Monday, 1 September 2014

PassPass update for Win 8.1/10

I have updated the clever PassPass grub4dos utility written by Holmes.Sherlock and Wonko the Sane from reboot.pro. It should now work for XP through to Windows 8.1.

Note: Latest version in E2B v1.87+ includes PassPass v1.7 for XP through to Win10.

This utility allows you to bypass the Windows user password required for logging into a  local user account on Windows (does not work if you select an online Microsoft account, so select a local user account first). It works by hard-patching a Windows dll file before you boot to Windows. Once you have finished with the Windows system, you can Unpatch or restore the dll so that normal password function is restored.

Note: KonBoot v2.5 will allow you to get into a local user account or online account in Win8/8.1/10.

For more details on PassPass, see here.  It allows you to gain access without using the user's account password, PIN number or picture gestures (just use any password, PIN or gesture!).

Add PassPass to E2B

PassPass can be found in the \_ISO\docs\PassPass folder on your E2B drive with a ReadMe.txt file or you can unzip the downloaded E2B PassPass version.

  1. Copy the PassPass folder to your E2B USB drive  (e.g. to \_ISO\UTILITIES\PassPass). 
  2. Then move the large PassPass.bak file to the root of the E2B USB drive - for example:

\_ISO\MAINMENU\UTILITIES\PassPass\PassPass.mnu
\_ISO\MAINMENU\UTILITIES\PassPass\PPass.g4b
\_ISO\MAINMENU\UTILITIES\PassPass\wenv
\PassPass.bak

I would advise you to test it first on a 'test' system and NOT on a system that you need (or at least take a full backup first). The file \Windows\system32\msv1_0.dll is the only Windows file altered by PassPass.

PassPass menu entry

PassPass will detect all Windows installations on all disks
Choose which one you want to patch.

You can backup the msv1_0.dll file first before you patch it.
Then run the Patch Windows menu option.

You will be told how many patch areas have been identified.
Press ENTER to patch the dll and then choose the Boot from Internal Hdd menu option
to boot to the patched OS (or reboot the system).

To change a User Account password once patched with PassPass,

  1. Create a new Administrator User Account (e.g. NEWUSER) with no password
  2. Log-in as NEWUSER. 
  3. You can then change the password on any other user account. 
  4. Then delete the NEWUSER account and restore the DLL by running PassPass again.
P.S. If you try PassPass and it worked, please tick the 'funny' box below. If it failed, please add a comment and give details of the msv1_0.dll file in your version of Windows (click on Properties).

PassPass for WinPE

If you need to patch a system that is UEFI-bootable only, you can boot to WinPE and run the Windows PE executable version PEPassPass.exe.

E2B UtilMan and SetHC  hack feature

E2B v1.92+ also contains a useful automated way to use the UtilMan.exe hack for Windows XP-10 which works on all (unencrypted) Windows OS's.