Hacking the Windows S Mode
Вставка
- Опубліковано 14 тра 2024
- Huge thanks to Goldengamer842 for the following idea!
Hello, my friends! Let's hit 20K likes? Check out my website! enderman.ch
Today I am going to show you how to hack a Windows 10 S Mode system to run .exe and sideload .dll applications. Is that worth it? Probably not. Is that awesome? Hell yes. The way S Mode works is really simple, Microsoft just took their application control implementation and simply turned the Windows Defender Code Integrity service on with a signed Microsoft policy.
DIY:
1. Enter group policy editor, find the Device Guard policy. It is located in \\Computer Configuration\Administrative Templates\System.
2. Disable both settings.
3. Find the winsipolicy.p7b files in %systemroot%\Boot\EFI and %systemroot%\WinSxS and delete both files.
4. Reboot into PE (you will not be able to access ESP normally as no Command Prompt is available).
5. Mount ESP (EFI System Partition), locate winsipolicy.p7b in %root%\EFI\Microsoft\Boot and delete it as well.
6. Profit!
Install command: dism.exe /apply-image /imagefile:windows10shacked.wim /index:1 /applydir:?:\
Install tutorial: • Manually installing Wi...
Links:
Windows 10 S (Hacked) - files.enderman.ch/uploads/Win...
Windows 10 S (Installer) - files.enderman.ch/uploads/Win...
Windows 10 S (ESD) - files.enderman.ch/uploads/162...
Device Guard basics (in Russian) - go.enderman.ch/yC3W7
App Control for Business - go.enderman.ch/vmXpZ
PKCS7 certificates - go.enderman.ch/cBCqG
Password:
mysubsarethebest
Timestamps:
0:00 - Intro
0:22 - History of S Mode
1:36 - Acquiring the image
2:59 - Installing
4:14 - Early ideas
5:14 - Boot Command Prompt Exploit (BCPE)
6:30 - Boot Task Manager Exploit (BTME)
7:25 - Major breakthrough
8:09 - Device Guard settings
9:29 - WDAC Policies
11:06 - Malware removal
13:00 - Outcome
13:36 - Final product
15:36 - Outro
Still got questions? Don't hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #experiments #windows - Наука та технологія
YOOO NO WAY!!! Thanks for doing my idea!
Ur Welcome Buddy :)
ok
I saw this comment and I thought... WHY DIDNT ENDERMAN SEE THIS ALREADY
SHUT YO ASS
U got pinned, ur welcome
Microsoft worked so hard on the restrictions that they forgot to make a working installer
Microsoft taking l's compilation:
An entire compilation of Microsoft taking L's since 2015
@@NexusLiteOS They've been taking L's since they first started thinking tablets were more important than proper computers and removed beautiful themes, Aero Glass and Classic Windows (Windows 8).
@@XaneMyers Taking L's to give up on making products instead lol. And yeah, I know about the Tablets when they've introduced Windows 8.
Here at Microsoft, windows 10 is based of windows 8 and it’s based of windows7 and it’s based of windows vista and it’s based of xp and that’s based of 2000/me and where based of I think you get the point and this is why an old installer might be used
Great thing that even S mode has exploits to break those restrictions.
totally
And helping documents too
or hear my out, you can get out of s mode with one button
That's not an exploit. He unlocked it from an unrestricted environment (wpe). I'm not trying to say that his work is bad, but if you have a computer with locked EFI, you wouldn't be able to do this.
@@windowstips1430 yes but for me cause i used my old phone number for my email i could not get out of it so i needed to make another email and what should have take 2 min took 1 hour lol
Fun fact: If you activate Windows 11 with a key for S, it becomes Pro.
Also, when adding EmodePolicyRequired as well as SKUPolicyRequired in the registry on 19045, it kinda breaks when you delete the p7b files. (It tries to run WinRE, when disabling it, it will blue screen because a device isn't connected)
As it should be. BIIIIIIIG fuck up on Daddy Microsoft's end to even think of Shit Mode in the first place.
lmfao
Lmao what
@@Archimedes.5000 I used the key from the product.ini file for 22621.
At 19045?
Fun fact! If you boot to the Recovery Environment and reboot to Advanced Startup Settings, you can select the option to Disable Driver Signature Enforcement to completely disable Windows S-mode until next reboot. In the time it’s disabled you have full access to all built-in .exe’s as well as installing any software or drivers, though after rebooting into Windows it will enforce signatures again and disable everything (that was disabled) including MS unsigned installed programs.
