The Portable Freeware Collection Forums

Situation:
A friend of mine has given Me his old notebook-pc and securely
deleted the harddisk content.
I want to install Windows 10 for testing, but I dont have a valid key.
The notebook has UEFI, and I can extract the old Windows 8.1 OEM key by using
RWEverything (http://rweverything.com).

Lauch the program, choose ACPI Tables, then MSDM, and the embedded
key is visible.

RWEverything is portable, and is the only tool Ive found that does
the job.

RWEverything forum topic at viewtopic.php?t=21585.

Yes Midas, I saw that tread, but I had to make a new, to make RWEverything more interressting to the one who needed what I layed out.

Only marginally related but serious enough to warrant a post: LogoFAIL is a just revealed UEFI vulnerability which affects machines during the boot process, i.e., even before OS launch is attempted; Ars Techica is calling it "Game over for platform security"... and all it takes is a simple malicious image.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

BTW, here's the embedded video demonstration:


On a side note, it seems we've been trying to raise awareness towards this trend of security by obscurity, complication and user dis-empowering for ages... for example:

• viewtopic.php?t=25142

• viewtopic.php?t=23601

• viewtopic.php?p=85632#p85632

The summary of the LogoFAIL exploit is this:

- Most PC manufacturers get their UEFI firmware from the same few companies.

- Each PC manufacturer wants to display their own logo upon startup

- What should have happened is that each logo file should be signed and verified, but because the firmware coy do not want to deal with so many firmware+logo combos, they instead choose to the leave the logo file unsigned, so they can ship the same firmware image to all their customers (who can then tack on their own logos).

- The firmware also comes with a buggy bitmap parser that no one bothered to check with the usual techniques (eg. fuzzing), so when a specially crafted logo bitmap is provided, bam! buffer overflow.

- So a hacker could potentially find a way to get admin privilege, run the exploit and own the system in a virtually undetectable way because the exploit happens waaay before the OS loads. And once it's in, it can be almost impossible to remove if the hacker knows what he's doing, since it's hooked so deep into the system.

Looks extremely bad to me..

Pretty much. And it looks bad from this side, too.

Not the best and far from bullet-proof remediation but... FWIW, now that my OSes run from virtual disks, I disabled UEFI in my latest laptop from the get-go, I'd rather deal with old straightforward MBR vulnerabilities.