# [LEAKED][UEFI]Leaked Secure Boot "Golden" keys



## mrchezco1995 (Aug 12, 2016)

Not sure if anyone heard this or what but apparently, Microsoft accidentally leaked the UEFI Secure Boot master or "golden" key on the latest builds of Redstone v1607 . Those keys have the potential to totally disable UEFI Secure Boot on almost all devices with no option to disable secure boot (yes that includes us, Windows Phone users). This is some good stuffs for us!  

You can grab yourself  a key here: https://rol.im/SecureBoot.zip . 
Re-upload here, just in case... https://mega.nz/#!Nssj0KzS!fsAwe9TolI2a_pSBU0sr6mBkPAr7G77JeMqtHxQstNg

More info about the exploit here: https://rol.im/securegoldenkeyboot/ 


Now let's just hope that Microsoft doesn't decide to update the bootloader to fix this exploit but I don't think they can do that in an instant update/patch... 

Mods, feel free to move this thread if it needs too since this vulnerability doesn't only apply to Windows Phone. Thanks  




Sent from Ponyville


----------



## ngame (Aug 12, 2016)

mrchezco1995 said:


> Not sure if anyone heard this or what but apparently, Microsoft accidentally leaked the UEFI Secure Boot master or "golden" key on the latest builds of Redstone v1607 . Those keys have the potential to totally disable UEFI Secure Boot on almost all devices with no option to disable secure boot (yes that includes us, Windows Phone users). This is some good stuffs for us!
> 
> You can grab yourself  a key here: https://rol.im/SecureBoot.zip .
> Re-upload here, just in case... https://mega.nz/#!Nssj0KzS!fsAwe9TolI2a_pSBU0sr6mBkPAr7G77JeMqtHxQstNg
> ...

Click to collapse



duplicate :http://forum.xda-developers.com/win...eard-windows-secure-boot-golden-keys-t3436657


----------



## augustinionut (Aug 12, 2016)

B U L K / P I P E   i n t e r f a c e   D e f a u l t   c o n f i g u r a t i o n   U S B   F u n c t i o n   D e b u g   C l i e n t   M i c r o s o f t   NAME?       NAME=   FVE-EOW FVE-EOWBM   FVE-EOWBR   -FVE-FS-    P B K D F 2 _ H M A C _ S H A 2 5 6     1.3.6.1.5.5.7.3.3   1.3.6.1.5.5.7.3.8    

"1.3.6.1.5.5.7.3.3 indicates that the certificate is valid for code signing. Always specify this value to limit the intended use for the certificate."


What is this?


----------



## mrchezco1995 (Aug 12, 2016)

ngame said:


> duplicate :http://forum.xda-developers.com/win...eard-windows-secure-boot-golden-keys-t3436657

Click to collapse



Didn't saw that earlier... Was just too excited when I saw this news on NCIX's Netlinked Daily on YouTube earlier... Then I just did some lil' search on Google to realize that the exploit was out 2 days ago... :/ 

Oh well... XD 




Sent from Ponyville


----------



## G.moe (Aug 12, 2016)

To clarify, @mrchezco1995, Microsoft is unable to patch the vulnerability for most already-existing devices, because in doing so they would revoke manufacturers/operators from being able to service the device without a jtag/serial connection. For example, any software patch would prevent recovery partitions (like on OEM computers, or the SoftReset option) from passing validation. They can only fix this for future devices.


----------



## Heisenberg (Aug 12, 2016)

Thread already exists for this here:

http://forum.xda-developers.com/win...eard-windows-secure-boot-golden-keys-t3436657

Please search before posting. Thread closed.


----------

