XML info for (and from) WindowsBlue-ProESDwithApps-32bit-English-X1897212.esd: Spoiler Code: <WIM> <TOTALBYTES>2097290844</TOTALBYTES> <IMAGE INDEX="1"> <DIRCOUNT>536</DIRCOUNT> <FILECOUNT>1579</FILECOUNT> <TOTALBYTES>300165585</TOTALBYTES> <HARDLINKBYTES>0</HARDLINKBYTES> <CREATIONTIME><HIGHPART>0x01CEBD93</HIGHPART><LOWPART>0xF67AEB32</LOWPART></CREATIONTIME ><LASTMODIFICATIONTIME><HIGHPART>0x01CEBD95</HIGHPART><LOWPART>0xED6582CE</LOWPART></LASTMODIFICATIONTIME> <NAME>Windows Setup Media</NAME> <DESCRIPTION>Windows Setup Media</DESCRIPTION> </IMAGE> <IMAGE INDEX="2"> <DIRCOUNT>2919</DIRCOUNT> <FILECOUNT>13651</FILECOUNT> <TOTALBYTES>1056420905</TOTALBYTES> <HARDLINKBYTES>388975953</HARDLINKBYTES> <CREATIONTIME><HIGHPART>0x01CE9F05</HIGHPART><LOWPART>0x05D1B076</LOWPART></CREATIONTIME> <LASTMODIFICATIONTIME><HIGHPART>0x01CEBD95</HIGHPART><LOWPART>0xED67E3FB</LOWPART></LASTMODIFICATIONTIME> <WINDOWS> <ARCH>0</ARCH> <PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> <EDITIONID>WindowsPE</EDITIONID> <INSTALLATIONTYPE>WindowsPE</INSTALLATIONTYPE> <PRODUCTTYPE>WinNT</PRODUCTTYPE> <PRODUCTSUITE></PRODUCTSUITE> <LANGUAGES><LANGUAGE>en-US</LANGUAGE><DEFAULT>en-US</DEFAULT></LANGUAGES> <VERSION><MAJOR>6</MAJOR><MINOR>3</MINOR><BUILD>9600</BUILD><SPBUILD>16384</SPBUILD><SPLEVEL>0</SPLEVEL></VERSION> <SYSTEMROOT>WINDOWS</SYSTEMROOT> </WINDOWS> <NAME>Microsoft Windows PE (x86)</NAME> <DESCRIPTION>Microsoft Windows PE (x86)</DESCRIPTION> <FLAGS>9</FLAGS> </IMAGE> <IMAGE INDEX="3"> <DIRCOUNT>2937</DIRCOUNT> <FILECOUNT>14026</FILECOUNT> <TOTALBYTES>1133005213</TOTALBYTES> <HARDLINKBYTES>427777413</HARDLINKBYTES> <CREATIONTIME><HIGHPART>0x01CE9F05</HIGHPART><LOWPART>0x0DF0E738</LOWPART></CREATIONTIME> <LASTMODIFICATIONTIME><HIGHPART>0x01CEBD95</HIGHPART><LOWPART>0xED67E3FB</LOWPART></LASTMODIFICATIONTIME> <WINDOWS> <ARCH>0</ARCH> <PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> <EDITIONID>WindowsPE</EDITIONID> <INSTALLATIONTYPE>WindowsPE</INSTALLATIONTYPE> <PRODUCTTYPE>WinNT</PRODUCTTYPE> <PRODUCTSUITE></PRODUCTSUITE> <LANGUAGES><LANGUAGE>en-US</LANGUAGE><DEFAULT>en-US</DEFAULT></LANGUAGES> <VERSION><MAJOR>6</MAJOR><MINOR>3</MINOR><BUILD>9600</BUILD><SPBUILD>16384</SPBUILD><SPLEVEL>0</SPLEVEL></VERSION> <SYSTEMROOT>WINDOWS</SYSTEMROOT> </WINDOWS> <NAME>Microsoft Windows Setup (x86)</NAME> <DESCRIPTION>Microsoft Windows Setup (x86)</DESCRIPTION> <FLAGS>2</FLAGS> </IMAGE> <IMAGE INDEX="4"> <DIRCOUNT>12643</DIRCOUNT> <FILECOUNT>62182</FILECOUNT> <TOTALBYTES>8691578728</TOTALBYTES> <HARDLINKBYTES>3486412962</HARDLINKBYTES> <CREATIONTIME><HIGHPART>0x01CEBD92</HIGHPART><LOWPART>0xD3DDFB81</LOWPART></CREATIONTIME> <LASTMODIFICATIONTIME><HIGHPART>0x01CEBD95</HIGHPART><LOWPART>0xED6A4559</LOWPART></LASTMODIFICATIONTIME> <WINDOWS> <ARCH>0</ARCH> <PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> <EDITIONID>Professional</EDITIONID> <INSTALLATIONTYPE>Client</INSTALLATIONTYPE> <SERVICINGDATA><GDRDUREVISION>20130928</GDRDUREVISION><PKEYCONFIGVERSION>6.3.9600.16384;2013-08-21T23:45:30Z</PKEYCONFIGVERSION></SERVICINGDATA> <HAL>acpiapic</HAL> <PRODUCTTYPE>WinNT</PRODUCTTYPE> <PRODUCTSUITE>Terminal