p=187579

Edited September 18, 2014 by jaclaz