# Anybody heard about this? Windows Secure Boot Golden keys vulnerability



## lukjok (Aug 10, 2016)

Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot. 

"For debugging purposes, Microsoft created and signed a special Secure Boot policy that disables the operating system signature checks, presumably to allow programmers to boot and test fresh OS builds without having to sign each one.
If you provision this magic policy, that is, if you install it into your firmware, the Windows boot manager will not verify that it is booting an official Microsoft-signed operating system. It will boot anything you give it provided it is cryptographically signed, even a self-signed binary – like a shim that loads a Linux kernel."

What do you think about this?

More information: http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/
https://rol.im/securegoldenkeyboot/


----------



## Wack0Distractor (Aug 10, 2016)

Phone-related unlocks coming soon


----------



## jackkill (Aug 10, 2016)

Android on older Lumias like the 1020 possible?


----------



## augustinionut (Aug 10, 2016)

Sure not.


----------



## EspHack2 (Aug 11, 2016)

new life for RT tablets, if w10m can be considered life


----------



## w.bogdan (Aug 11, 2016)

Microsoft Secure Boot Bypass Is the Backdoor Government Always Wanted http://news.softpedia.com/news/micr...oor-the-government-always-wanted-507179.shtml


> The researchers had privately disclosed the problem to Microsoft, who initially *didn't want to fix it, for undisclosed reasons.*

Click to collapse


----------



## denisf1981 (Aug 11, 2016)

It's very cool...... W10M on my x86 tablet


----------



## kallstrom_74 (Aug 11, 2016)

or perhaps android on my old 925 phone??


----------



## pro_info (Aug 11, 2016)

dualboot on Windows mobile


----------



## ngame (Aug 11, 2016)

pro_info said:


> dualboot on Windows mobile

Click to collapse



Dual boot is possible now, but only for Two different versions of windows phone


----------



## pro_info (Aug 11, 2016)

ngame said:


> Dual boot is possible now, but only for Two different versions of windows phone

Click to collapse



It would be great, stable rs1 version of a side and the other side, a version insider rs2


----------



## Lanex777 (Aug 12, 2016)

Can we edit firmwares with this so we can enable continuum on unsupported devices?


----------



## todarkness (Aug 12, 2016)

shouldn't it in theory be possible to port android to the lumia devices like the 950 ?


----------



## ManIkWeet (Aug 12, 2016)

Is it now possible to install Linux on my Lumia 920?
All I need is touchscreen, Wifi and maybe sound. I guess a touch-keyboard would be useful too...

Screw Android, I want Linux!

(To run a Java-based MMORPG on my phone, obviously...)


----------



## Dj_Art (Aug 12, 2016)

ManIkWeet said:


> Is it now possible to install Linux on my Lumia 920?
> All I need is touchscreen, Wifi and maybe sound. I guess a touch-keyboard would be useful too...
> 
> Screw Android, I want Linux!
> ...

Click to collapse



You can use testsign mode(see windows 8rt thread), then run IKVM(use google).

---------- Post added at 09:57 PM ---------- Previous post was at 09:54 PM ----------

But it's hard(need some programming skills), you can just run windows rt

---------- Post added at 10:00 PM ---------- Previous post was at 09:57 PM ----------

And, if this game use opengl, you can't start it(mobile GPU don't support opengl)


----------



## maker3 (Aug 12, 2016)

ngame said:


> Dual boot is possible now, but only for Two different versions of windows phone

Click to collapse



Impossible even on Xiaomi Mi4? All drivers exist.

It would be nice to boot cyanogenmod.


----------



## G.moe (Aug 12, 2016)

maker3 said:


> Impossible even on Xiaomi Mi4? All drivers exist.
> 
> It would be nice to boot cyanogenmod.

Click to collapse



Yes, this would make custom kernels possible on the Mi4.


----------



## augustinionut (Aug 13, 2016)

I have already this in Program Files (x86)\Windows Kits\8.1\bin\arm\SecureBoot


----------



## raghulive (Aug 13, 2016)

augustinionut said:


> I have already this in Program Files (x86)\Windows Kits\8.1\bin\arm\SecureBoot

Click to collapse



that will enable secure boot,using golden keys a policy will allow to unlock boot-loader and made device test-sign mode,what they  released is to unlock RT devices.
arm/mobile tool will made by them soon,its in progress


----------



## BlueTR (Aug 13, 2016)

raghulive said:


> that will enable secure boot,using golden keys a policy will allow to unlock boot-loader and made device test-sign mode,what they  released is to unlock RT devices.
> arm/mobile tool will made by them soon,its in progress

Click to collapse



Will we be able to install rs1 on 512mb devices or enable continuum on other devices just like those "chosen" guys did?


----------



## djtonka (Aug 13, 2016)

BlueTR said:


> Will we be able to install rs1 on 512mb devices or enable continuum on other devices just like those "chosen" guys did?

Click to collapse



even more, iOS


----------



## raghulive (Aug 13, 2016)

BlueTR said:


> Will we be able to install rs1 on 512mb devices or enable continuum on other devices just like those "chosen" guys did?

