ufrisk
commented
4 years ago Hi, yes, they are essentially the same but work in different ways.
the unlock signature (2) works by PCILeech reading all the memory and searching through it for a signature it then patches. Since you'll use the USB3380 it's likely you'll have to rely on a kernel module to access all memory. But if using a supported FPGA based board you would be able to read and patch memory without the kernel module.
the unlock command (1) works by inserting a piece of shellcode into the kernel which then does the searching through physical memory on the target system itself. This is much faster but have the limitation that you have to have a kernel module inserted for this approach to work.
Also, good luck with your future DMA attacking. The USB3380 is a nice board speed wise, but nowdays the limitation of only being able to read below 4GB of memory is quite severe; if targeting more recent systems with more than 4GB RAM a FPGA based board may work better.
ALim95
Hi there, new user to pcileech tool. I was reading the help.c while waiting for the usb3380 to be shipped to me.
I was wondering what the difference is between the following two commands (assuming kmd loaded at address 0x7fffe000)? 1) pcileech.exe wx64_unlock -kmd 0x7fffe000 -0 1 2) pcileech.exe patch -sig unlock_win10x64 -kmd 0x7fffe000
are they essentially doing the same thing which is to unlock password requirement but in different ways? thank you!