I wonder if you could deploy a normal application as a windows app somehow
could you not then go and remove the certificate files now that you have full access?
@@alexaipaw the only thing stopping you would probably be TrustedInstaller but that can easily be taken care of
@@alexaipaw Maybe. But I feel like Microsoft has some scummy restrictions there too in the form of something like Trustedinstaller protection as an attempt to fend off less-experienced users.
What about permanently disabling Driver Signature Enforcement from CMD after booting from the menu?
Probably the best video yet. I remember reading about some 10 S debug mode that was officially supported by Microsoft to allow OEMs to run EXEs temporarily, however that never worked in my testing... I guess Microsoft scams OEMs as well! ;)
Lol
Lol
Lol
Lol
i willr ruin the chain
I love how you named the chapter with removing S mode security certificate: "malware removal" this made my day😂
Fr💀
12:44 we beating cataclysm with this one🔥🔥🔥
we beating aftercatabath with this one*
@@xomnionProgrammingAndChess we beating bloodbath with this one**
1:46 The installer seems to be based on the same installer that was automatically installed to all Windows 7 and 8.1 computers back when Windows 10 was first released, in order to convince people to upgrade to the aformentioned operating system (and sometimes do so without their permission)
Reminds of the good ol you need a Kinect to use this Xbox days
@@goldengamer8427 Don't ya just fucking love DRM and scummy tech practices?
Well, they wouldn't have to write more code that way. If you want to reinstall normal Windows 10 it's the same tool anyway
To “upgrade”.
it's still in use today, I used it to upgrade Windows 10 21H2 to 22H2. Windows 10 update assistant
If we take the inverse of the steps, it means any version of Win10 can be effectively bricked into S Mode. This can be done by a bad actor (ransomware etc.) or Microsoft themselves (because you wanted to change the default browser to Firefox etc.). What a tragic thought.
Yeah, I've seen that happening in malware
Anti competiton laws will prevent them from doing that in cas eof browser change
That's what I thought too
@@tezcanaslan2877 Browser change wasn't the point. The real point is that Microsoft has a relatively easy way of bricking your system at a wince.
Since when is microsoft not a bad actor?
truly fascinating what Windows became. this decades-old spaghetti monster is so big, clunky and overcomplicated it feels like a world of its own that still contains some undiscovered 10 years old code waiting to be activated, sitting there as a relic from a different time.
they'll try and simplify the whole thing for a home release at some point and it'll go completely tits up itanium styles
the inconsistency is part of it's beauty
Microsoft developers sweat when this man uploads
nah they don't care
@@namesurname4666 found the Microsoft developer
@@clard mircosoft developer calls out mircosoft developer for claiming "they don't care" (real)
@@_c2 Found the microsoft developer
@@EdyAlbertoMSGT3 real
If i wasn’t convinced enderman plays geometry dash from his previous videos, i am now
LOL
@JoBo Gamer i actually didn’t
same lmao
lmao he showed his desktop in 1 of his videos and there was geometry dash
fr bro just gets limbo in the first 5 secs
I've always been fascinated with Windows S Mode. Glad that you made a video hacking it!
This sounds an awful lot like a reincarnation of Windows Starter Edition
A version of the OS that no one uses because its target audience doesn’t give a shit
At least Starter let you run any program. It only had a limit of how many you could open at the same time.
S mode is one of the most limited modes I have ever seen. It is more worth it to buy a device that is not in S mode than a device in S mode. I am glad that Enderman found another way to hack windows.
There's no reason not to buy S version PCs, since you can easily disable S mode and get fully functional normal 10/11 install. Not hacking, but through the Settings app ;)
dude you say that as if you can't switch out of s mode with a few clicks
@@Yamzee Most PC and laptops that has S mode in it are mostly bought by school and educational institute in very large amount. The S mode restriction makes the parental control much easier (such as restrict the access permission to Microsoft Store and system settings for all students laptop in one click by school administrator).
If you are buying the stand alone PC or laptop that has S mode by yourself from marketplace, yes, you can still easily switch out of S mode, as it doesn't belong to any school/educational institute
…and it congratulates you when you can (but shouldn’t) install 10 S. AmAzInG (read: pathetic) irony, microsoft. We all lOvE (read: hate) you microsoft. Your name doesn’t deserve to be capitalized, you pathetic abomination of a monopolo-capitalist company.