Click to collapse



yep,but its in progress ,we need to face "Soon™ ". until app come-out,need patience


----------



## lolasher (Aug 14, 2016)

raghulive said:


> yep,but its in progress ,we need to face "Soon™ ". until app come-out,need patience

Click to collapse



Hmm, but if I understand correctly vulnerability has been found in some Redstone build. Doesn't that mean devices without way to install Redstone are out?


----------



## snickler (Aug 15, 2016)

djtonka said:


> even more, iOS

Click to collapse



Um.. No lol.


----------



## BlueTR (Aug 15, 2016)

So is there any progress in breaking secure boot on Windows Phone or an ARM grub bootloader?


----------



## G.moe (Aug 15, 2016)

BlueTR said:


> So is there any progress in breaking secure boot on Windows Phone or an ARM grub bootloader?

Click to collapse



Yes. The same exploit applies, just requires a different implementation specific to this environment. The RoL guys are working on it, and are planning on a release soon.

Snickler's CMD access will be an integral part, and Gus is implementing that into Interop Tools. Once the exploit is released for Win10m, it will be fairly simple to use.


----------



## snickler (Aug 16, 2016)

G.moe said:


> Yes. The same exploit applies, just requires a different implementation specific to this environment. The RoL guys are working on it, and are planning on a release soon.
> 
> Snickler's CMD access will be an integral part, and Gus is implementing that into Interop Tools. Once the exploit is released for Win10m, it will be fairly simple to use.

Click to collapse



Here's something interesting about it though... MS seemed to have messed up with RS, PERIOD. The thing I'm using for CMD is the UMCIAuditMode. This didn't work before, but works in RS1. That blew my mind.


----------



## w.bogdan (Aug 16, 2016)

djtonka said:


> even more, iOS

Click to collapse




snickler said:


> Um.. No lol.

Click to collapse



Who want's iOS? I want Windows XP!


----------



## jackcicci (Aug 16, 2016)

I'd like to try windows mobile 10 my android phone (not xiaomi).  Do you think that this will be possible in the future?


----------



## ngame (Aug 16, 2016)

jackcicci said:


> I'd like to try windows mobile 10 my android phone (not xiaomi).  Do you think that this will be possible in the future?

Click to collapse



It's also possible now . Xiaomi did something really nice on their devices . they keep some partitions from Android to make phone keep able to flashback to Android and then write windows partitions . All Android phones with this partition table mode can changed to w10m and can flashed back to android but I don't know witch phones have this kind of partition table


----------



## G.moe (Aug 16, 2016)

snickler said:


> Here's something interesting about it though... MS seemed to have messed up with RS, PERIOD. The thing I'm using for CMD is the UMCIAuditMode. This didn't work before, but works in RS1. That blew my mind.

Click to collapse



Yes, absolutely. The real question is if it was really a mistake. Such a change in credentials/capabilities has to have been intentional at some point. So this leads to two possible conclusions. Either it was enabled for internal testing, and somehow was overlooked and forgotten, or, it was intentionally implemented for the sake of future device deployments. Microsoft screwed the pooch for older devices, because we know the vulnerability is virtually unable to be patched (without revoking a non-serial recovery method), but there's no reason this can't be corrected for devices which have yet to be manufactured. Do you think it's possible that this was an intentional change? It would remove the need to go through the signing and certification process for small groups that are developing niche products or projects. I think that idea falls in line with Microsoft's push with IoT devices, as well as their recent increase in open source design.


----------



## jackcicci (Aug 17, 2016)

ngame said:


> It's also possible now . Xiaomi did something really nice on their devices . they keep some partitions from Android to make phone keep able to flashback to Android and then write windows partitions . All Android phones with this partition table mode can changed to w10m and can flashed back to android but I don't know witch phones have this kind of partition table

Click to collapse



Maybe something like a custom recovery like TWRP? I have a Motorola with unlocked bootloader,  with custom TWRP recovery,  when I flash some custom rom android,  it writes only some partitions like system etc.  I don't know about other partition but I know that the number of partitions is high (about 30 and more).  Sorry for my English


----------



## nate0 (Aug 20, 2016)

pro_info said:


> dualboot on Windows mobile

Click to collapse



Very probable.


----------



## todarkness (Aug 20, 2016)

G.moe said:


> Yes, absolutely. The real question is if it was really a mistake. Such a change in credentials/capabilities has to have been intentional at some point. So this leads to two possible conclusions. Either it was enabled for internal testing, and somehow was overlooked and forgotten, or, it was intentionally implemented for the sake of future device deployments. Microsoft screwed the pooch for older devices, because we know the vulnerability is virtually unable to be patched (without revoking a non-serial recovery method), but there's no reason this can't be corrected for devices which have yet to be manufactured. Do you think it's possible that this was an intentional change? It would remove the need to go through the signing and certification process for small groups that are developing niche products or projects. I think that idea falls in line with Microsoft's push with IoT devices, as well as their recent increase in open source design.

Click to collapse



but using the leaked secure boot keys is really complicated (it looks for me so, but i am no dev) and future devices will just have a new key, so where is the point ?


