Hi,
I've been able to use vcREG 1.5 on a 950XL to execute any exe file via services.exe, except it's getting stopped by Code Integrity. That's also why putting older NdtkSvc.dll doesn't work on the newer phone (aside from the fact that it has to be in c:\windows). I thought oh maybe any valid arm executable signed by microsoft would be enough, so I copied some executables from the Raspberry Pi Windows 10 IoT image, but I could only get them to run inside the app sandbox because they weren't in the system catalog :'(
Example:
21-March-2016 15:04:08.339601 0x000003D4 0x00000F88 Verbose Microsoft-Windows-CodeIntegrity Code Integrity completed validating file hash. Status 0xC0000428.
21-March-2016 15:04:08.339631 0x000003D4 0x00000F88 Error Microsoft-Windows-CodeIntegrity Code Integrity determined that a process (\Device\HarddiskVolume37\Windows\System32\service s.exe) attempted to load \Device\HarddiskVolume39\WPSystem\ftpd.exe that did not meet the Windows signing level requirements.
So now the trick is to find an executable on the system that currently exists, that can be used to gain further access... I've been trying various things like OOBE stuff etc without any luck so far.
Hoping someone else has some ideas... maybe even executing a dll function to import registry from a file or something directly, then we could unlock interop on 950's..
Thanks
I've been able to use vcREG 1.5 on a 950XL to execute any exe file via services.exe, except it's getting stopped by Code Integrity. That's also why putting older NdtkSvc.dll doesn't work on the newer phone (aside from the fact that it has to be in c:\windows). I thought oh maybe any valid arm executable signed by microsoft would be enough, so I copied some executables from the Raspberry Pi Windows 10 IoT image, but I could only get them to run inside the app sandbox because they weren't in the system catalog :'(
Example:
21-March-2016 15:04:08.339601 0x000003D4 0x00000F88 Verbose Microsoft-Windows-CodeIntegrity Code Integrity completed validating file hash. Status 0xC0000428.
21-March-2016 15:04:08.339631 0x000003D4 0x00000F88 Error Microsoft-Windows-CodeIntegrity Code Integrity determined that a process (\Device\HarddiskVolume37\Windows\System32\service s.exe) attempted to load \Device\HarddiskVolume39\WPSystem\ftpd.exe that did not meet the Windows signing level requirements.
So now the trick is to find an executable on the system that currently exists, that can be used to gain further access... I've been trying various things like OOBE stuff etc without any luck so far.
Hoping someone else has some ideas... maybe even executing a dll function to import registry from a file or something directly, then we could unlock interop on 950's..
Thanks
from xda-developers http://ift.tt/1o3izDa
via IFTTT
Aucun commentaire:
Enregistrer un commentaire