πŸ“¦ Discord Forum Backup
🏠 » NullSyntax » GDrv.sys (Gigabyte) Signed Vulnerable Driver

GDrv.sys (Gigabyte) Signed Vulnerable Driver

πŸ’¬ 35 mensagens
πŸ“‹ Como funciona o download:
  1. FLY 2026-06-12 21:40:56
    **SHA-256** `a71c1aa13d7a1a9b55f07a09ad1e41ceb997f4369b8260e0eef49257f040a9c1` **Device** `\\.\GIOV3` **Publisher** `GIGA-BYTE Technology Co., Ltd.` **Status** Still loads on systems with HVCI, VBS, and Microsoft Vulnerable Driver Blocklist enabled. ### Capabilities **Physical Memory Access** * `0xC3502000` (`sub_140008C14`) β€” Physical memory read via `MmMapIoSpace` (**no authentication**) * `0xC3502014` (`sub_140002198`) β€” Physical memory read (64-bit variant) (**no authentication**) * `0xC350200C` (`sub_140001FB8`) β€” Maps `\Device\PhysicalMemory` into user mode (**no authentication**) * `0xC3502004` (`sub_14000891C`) β€” Maps physical memory into user mode via MDL (**password required**) * `0xC3502808` (`sub_140001E88`) β€” Arbitrary kernel `memcpy` with attacker-controlled source, destination, and size (**password required**) **Address Translation** * `0xC350280C` (`sub_140001D34`) β€” Virtual-to-physical translation via `MmGetPhysicalAddress` (**password required**) **MSR Access** * `0xC3502580` (`sub_140002330`) β€” `rdmsr` / `wrmsr` with attacker-controlled index (**password required**) * `0xC3502440` (`sub_140002640`) β€” Extended MSR/configuration access (**password required**) **Raw I/O Port Access** * `0xC3502400` (`sub_140008DAC`) β€” Arbitrary port I/O (`in` / `out`) on any port with 8-, 16-, or 32-bit width (**password required**) **Physical Memory Allocation** * `0xC3502800` (`sub_140001A74`) β€” `MmAllocateContiguousMemory` (**password required**) * `0xC3502804` (`sub_140001C18`) β€” `MmFreeContiguousMemory` on arbitrary valid addresses (**password required**) **Cleanup** * `0xC3502008` (`sub_1400090A4`) β€” Unmap physical memory (**password required**) * `0xC3502010` (`sub_140002828`) β€” `ZwUnmapViewOfSection` (**no authentication**)
  2. FLY 2026-06-12 21:41:00
    ### Authentication 9 of the 13 IOCTLs use AES-128-CBC to protect their input buffers. **Key:** `GIGABYTEPASSWORD` (First 16 bytes of the hardcoded string `GIGABYTEPASSWORDD` stored in `.rdata` at `0x1400043D0`.) **IV:** User controlled and supplied in the request buffer. After decryption, requests are validated with a single checksum byte equal to the bitwise complement of the sum of all preceding bytes. The remaining 4 IOCTLs accept plaintext requests with **no authentication at all**.
  3. salami 2026-06-12 21:42:09
    Thanks dumbass
  4. salami 2026-06-12 21:42:15
    This weas leaked like 50 years ago
  5. Unallocated 2026-06-12 21:43:23
    my p2c is gonna be SO UD
  6. salami 2026-06-12 21:43:34
    Yeah lol
  7. FLY 2026-06-12 21:48:06
    It's a variant of a 2018 CVE. The original CVE affected their V1 driver. This is their third generation version. There are some small changes, but overall it's essentially the same vulnerability. It's being used by a Valorant internal, so enjoy, buddy. πŸ˜„
  8. salami 2026-06-12 21:48:41
    Are you retarded?
  9. salami 2026-06-12 21:48:54
    All valorant internals are detected
  10. Some1else 2026-06-13 04:28:47
    i meed a driver to bypass battle eye :\
  11. jarikullumun 2026-06-13 21:44:27
    does this work on windows 11 25H2 26200 build?
  12. uda 2026-06-14 05:41:56
    be is the easiest ac
  13. Unallocated 2026-06-14 18:35:20
    Battle eye is a retarded joke.
  14. Unallocated 2026-06-14 18:35:28
    its easy asf
  15. jarikullumun 2026-06-14 18:35:38
    does this work on windows 11 25H2 26200 build?
  16. salami 2026-06-14 18:51:25
    No it doesnt
  17. salami 2026-06-14 18:51:28
    And it will get you banned
  18. Some1else 2026-06-14 18:57:41
    Lol so u can help me bypass battle eye? <@496046055490715678> <@937452424891883593>
  19. FLY 2026-06-14 19:57:51 editado
    Yes. Tested my self on Win11 25H2 26200.8655
  20. jarikullumun 2026-06-14 19:58:24
    Ok
  21. AnzeLa <3 2026-06-15 12:43:33
    <@1481149547282698291> very thx ❀️ but do you have r00tkit or simple chet with this drive ???? plz
  22. encryqed 2026-06-15 12:48:03
    <@876201845477998642>
  23. killuano 2026-06-15 12:58:31
    it’s true
  24. killuano 2026-06-15 12:58:33
    😿
  25. killuano 2026-06-15 12:58:42
    everything is detected
  26. salami 2026-06-15 13:23:42
    Most using engine render are obviously detected lol<
  27. encryqed 2026-06-15 13:24:54
    🫩
  28. encryqed 2026-06-15 13:25:05
    in the end we all are dtc
  29. salami 2026-06-15 13:25:11
    u wish
  30. sha 2026-06-20 14:50:45
    Are we being deadass πŸ˜­πŸ™
  31. sha 2026-06-20 14:50:50
    are we really posting
  32. sha 2026-06-20 14:50:53
    gdrv vuln driver
  33. sha 2026-06-20 14:50:54
    for real
  34. sha 2026-06-20 14:50:56
    πŸ˜­πŸ’€
  35. 0x00000 2026-06-20 14:51:51
    <:1181wahhhhh:1470105665388413134>