----------



## nate0 (Aug 20, 2016)

todarkness said:


> but using the leaked secure boot keys is really complicated (it looks for me so, but i am no dev) and future devices will just have a new key, so where is the point ?

Click to collapse



On a closed source platform, something like this should never be the case.  That is why there is a point, imo.  I think this is intentional, maybe for two reasons.  1. The government involvement around closed source... 2. The future of Windows Platform...

I would be curious to know from a developer that even if allowing any signed binary to load, how easy it would be to disable secure boot in that. Then in not just allowing self signed binaries, but a self signed OS to boot as well.  Curious, but I would bet testing would be easier for an M8 as far as testing boot methods multiboot, where drivers and code are already built from the android side of the house.  Kinda wish now I had not sold my M8 last month...


----------



## w.bogdan (Aug 20, 2016)

Microsoft can't catch a break 


> UAC Bypass with Elevated Privileges Works on All Windows Versions
> Microsoft delays fixing the reported issue

Click to collapse


http://news.softpedia.com/news/uac-...es-works-on-all-windows-versions-507481.shtml


----------



## G.moe (Aug 20, 2016)

todarkness said:


> but using the leaked secure boot keys is really complicated (it looks for me so, but i am no dev) and future devices will just have a new key, so where is the point ?

Click to collapse



Well yes, the future devices will get a new global key from MS (for initial development and smaller projects), but they will also force manufacturers to sign it a second time with their own private key. Then people would need both Microsoft's key and the manufacturer's. But we can all agree that it's naive for Microsoft to use a static key at all. That was how we were able to prove the validity of the recently leaked NSA tools. There's no reason MS can't come up with a way to allow a range of originally hashed keys to be identified as genuine. This is exactly what Samsung does for their devices that have a locked bootloader; the key is unique to the hardware in the device. The key differs from device to device, even if they have identical hardware. Samsung can still identify these keys, confirm whether or not they were genuinely made, and bypass it if they wanted.

To clarify, MS would have a hashing algorithm and a static signing key. The static signing key would be private to Microsoft. The hashing algorithm would be integrated into (closed source) development tools which gave each compiled package a single key that was an original hash of the static key (so if the static key were to be leaked, it would be useless unless someone were to reverse engineer the hashing algorithm). Then manufacturers would have their own private static key, and they would re-sign the compiled files with a hash of their own private static key (either using Microsoft's proprietary algorithm or their own). There's no reason MS can't require this in their licensing terms for retail deployment. Manufacturers would be responsible for verification during SecureBoot for OEM devices, and MS would be responsible for verification for non-OEM devices. Recovery partitions would still be viable (although we'd need OEM recovery discs for some units, like we had in XP).


----------



## nate0 (Aug 20, 2016)

G.moe said:


> Well yes, the future devices will get a new global key from MS (for initial development and smaller projects), but they will also force manufacturers to sign it a second time with their own private key. Then people would need both Microsoft's key and the manufacturer's. But we can all agree that it's naive for Microsoft to use a static key at all. That was how we were able to prove the validity of the recently leaked NSA tools. There's no reason MS can't come up with a way to allow a range of originally hashed keys to be identified as genuine. This is exactly what Samsung does for their devices that have a locked bootloader; the key is unique to the hardware in the device. The key differs from device to device, even if they have identical hardware. Samsung can still identify these keys, confirm whether or not they were genuinely made, and bypass it if they wanted.
> 
> To clarify, MS would have a hashing algorithm and a static signing key. The static signing key would be private to Microsoft. The hashing algorithm would be integrated into (closed source) development tools which gave each compiled package a single key that was an original hash of the static key (so if the static key were to be leaked, it would be useless unless someone were to reverse engineer the hashing algorithm). Then manufacturers would have their own private static key, and they would re-sign the compiled files with a hash of their own private static key (either using Microsoft's proprietary algorithm or their own). There's no reason MS can't require this in their licensing terms for retail deployment. Manufacturers would be responsible for verification during SecureBoot for OEM devices, and MS would be responsible for verification for non-OEM devices. Recovery partitions would still be viable (although we'd need OEM recovery discs for some units, like we had in XP).

Click to collapse



Yep.  Microsoft has a lot to think about.


----------



## MemoryController (Aug 21, 2016)

w.bogdan said:


> Microsoft can't catch a break
> 
> http://news.softpedia.com/news/uac-...es-works-on-all-windows-versions-507481.shtml

Click to collapse



If you can modify global system environment variables you already have administrative privileges. Not really an exploit. See Raymond Chen's "It rather involved being on the other side of this airtight hatchway"
Blog series

Sent from my Nexus 5 using Tapatalk


----------



## ManIkWeet (Sep 9, 2016)

Dj_Art said:


> You can use testsign mode(see windows 8rt thread), then run IKVM(use google).
> 
> ---------- Post added at 09:57 PM ---------- Previous post was at 09:54 PM ----------
> 
> ...

Click to collapse



Interesting, no my game doesn't use OpenGL. Then again if I can get an actual version of Windows running that would be much more interesting!


----------

