Tuesday, November 11, 2008

How to export/import CSP session keys in clear

Sometimes, it's handy to export and import plain text CSP session keys without being obliged to wrap them using RSA keys. For that, one can use a specially crafted RSA keys that have their private and public exponents set to "1". Thus, the encryption and the decryption with them always leed to the clear value. You'll find in the following link an MSDN article that provides a sample code explaining how we can achieve that. http://support.microsoft.com/kb/228786

Monday, November 10, 2008

How to clear saved Windows networking passwords

I had a problem connecting to shared VPN network folder because I changed my password but Windows kept using the old one stored in its cache. There was no obvious way to tell Windows to prompt for a new password. After some googling, I found the following command line that displays a dialog showing all the stored credentials and that gives the possibility to delete them : rundll32.exe keymgr.dll, KRShowKeyMgr It saved my life!!!

Thursday, August 7, 2008

Advapi32 patch for Windows Vista 64-Bit (pre SP1)

A reader of this blog requested the patch for the advapi32 dll of the Vista 64-Bit (pre SP1). So here it is. For the SysWow64 copy, its patch is the same as the one of Vista 32-Bit version I already published.
  • Advapi32 dll in System32 directory, version 5.2.3790.3959:
    • At offset 0x12B39 : change 0F to 90
    • At offset 0x12B3A : change 84 to E9
    • At offset 0x67B0D : change 0F to 90
    • At offset 0x67B0E : change 85 to 90
    • At offset 0x67B0F : change 2C to 90
    • At offset 0x67B10 : change B0 to 90
    • At offset 0x67B11 : change FA to 90
    • At offset 0x67B12 : change FF to 90

Monday, June 30, 2008

Advapi32 patch for Windows Vista SP1 64-Bit

Following a request by a reader of this blog, here is the patch for the advapi32 (version 6.0.6001.18000) of Windows Vista SP1 64-Bit. It's for the one present on the System32 folder used by native 64-Bit applications. The patch for the SysWow64 copy is the same as for the Windows Vista SP1 32-Bit version.
  • Advapi32 dll, version 6.0.6001.18000, 64-Bit :
    • At offset 0x27C29 : change 75 to 90
    • At offset 0x27C2A : change 0B to 90
    • At offset 0x27C30 : change 0F to 90
    • At offset 0x27C31 : change 84 to E9

Thursday, June 5, 2008

Advapi32 Patch for Windows XP SP3

The SP3 of Windows XP is already here and with its arrival comes the necessity of testing and validating CSP dlls under it. So, as usual, I'm releasing the necessary patch of advapi32 dll to help on this and avoid the signing process. And here we go :
  • Advapi32 dll, version 5.1.2600.5512:
    • At offset 0x175A1 : change 75 to 90
    • At offset 0x175A2 : change 0C to 90
    • At offset 0x175A9 : change 0F to 90
    • At offset 0x175AA : change 84 to E9

Monday, June 2, 2008

Advapi32 Patch for Windows 2003 SP2 64-Bit

As requested by a reader of this blog, here is the patch for advapi32 dll bundled with Windows 2003 Server SP2 64-Bit (it took me sometime...). This patch is for the copy present in the System32 folder. The one in the SysWOW64 folder is the same as the 32-bit advapi32 dll of Windows 2003 Server SP2 for whom I have already posted a patch before.
  • Advapi32 dll in System32 directory, version 5.2.3790.3959:
    • At offset 0x11AC5 : change 0F to 90
    • At offset 0x11AC6 : change 84 to E9
    • At offset 0x4D0C4 : change 0F to 90
    • At offset 0x4D0C5 : change 85 to 90
    • At offset 0x4D0C6 : change 01 to 90
    • At offset 0x4D0C7 : change 4A to 90
    • At offset 0x4D0C8 : change FC to 90
    • At offset 0x4D0C9 : change FF to 90

Tuesday, May 6, 2008

UPX 3.03 for MacOSX

The latest version of UPX (3.03) has just arrived and it adds support for the LZMA compression. This can enhance the overall compression ration but it's new and it's less tested. So, I decided to provide two binaries for this version : one with the LZMA support and one without. As for the previous release, these binaries will run under Tiger (10.4) , PPC and Intel alike, and Leopard (10.5). Here we go :

For UPX without LZMA support : click here . For UPX with LZMA support : click here .