You do know you can switch out of s mode for free on the settings
Fun fact: The first music in the vid "isolation by nh22 (limbo remix)" came from a geometry dash level called LIMBO which is the #11 hardest demon (as of now) being verified by a ytuber called bgram, it took him two years to verify. From that level, the music was remixed.
Ye ikr
This is incredible, well done. I liked the whole trial and error segments
They put more effort into enforcing S Mode than thinking about if it was even a good idea in the first place
😂😂
Having windows S often gets you stuck in a limbo, i often get bloodlust because of how angry i get, it will be a slaughterhouse, i might fly out of this atmosphere and get sent to taratus, it will be a bloodbath, it’ll be very silent.
gd references are here
a
Limbo at the beginning of the video is a Masterpiece
Also bloodbath song at the end
Now do the inverse and turn someone's computer into S mode 😈
Yes
well then just add the policies to the required locations and become the villain
malware that turns your computer into s mode
@@infradragonWHY WOULD YOU SAY THAT
Group Policy Nazi
i love how it says for security *and performance* but the OS itself isnt optimized
Be it optimised or not, you can't even run games or other MS untrusted exes!
@@slimealvin8538 i know but i meant non s mode
Oh, you meant that windows 10 itself is not optimised. That is correct.
@@slimealvin8538 you can run stuff like minecraft that’s at microsoft store
I mean, it's more optimized than 11, that's for sure :P
Woah, this new video is crazy. Good job Enderman. And yea it would be a fun thing to release this version
Oh hey, this looks great for getting back in track.
He's been on track but whatever
i see what you did there...
I've found in old Windows XP that 'shutdown -r -f -t 0' can bypass Windows File Protection when attempting to replace a system file. Note the -f, forced restart.
Apparently triggering that with the force option puts the system into shutdown mode before the Windows File Protection can even kick in.
I have no idea how much this may or may not apply to newer versions of Windows, but I figured I'd share...
Edit: That 'shutdown -r -f -t 0' should be run from a batch file, like immediately after whatever system file you've tried to replace. It's a timing sensitive hack, the quicker the system is forced to shut down or restart, the more likely it'll work.
gonna try this out
@@AppleHacks96Stars Good luck 🤞
Advice: You'll still need to secure permissions to system files first, that's on you. Then rename the backup copy in dllcache, then rename the original file in system32 or wherever, then copy your modded file over in place, then force restart...
New Windows straight up doesn't care about file replacement, unless you manually tell it to scan files for integrity.
Wow, nice idea! When i tried the installer in Windows 10 1709 It worked just fine. I was pretty sure that in ur video it was the Windows 10 version problem.
Props for breaking Windows S mode's restrictions!
I wonder if someone (some employer, OEM, etc) still uses S mode...
Probably not they might just use system admin stuff or lockdown stuff depending on what they want
I believe that the HP Stream actually comes in Windows 11 S Mode nowadays
if its limbo, FOCUS
I see what he means by he's getting more active
Love him ❤
Thanks you a lot ! I've actually wanted to do this myself by downloading a Windows 11 S recovery media from a Surface Book. If the task manager could run as usual this means that .exe was still allowed !
0:18 LIMBO
Неплохой квест ты себе придумал конечно, об этой версии винды и вовсе впервые слышу, хотя всяких MJD и прочих obsolete блоггеров смотрю постоянно. Продолжай радовать контентом!
Ага,вот на что люди готовы ради интересного контента
I love Michael MJD.
0:08 limbo moment
first music seems to be... a limbo ref?? lol
(ps:you have done a good choice putting this music 😉☝️)
Jesus Christ, the sheer amount of Windows knowledge required to understand and go through all that ! I tip my hat
Wow you know it’s poorly made when you have to bank the image from its installer
I love your website because it always takes me ages to find a iso that isnt stuck with some crappy virus website and it doesn't take long to download.
Oh a very nice video!
You should take a look on Windows RT :D
this would be an epic troll, to put into some "mal"ware, and set it wild
it's not exactly a cryptolocker, it's all 100% microsoft-certified, it just makes it REALLY damn hard to do anything or remove it, although all your data is intact
it'd be the epitome of troll malware, it doesn't cause real harm, but it annoys the hell out of everyone, and even the most senior administrator would probably have a pretty hard time dealing with it, short of just backing up the data and reinstalling the OS
Now I wonder what happens if u update it after doing this? Good vid 👍
Hey Enderman, did you play Geometry Dash? I ask cuz the songs you put in the videos has been known by GD. Good video bro:)
Your vids are sooo good you are a very underrated channel. keep up the good work.
