Closed KimCalvin closed 4 years ago
Thanks, I'll take a look at this, hopefully some time next week.
Meanwhile I hope the other more generic injection method - win10_x64 is working.
It didnt work for me, ill try to check what the error message was once my exams are done next week.
update,
Unfortunately updating the signature still won't work if the target have more than ~3GB RAM with the USB3380 due to changes in Windows. Your best shot here is the win10_x64 signature unfortunately.
I'll try update the signature anyway since it may still be useful to FPGA users,
Hi, I'm using FPGA (605/601) on Windows 10 1803 and have pulled the most recent version of the repository, but am still unable to load a KMD using win10_x64. I see changes made for the unlock signature, but I am wondering about any changes for signatures in other places, like kmd.c when looking for the page table. It looks like pcileech_gensig.cfg needs to be updated to generate signatures for the new ntfs.sys file. Is there any update on this?
Thanks
@minkjaco unfortunately not. I still have to look into this. It was a bit more complicated than I initially thought since my old automated method of generating the signature didn't work.
I may possibly find the time to do this after DEF CON, which will be mid to end of August. But no promises.
The win10_x64 signature is working for me in 1803 (unless I have kernel code integrity enabled) though.
@ufrisk thanks for the quick response. Interesting that you see that working on 1803. Any things I can try to get it working, since I've already disabled VT and VT-d in the BIOS Setup?
If you disabled VT-d and VT-x in BIOS it should work with the generic win10_x64 as far I as I've seen in my test systems. It was 1-2 months since I looked though so I need to look into this again.
I probably have to design a new method of doing things - with the FPGA it should be possible to pretty easily come up with something. But that is for later in August when I'm back from the US.
I'm closing this very old issue.
Signatures for WIndows 10 should now have been updated to better support all WIndows 10 versions - including the latest Win10 2004 release with the WIN10_X64_3
KMD inject.
I was just trying some stuff out for a bit with my USB3380 and found out that I wasnt able to load a KMD. After checking the ntfs.sys it seems like it got updated to version 10.0.17134.112 last month.
Im not in a hurry, but it would be appreciated if anyone could take a look at the new signatures.