Abusing

Windows Hello
Without a
Severed Hand
DEF CON 32
whoami
Ceri Coburn (@_EthicalChaos_)
• Lives in Wales, UK
• Software developer for 18 years within the DRM and security solutions
space
• Joined Pen Test Partners in August 2019
• Dedicated to Red Teaming and offensive security tooling for the last 3
years
• Speaker at DEF CON 31 and BSides
• Author and maintainer of several open-source tools
• Rubeus
• BOF.NET
• Okta Terrify
• ThreadlessInject
• SharpBlock
• SweetPotato
• BeaconEye

Abusing Windows Hello Without a Severed Hand DEF CON 32

 whoami
Dirk-jan Mollema (@_dirkjan)
• Located in The Netherlands
• Hacker / Researcher / Founder / Trainer @ Outsider Security
• Given talks at Black Hat / Def Con / BlueHat / Troopers
• Author of several Active Directory and Entra tools
• mitm6
• ldapdomaindump
• BloodHound.py
• aclpwn.py
• Co-author of ntlmrelayx
• ROADtools
• Blogs on dirkjanm.io
• Tweets stuff on @_dirkjan
Agenda
• Introduction to Windows Hello
• Relationship between Key Storage Providers
• Windows Hello containers, protectors and keys
• Tool demo
• Unprivileged Entra Abuse
• Mitigations

Abusing Windows Hello Without a Severed Hand DEF CON 32

Windows Hello
• Passwordless technology for Microsoft Windows
• Key pairs for encrypting secrets or signing data, including
authentication to the OS
• Keys typically protected by biometric devices or PIN
• Third party applications can also enrol secrets
• Windows Hello vs WHfB
• Windows Hello encrypts the user's password or uses live.com
based certificate
• WHfB uses tenant specific certificates which also support
models for on-premises SSO via 3 trust types

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passport Key Storage Provider
• Windows has a common API for dealing
with cryptographic operations via KSP’s
• Extensible system via providers
• Microsoft Software Key Storage Provider (RIP)
• Microsoft Platform Key Storage Provider
(TPM)
• Microsoft Smart Card Key Storage Provider
(Smart card duh)
• Supports encryption, signing and key
agreement among other things
• Windows Hello is no different
• Microsoft Passport Key Storage Provider
https://learn.microsoft.com/en-us/windows/win32/seccertenroll/cng-key-storage-providers

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passport Key Storage Provider
• Offered via the NgcCtnrSvc and
NgcSvc services
• Exposed via RPC calls
• Metadata for generated keys
stored under the LocalService
account at
%LocalAppData%\Microsoft\Ngc
• SYSTEM privileges needed to
access Ngc folder

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passport Key Storage Provider
• Passport Key Storage provider
is a proxy to other KSP’s
• Under the hood either uses
Software Key Storage Provider
or Platform Key Storage
Provider
• Metadata contains
• Containers
• Protectors
• Key metadata
• Keys are stored via underlaying KSP

Abusing Windows Hello Without a Severed Hand DEF CON 32

Containers
• Container is created per user
• Metadata files determine
attributes of container
• 1.dat => User SID
• 7.dat => Backing KSP
• 9.dat => Azure recovery key
(more on that later)

Abusing Windows Hello Without a Severed Hand DEF CON 32

Protectors
• Protectors are the enrolled Windows Hello authentication methods
• Common metadata files
• 15.dat => Encrypted protector data
• Decrypted protector data contains 3 intermediate PINs
• Sign
• Decrypt
• External?
• 5 known types of protectors
• 1 – PIN protector
• 2 – Bio protector (both Face and Fingerprint)
• 3 – Azure recovery protector
• 4 – Seems to be missed, guess someone couldn’t count
• 5 – Preboot protector
• 6 – Companion device protector (deprecated after Windows 10, version 2004)

Abusing Windows Hello Without a Severed Hand DEF CON 32

PIN Protector
• Can be alphanumeric
• Length stored within metadata
(numeric only)
• Metadata files
• 1.dat => KSP used for encrypting
protector data
• 2.dat => KSP key id (software only)
• 7.dat => PIN type and length
• Industrial Security Research Group
already provided research in this
area for non TPM scenarios
• https://www.insecurity.be/blog/2020/1
2/24/dpapi-in-depth-with-tooling-
standalone-dpapi/

