none
WEC7 - Default System Password RRS feed

  • Question

  • Hello,

    I have created an app based on the StartUI example, to create a kiosk mode for the WEC7 Operating System. I am able to authenticate a user using CheckPassword.

    My question is, how can I build my Operating System with a non NULL password at first boot ?

    Thanks a lot for your help !


    Maxime T. Embedded System Engineer

    Tuesday, March 24, 2020 5:44 PM

Answers

  • Hello,

    It is a complete mistery to me.
    Now I have another file : System.mky

    I set the system password on a device, copied the root.mky and System.mky, embedded these two files into a version of the OS using a .bib file and a .dat file and flashed this OS to another device. The files are inside the device, binary identical to the files I picked on the original device but the password is not defined in the new device.

    I must be doing something wrong. I have one last idea which is to save the Seed in addition to the root.mky and System.mky. Whereas, I do not have the courage to try it.

    Instead I used another idea. I created a small application which sets the password and reboot the device. This executable is embedded into the OS using a .bib file and placed into the /Windows/StartUp folder using a .dat file.
    This way, the first time the device boots, the small executable sets the password shortly after boot.

    Thanks for the help.


    Maxime T. Embedded System Engineer

    • Marked as answer by Maxime TOR Tuesday, April 7, 2020 2:59 PM
    Tuesday, April 7, 2020 2:59 PM

All replies

  • You need to enable MasterKeysInRegistry. Capture the registry before setting the password, then set the password and capture the registry again to see the differences. Store the differences in your platform.reg (or OSDesign.reg) and build your kernel.

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: https://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    NXP Gold Partner
    https://guruce.com
    Consultancy, training and development services.

    Interested in WEC on i.MX6?
    Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

    Tuesday, March 24, 2020 11:09 PM
    Moderator
  • Hello,

    Thanks for your tip.

    After setting the value "MasterKeysInRegistry" inside the key HKEY_LOCAL_MACHINE\init\BootVars, I dumped the registry. Then I set the password, reboot and dumped again the registry.<code data-author-content=" [HKEY_LOCAL_MACHINE\init\BootVars] "MasterKeysInRegistry?=dword:1 ?>

    I only see a difference inside the key HKEY_LOCAL_MACHINE\Comm\Security\Crypto. The value "Seed" is different. The problem is that this value change at every reboot apparently. Do you have any idea where could I be wrong ?<code data-author-content=" [HKEY_LOCAL_MACHINE\init\BootVars] "MasterKeysInRegistry?=dword:1 ?>

    Thanks a lot for you help.


    Maxime T. Embedded System Engineer

    Wednesday, March 25, 2020 4:01 PM
  • Did you put the HKLM\Init\Bootvars key in between ;HIVE BOOT SECTION tags?

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: https://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    NXP Gold Partner
    https://guruce.com
    Consultancy, training and development services.

    Interested in WEC on i.MX6?
    Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

    Wednesday, March 25, 2020 9:41 PM
    Moderator
  • Hello,

    My inside my OSDesign.reg contains this :

    ; HIVE BOOT SECTION
    [HKEY_LOCAL_MACHINE\init\BootVars]
     "MasterKeysInRegistry"=dword:1
    ; END HIVE BOOT SECTION

    My init\BootVars key looks like this after building the OS :

    [HKEY_LOCAL_MACHINE\init\BootVars]
    "KTzBias"=hex:01,00,00,00,2C,01,00,00,F0,00,00,00
    "BootFSMountFolder"="\"
    "SYSTEMHIVE"="Documents and Settings\system.hv"
    "PROFILEDIR"="Documents and Settings"
    "Flags"=dword:00000003
    "RegistryFlags"=dword:00000001
    "DefaultUser"="root"
    "MasterKeysInRegistry"=dword:00000001

    I guess it is saved somewhere else than inside the "\Windows\Keys\root.mky" because if I delete this file and reboot, the device still prompt for the system's password and my password is still valid.
    Can it be stored elsewhere inside the \Windows folder ?

    Maxime T. Embedded System Engineer

    Thursday, March 26, 2020 11:07 AM
  • With this value set, the password should be stored inside the registry (and not any more in Keys folder).

    Did you dump the entire registry before and after setting the password? No difference other than the seed value?

    I really thought the MasterKeysInRegistry also affects the storage location of the password, but maybe not...

    In that case, it will be somewhere on permanent storage, and you will have to find it. I doubt you can then import this and make it work on each and every device, simply because the seed value will be different (and the password need this exact seed value to be checked against the password hash entered).


    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: https://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    NXP Gold Partner
    https://guruce.com
    Consultancy, training and development services.

    Interested in WEC on i.MX6?
    Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

    Friday, March 27, 2020 2:43 AM
    Moderator
  • Hello,

    Yes, I did dumped the registry before and after seting the password. I can provide the *.reg if you want to have a look.

    I dumped the registry using the Remote Registry. Do you think it is possible windows hides a part of the registry which would explain why I can not see the difference ?

    Thanks again for your help !


    Maxime T. Embedded System Engineer

    Friday, March 27, 2020 10:14 AM
  • Did you check for any extra file in your \Windows or \Document & Settings folder?

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: https://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    NXP Gold Partner
    https://guruce.com
    Consultancy, training and development services.

    Interested in WEC on i.MX6?
    Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

    Monday, March 30, 2020 11:21 AM
    Moderator
  • Hello,

    I did check inside Documents and Settings and Windows. No new file.

    So my next idea has been to use the FileSystemFilter to see which file is accessed when setting the password. If it is *.hv then I know it is inside the registry and else, I would know where the password is saved.

    The result is, there is only one CreateFile, done on "root.mky" when saving the password.

    Greetings,


    Maxime T. Embedded System Engineer


    • Edited by Maxime TOR Wednesday, April 1, 2020 10:45 AM Mistake
    Wednesday, April 1, 2020 10:42 AM
  • As I expected. This is the root masterkey file. So, if you copy that file from one device to the other, does it work with the password? If so, you should be able to include this in your kernel, then use a copy command in .dat to get this file in the right location.

    Not sure if that all works, but it's worth a try.


    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: https://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    NXP Gold Partner
    https://guruce.com
    Consultancy, training and development services.

    Interested in WEC on i.MX6?
    Get the only 100% stable and best performing i.MX6 BSP for WEC7 and WEC2013 here: https://guruce.com/imx6

    Friday, April 3, 2020 3:41 AM
    Moderator
  • Hello,

    It is a complete mistery to me.
    Now I have another file : System.mky

    I set the system password on a device, copied the root.mky and System.mky, embedded these two files into a version of the OS using a .bib file and a .dat file and flashed this OS to another device. The files are inside the device, binary identical to the files I picked on the original device but the password is not defined in the new device.

    I must be doing something wrong. I have one last idea which is to save the Seed in addition to the root.mky and System.mky. Whereas, I do not have the courage to try it.

    Instead I used another idea. I created a small application which sets the password and reboot the device. This executable is embedded into the OS using a .bib file and placed into the /Windows/StartUp folder using a .dat file.
    This way, the first time the device boots, the small executable sets the password shortly after boot.

    Thanks for the help.


    Maxime T. Embedded System Engineer

    • Marked as answer by Maxime TOR Tuesday, April 7, 2020 2:59 PM
    Tuesday, April 7, 2020 2:59 PM