Tuesday, April 22, 2008

Advapi32 Patch for Windows XP 64-Bit

As usual, here is the patch of advapi32 on Windows XP 64-Bit that enables testing of CSP dlls without Microsoft signature. In this platform, there is two versions of this dll : on in the System32 directory that is the real 64-bit one, and one in the SysWOW64 directory that is the 32-bit one. So, we have to patch the two dlls. You'll find below the usual patch description for each one of them. You may notice that two have an identical version number, 5.2.3790.1830, that is the same for advapi32 on Windows 2003 SP1. This is why the patch for the SysWOW64 copy is identical to the one on Windows 2003 SP1.
  • Advapi32 dll in SysWOW64 directory :
    • At offset 0x68CD : change 0F to EB
    • At offset 0x68CE : change 84 to 42
    • At offset 0x68CF : change 62 to 90
    • At offset 0x68D0 : change 0B to 90
    • At offset 0x68D1 : change 03 to 90
    • At offset 0x68D2 : change 00 to 90
  • Advapi32 dll in System32 directory :
    • At offset 0x11B15 : change 0F to 90
    • At offset 0x11B16 : change 84 to E9
    • At offset 0x4D2AD : change 0F to 90
    • At offset 0x4D2AE : change 85 to 90
    • At offset 0x4D2AF : change 68 to 90
    • At offset 0x4D2B0 : change 48 to 90
    • At offset 0x4D2B1 : change FC to 90
    • At offset 0x4D2B2 : change FF to 90

Monday, April 21, 2008

Advapi32 patch for new Windows OS versions

This is an update of my previous post about the patching of advapi32 dll. You'll find here patches for Windows 2003 Server SP2, Windows Vista, Windows Server 2008 and Windows Vista SP1. The last two platforms share the same version of the advapi32 dll.
  • Windows 2003 SP2: advapi32 version = 5.2.3790.3959
    • At offset 0x11E3F : change 75 to 90
    • At offset 0x11E40 : change 08 to 90
    • At offset 0x11E47 : change 74 to EB
  • Windows Vista : advapi32 version = 6.0.6000.16386
    • At offset 0x37B7D : change 0F to 90
    • At offset 0x37B7E : change 84 to E9
    • At offset 0x4B66D : change 0F to 90
    • At offset 0x4B66E : change 85 to 90
    • At offset 0x4B66F : change 10 to 90
    • At offset 0x4B670 : change C5 to 90
    • At offset 0x4B671 : change FE to 90
    • At offset 0x4B672 : change FF to 90
  • Windows 2008 and Windows Vista SP1 : advapi32 version = 6.0.6001.18000
    • At offset 0x2420C : change 75 to 90
    • At offset 0x2420D : change 0C to 90
    • At offset 0x24214 : change 0F to 90
    • At offset 0x24215 : change 84 to E9

Thursday, April 3, 2008

UPX universal binary for Mac OS X

As the buzz is mounting on the Mac OS X platform these days, I decided to buy one and start hacking. On the Windows and Linux platforms, I'm used to compress all my binaries using UPX, thus saving space and bandwidth. Unfortunately, when I tried to download a version of it for Mac OS X, I couldn't find a single link, even on the official web site. So, I decided to compile a version myself. The task was not straightforward but I was able to build a universal binary Mac OS X 10.4 and 10.5. It should work on 10.3 but I didn't test it. The result can be downloaded from the link below. I hope this will help. http://www.idrix.fr/Root/MacOSX/upx-3.02-universal-macosx.tar.gz