Abusing Windows Hello Without a Severed Hand DEF CON 32

PIN Protector (Software Decryption)
• Contents of 15.dat is RSA
encrypted
• 2.dat contains key ID
• Private key backed by Software
KSP
• Software KSP uses DPAPI-NG
Backed by SYSTEM DPAPI key
• PIN + fixed entropy used as
password for PBKDF2 key
• Salt and rounds for PBKDF2 is
decrypted from the CNG key blob
• Resulting key used as entropy for
normal DPAPI decryption

Abusing Windows Hello Without a Severed Hand DEF CON 32

PIN Protector (TPM Decryption)
• Contents of 15.dat is TPM
encrypted
• Private key backed by TPM KSP
• No DPAPI backed blobs
• Metadata files
• 1.dat => KSP used for encrypting
protector data (Platform KSP)
• 2.dat => No longer present
• 7.dat => PIN type and length
• Key id is fixed (thanks Mimikatz)

Abusing Windows Hello Without a Severed Hand DEF CON 32

PIN Protector Abuse
• TPM backed PIN protector is robust
• TPM anti-hammering slows down
brute force significantly
• Software backed PIN protector =
RIP
• Length of numeric PIN already
known
• Targeted hashcat mask
• Hashcat type $WINHELLO$ (28100)
• Less that 8 digits cracked in
seconds
• Up to 11 digits cracked in days
• Thanks to the WINHELLO2hashcat
project for the inspiration

Abusing Windows Hello Without a Severed Hand DEF CON 32

Bio Protector
• Decryption key encrypted as Windows
Vault credential
• WinBio Key Resource Schema
• Vault backed by DPAPI, TPM is not used
• Decrypted vault credential contains
AES128 and AES256 keys
• AES256 key used to decrypt another
AES256 key using CBC
• Second key used to decrypt 15.dat using
AESGCM
• Metadata files
• 15.dat => Header + encrypted PIN’s
• Header = Nonce, Tag, AuthData

Abusing Windows Hello Without a Severed Hand DEF CON 32

Recovery Protector
• Used under WHfB scenarios
• Allows user to reset forgotten
Windows Hello PIN
• Enrolled Window Hello keys continue
to work after reset

Abusing Windows Hello Without a Severed Hand DEF CON 32

Recovery Protector
• Protector decryptor key encrypted with local
SYSTEM DPAPI key first
• Encrypted key is encrypted with public key
fetched from Entra
• cred.microsoft.com/getencryptionkey/v1
• Result stored inside 9.dat
• Inside container folder not protector
folder ¯\_(ツ)_/¯

Abusing Windows Hello Without a Severed Hand DEF CON 32

Recovery Protector
• Decryption key is decrypted via Entra
• POST cred.microsoft.com/unprotectsecret/v1
• Access token requires ngcmfa and mfa
claim
• Client id 9115dd05-fad5-4f9c-acc7-
305d08b1b04e (Microsoft Pin Reset Client
Production)
• Decrypted blob from Entra decrypted with
local SYSTEM DPAPI key
• Metadata files
• 15.dat => AES encrypted intermediate PINs
• 4.dat => AES IV
• 9.dat (protector) => Unknown
• 9.dat (container) => Encrypted Entra blob

Abusing Windows Hello Without a Severed Hand DEF CON 32

Recovery Protector

Abusing Windows Hello Without a Severed Hand DEF CON 32

Preboot Protector
• Used for devices that support
BitLocker PIN to desktop
• 15.dat likely protected by BitLocker
• More research needed

Abusing Windows Hello Without a Severed Hand DEF CON 32

Companion device protector
• Originally intended as external
protector via companion device
• Opaque blob sent to companion
device for encryption
• Probably the intermediate PINs
• No research needed, deprecated and
never seen irl.

