21 comments on “PassPass

  1. Nice job! You can now add PassPass to your Easy2Boot Mult-Boot USB drive – I have provided the required files in Tutorial 72a on my site.

  2. Thanks Steve, Credits section updated with a link to the Download section of the relevant page.

  3. results of test on my PC with 3 partitions containing
    W-XP – W-7 (x32), W-8 (x64)
    ————–
    Testing PassPass

    hashes SHA-1 using HashTab

    ————————–
    XP SP3 original DLL
    FB79958937F4574EA217321D1A869C02EDBD9EBE
    5.1.2600.5876 (xpsp_sp3_gdr.090909-1234)

    W 7 SP1 x32 original DLL
    9FC022A5B12D879A1ACE860E2C42C31FCDFEB769
    6.1.7601.17514 (win7sp1_rtm.101119-1850)

    W 8 x64 original DLL
    B95C75A95A02C07C5B6E23F4519551BB87FF6035
    6.2.9200.16384 (win8_rtm.120725-1247)

    ————————
    xp SP3 patched dll
    3B1463AAA9390A92507B24D140FD3A14633A25AB

    W 7 SP1 x32 patched dll
    CDC60F3F58CF197BD8872D3BC06A64AEFF3FD323

    W 8 x64 patched dll ??
    B95C75A95A02C07C5B6E23F4519551BB87FF6035

    —————————-
    XP SP3 unpatched dll
    FB79958937F4574EA217321D1A869C02EDBD9EBE

    W 7 SP1 x32 unpatched dll
    9FC022A5B12D879A1ACE860E2C42C31FCDFEB769

    patch did not work on Win 8 Pro (x64)
    (password still required and no change in hash

    unpatch worked for W-XP and W-7 SP1 (x32)
    Hash returned to same as original version

    grub4dos 0.45c 2013-05-16

    —————

  4. Hi Michael,

    Your observations are as expected. We have already noticed that Win 8 requires a special treatment. Allow us to take some time to incorporate patch for Win 8. I’ll revert back.

  5. Hi Thank you for the update

    Windows 8 Pro (x64) (upgrade version)
    msv1-0.dll

    original MD5
    4543E23FF678CA9D2C943A45B5B82A17

    unpatched by passpass 1.1 MD5
    4543E23FF678CA9D2C943A45B5B82A17

    patched by passpass 1.1 MD5
    B9419627A05BC7D5D2984D5600205961

    The Patch worked and unpatch restored file to original state

    One suggestion can you show path to msv1-0.dll when selecting which Windows to patch
    eg MiniNT or Windows if you have both on one drive you do not know which one to patch ( I tried both)
    (I have Windows XP and BartPE on same partition, both are recognised as Windows XP)

  6. Hi Michael,

    Thank for the feedback. What’s the version of the DLL for Win 8 Pro(64)?

    Isn’t HD partition and directory being shown presently in OS selection list? e.g.(hd1, 2)/WINDOWS

  7. the version of msv1-0.dll is 6.2.9200.16384 (win8_rtm.120725-1247)
    (same Windows 8 x64 as previously mentioned)

    Menu entry created on my PC

    Windows XP at (hd1,0)
    Windows XP at (hd1,0)
    Windows 7 or Server 2008R2 at (hd1,1)
    Windows 8 or server 2012 at (hd2,2)

    the first 2 entries are the same
    one is real Windows XP in C:\Windows
    the other is BartPE in C:\MiniNT

    most users will not have so many operating systems
    thanks for a very usefull utility

    I would have used P.Nordahl’s Offline PassWord Editor when doing a PC repair without the users password

  8. Hi Michael,

    From the menu you have posted, I understood the problem. Don’t worry. In the next version, Windows directory will also be added to help distinguish multiple installations on the same partition.

  9. Menu now shows

    Windows XP at (hd1,0)minint
    Windows XP at (hd1,0)Windows
    Windows 7 or Server 2008R2 at (hd1,1)Windows
    Windows 8 or server 2012 at (hd2,2)Windows

    So I know to ignore first entry for BartPE in minint

    this deals with my request
    thank you

  10. sorry menu.lst is always error

    i tried several time and combinations.. but I got always this message:

    Error 8: Kernel must be loaded before booting

  11. This tool is cool.
    I installed version 1.4 to pendrive.
    Runs good in Win 7 x32 Ult/Premium , Win 7 Premium x64.
    And I’m sure i used in Vista Premium x64.
    But ,incredibly, in a Vista Basic x32 OEM PC – say that msv1-0.dll is already patched.Of course, I used other tool to bypass password.
    But ,this can be an isolated case?
    Thanks for take some time .

  12. I made the USB pendrive with RMPrepUSB latest version, use E2B and use PassPass 1.4 from RMPrepUSB page(not v1.1 and not the paspass special version for E2B).

    This 1.4 version comes with the wenv file.
    Maybe I mixed somnething.But for Win 7 x32/x64 and Vista x64/Vista Premium x32 worked fine.
    Just curious why this PC OEM with Vista Basic x32 said that msv1-0.dll is already patched.
    And ,thanks for your response.

  13. @Elfern Rivers

    PassPass searches for known binary pattern(s) representing CMP instruction comparing MsvpPasswordValidate() method’s output. This method, as you might be knowning, is contained in msv1_0.dll, MS authentication library. The “other tool” (as you mentioned in your first post) which you have used to bypass the password for Vista Basic x32 OEM PC may have used the same trick. If PassPass fails to find the known pattern for specific DLL version, it infers that the DLL is already patched.

    Also, I’d like to ask you whether original PassPass v1.1 (NOT the one forked by Steve, i.e. PassPass v14 as listed on Steve’s webpage (72a)) also displays the same message? I checked that I uploaded PassPass v1.1 on July 6, 2013 where as Steve’s version is there on his page since December 10, 2013. He may have some other modifications which I am not aware of.

  14. I just used the December 1.4 version.
    Use RMPrepUSB.E2B,then copy passpass 1.4.
    I works at a little computer repair center.This pendrive I did in early January . And works good until this one case.
    The computer was picked up.
    Concerning your 1.1 version, I tested in 7 x64(Premium)-7 x32(Ult), Vista x64(Premium) and woks good.
    If I had a change ,and another pendrive,I will retest your version with some computers.
    This tools makes dealing with passswords , so easy.
    Thanks,again.

  15. PassPass seems to work in the similar way with Kon-Boot. They both works by changing the Windows kernel while booting and allows to login with any password. Personally I prefer to use PCUnlocker Live CD as it’s more stable.

  16. @Timo

    I do agree that it works on the same principle as that of Kon-Boot. But what really makes the difference is more legal/ethical than technical. Kon-Boot carries the patched DLLs as payloads, violating Microsoft EULA.

    PassPass identifies and patches offset dynamically by recognizing patterns. It makes it a little bit more robust to work with even versions of DLLs not tested prior to make it available to public.

  17. PassPass v1.2 with added support for Windows 8.1, both 32-bit and 64 bit (Credit to Steve for the patch supplied) has been published.

    This version includes a floppy image for a quick testing (to be mounted by Imdisk or other similar tools) for those who want to gain confidence by trying it out on virtual machine before applying patch to live system.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>