Is there a signature file for windows 10 online account?

[cofarmer]

Like the title, some body have ideas?

[ufrisk]

No, there is not, not right now at least.

I'll have some major updates on my way; that is still some time away. After that I'll have to check out this to see if I can come up with something.

Or if anyone else already have it?

[KrinalPatel889]

@ufrisk Any progress on MS online account bypass signature? It is very intresting feature.

[ufrisk]

Hm, I kinda forgot about it, haven't been looking into it. Thanks for the reminder.

I agree it's a super interesting feature and it's definitely something I should look into; but right now I've been a bit too busy with other things. But with these getting more and more common it's somethingI'll have to do.

As a workaround you could spawn a system shell; but that's much more intrusive than just patching out some verification bytes in memory...

[KrinalPatel889]

One private colsed source software (Kon-boot) bypasses MS live (online) Account. So, it is definitely possible to do it. Just need to find out the method.

It is useless to Surf web for it as I had read so many web pages to find out the method for it and so far no solution is available online. So a humble suggestion, don't waste your limited time on web surfing. Instead go for other methods like reversing.

Take your time. No hurry.

[ufrisk]

Thanks for the update and the hints.

Ill have to look into this with these being more common.

But please keep in mind this is an open source project and the others that do the unlock have paid employees doing this on work hours.

Ill look into it once I finish a few other things I'm working on :)

[KrinalPatel889]

@ufrisk Any progress for online account?

[ufrisk]

Thanks for the reminder. I've actually forgot about this since last :(

In the near term I expect to be quite busy with real life and also with some sponsored development (new hardware and such). Hopefully I'll fix this in Q1 next year some time.

[KrinalPatel889]

I'll post reminder again after 3-4 months if I remember 😂

[KrinalPatel889]

@ufrisk Would you be able to check MS live id signatures now or are you still busy with work?

[KrinalPatel889]

@ufrisk.

[ufrisk]

Hi, I haven't looked into this yet.

[cofarmer]

already bypass online account with other way, thanks

[KrinalPatel889]

already bypass online account with other way, thanks

Can you please share a method?

So, others can also take benefit from it and learn.

[LuckyPi]

@cofarmer

I second @KrinalPatel889 's request for the method. If you use PCILeech as a bypass for unlocking a Windows host that uses Online "not local" authentication or other steps. Please share.

I myself usually just create an account, use the shell or push/execute a RAT. For me the unlock is great for demos and making it a lot easier to capture the users workspace for forensic purposes. It would be a nice feature for sure but PCILeech already does a wonderful job at ganging access.

[ufrisk]

I've looked into this a bit, but my reversing skills aren't strong enough for me to quickly find out where to patch the lsass process to allow for a Microsoft account bypass. at least not in the time I put into it. I'll gladly implement something if someone can point me in the right direction.

Alternative methods would be to spawn a shell via kernel inject. If you wish to do that in the user context it's possible as well by specifying a PID.

Other methods would be to patch winlogon.exe to allow for the "sticky keys" to spawn a system shell. I haven't included it in PCILeech, but there is a signature here: https://github.com/signal-5/pcileech/blob/master/files/stickykeys_cmd_win.sig

[KrinalPatel889]

@cofarmer Could you please comment on your online account bypass method?