Hacking Nvidia's Drivers!

[dartraiden]

2 hours ago, maliq112 said:

Can you help me download it

Use this.

[tarkh]

Hello, guys! While EAC works fine now, we still have problems with CS:GO FACEIT Anti-Cheat system. After installing FACEIT system completely looses Nvidia GPU... Solution is to uninstall FACEIT and reinstall custom drivers again. Any idea how to solve this particular issue?

[AngryShark]

On 1/24/2023 at 5:16 PM, dartraiden said:

Patched dlls signed with leaked NVIDIA certificate. This makes anticheats happy. Otherwise, if the dlls are signed by some other certificate (not from nvidia), anti-cheats will refuse to load them and 3D acceleration will not work in these games.

 

.cat file signed with leaked Chinese certificate. This certificate has not been revoked, but has expired. Therefore, the signature must have a timestamp. The timestamp is a kind of confirmation from a third party that the driver was signed in the past, when the certificate has not yet expired.

 

Hello, I found out about this article. 

https://guanjia.qq.com/news/n3/2509.html

 

Quote

 

2. Virus analysis

The QQ_Protect.sys series Trojan driver service name is QQ_ProtectSer . Most of the signature information is henan pushitong intelligent technology , and the PDB character information also directly shows that this series of viruses is a lock home page: xxx\LockHomePage(ApcInject)\x64\Win7Release\QQ_Protect_X64_.pdb,

 

Driver service for pipoc lock homepage Trojan registration

Virus drivers are digitally signed

 

 

After the Trojan horse runs and loads, it will set a process creation callback and a module loading callback , and monitor the process creation event in the process creation callback. If it is a browser process, it will hijack the homepage by tampering with the process startup parameters.

 

 

 

They are talking about similar stuff. It is the same signature that these trojans are using. Can you confirm that this driver, https://drive.google.com/file/d/17chs7zrX_Lm5yNwEO7KDRfIVgVmI2A81/view?usp=sharing 

that the other guy has shared is safe @dartraiden ?  What do you recommend for reverse engineering the binaries of this driver, and the bundled installer? 

I also heard that signed drivers are really confusing antiviruses as they bypass some kind of analysis.

 

I also noticed anydesk starting on by itself and somehow somebody connected without any confirmation message or password: 

 

It was happening before or after this driver I am not sure. But anyone else can confirm any unusual activity like this  @tarkh with this driver, I would really appreciate any responses.

" Source : Powershell.exe, Website blocked due to riskware **---- schnell-vpn.xyz  blah blah "

  On startup there was a blank powershell window opening. I am not sure if this came with this driver or not. @tarkh Can you also download MalwareBytes and run a scan? 

I don't want to fearmonger but I have some doubts.

 

I also found out about this guys profile, I think this is the original author. https://tieba.baidu.com/p/8147226114?pn=1 

https://tieba.baidu.com/home/main?un=just一人无感&fr=pb&ie=utf-8&id=tb.1.bd8164bb.euzbygnSJ8Ur16fyOHcxGg

What does CYX mean? It is the nickname of the guy, they are calling each other big brothers, teacher or sth. Google translate is weird.

 

[dartraiden]

Since the leaked certificates are freely available, they can be used to sign any binary, both malicious and useful.

 

19 hours ago, AngryShark said:

Can you confirm that this driver, https://drive.google.com/file/d/17chs7zrX_Lm5yNwEO7KDRfIVgVmI2A81/view?usp=sharing 

that the other guy has shared is safe

Yes, it is safe. Only 10 files are differ from original driver package

 

 

You can remove signature from binaries with FileUnsigner then compare them with a hex editor. You will see that there are not many changes and they are all related to the card PIDs.

[skydit]

please help[ me my nvidia p104 direct compute cant  active,how to solve it????

[tarkh]

On 2/18/2023 at 9:09 PM, AngryShark said:

It was happening before or after this driver I am not sure. But anyone else can confirm any unusual activity like this  @tarkh with this driver, I would really appreciate any responses.

" Source : Powershell.exe, Website blocked due to riskware **---- schnell-vpn.xyz  blah blah "

  On startup there was a blank powershell window opening. I am not sure if this came with this driver or not. @tarkh Can you also download MalwareBytes and run a scan? 

I don't want to fearmonger but I have some doubts.