Abusing Windows Hello Without a Severed Hand DEF CON 32

Protector recap
• Protectors encrypt intermediate PINs
• Inputs to protectors differ depending
on type
• Bio protector doesn’t need biometrics
to decrypt
• PIN protector is extremely vulnerable
when no TPM is present
• Intermediate PIN purpose?

Abusing Windows Hello Without a Severed Hand DEF CON 32

Keys
• Intermediate PINs protect keys
• Keys can be used for encrypting
secrets or signing data
• Key types
• Vault key (Decrypt PIN)
• Entra key (Sign PIN)
• Passkey (Sign PIN)
• Third party (External PIN)
• Okta FastPass
• Others

Abusing Windows Hello Without a Severed Hand DEF CON 32

Keys
• Keys once again leverage Software or
Platform KSP depending on TPM
presence
• Key metadata also stored in dat files
• Common dat files across all keys
• Key specific dat files too

Abusing Windows Hello Without a Severed Hand DEF CON 32

Vault Key
• Vault key is used for decrypting plaintext password for
Windows Hello
• Leverages the decrypt pin from the protector as authenticator
• Already covered in depth
• Check out DPAPI-in-depth with tooling: standalone DPAPI
https://www.insecurity.be/blog/2020/12/24/dpapi-in-depth-
with-tooling-standalone-dpapi/

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passkey Key
• Created when enrolling for
WebAuthn/FIDO2/Passkey
supported websites
• Additional metadata files
• Contains WebAuthn
credential info encoded as
CBOR
• Shoutout to @aceb0nd
who identified the correct
encoding

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passkey Key
• CBOR data contains
• Relay party id (RpId)
• User id
• Username
• Display name
• SHA256 of CNG key blob is
the WebAuthn credential id
• Incremental sign count
stored in 11.dat
• All the information needed
to authenticate to
WebAuthn

Abusing Windows Hello Without a Severed Hand DEF CON 32

Passkey Abuse
• Custom browser extension to
hijack navigator.credentials.get
WebAuthn function
• Proxy assertion requests to
compromised host
• Increment sign count
• Sign assertion and fake user
presence
• Return result back to extension
• Profit

Abusing Windows Hello Without a Severed Hand DEF CON 32

Entra Key
• Created during WHfB
enrolment
• Used along with device
certificate to request
PRT’s
• Can be used to obtain
cloud TGT under Cloud
Kerberos trust model
• Leverages the signing pin
from the protector as
authenticator
• Key name format
contains tenant and user login.windows.net/de60a4fa-d583-4eb0-ab66-ce358af8279c/[email protected]
id

Abusing Windows Hello Without a Severed Hand DEF CON 32

Entra Key Abuse
• Direct request of new PRT’s
leveraging the enrolled user key
• The return of Dirk-jan’s CVE-
2021-33781 via KDFv1
downgrade
• Reported to MSRC
• Conveniently deprecated in
time for DEF CON

Abusing Windows Hello Without a Severed Hand DEF CON 32

Introducing Shwmae (shuh-my)
• New tool created to abuse
the research presented here https://github.com/CCob/Shwmae
• Multiple modes of operation
• Enumeration
• Decrypts plaintext password
when available
• Dumps hashcat hash when
possible
• Dump keys
• Only possible with software
backed keys
• PRT Authentication
• WebAuthn Proxy
• Arbitrary signing
• Okta Terrify integration (TODO)

Abusing Windows Hello Without a Severed Hand DEF CON 32

 Demo Time

Abusing Windows Hello Without a Severed Hand DEF CON 32

Abusing Windows Hello Without a Severed Hand DEF CON 32
Unprivileged Windows Hello Abuse

Abusing Windows Hello Without a Severed Hand DEF CON 32

Windows Hello for Business PRT with Entra
JWT header
• Device certificate and signing metadata
JWT Payload
• Nonce from Entra
• Username
• Assertion (another JWT)
Signed assertion with WHFB private key (old)

Tenant
Timestamp
Generating the assertion ourselves
• Windows Hello can be used from user session
• We can use the Microsoft Passport Key Storage Provider from
software
• PIN is cached so not needed to prompt user or brute force it
• Need to use native NCrypt methods since C# methods for RSA keys
are limited to software keys
• No admin rights needed whatsoever
Generating assertion from user session
Signed assertion with WHFB private key (old)
WHFB attack: golden assertion
• Assertion can be generated from user session without admin rights
• Timestamp range can be anything, 10 years validity without problem
• Assertion can be used in the future to authenticate with WHFB key

• Problem: tied to device certificate and TPM?

