I modded it with the MSDM table because I am already able to inject a ACPI Table (no extra efforts)...and I wanted to find out if there is a difference of providing the serial (MSDMTable in BIOS compared to manually entered serial). It seems there is no difference. The MSDMTable even can be used to provide a retail key!!! (No DM). Also M$ doesn't store hardware info of shipped machines, they 'store' it (as installation ID) when activated the first time online. I wanted to figure which IDs are relevant. The real POC to me would be to mimic a OA3.0 installation completely. Means after once activated online the real clone (no VM) activates online as well....I do not use windows 8 even though I have a legit serial. Would this work on 2 different vm's (I mean vmware / hyper-v)?
Hi! I updated today my server and now I have the 6.3.9600.16421 Version of vmwp.exe ?!?!? Someone has the Version with SLIC 2.2? regards
I have tried replacing the msdm key by opening vmwp.exe in hxd and replacing the key (highliting current dr38q key and pasting mine instead) and saving the exe but it won't boot any VM's
Wrong way ! You cannot work directly inside vmwp.exe, unless you are a hexedit master (which I'm not) !!! All mods (SLIC, extra MSDM table, OEM strings etc.) must be done inside the vmwp.exe part that we call 1B module (see above to have 1B hex start address and lenght/end address for the latest releases...) To be able to run VMs, 1B module MUST sum to zero. If not, Hyper-V will fail ! MSDM 55h bytes ACPI table is part of 1B module, and MSDM's 8-bit checksum MUST sum to zero too... (according to ACPI specs) For convenience, I'd prefer working with 3 separate files : MSDM, 1B, original MS vmwp.exe - When changing clear text product key inside MSDM, you have to recalculate 8-bit checksum and correct it to make it sums to zero again before reinjecting it into 1B module. (basically, clear checksum byte (9h), calculate checksum, launch calc.exe, hex mode, enter value, calculate logical Not, +1 : you've found the needed checksum value which makes MSDM sums to zero ! ) MSDM done ! Now, time to deal with 1B module (easiest part when using correct apps ) : - Recalculate/write correct 1B module checksum against checksum.jar JAVA app. - Last, reinject whole corrected 1B module into vmwp.exe. Done it all ! Follow these steps and everything should work flawlessly !
Nobody ever managed to find a way to have different vmwp.exe per different VM (so BIOS for each VM is different, like VMware bios440.filename = ) sebus
AFAIK vmwp.exe process can be considered identical as vmware-vmx.exe process : it's only running when a VM starts. Both exe contain embedded emulated bios for VMs. Besides editing VM .xml config file, I'm afraid there is nothing to do more but modifying bios guid . MS hypervisor is quite not as flexible as VMware can be on this point...
I think not really.... There is no machine specific data stored when the device ships. At first activation (usually done by the customer) the installation ID gets stored on their server.... To this ID there is a tolerance (online activation after hardware has changed) and even more tolerance when phone(re) activated... The question is: Can 2 machines be equalized (SMBIOS / BIOS mod) in that way that the second one online activates as well... Another idea would be to program a loader, but only to provide the relevant IDs to be read by windows....I mean a vm already provides virtual IDs which are accepted by windows.....this code needs to be used (translated) into a loader...if possible.... I have got an unused DM serial and activated on vmware online. I could not trigger re-activation no matter what I have changed at the virtual BIOS. One who has two machines of the same model and brand should try to activate one DM on both....... I am sure more of research would make it possible, to clone a OA3.0 machine for POC. But since KMS is preferred not many are making efforts on OA3.0.
What would be interesting to do is to sysprep a phone activated W8/8.1 Pro installation with embedded DM key. Then try to reactivate online once system pops up ! Just wonder, but i'm sure this would 99.99% fail ! Would have been a good idea to "offline factory reset" OA30 systems, but MS did not allow us to do so anymore... As you suggested it above, better deal with personal v6 KMS when managing our testing sandboxes...
Your firewall rule is blocking source port 443. What you really want to block is destination port 443 (with "remoteport=443") as it's probably connecting to that port Just a heads-up
Should this port be blocked on the server and client or just the server? Thanks for all your hard work!!
That looks like it's h**ps://activation.sls.microsoft.com or h**ps://validation.sls.microsoft.com (both DNS records point to this IP). It's theoretically used to detect blacklisted keys and known hactivation exploits. Evidence suggests that it's been up for pretty many years and since the sky isn't falling I'd say it's harmless. You can find countless other references to it even here on MDL, some guy here had problems activating a few years ago when he blocked those dns names. A couple of ordinary web services with more or less identical contracts are listening there: h**ps://activation.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?WSDL h**ps://validation.sls.microsoft.com/SLWGA/slwga.asmx?WSDL h**ps://activation.sls.microsoft.com/SLLicensing/SLLicense.asmx?WSDL just to name a few. To capture unencrypted traffic you'd have to MitM SSL and that borders on impossible if the client validates that the server cert is from MS.
From what I've read in leaked documentation, that's perfectly normal. Windows 8.x has WAT built into it and it'll perform genuine checks at different times depending on your method of activation. I'm not sure if it'll apply to Windows 7 without KB971033 installed.
I ran wireshark and did multiple activations against a kms emulator but I cannot capture any traffic to this ip address.