summaryrefslogtreecommitdiff
path: root/blog/2024-09-06-Keyhole
diff options
context:
space:
mode:
authorWindowsAddict2024-09-07 00:09:09 +0000
committerWindowsAddict2024-09-07 00:09:09 +0000
commit609f34a754143b4a29015a73f2ba3df187383892 (patch)
tree90c3f6c70715c7dc1762711edc10656fa150b6af /blog/2024-09-06-Keyhole
parentc548e912a24ccb1b7fa18b89449f4b5930576da7 (diff)
downloadmassgrave.dev-609f34a754143b4a29015a73f2ba3df187383892.zip
Add social card and fix note
Diffstat (limited to 'blog/2024-09-06-Keyhole')
-rw-r--r--blog/2024-09-06-Keyhole/index.md8
1 files changed, 6 insertions, 2 deletions
diff --git a/blog/2024-09-06-Keyhole/index.md b/blog/2024-09-06-Keyhole/index.md
index 86a1784..e5385d1 100644
--- a/blog/2024-09-06-Keyhole/index.md
+++ b/blog/2024-09-06-Keyhole/index.md
@@ -5,6 +5,7 @@ authors: [witherornot, may]
tags:
- Windows
- Activation
+image: /img/blog_card.png
---
# Keyhole
@@ -39,8 +40,11 @@ Whenever a CLiP-licensed app is installed, a signed XML file containing the lice
The signed license block is then extracted from the `SPLicenseBlock` tag and sent to `clipsp.sys` for verification. After verification, the license block is deposited in the CLiP license store at `HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}`. From there, `clipsp.sys` can then re-validate the license in the future if an app requests it using the CLiP API.
-> [!NOTE]
-> The CLiP license store mentioned earlier is protected so that you can't view it by default but changing the permissions to allow yourself access is very easy.
+:::note
+
+The CLiP license store mentioned earlier is protected so that you can't view it by default but changing the permissions to allow yourself access is very easy.
+
+:::
As designed, this system forms a rather strong chain-of-trust that transmits only signed data from usermode applications all the way to the kernel, making it seemingly difficult to tamper with. As we will see soon, however, this is not at all the case.