diff options
Diffstat (limited to 'blog')
| -rw-r--r-- | blog/2024-09-06-Keyhole/index.md | 3 | ||||
| -rw-r--r-- | blog/2025-02-14-TSforge/index.md | 3 |
2 files changed, 2 insertions, 4 deletions
diff --git a/blog/2024-09-06-Keyhole/index.md b/blog/2024-09-06-Keyhole/index.md index 739c9f4..234dc4f 100644 --- a/blog/2024-09-06-Keyhole/index.md +++ b/blog/2024-09-06-Keyhole/index.md @@ -11,7 +11,7 @@ image: /img/blog_card.png # Keyhole By WitherOrNot -Edited by May, Lyssa, & SpCreatePackaedLicense +Edited by May, Lyssa ## Introduction @@ -174,7 +174,6 @@ The research covered in this blogpost was made possible by the following people/ - May - Initial discovery, testing, reverse engineering - asdcorp - Testing, reverse engineering - - SpCreatePackaedLicense - Testing, reverse engineering, bugfix analysis - WitherOrNot - Tool development, testing, reverse engineering, bugfix analysis - emoose, LukeFZ - License Block format documentation - KiFilterFiberContext - ClipSp unpacking diff --git a/blog/2025-02-14-TSforge/index.md b/blog/2025-02-14-TSforge/index.md index db8813c..04e74c3 100644 --- a/blog/2025-02-14-TSforge/index.md +++ b/blog/2025-02-14-TSforge/index.md @@ -100,7 +100,7 @@ From all of this work, we learned the following things: - The trusted store's data is held in encrypted files - This data is somehow linked with seemingly encrypted registry keys under `HKLM\SYSTEM\WPA` -Unfortunately, we didn't know much more than this for quite a long time. My work on deobfuscating both [older](https://github.com/UMSKT/peacestone) and [newer](https://github.com/WitherOrNot/warbird-docs) versions of sppsvc helped us in confirming some of our theories, but without an understanding of `spsys.sys`, they didn't contribute much. In the meantime, SpCreatePackaedLicense built an automated version of the CID trick, using a custom kernel driver to patch sppsvc without adjusting its [protected process](https://www.alex-ionescu.com/why-protected-processes-are-a-bad-idea/) status, which helped greatly with testing CID trick. +Unfortunately, we didn't know much more than this for quite a long time. My work on deobfuscating both [older](https://github.com/UMSKT/peacestone) and [newer](https://github.com/WitherOrNot/warbird-docs) versions of sppsvc helped us in confirming some of our theories, but without an understanding of `spsys.sys`, they didn't contribute much. In the meantime, we built an automated version of the CID trick, using a custom kernel driver to patch sppsvc without adjusting its [protected process](https://www.alex-ionescu.com/why-protected-processes-are-a-bad-idea/) status, which helped greatly with testing CID trick.  @@ -249,7 +249,6 @@ Even with the amount of damage we were able to do to SPP with a debugger and a h #### Other Contributions -- SpCreatePackaedLicense - Tool development, testing - May - Code formatting, build setup #### Special Thanks |