of course i'm an idiot when it come to this stuff specifically, (so forgive me if i'm way off) but this reminds me of the way that sony has locked down the ps3 from being able to run homebrew in their current firmwares. if M$ is going to be using some sort of firmware to run the bootloader that has to be signed with some type of key, and the bootloader itself has to be signed with a key as well, then it sounds like running pirated copies could get tougher and ugly. people still haven't cracked the current ps3 keys, and since M$ is quite a bit more advanced than sony, i'm assuming there will be just as much if not more trouble to get M$'s keys in order to sign "unsigned" code to run in the firmware, like an exploited bootloader. again i could be way off, but some of this discussion seems eerily similar to the ps3 predicament...
yeah last year... doesn't have anything to do with what's going on now, that was 3.55, we are now way past that and on 3.7x+...
The thing with the PS3 is that some key "accidentally" leaked on twitter. So that has to happen here too if we want it easy.
With or without the signing it's still going to be pointless. The key you enter must be validated online and by the sound of things each key is unique. So if the key is tied to some hardware ID then once WAT comes into effect serials would be getting banned left, right and centre which just isn't acceptable as a public activation solution. The best thing to hope for is that there are different types of OEM keys. For example, a VL OEM key that a school or college may be given when they order a batch of new PC's.
Can't we point windows to some kind of thing like the kms keygen instead of the windows activation server? What if microsoft changes the IP or url of the licensing server? They must somehow be able to update the url or ip that's in windows, if if that can be pointed to a fake activation server...
I think the reason KMS emulators work well at the moment is because they're not mainstream. That said, if any kind of keygen was developed for Windows 8 then you wouldn't be able to keep Windows updates enabled as one day somethings bound to come down that channel that makes you go non-genuine. Windows 8 activation won't be "install and forget" like it is for Windows Vista and 7.
The update that will disable it are concerns for later. Priority 1 is finding a way that doesn't involve modding system files (aka not dirty). Priority 2 is thinking about and handling the "what if an update disables it" part. Cause without 1 done, you can't even think of ways to protect the hack. A way to protect it from the update would for example be to fool windows into thinking it's already installed. But how this can be done in a stealth way are, as I said, concerns for after there is a working hack.
I seriously have my doubts whether MS will leave KMS untouched. Im pretty sure its a loophole that they are aware of and will surely endeavour to close it ?
I'm not talking about kms, more some fake server that replaces the genuine server and that has some key on the whitelist (we can choose which one), that we can use to activate. If you run the "server" app on your own pc the licensing server becomes 127.0.0.1. It's about what KMS keygen does now, but not with kms but with retail activation.
It trully depends on what kind of keygen. For priority 2, let's not forget ELAM. You can get a so called Security Update for Windows itself that can disable the hack and a update for ELAM that disables the hack. I think it is fair to assume that we will get two updates against any hack.
Don't forget that KMS is local, and requires no communication with MS to activate, and that all the crap to setup a real KMS server is in the company that is using its hands. Therefore as long as KMS uses external server it should be emulated, as we are talking about an activation that doesn't really care about local PC state. With the exception of how Windows restricts KMS use on certain SLIC combinations, I can't imagine how MS could make it totally unreversable with all the tools out. OEM SLIC emulation is the lifeblood of OEM activation and it runs locally and relies on boot/driver. All this stuff stops that kind of modifications but KMS needs no modifications and as far as I'm aware KMS activation can't really be told different from real KMS activation. MS would have to redesign the way KMS protocol works, as it seems everything that works in its current form can be handled. Also, MS can dictate more on new PCs that need new hardware how their OEM activation works (if it has UEFI now they can change the rules). How KMS could be changed to talk and check with MS and follow its purpose I'm not so sure. They say KMS is good for networks that are isolated and ultrasecure as you only need to activate the host and then none of the clients have to talk to MS for activation. Unless they can tell the difference between activation and change radically how KMS works, it is hard to beat. KMS seems to be the hardest to beat as OEM relies on SLIC injection and IR5 relies on destroying WPA key and the OS being nice to give you a clean state instead of locking you at zero and demanding activation. I'm certain the WPA key trick works because the OS builds it on start clean like a clean install would do, whereas more OS checks could be done or other information used to tell this had been done once. Perhaps embedded in the tokens, with install date. One would have to screw around with the date and replay tokens.
What about the same extended PID generated by the ZWT emulator? Could that be blocked/flagged? or can the PID be randomized somehow?And the port 1688, could MS finger that?
Port 1688 is default port in real KMS and the PID can be changed if they block by that, and I can't imagine they'd implement a KMS PID whitelist. So yeah I could produce random PID but PID can create issues so multiple might be needed to be tried.
While I love wading thru the technical debate, one should not forget the marketing and selling side will dicate what will happen now and in the future with this. After all M$ are out to make money, and while Windows 7 has sold near half a Billion copies, they are under big threat from other operating systems and applications. So they wont want to change things too much too quickly. What is clear is simple, M$ has built a rod up its back with its current OEM-SLIC and KMS methods. And one of the mantras of Windows 8 is it has to backwards compatable with current motherboards, and use less resouces. So yes motherboard manufactureers WILL go over to UEFI secure boot, these same manufactureres WONT turn off the secure boot function. That function will remain an option. These manufacturers wont want to sell motherboards/laptops etc that are exclusive Windows 8, knowing people may want to upgrade down the line, use different operating systems etc. Windows 8 will have to meet the demands of both retail, OEM-SLIC, KMS and UEFI. Thats a rod M$ has built for itself, and as such, as long there are all these meyhods of activation, solutions will be found. Now in the future, M$ and other may demand/push etc for solely UEFI boards /devices, AND when enough are in circulation, and older BIOS board are well and truely out, then you will see a change. BUT by then workarrounds for UEFI will be common. How soon til that happens is a guess, BUT my money is on WINDOWS 10
Which reminds me Whats the latest on how Windows 8 will activate via other methods. Will there be an OEM-SLIC ????? These motherboards are still out there being made. What about retail, KMS??????????
@craftbrewer Basicly there are three versions of Windows, namely: OEM Enterprise Retail For now Microsoft will not touch the Enterprise and retail version. At least as far is known now. The OEM version is the one they are going to change. They can demand to any OEM that wants to meet the requirements for the Windows 8 certification on what has to be done on the OEM-system within acceptable parameters. Any OEM-system can be made in such a way that it can only run Windows 8 and possible next versions of Windows. However an OEM-system doesn't have to be made that it can run any other operating system as long as there are other systems that can run any other operating system. It is up to an OEM if they want to create a option in their UEFI to disable Secure Boot. How many will do that, remains to be seen. Please don't forget that it is also a selling point for them. If you buy the low-end system, then you might not have the option to disable Secure Boot. But if you buy the mid-range and/or high-range system, than you can have that option. Until now many people who run an illegal version of Windows did that with a OEM-version. Microsoft is trying to end that situation only at this time.