iVentoy installing unsafe Windows Kernel drivers?

https://github.com/ventoy/PXE/issues/106

15•_a8di•9mo ago

Comments

_a8di•9mo ago

(I am not the person who found it, but I reproduced and I confirm his finding)

Another source:

https://security.stackexchange.com/questions/281238/iventoy-...

_a8di•9mo ago

Up to now, I confirm I can reproduce the following steps:

- download of official "iventoy-1.0.20-win64-free.zip"

- extraction of "iventoy.dat"

- conversion back to "iventoy.dat.xz" thanks to @ppatpat's Python code

- confirm that "wintool.tar.xz" is recognized by VirusTotal as something that injects fake root certificates

The next steps are scary, given the popularity of Ventoy/iVentoy :

> Analyzing "iventoy.dat.xz\iventoy.dat.\win\vtoypxe64.exe" we see it includes a self signed certificate named "EV" certificate "JemmyLoveJenny EV Root CA0" at offset=0x0002C840 length=0x70E. > vtoypxe64.exe programmatically installs this certificate in the registry as a "trusted root certificate"

Maxious•9mo ago

JemmyLoveJenny still lives!

https://www.bleepingcomputer.com/news/security/hackers-explo...

_a8di•9mo ago

Playing devil's advocate, could it be that they require a temporary access to a customized Windows driver (and thus they fake a trusted root certificate) to make Ventoy work? If that's the case, they should have documented it properly in the source...

Or do you think it's 100% malicious?

ziml77•9mo ago

This year old issue regarding blobs in the repo with a ton of replies has not gotten responses from the author https://github.com/ventoy/Ventoy/issues/2795

Doesn't mean for sure it's malicious but them not even explaining why there's blobs like this is very suspicious.

Maxious•9mo ago

I think regardless of intent, it is a security vulnerability to install these ring 0 loopholes. Microsoft is cracking down on RGB lighting and anticheat software drivers similarly

sn0n•9mo ago

So... If I use ventoy should I worry?

*Starts looking for alternatives just cuz*

out-of-ideas•9mo ago

isnt iventoy different than ventoy?

also check if your system has the reg key listed in the issue

there's always https://www.supergrubdisk.org/super-grub2-disk/

and finally, if you are really concerned and dont want to re-install, you can always take export the registry key of your root certs of a ventoy installed system and compare against a system not loaded with ventoy

edit: can also use systemd to boot iso's (among many other things)

LegalArgumentException: From Courtrooms to Clojure – Sen [video]

US moves to deport 5-year-old detained in Minnesota

If you lose your passport in Austria, head for McDonald's Golden Arches

Show HN: Mermaid Formatter – CLI and library to auto-format Mermaid diagrams

RFCs vs. READMEs: The Evolution of Protocols

Kanchipuram Saris and Thinking Machines

Chinese chemical supplier causes global baby formula recall

I've used AI to write 100% of my code for a year as an engineer

Looking for 4 Autistic Co-Founders for AI Startup (Equity-Based)

AI-native capabilities, a new API Catalog, and updated plans and pricing

What changed in tech from 2010 to 2020?

From Human Ergonomics to Agent Ergonomics

Advanced Inertial Reference Sphere

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

Show HN: A longitudinal health record built from fragmented medical data

CoreWeave's $30B Bet on GPU Market Infrastructure

Creating and Hosting a Static Website on Cloudflare for Free

"The Stanford scam proves America is becoming a nation of grifters"

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

X (Twitter) is back with a new X API Pay-Per-Use model

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

When Michelangelo Met Titian

Solving NYT Pips with DLX

Baldur's Gate to be turned into TV series – without the game's developers

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

LegalArgumentException: From Courtrooms to Clojure – Sen [video]

US moves to deport 5-year-old detained in Minnesota

If you lose your passport in Austria, head for McDonald's Golden Arches

Show HN: Mermaid Formatter – CLI and library to auto-format Mermaid diagrams

RFCs vs. READMEs: The Evolution of Protocols

Kanchipuram Saris and Thinking Machines

Chinese chemical supplier causes global baby formula recall

I've used AI to write 100% of my code for a year as an engineer

Looking for 4 Autistic Co-Founders for AI Startup (Equity-Based)

AI-native capabilities, a new API Catalog, and updated plans and pricing

What changed in tech from 2010 to 2020?

From Human Ergonomics to Agent Ergonomics

Advanced Inertial Reference Sphere

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

Show HN: A longitudinal health record built from fragmented medical data

CoreWeave's $30B Bet on GPU Market Infrastructure

Creating and Hosting a Static Website on Cloudflare for Free

"The Stanford scam proves America is becoming a nation of grifters"

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

X (Twitter) is back with a new X API Pay-Per-Use model

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

When Michelangelo Met Titian

Solving NYT Pips with DLX

Baldur's Gate to be turned into TV series – without the game's developers

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

iVentoy installing unsafe Windows Kernel drivers?

Comments