@@PlanetYt27272 it was just a complement in my opinion let me speak freely without people like you ruining it... my point was it was a good vid ok. at least i can post a comment thats productive and not insulting.
My god Limbo, Forsaken Neon, Just lay and out, deception dive, and Aftercatabath song all in XD
aftercatabath? dym at the speed of light?
aftercatabath song💀
both the dimrain songs were used in a previous video
Now Windows 10 S is literally just Windows 10 Home but a different edition. Nice video!
Nope
I absolutely love watching computer things that take me an year to understand what is actually happening especially from your channel
Moreover, gotta love all the gd songs lmao
The actual name for S Mode should be "You Will Own Nothing And You Will Be Happy"
WEF= WTF
"I don't play gd" - Enderman ur using the limbo isolation remix
The part when the Windows keys went all across the screen and you had to figure out which one was the right one was the best part (Geometry Dash reference)
When?
It's a reference to a game
It's a reference to LIMBO right?
yeah@@luis64_gamer46
Very interesting, you're very creative to come up with these.
Cool video! I want to see you hack Windows XP Starter Edition!
Great video! Now, although it took some digging and effort to hack this S mode, it was doable. Now even Windows S is not really safe from any hacker or even a computer nerd. Now compare it to Linux security with a root account. It is almost impossible to break into the system without the root password. Granted, there are exploits and you can remote excute commands especially on a Internet Linux server and send spam, make a zombie with that Linux box, but you will not break the root security unless you crack the root password. I run my Linux server since 2006 on the same not updated system and despite a few remote code executions via PHP exploit of the web server, nobody every broke into that box and altered the operating system. The only thing I ever upgraded over 17 years was virus scanner and PHP. This is how unbreakable Slackware Linux is. No wonder 60% of the Internet servers run Linux and not Windows.
Yeah yeah yeah and these 'super' linux never get hacked? Just read the news kid. Linux fanboy are all the same they don't understand windows and they make ignorant remark about it.
@@HwSystems Don't call me names. Why so triggered? I was programming in Basic back in '84 when you were not even born. And yes, my Linux box was never hacked for 16 years. How is that for a fact?
0:55 funny that you mention apple, considering that their version of MS’s S mode (which is just a simple switch in the settings) can be easily overwritten with a right click.
What they do on iOS though...
Nice, this reminds me of "Windows Editions Reconstruction Project" thread on My Digital Life forums.
I love how the soundtrack for your videos is mainly music from GD levels
This is frankly impressive dude
One of the best videos I've seen
great job enderman
We need videos with voice ma buddy, so we can listen to it while doing something lol, btw, awesome video :)
I was butterfly clicking for the whole video bc the songs were so exciting. Also cool video. ADHD paradise.
Limbo song in bg
THE BEST PART IS THE FACT THAT ITS THE REMIX THAT WAS MADE SPECIFICALLY FOR LIMBO💀
Вот это я понимаю вовлечение в свою работу - как только не насиловал, но своего добился!
Материал очень интересный и познавательный, благодарю за видео и желаю всего хорошего!
11:33 I absolutely love the fact that to assign drive letters you have to type ass. 😂
yo i like that he continously uploads :D
I suppose you wouldn't be able to do this on a Surface though, since I'm pretty sure it has force enabeld Secure Boot and one of the certificates is in the EFI folder. Imagine paying a thousand dollars for a laptop only for it to not be able to run .exe files
When a used thinkpad can do more things, then a ~$1,200 micro$oft laptop
You can jailbreak it
Modify a binary. Propably something is not signed correctly.
you kinda are so good at commands and more... like a developer... you really deserve this
deserve what?
You don't need to be a developer to know how to use the terminal
@@zeenxdownz the torment of using windows S
@@Archimedes.5000 using Windows 10 1507's Microsoft edge*
@@SomeRandomPiggo But the way that he knows what do to and get new ideas is something diffrent.
i watched it full focus although i don't understand a little thing about details of dos. best video i've ever seen about pc
bro's getting sued. Great work btw, you're my favourite youtuber as always!
