"We see you're using an ad blocker."
And now you see I'm using w3m to access the freaking thing.
...so it turns out that typical shellcode methods of dynamic linking (via PEB, etc) bypass the Windows Store's "disallowed API" checks (which are documented to only check imports of all PEs).
I wonder how long it'll be before adtech/etc SDK use such tricks like on other platforms..?
If the calling process is IL=Low or in an AppContainer (not sure which), you cannot pass a zero-length salt; but this is checked by the usermode clipc.dll and not the remote service clipsvc.dll (which runs as SYSTEM). So to work around this I guess the best way would be to call into clipsvc yourself.
As for those four identifiers, the worst one would be the TPM public endorsement key, that can't ever be changed...
It turns out that clipsvc.dll is NOT obfuscated by Warbird, and public symbols are on MS's symbols server?!
The "offlinedeviceuniqueID" is SHA256(salt.identifier) where "identifier" is one of the following:
* TPM public endorsement key.
* OfflineUniqueIDEKPub UEFI variable, from namespace eaec226f-c9a3-477a-a826-ddc716cdc0e3
* OfflineUniqueIDRandomSeed UEFI variable (from the same namespace)
* in RS2+: Registry entry HKLM\System\CurrentControlSet\Services\TPM\ODUID\RandomSeed
So apparently the "intended audience" for these "system-unique tracking identifiers that persist across reinstalls" APIs is mobile device management.
If so, then why add it to OneCore and include a seperate codepath for Xbox One?! (Also, just allowing the "real" API to be called by anyone...)
I promised I'd not post on social media until the grace period elapses for the USDOJ to appeal my appeal victory against being kidnapped, but the press don't know about here so I think I'm safe to indulge my dopamine addiction.
Here's a quick proof-of-concept of clipc!GetOfflineDeviceUniqueID.
uses a zero-length salt,
uses salt "salt"
uses salt "\x12\x34".
So Windows 10 now has the ability for any application to get system-unique tracking identifiers that persist across reinstalls by storing them in the TPM or UEFI firmware variables...
To add insult to injury, the APIs lead into clipc!GetOfflineDeviceUniqueID, which calls into a licensing-related service which would be obfuscated by Warbird...
can't believe gamespot just wasted all that money launching gamefaqs into the subdomain
Trying to write an article about the decentralized web for a magazine that isn't too technical. What are your favorite articles on the topic to get some inspiration from?
"Switch to Windows 95" - running Windows 3.1 in a window on Windows 95.
I just realised that the fediverse would probably really appreciate my Blaziken.
Is your child texting about ed? Know the signs:
gtg: show lines containing "g"
kk: drop mark "k"
smh: remove the first "h"
stfu: remove the first "fu"
r ofl: read the file "ofl" in
w tf: write to "tf"
Almost a year since I joined Mastodon ... I was excited but it fizzled out for me.
I got an email from Mastodon just now saying there were messages so checked in again.
Thank you to those who left messages.
I'm in twi minds about it .. on the one hand I want a more community thing but on the other hand I want to roam a larger space but with communities too ... guess I want to have my cake and eat it too :)