40 comments on “PassPass

  1. results of test on my PC with 3 partitions containing
    W-XP – W-7 (x32), W-8 (x64)
    Testing PassPass

    hashes SHA-1 using HashTab

    XP SP3 original DLL
    5.1.2600.5876 (xpsp_sp3_gdr.090909-1234)

    W 7 SP1 x32 original DLL
    6.1.7601.17514 (win7sp1_rtm.101119-1850)

    W 8 x64 original DLL
    6.2.9200.16384 (win8_rtm.120725-1247)

    xp SP3 patched dll

    W 7 SP1 x32 patched dll

    W 8 x64 patched dll ??

    XP SP3 unpatched dll

    W 7 SP1 x32 unpatched dll

    patch did not work on Win 8 Pro (x64)
    (password still required and no change in hash

    unpatch worked for W-XP and W-7 SP1 (x32)
    Hash returned to same as original version

    grub4dos 0.45c 2013-05-16


  2. Hi Michael,

    Your observations are as expected. We have already noticed that Win 8 requires a special treatment. Allow us to take some time to incorporate patch for Win 8. I’ll revert back.

  3. Hi Thank you for the update

    Windows 8 Pro (x64) (upgrade version)

    original MD5

    unpatched by passpass 1.1 MD5

    patched by passpass 1.1 MD5

    The Patch worked and unpatch restored file to original state

    One suggestion can you show path to msv1-0.dll when selecting which Windows to patch
    eg MiniNT or Windows if you have both on one drive you do not know which one to patch ( I tried both)
    (I have Windows XP and BartPE on same partition, both are recognised as Windows XP)

  4. Hi Michael,

    Thank for the feedback. What’s the version of the DLL for Win 8 Pro(64)?

    Isn’t HD partition and directory being shown presently in OS selection list? e.g.(hd1, 2)/WINDOWS

  5. the version of msv1-0.dll is 6.2.9200.16384 (win8_rtm.120725-1247)
    (same Windows 8 x64 as previously mentioned)

    Menu entry created on my PC

    Windows XP at (hd1,0)
    Windows XP at (hd1,0)
    Windows 7 or Server 2008R2 at (hd1,1)
    Windows 8 or server 2012 at (hd2,2)

    the first 2 entries are the same
    one is real Windows XP in C:\Windows
    the other is BartPE in C:\MiniNT

    most users will not have so many operating systems
    thanks for a very usefull utility

    I would have used P.Nordahl’s Offline PassWord Editor when doing a PC repair without the users password

  6. Hi Michael,

    From the menu you have posted, I understood the problem. Don’t worry. In the next version, Windows directory will also be added to help distinguish multiple installations on the same partition.

  7. Menu now shows

    Windows XP at (hd1,0)minint
    Windows XP at (hd1,0)Windows
    Windows 7 or Server 2008R2 at (hd1,1)Windows
    Windows 8 or server 2012 at (hd2,2)Windows

    So I know to ignore first entry for BartPE in minint

    this deals with my request
    thank you

  8. This tool is cool.
    I installed version 1.4 to pendrive.
    Runs good in Win 7 x32 Ult/Premium , Win 7 Premium x64.
    And I’m sure i used in Vista Premium x64.
    But ,incredibly, in a Vista Basic x32 OEM PC – say that msv1-0.dll is already patched.Of course, I used other tool to bypass password.
    But ,this can be an isolated case?
    Thanks for take some time .

  9. I made the USB pendrive with RMPrepUSB latest version, use E2B and use PassPass 1.4 from RMPrepUSB page(not v1.1 and not the paspass special version for E2B).

    This 1.4 version comes with the wenv file.
    Maybe I mixed somnething.But for Win 7 x32/x64 and Vista x64/Vista Premium x32 worked fine.
    Just curious why this PC OEM with Vista Basic x32 said that msv1-0.dll is already patched.
    And ,thanks for your response.

  10. @Elfern Rivers

    PassPass searches for known binary pattern(s) representing CMP instruction comparing MsvpPasswordValidate() method’s output. This method, as you might be knowning, is contained in msv1_0.dll, MS authentication library. The “other tool” (as you mentioned in your first post) which you have used to bypass the password for Vista Basic x32 OEM PC may have used the same trick. If PassPass fails to find the known pattern for specific DLL version, it infers that the DLL is already patched.

    Also, I’d like to ask you whether original PassPass v1.1 (NOT the one forked by Steve, i.e. PassPass v14 as listed on Steve’s webpage (72a)) also displays the same message? I checked that I uploaded PassPass v1.1 on July 6, 2013 where as Steve’s version is there on his page since December 10, 2013. He may have some other modifications which I am not aware of.