 

Hi! I'm not using this driver. Downloaded latest driver from Nvidia, then did the patch by @dartraiden , then created *.bat script for installing cert in to the system, then repacked everything with NVCleanstall into single installer with bat execution preinstall.

[Snowarch]

Hey everyone i think i figured out why the p102-100 with 10gb bios is so problematic. It has a gp102 die. And its counterpart (the unreleased 1080ti 10gb) was given pci x16 as well as outfitted with ports.

 

 

Only the titanxp, and 1080ti had the "102" status(dies) as far as released consumer cards go. As well as the "mining 5gb p102" which i used a hack to make work. 

While the gtx 1080 itself used the same die as a 1070(p104). Hence why 106 and 104 work as all these cards had laptop varients at some point with the die allowing for prime or hybrid hacking. I cannot access nvidia settings with the 10gb bios flashed to my p102. But intrestingly i did see this... 

the kernel module in use is nvidia. 

 

the steps to recrates this is

- use a "regular" or p106/p104 gpu to install the nvidia drivers like normal and make sure you have "nvidia prime" and "prime-select" nvidia installed. then power off the system normally. it should show up like "sse2/p104-100 or "sse2/p106-100" after the rrestart from installing the nvidia driver. once it works, power off pc and physically swap in the p102. it will use the nvidia module but niot show a driver is in use anywhere else implying much like on windows where theres no control pannel unless you have an hdmi inside the card, this is happening here. will try saudering an hdmi port and see if this works but it appears this is why. just a guess, i bios flashed it myself so no idea. i.m vary new to saudering and i use ubuntu unity 22.04. note: iy will swap back to igpu if you have the 102 in and have igpu after (if you cant get this to work) the igpu, easiest fix is to driver swap and restart to swap back to sse2, but if antyones better at saudering and has a spare 102 lying around just a theory, hopefully i helped someone happy gaming

[Ridwan99]

On 2/19/2023 at 7:25 PM, dartraiden said:

Since the leaked certificates are freely available, they can be used to sign any binary, both malicious and useful.

 

Yes, it is safe. Only 10 files are differ from original driver package

 

 

You can remove signature from binaries with FileUnsigner then compare them with a hex editor. You will see that there are not many changes and they are all related to the card PIDs.

sorry, im newbie and come here specially because interested in this cheap 2nd hand GPU for gaming

so this driver can be used for any P106-100 ?

[Ridwan99]

On 12/4/2022 at 1:04 AM, jbcgames said:

who needs, here is the driver 526.98 with the change

https://www.mediafire.com/file/pu68rh23ckoouky/526.98-desktop-win10-win11-64bit-international-dch-whql.zip/file

and here is the driver 527.37

https://www.mediafire.com/file/kjmcc5gi97dankv/527.37-desktop-win10-win11-64bit-international-dch-whql.rar/file

so using this, will i just install driver without using patch or regedit ??

[ogel2]

4 hours ago, Ridwan99 said:

sorry, im newbie and come here specially because interested in this cheap 2nd hand GPU for gaming

so this driver can be used for any P106-100 ?

Absolutely

2 hours ago, Ridwan99 said:

so using this, will i just install driver without using patch or regedit ??

No

[ogel2]

On 3/5/2023 at 3:02 AM, tarkh said:

Hi! I'm not using this driver. Downloaded latest driver from Nvidia, then did the patch by @dartraiden , then created *.bat script for installing cert in to the system, then repacked everything with NVCleanstall into single installer with bat execution preinstall.

I can't pass EAC with the patch. So I returned back to 417.22

[Ridwan99]

1 hour ago, ogel2 said:

Absolutely

 

Thanks gans for the info  

so we still need to do patch or regedit to make it work...noted...thankfully it not seems too hard to follow for a newbie like me,

i dont do online games, so i wont need to worry about it, as long as it can work for light games, like GTA5 or skyrim. 

[ogel2]

9 hours ago, Ridwan99 said:

Thanks gans for the info  

so we still need to do patch or regedit to make it work...noted...thankfully it not seems too hard to follow for a newbie like me,

i dont do online games, so i wont need to worry about it, as long as it can work for light games, like GTA5 or skyrim. 

The best driver for online games 417.22

For offline games you can use any version you want post 417.22 with dartraiden patch.