Hey Enderman, I have a idea. Making an Windows based OS that just launches a program and that's it, and you cant do anything else. We will use Windows PE For this process, I have tried so many times but i get the same error or just bigger errors and i don't have enough brain for it. This is how i imagined: Windows PE Launches from ISO/any boot-able Source, Installs necessary files as like system32 and the libraries, Installs some drivers for the program to run at all, Restarts. Launches the Program and that's it. Could please do a topic on This?
someone made an entire os that just runs tetris
Permissions looks like mobile OSes, you are forced to use only "user" permissions, no "admin" permissions
epic video, seeing enderman break windows in ways never seen befpre never fails to amaze me. (also HOLY SHIT LIMBO)
Great video as always. Wouldn't see any sane person using S mode.
Since the music is mostly gd, I would like to ask on how long have you been playing the game, Also if you're a creator or a player?
i occasionally play it, check out my second channel, I beat Larga Espera like 2 weeks ago
@@Endermanch like this song is limbo
@@Endermanch i see, thanks for the answer
@@simulationfootball all the songs used as gd levels
limbo, forsaken neon, epsilon, deception dive, bloodbath
Yes mercury, safe, stable and reliable. If you encounter any problems, please feel free to contact us.
This is really good! Keep up the work!
Hmm. But is there any way to do this on a fully installed Windows 10S system? You should be able to delete files and modify the registry offline if you can get it to boot from something other than the hard drive.
Mannn this is a banger love the music man how did u get it?
Geometry dash specifically newgrounds
One of the best ones yet
So to clarify, is it enough to just delete *.p7b files or would I also need to apply some of your previous steps, like the SkuPolicyRequired and/or VerifiedAndReputablePolicyState registry keys?
Average person: nice music dude
GD players: L I M B O
*yes*
bloodbath, forsaken neon too
you missclick and buy Windows S, But Enderman found a way to bypass it, that's nice to see it, so useful if someone buy that version
Great job! Now can you do Windows 11 on Windows 7 on Windows XP on Windows Longhorn?
the fact s mode even exists is eerie
I disabled S mode on my device as S mode disabled like 90% apps except of Dropbox 💀
@@TheGooodGMD fr💀
Making malware that turns win10 in win10 s would be interesting project
that's impressive dude, nice video
bro you always choose the best songs W you bro
if you want, you could add environment variables for applications to open things like cmd so you don't have to get the path.
Just type Win + R and cmd
@@miniprod he did and it didnt even work pre-windeploy
FOCUS GUYS 🗿🗿🥶🥶🔥🔥🔥🔥
cool to see LIMBO SONG HERE
edit: peer gynt as well very nice
EDIT #2: AND AT THE SPEED OF LIGHT DOES ENDERMAN PLAY GEOMETRY DASH AM I MISSING SOMETHING
aside from geometry dash music
very cool video :D
your music choice is a massive W
Nighthawk - Isolation (Official LIMBO Remix)
bloodbath flashbacks 14:05
will this work on win10 latest versions though🤔
Lot of mucking about when you can do it in a few clicks and a couple of minutes.
Windows 11 - open Settings > System > Activation. In the Switch to Windows 11 Pro section, select Go to the Store. (If you also see an "Upgrade your edition of Windows" section, be careful not to click the "Go to the Store" link that appears there). On the Switch out of S mode (or similar) page that appears in the Microsoft Store, select the Get button. After you see a confirmation message on the page, you'll be able to install apps from outside of the Microsoft Store.
Windows 10 - open Settings > Update & Security > Activation. In the Switch to Windows 10 Home or Switch to Windows 10 Pro section, select Go to the Store. (If you also see an "Upgrade your edition of Windows" section, be careful not to click the "Go to the Store" link that appears there).
On the Switch out of S mode (or similar) page that appears in the Microsoft Store, select the Get button. After you see a confirmation message on the page, you'll be able to install apps from outside of the Microsoft Store.
You definetly need to release this!
In the future we need to jailbreak our computers.
Enderman actually knows about GD and used Limbo Remix! 😲
limbo!!!!
the key part is the best part of music but not the best of the level 💀
He used to have GD in his old videos
@@TheGooodGMD also on his second channel
@@CrazycatASG ik
bro... you used isolation remix in this video? phenomenal taste in music!
You know Enderman's about to do something when the video starts with the official Limbo remix of Isolation
FOCUS
Alot
Could you even use basic tools like a Notepad or Paint in the S mode?
Yeah! You can run most Microsoft signed apps. Pretty much any default or Microsoft Store app that isn’t for administration of Windows (cmd prompt, regedit, etc.)
3:08
Normal people: vibing
Geometry Dash community: *FOCUS*
props for putting gd song at the end (Dimrain47 - At the speed of light)