livessp - EvanMcBroom/lsa-whisperer GitHub Wiki

Live SSP

Livessp is a legacy SSP that supported authenticating users using their Microsoft Account. Microsoft has since ported and updated the livessp code as a cloudap plugin. The cloudap plugin is documented on the cloudap wiki page.

Functions

The protocol messages that livessp supports is not documented by Microsoft but is provided here.

Id Message Type CLI Support NT Version Internal Function

0x00

RenameAccount

>=6.2

LiveRenameAccount

0x01

TransferCredential

Planned

>=6.2

LiveTransferCredential

0x02

GetSignedProofOfPossessionToken

✔️

>=6.3

LiveGetSignedProofOfPossessionToken

0x03

SetUnsignedProofOfPossessionToken

>=6.3

LiveSetUnsignedProofOfPossessionToken

0x04

DeleteProofOfPossessionToken

>=6.3

LiveDeleteProofOfPossessionToken
✏️
 The internal function will be located in livessp.dll.

In NT 6.2 SeTcbPrivilege was required for all calls. NT 6.3 removed that requirment for all calls except for TransferCredential which still requires SeTcbPrivilege.

GetSignedProofOfPossessionToken

Get a proof of possession (PoP) token for authentication. The token will be serialized and the serialization formation is still being determined, but it will contain a SSO cookie.

live GetSignedProofOfPossessionToken

TransferCredential

Transfer data from one logon session to another logon session. The specific data that is transferred is still being determined. SeTcbPrivilege is required.

⚠️ **GitHub.com Fallback** ⚠️