I agree there is nothing more eloquent than a workaround, that aside from the sticker on the box, appears 100% genuine. Maybe I just miss the days when I didn't have to deal with activation issues. I still support CNC machines running windows 95, personally I use a combination of Linux and FreeBSD machines
First thing first i dont have working algo. But at least there's no need to guess any more. Images are croped to respect MDL forum rules
No its not hardcoded lol, its M$ code just finished decoding the product key properly. The images are a dump of the stack as far details go where and how those who want can pm me.
If your debugger has the capability dump the memory for the running code and use IDA to disassemble, it should take about 20 min to reverse to C.
I've had a few people test the code used in the key viewer app I released and everything seems to work just fine on XP, Vista, 7 and 8. Case closed IMO
I used ollydbg to step through the key decoding code in mgadiag.exe the Win 8 key is decoded without a N inserted.
But the scripts here do the same thing I think: decode the ley the usual way and then insert the N. Maybe the N part of the code hasn't ran yet in that part of your dump. Or maybe you're using the older mgadiag that can't do win8 keys yet?
Daz and mikedl i agree with both of you mgadiag.exe is case close forget about. But the proper algo is located in win8 wdp license api dll file and thats what the stack dump image shows.
forget about mgadiag.exe it cant decode the product key properly but the license api dll file in win8 wdp works. Thats what the image of the stack dump shows
Sorry if my question seems very noob, but instead of loaders or biosmod, can the Retail Activation Microsoft Servers be emulated? I was thinking in something like activating a Windows 7 machine while sending the traffic through a proxy to monitor what gets sent and received and see what was going on under the hood.
No, without knowing the workings of the retail activation servers that's not going to be possible. Sure, you can capture the server's reply, but without the encryption key the server uses to generate the reply there's no way you'd be able to create a fake reply that the client would accept as being valid. Similarly, without the encryption key and the algorithm used to generate product keys, you won't be able to generate keys that the server will accept for activation. You would have to see what was "going on under the hood" of the activation server, and you can bet that even at MS very few people will ever get to see that. In the 10 years since Windows XP that activation has been here nobody has been able to write an activation server emulator for it, or a keygen that generates activatable keys, and Windows 8 is not going to change that.
Another reason you couldn't proxy as I'm certain the activation response is machine specific. Now, we can activate via phone, and all this does is you give them your Install ID, and they give you a code. That code is only good for your install ID. Now you could expect retail to work that way. KMS is a generic response as opposed to being some algorithm residing at MS HQ nobody has ever seen that takes install/machine specific data as input. You'd have a more likely chance at spoofing phone activation as you only need a code, but I'm sure they've already made it virtually impossible to do that, but its a far more likely scenario.
I think that for online activation it just sends the install ID and gives you the phone key back. So exactly the same as with phone activation but automatically and maybe over an encrypted connection. This way they don't have to do double work as they don't need to 2 algorithms and the install ID is machine specific too. I'm not at all sure about this, but it seems logical to mee.
That sounds logical to me, too. The 54 digit (6*9) installation ID could become interesting. I guess the new OA3.0 will create it by integrating some hardware hashes.
sppcomapi.dll if you want to RE go ahead or you could just use the dll file i have compiled. It works the same way its in the Windows 8 Product Key Viewer thread when it becomes visible
Security researcher defeats Windows 8 secure boot Hi guys, i am noob here but following this topic closely. I think this might interest you guys arstechnica [dot] com [/] business [/] news [/] 2011 [/] 11 [/] security-researcher-defeats-windows-8-secure-boot [dot] ars