 

[asher_3]

On 1/4/2023 at 4:18 PM, chenmoyu said:

Hello everyone, I made nVidia's 527.56 driver patch, and now it can pass EAC. You can see that the games that can pass the test include APEX, cs go, and pubg. Now I need more playtesting. Please send me screenshots of unplayable games。The driver link is here:https://drive.google.com/file/d/17chs7zrX_Lm5yNwEO7KDRfIVgVmI2A81/view?usp=sharing

 

Hello, I try to play Valorant with this driver, but the game doesn't want to use the GPU. I already try to setting in the NVIDIA control panel but it didn't work. The game always play with iGPU.

i'm using windows 10 22h2 19045.2604 ghostspectre edition

[ogel2]

20 minutes ago, asher_3 said:

Hello, I try to play Valorant with this driver, but the game doesn't want to use the GPU. I already try to setting in the NVIDIA control panel but it didn't work. The game always play with iGPU.

i'm using windows 10 22h2 19045.2604 ghostspectre edition

What kind of card you use? He's using 40HX. 

[asher_3]

18 minutes ago, ogel2 said:

What kind of card you use? He's using 40HX. 

I'm using p106-100. But i try to play genshin and minecraft it can work completely fine.

[asher_3]

When I at the riot client, it is using the p106, but when the game's start, it switched to iGPU

[ogel2]

9 hours ago, asher_3 said:

When I at the riot client, it is using the p106, but when the game's start, it switched to iGPU

I think 417.22/23 more suitable for online games. I played many competitive game with that version with zero problem.

Valorant, CS-GO, Dota 2, APEX, Fortnite, PUBG Steam and so on.

Can you mention what games that need a newer driver version? Maybe I will test that.

[asher_3]

Ok, thanks. I'll change the driver with the 417.22 version. I actually don't need the newer version, i'm just too lazy to change the driver.

9 hours ago, ogel2 said:

I think 417.22/23 more suitable for online games. I played many competitive game with that version with zero problem.

Valorant, CS-GO, Dota 2, APEX, Fortnite, PUBG Steam and so on.

Can you mention what games that need a newer driver version? Maybe I will test that.

 

[Dhiep]

On 2/24/2023 at 10:54 AM, skydit said:

please help[ me my nvidia p104 direct compute cant  active,how to solve it????

Have you tried using the Registry Editor? It works for me.

Watch this video to find where and what the changes are.

 

[Snowarch]

On 1/25/2023 at 8:48 AM, dartraiden said:

Use this.

Does this work for a p102-10010gb? Or is it possible i could swap the .inf file with the p102-100 one? Found an old 384 driver that was made for a p102 supposedly. But my pc keeps restarting when i try to install it. This is a fresh windows 10 install. 

[Ridwan99]

anyone know why igpu is yellow warning??

i disable secure boot, set using igpu using 512mb memory.

i install driver 417.22 normally, then do the registry, delete adaptertype and make mshybrid from 0 to 1

i can set using high performance, but cannot run games and just crash

any one know why?? am i doing something wrong here??

 

And also i cannot open Nvidia control panel i am using win 10 21h2 if im not mistaken

[Ridwan99]

if i take off the P106-100, the igpu seem to be fine

is the P106-100 is broken?? seem good while installed, just somekinda have confict with igpu??

tried adding more ram to igpu, maxed in 1024MB, still the same problem, code 12, not enough free resources, why is that??

any help would be appreciated...

[tarkh]

1 hour ago, Ridwan99 said:

if i take off the P106-100, the igpu seem to be fine

is the P106-100 is broken?? seem good while installed, just somekinda have confict with igpu??

tried adding more ram to igpu, maxed in 1024MB, still the same problem, code 12, not enough free resources, why is that??

any help would be appreciated...

Try to delete Nvidia device and Intel device from Device manager, reboot, then install Intel with igpu drivers from website support section of your MoBo, reboot again, then install Nvidia patched driver.

*** Also download and install Chipset drivers (INF, MEI) from website support section of your MoBo.

[Ridwan99]

I am using asus b85m-g

Yes, download driver from asus website, only 1 unknown i dont know what is that...

I tried disable lan, audio and usb in bios

 

Still same if i plug the evga p106-100 in

 

Now i tried looking the resources

Hope can know which one is conflicted

 

If anyone know why, please give some enlightenment...thanks