Thursday, 9 April 2020

How to UEFI64 Secure Boot to Kon-Boot and break into a Windows account without needing a password


The good thing about Kon-Boot is that is does not change any files on the target system disk - it is all done in memory.

However, the current Kon-Boot licensing system restricts you  into making licensed bootable USB Flash drive of only 16GB or less. This means that we cannot simply add the EFI boot files to a large 128GB Easy2Boot+agFM USB drive because the Kon-Boot EFI boot file is locked to the particular  <16GB USB drive that it is originally licensed to on first installation.

This 16GB limitation is apparently applied because some BIOSes will not successfully MBR-boot to grub4dos if the USB drive capacity is larger than 16GB. This was true on some very old systems about 20 years ago, but AFAIK, it is not required for systems that are in service today. So the limitation makes no practical sense to me, except to prevent more sales of Kon-Boot licences so that it can be installed onto larger USB drives including large Easy2Boot USB Flash drives and USB hard-disk drives! In fact, what is more important, is that they should create a second Primary partition on the USB drive because there are still systems about which require this for MBR\Legacy booting!

Since Kon-Boot v2.7 one purchased license allows user to install on one and only one selected USB pendrive. Meaning the newest version will be installed only on this one selected USB pendrive (newest Kon-Boot files will be generated only for this device and they will not be visible in the installation package). For usability purposes, older versions of Kon-Boot will be allowed to be installed on a separate USB pendrive.
In short the BIOS part version can be older, the UEFI kon-boot part gets updated and locked to the USB drive on installation.

Kon-Boot does not, per se, support Secure Boot...

However, we can make a 16GB  E2B+agFM USB Flash drive which can Secure Boot and break into Windows without needing a user password (as long as they don't use a Domain account and have USB Booting enabled in the BIOS settings).

I have included full details of how to make a Secure Boot version of Kon-Boot on an E2B+agFM USB drive in version 1.4 of eBook #4. So just use your confirmation email link to download the new version of the PDF.


Tip: You know it has worked if it takes 1-2 minutes to boot to Windows after this message!

If it boots very quickly then it hasn't worked (check there were no error messages displayed).

If you get a red 'Guru meditation' text screen, then you are not using the correct USB drive that you originally licensed - see FAQ.

P.S. I find that using a hacked Windows system can sometimes cause security issues with some apps and browsers, etc. So whether I use Kon-Boot or the UtilMan XML hack in Easy2Boot, once I get into Windows the first thing I do is make a new Admin account and then reboot (and undo any hack if required). I then have full admin access on an unhacked (unmodified) Windows system. The new Admin account can be removed after I have finished fixing the system or retrieving files, etc.

No comments:

Post a comment