Home > Information > Forum > Show Topic
Show thread topic
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Syskey

aliceklaar, 17:01:11 09.06.2015 Rating: 0 #1

Reset Syskey  

Hi,
I have read and understand the your & MS warning about reset syskey.

Your software is intended to remove syskey (as a last resort) so a user can gain access to his (non EFS) files - Yes?

Ok. I remove syskey and backup user files.

So - Does the user need to re install windows afterwards or is the operating system not damaged by removing syskey?

MS say " restore the users original login password then everything should work normally".

When I try, something in DPAPI appears damaged / broken as cannot connect to any WPA / WPA2 network.
I can connect to any OPEN network.
I can access EFS files.

Alice

 
Passcape_Admin, 21:06:36 09.06.2015 Rating: 0 #2

RE: Reset Syskey  

Hi,
To understand it, imagine that the SYSKEY generates the initial encryption key. The key is then used to encrypt user/system sensitive information. That is EFS, DPAPI, certificates, browser passwords, network connections, logon credentials, etc. So without the the initial encryption key you will not be able to decrypt the information. After you reset the SYSKEY, even though you will be able to logon into your account with empty password (because all logon passwords will be zeroed as well), you will have no access to your WPA passwords, for example.

Note that you can also reset the SYSKEY using Windows' syskey.exe utility. But you should logon first. In that case, the old initial encryption key is known to Windows, thus it actually reencrypts it but not resets. And a user should have no problem with his/her old password.

What happens when a scammer switches syskey type to SYSKEY startup password? Being logged in, the old SYSKEY is known to the scammer. When he puts a command to switch to SYSKEY startup password, Windows REENCRYPTS the syskey using a new password (supplied by the scammer). So the only way to get back your information (passwords, certificates, efs, etc.) is to guess the password he set and reencrypt it back. If the program fails to guess the SYSKEY startup password, SYSKEY reset should be considered as a last resort to logon the system (even though with no access to your old stuff).
 
 
aliceklaar, 12:09:58 10.06.2015 Rating: 0 #3

No Subject  

Thank you for the explanation above.

Sorry, but I need to ask some more questions to make sure I understand

- If I cannot guess a scammer password or find it with brute force / word list attack then I must reset Syskey.
So now I have no access to any of these previously saved EFS, DPAPI, certificates, browser passwords, network connections, logon credentials, etc Yes? But I can access any non EFS protected user files on the system ?
Ok I understand that part.

Should I be able to create a new WIFI connection to a WPA protected access point in the workshop?
I have tried many times Vista, W7, W8.x but cannot connect. I have tried with different AP but only connects to OPEN network.

Is it because
" imagine that the SYSKEY generates the initial encryption key. The key is then used to encrypt user/system sensitive information"

So if you reset the Syskey you cannot ADD or CREATE any new (certificates, browser passwords, network connection, WPA) user/system sensitive information on the system because the original "system data storage things" are encrypted by the initial encryption key which is unknown ? Yes?

It seems to be that I can reset syskey, get back my user files but will need to reinstall Windows.
If that is correct then that is okay with me. At least I have my files back.

Thanks for you patience

Alice
 
Passcape_Admin, 14:47:43 10.06.2015 Rating: 0 #4

RE: Reset Syskey  

When you reset the SYSKEY (zeroing it out, to be more correct), all you get is new initial encryption key (new SYSKEY). 
The system just will be using the new key when creating a new wireless connection, for example. So you can add new passwords, connections, etc.
They will be encrypted with the new syskey, nothing more. Even though you will have no access to your old connections, passwords etc., you should be able to create new ones.

SYSKEY does not affect your regular files (unless they are encrypted using EFS).

Resetting the SYSKEY this way is not recommended though. You should do your best to figure out the original SYSKEY startup password when a
scammer set it or when you ocassionally forgot it.
 
aliceklaar, 15:18:57 10.06.2015 Rating: 0 #5

Re: Reset Syskey  

Thank you for taking the time to explain how it works.
I guess I am doing something wrong. I will have another try.

Alice

 
Passcape_Admin, 15:54:28 10.06.2015 Rating: 0 #6

RE: Reset Syskey  

No problem.
 
Entries 1 to 6 from 6  [ <<  1  >> ]