Windows Hello usage over RDP

WHFB key User Cert + WHFB auth WHFB PRT

RDP to device without TPM = PRT exposure
WHFB attack: golden assertion
• Assertion can be generated from user session without admin rights
• Timestamp range can be anything, 10 years validity without problem
• Assertion can be used in the future to authenticate with WHFB key
• Assertion is not tied to a device, so can be used with any other (fake)
device
Signed assertion with WHFB private key (new)

Tenant
Timestamp

Nonce
WHFB attack: golden assertion
• Patched as CVE-2023-36871 and CVE-2023-35348 (AD FS) in July 2023
• Windows will now include a nonce in the assertion, which limits
assertion validity to 5 minutes
• Attack mechanics explained in FAQ, actual server side enforcement
for nonce only enabled in May 2024
WHFB assertion attack – remaining scenarios
• Assertion time window is now limited to 5 minutes (nonce validity).
• Does not stop us from requesting a PRT on a different device without
TPM (part of the design).
• Meaning we can still use the assertion from a victim to request a PRT
on a different device, bypassing TPM protection.
• PRT will have it’s regular 90 days validity and can be used to sign in to
anything Entra connected.
• Not mitigated by VBS, LSA PPL, Windows Hello ESS, TPM, etc
WHFB assertion stealing – From victim session
WHFB assertion stealing – attacker host
WHFB assertion stealing – token claims
Entra Mitigations
• Require device compliance
• Restrict device join / registration for regular users
• Monitor for new devices + use of existing WHFB key
• Don’t RDP to untrusted hosts with sensitive accounts

Abusing Windows Hello Without a Severed Hand DEF CON 32

Endpoint Mitigations
• Use Windows Hello ESS
• Use physical key
• No TPM = no Windows Hello
• Alert on container file access
• NgcCtrlSvc is legitimate
• Other processes not so much

Abusing Windows Hello Without a Severed Hand DEF CON 32

What the hell is Windows Hello ESS
• Enhance Sign-In security
• Launched in circa 2020
• Supported on secure-core capable
machines only
• Hardware root of trust via SecureBoot
• TPM
• Kernel DMA Protection
• S-RTM – Static root of trust measurement
• HVCI – Hypervisor Code Integrity
• SDEV and SDCP
• SDEV/SDCP rarely seen in the wild
• Additional hardware support needed
• Namely ACPI SDEV table
• Biometric readers need to support secure
device capability

Abusing Windows Hello Without a Severed Hand DEF CON 32

What the hell is Windows Hello ESS
• Complete overhaul of NGC
container, protector and key
store
• Metadata dat files replaced
with JSON
• BioIso.exe and NgcIso.exe IUM
trustlets companions
• Protector keys most likely
never leave VTL1
• More research needed

Abusing Windows Hello Without a Severed Hand DEF CON 32

Shoutout & Further Reading
• @DrAzureAD – AADInternals
• @gentilkiwi – Mimikatz
• @tijldeneut – DPAPI-NG research

• https://dirkjanm.io/assets/raw/Windows%20Hello%20from%2
0the%20other%20side_nsec_v1.0.pdf
• https://dirkjanm.io/digging-further-into-the-primary-refresh-
token/
• https://www.insecurity.be/blog/2020/12/24/dpapi-in-depth-
with-tooling-standalone-dpapi/
• https://hashcat.net/forum/thread-10461.html
• https://aadinternals.com/
• https://hit.skku.edu/?page_id=2233

Abusing Windows Hello Without a Severed Hand DEF CON 32

 Thank You!
https://github.com/CCob/Shwmae
https://github.com/dirkjanm/ROADtools

Abusing Windows Hello Without a Severed Hand DEF CON 32