FORUMS

Galaxy S6 & Edge get €100 Price Cut—New Models Incoming

Samsung has dropped the price of both the Galaxy S6 and S6 Edge by … more

How To Port Fully Featured Sony Xperia Z4 Camera

Xperia Z4’s hardware may not impress, but its software is definitely … more

Experimental TWRP Available For Moto G 2015

XDA Senior Member squid2 has posted experimental builds of TWRP for the Moto G … more

Sunday Debate: How Can We Get a No-Compromise Phone?

Join us in a fun Sunday Debate on Compromises. Come with your opinions and … more

[PSA] Disable Automatic Updates (Howto included)

69 posts
Thanks Meter: 53
 
By clrokr, Member on 8th January 2013, 01:03 PM
Post Reply Subscribe to Thread Email Thread
Hi guys!

Microsoft said this to The Verge recently:
Quote:

The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

So fire up regedit, go to
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
and set the DWORD AUOptions to 0x00000000.

Only do this if you want to run unsigned apps!

Stay safe!
clrokr
The Following 10 Users Say Thank You to clrokr For This Useful Post: [ View ]
 
 
9th January 2013, 08:32 AM |#2  
Recognized Developer
Flag Seattle
Thanks Meter: 2,865
 
More
For those who prefer do-it-for-me solutions, with the ability to roll back, have a pair of .REG files. The "Default" one I taken from my Surface before applying this tweak. The "Disabled" one sets the reg value as above.

@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Attached Files
File Type: zip AutoUpdateSetings.zip - [Click for QR Code] (626 Bytes, 1831 views)
The Following 6 Users Say Thank You to GoodDayToDie For This Useful Post: [ View ]
9th January 2013, 01:55 PM |#3  
OP Member
Thanks Meter: 53
 
More
Quote:
Originally Posted by GoodDayToDie

@clrokr: We gotta get you a RD tag, pronto! You're doing great things.

Wow, I'm flattered. Also, thanks for the reg files!
9th January 2013, 01:58 PM |#4  
Recognized Developer
Flag Denver
Thanks Meter: 549
 
Donate to Me
More
Quote:
Originally Posted by GoodDayToDie

@clrokr: We gotta get you a RD tag, pronto! You're doing great things.

Seconded.

As far as MS's quote goes, I'm not 100% sure they will be setting out to patch it, but it's still a good idea to disable Windows Update anyways. They may be able to store some sort of cert blacklist in the UEFI that will block the executables required for this, even after a reinstall.
The Following User Says Thank You to netham45 For This Useful Post: [ View ]
9th January 2013, 04:49 PM |#5  
Member
Thanks Meter: 32
 
More
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
Last edited by windowsrtc; 9th January 2013 at 04:54 PM.
9th January 2013, 05:53 PM |#6  
OP Member
Thanks Meter: 53
 
More
Quote:
Originally Posted by windowsrtc

whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.

No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
The Following User Says Thank You to clrokr For This Useful Post: [ View ]
9th January 2013, 08:04 PM |#7  
Recognized Developer
Flag Seattle
Thanks Meter: 2,865
 
More
Note: just because automatic updates are disabled doesn't mean you should ignore Windows Update. Quite the opposite, in fact, since this hack makes malicious exploits easier too. Just be very careful which patches you install.
The Following User Says Thank You to GoodDayToDie For This Useful Post: [ View ]
10th January 2013, 03:57 AM |#8  
Member
Thanks Meter: 32
 
More
Quote:
Originally Posted by clrokr

No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.

so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
10th January 2013, 04:03 AM |#9  
Recognized Developer
Flag Denver
Thanks Meter: 549
 
Donate to Me
More
Quote:
Originally Posted by windowsrtc

so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?

The UEFI is currently the only thing capable of flashing a new UEFI, and it checks the signatures on any new UEFIs it flashes.

The only real way you could do it without relying on a signature check would be to open the tablet and solder onto the NAND directly.
The Following 3 Users Say Thank You to netham45 For This Useful Post: [ View ]
10th January 2013, 07:07 AM |#10  
Recognized Developer
Flag Seattle
Thanks Meter: 2,865
 
More
Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.

Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).
The Following User Says Thank You to GoodDayToDie For This Useful Post: [ View ]
10th January 2013, 09:16 AM |#11  
Recognized Developer
Flag Denver
Thanks Meter: 549
 
Donate to Me
More
Quote:
Originally Posted by GoodDayToDie

Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.

Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).

You can reset the TPM from Windows (change the owner password w/o knowing the previous one) and it doesn't break, I don't think they're stored in the TPM.

I have no idea what the TPM is used for.

Read More
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes