Howto read your Windows OS OEM key from UEFI

Share interesting information or links related to portable apps here.
Post Reply
Message
Author
CornHolio the Gringo
Posts: 23
Joined: Sat Jan 03, 2015 2:01 am

Howto read your Windows OS OEM key from UEFI

#1 Post by CornHolio the Gringo »

Situation:
A friend of mine has given Me his old notebook-pc and securely
deleted the harddisk content.
I want to install Windows 10 for testing, but I dont have a valid key.
The notebook has UEFI, and I can extract the old Windows 8.1 OEM key by using
RWEverything (http://rweverything.com).

Lauch the program, choose ACPI Tables, then MSDM, and the embedded
key is visible.

RWEverything is portable, and is the only tool Ive found that does
the job.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Howto read your Windows OS OEM key from UEFI

#2 Post by Midas »

RWEverything forum topic at viewtopic.php?t=21585.

CornHolio the Gringo
Posts: 23
Joined: Sat Jan 03, 2015 2:01 am

Re: Howto read your Windows OS OEM key from UEFI

#3 Post by CornHolio the Gringo »

Yes Midas, I saw that tread, but I had to make a new, to make RWEverything more interressting to the one who needed what I layed out.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Howto read your Windows OS OEM key from UEFI

#4 Post by Midas »

Only marginally related but serious enough to warrant a post: LogoFAIL is a just revealed UEFI vulnerability which affects machines during the boot process, i.e., even before OS launch is attempted; Ars Techica is calling it "Game over for platform security"... and all it takes is a simple malicious image. :shock:
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

BTW, here's the embedded video demonstration:


On a side note, it seems we've been trying to raise awareness towards this trend of security by obscurity, complication and user dis-empowering for ages... for example:

User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: Howto read your Windows OS OEM key from UEFI

#5 Post by Andrew Lee »

The summary of the LogoFAIL exploit is this:

- Most PC manufacturers get their UEFI firmware from the same few companies.

- Each PC manufacturer wants to display their own logo upon startup

- What should have happened is that each logo file should be signed and verified, but because the firmware coy do not want to deal with so many firmware+logo combos, they instead choose to the leave the logo file unsigned, so they can ship the same firmware image to all their customers (who can then tack on their own logos).

- The firmware also comes with a buggy bitmap parser that no one bothered to check with the usual techniques (eg. fuzzing), so when a specially crafted logo bitmap is provided, bam! buffer overflow.

- So a hacker could potentially find a way to get admin privilege, run the exploit and own the system in a virtually undetectable way because the exploit happens waaay before the OS loads. And once it's in, it can be almost impossible to remove if the hacker knows what he's doing, since it's hooked so deep into the system.

Looks extremely bad to me..

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Howto read your Windows OS OEM key from UEFI

#6 Post by Midas »

Pretty much. And it looks bad from this side, too.

Not the best and far from bullet-proof remediation but... FWIW, now that my OSes run from virtual disks, I disabled UEFI in my latest laptop from the get-go, I'd rather deal with old straightforward MBR vulnerabilities. :oops:

Post Reply