
Kon-Boot CD:110KB Floppy image/CD ISO to remove your Windows admin and Linux root pwd - est
http://www.piotrbania.com/all/kon-boot/
======
miles
I recently did some testing of Kon-Boot to see if there were any other hidden
surprises (i.e., undocumented, permanent malware infections, etc). MD5
checksums of MBR, BIOS, and Video BIOS images did not change before and after
running Kon-Boot on a Dell laptop, nor did Windows-based antimalware apps turn
anything up. I strongly encourage others to run their own tests. Even better
of course would be for Piotr to kindly release the ASM source code.

~~~
thelema
Thank you for checking. I wonder if there's any more general solution to the
problem of "I don't know whether this is evil code". Checksumming all storage
seems a good one. If only it were possible to inspect all system calls and
make sure none made permanent changes. I wonder what the state of research is
on statically proving assembly code to be non-self-modifying. If so, maybe
it'd be possible to prove that certain classes of actions aren't taken (i.e.
writing to video BIOS, etc.)

~~~
miles
I also did before and after snapshots of the registry and file system. As with
any normal boot, there were some minor changes to both, but nothing that stood
out particularly. A checksum of the hard drive would of course be different
after every boot, with or without Kon-Boot.

------
miles
A similar looking project, Vbootkit 2.0, is now open source:

[http://www.nvlabs.in/archives/8-Vbootkit-2.0-is-now-open-
sou...](http://www.nvlabs.in/archives/8-Vbootkit-2.0-is-now-open-source-under-
GPL-license.html)

Only works in 64 bit version of Windows 7 at present.

------
ShabbyDoo
Perhaps a useful tool for an IT shop. Nothing shocking though as there are few
safeguards when an attacker has physical access to a machine. Thankfully, the
author isn't implying security vulnerabilities. A good hack, for sure.

------
r11t
I tested it and it seem to work as claimed. Resetting Linux passwords via the
boot loader or a live CD isn't hard. But Kon-Boot looks useful for resetting
password on Windows machines.

~~~
miles
The key difference with Kon-Boot is that you aren't resetting the password,
but bypassing it altogether. The machine leaves virtually no trace of having
been compromised (though careful study of log files, registry keys, etc could
turn up some clues). For simply resetting a Windows user password, Offline NT
Password & Registry Editor is swell:

<http://home.eunet.no/pnordahl/ntpasswd/>

------
zacky8beef
how does he do it?

------
thras
I have to do this fairly often to both Windows and Linux machines. The only
safeguard is to encrypt your disks.