  11. I just used the December 1.4 version.
    Use RMPrepUSB.E2B,then copy passpass 1.4.
    I works at a little computer repair center.This pendrive I did in early January . And works good until this one case.
    The computer was picked up.
    Concerning your 1.1 version, I tested in 7 x64(Premium)-7 x32(Ult), Vista x64(Premium) and woks good.
    If I had a change ,and another pendrive,I will retest your version with some computers.
    This tools makes dealing with passswords , so easy.

  12. PassPass seems to work in the similar way with Kon-Boot. They both works by changing the Windows kernel while booting and allows to login with any password. Personally I prefer to use PCUnlocker Live CD as it’s more stable.

  13. @Timo

    I do agree that it works on the same principle as that of Kon-Boot. But what really makes the difference is more legal/ethical than technical. Kon-Boot carries the patched DLLs as payloads, violating Microsoft EULA.

    PassPass identifies and patches offset dynamically by recognizing patterns. It makes it a little bit more robust to work with even versions of DLLs not tested prior to make it available to public.

  14. PassPass v1.2 with added support for Windows 8.1, both 32-bit and 64 bit (Credit to Steve for the patch supplied) has been published.

    This version includes a floppy image for a quick testing (to be mounted by Imdisk or other similar tools) for those who want to gain confidence by trying it out on virtual machine before applying patch to live system.

  15. Pingback: WP_Filebase plugin breaks after migrating Wordpress [on hold] - HelpDesk

  16. Thanks for sharing your work! My problem is booting a Win 8.1 x64 UEFI system. I’ve been unable to get PassPass to run from my RMPrepp’ed USB. The system boots from the USB, but PassPass is not on the menu. Perhaps I’m doing something wrong. At the moment, I’m running in VMware and can’t get into the UEFI to change it to legacy mode.

  17. Thanks. I built a Win 8.1 UEFI USB boot stick, added PEPassPass, and ran it from the command line. I’m afraid that I didn’t have any luck. My target system uses the Windows Live logon, and that requires a password, so you cannot just remove or blank the password. Perhaps that’s an issue for PEPassPass. When I can use the legacy BIOS, I have a boot tool that can change that password to one of my choosing.

  18. Thanks. My problem is that I can’t get into the EUFI setup to enable Legacy/BIOS. None of the reported F keys, Esc, or Del work. That’s why I used PEPassPass in PE mode. The system is a HP P7-1235. I am booting a dd image of the system in VMware 10.

    • In your seconds last comment, I missed the fact that you are using Windows Live Login in Windows 8.1. PassPass works with local accounts only. As you have told that you have some ‘boot tool’ which change it to your preferred password provided the system boots in BIOS mode, are you sure that the tool works with Windows Live Login accounts, too?

  19. Yes. I use Passcape’s Reset Windows Password. It can change the password instead of just removing it, which won’t work in Windows Live logon. In VMware, I can add the target disk to a legacy BIOS VM and boot to Reset Windows Password. I change the password to something like 123. At the moment, RWP does not support EUFI boot. Workaround is easy in VMware. Method is in in my blog.

  20. Sorry, I don’t understand your last question. To be clear, the tool that I mentioned can change the Windows Live Login password to any password that I choose. Therefore, I can use that password to log on to the local system.

    • As you told that your blog says some workaround to use RWP on UEFI system, I linked a post (the word ‘post’ in my last comment was hyperlinked which you didn’t realize probably) from your (possibly it’s the same Jimmy) blog.

    • And after changing/resetting Windows Live ID login password,what happens with the email account password?

      My experience is that after changing/resetting Windows Live ID logon password, also email account password is changed ,Therefore , you have to reset email password via site login and request for password reset.

  21. Elfern, that is correct AFAIK. However, I do this type of work in virtual machines, so I don’t care about the email password. The password on the actual system (and email account) is not changed.

  22. I just wanted to share some info.
    Also, Lazesoft Suite can do that, and is UEFI,
    You must , already know, that PCUnlocker also do that, and is UEFI.
    Really bad that Passcape doesn’t get into UEFI.
    I sent an email some time before, and the answer was they are working on it.

    PassPass is a very good tool.

  23. Thanks, that’s good to know. As long as a tool will change, and not delete, the MS account password, it should work. UEFI isn’t really essential, as you always can set the system to boot to legacy mode BIOS and use any boot medium. Them just switch back to UEFI. Passcape should release its UEFI version very soon.

  24. Tip: If you have problems when changing a user account password once you have gained access using PassPass, simply create a new Administrator account in Control Panel – Users and don’t set a password for it. Then log-out and log-in as the new user. You can then change/remove passwords from any user account.
    When finished, you can delete the new user account and then restore the patched DLL.

  25. Thank you sir, It is really helpful.
    passpass is the best “windows password bypasser” I have ever come across.
    Besides you are genuine.

Leave a Reply