Server</PRODUCTSUITE> <LANGUAGES><LANGUAGE>en-US</LANGUAGE><DEFAULT>en-US</DEFAULT></LANGUAGES> <VERSION><MAJOR>6</MAJOR><MINOR>3</MINOR><BUILD>9600</BUILD><SPBUILD>16408</SPBUILD><SPLEVEL>0</SPLEVEL></VERSION> <SYSTEMROOT>WINDOWS</SYSTEMROOT> </WINDOWS> <NAME>Windows 8.1 Pro</NAME> <DESCRIPTION>Windows 8.1 Pro</DESCRIPTION> <FLAGS>Professional</FLAGS> <DISPLAYNAME>Windows 8.1 Pro</DISPLAYNAME> <DISPLAYDESCRIPTION>Windows 8.1 Pro</DISPLAYDESCRIPTION> </IMAGE> <ESD> <KEY>RcgUxOqIRix2k+gBeVTIEntpFjsnOdIK0+2JFlcNZS4xoIW64KNAqHdfOCB56cwQf2E14Bx+AVF/5xIUAye7Y5XtEAkpn3LJIdYZePEEYIoXhTxI+Gok8MT85+7EQSWa/mNfUgtCySwAuovGhlDbsQNSlFKzPGrECpq/yvaVTJHE3sARaR81kmCfaFkdjRHLiMkH0rXLiuNAzz3+7p5C2Y/sEygpkdcuSHc9T+qcE1zwjwPzTOBOtbXjgyAJ8hMSleNHwUO4FgoEQWWxsd7Zw/EaE22aqVyNgjGPaBxaf9EFmGrLDjaKlb4yXJmtP138tLeJEvun7kYypSVK0cfksA==</KEY> <ENCRYPTED Count="8"> <RANGE Offset="208" Bytes="32"></RANGE> <RANGE Offset="53961256" Bytes="72368"></RANGE> <RANGE Offset="54106592" Bytes="44"></RANGE> <RANGE Offset="179473762" Bytes="694560"></RANGE> <RANGE Offset="180623760" Bytes="20"></RANGE> <RANGE Offset="194819244" Bytes="706654"></RANGE> <RANGE Offset="195989316" Bytes="288"></RANGE> <RANGE Offset="2091928258" Bytes="5348920"></RANGE> </ENCRYPTED> </ESD> </WIM>
Yes, I Did It, but now, from outside of C:\Windows\SoftwareDistribution\Download ! put in any folder WindowsStoreSetupBox.exe and downloaded blabla.esd before start you must go right click properties of downloaded blabla.esd file and then click at Unblock. after that command (with admin privileges) in same folder: WindowsStoreSetupBox.exe /ClassId bd02c22b-1edf-476f-ab78-a72bdada6a47 /SessionId 1 /ReportId {3AB7C5F3-D1B0-4899-8FDD-565910F4D2F7}.1 install.esd is in C:\$Windows.~BT\Sources after split of second, instant...
yep Spoiler BLOCK "040904B0" { VALUE "CompanyName", "Microsoft Corporation" VALUE "FileDescription", "Windows 8.1 Setup" VALUE "FileVersion", "6.3.9600.16415 (winblue_gdr.130928-1658)" VALUE "InternalName", "BlueSetup Self-Extractor" VALUE "LegalCopyright", "© Microsoft Corporation. All rights reserved." VALUE "OriginalFilename", "BlueSetup Self-Extractor" VALUE "ProductName", "Microsoft® Windows® Operating System" VALUE "ProductVersion", "6.3.9600.16415" } } <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <description>Online Windows Installation Box Stub</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" /> </dependentAssembly> </dependency> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <!--The ID below indicates application support for Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!--The ID below indicates application support for Windows BLUE --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> </compatibility> </assembly>
What we know ? What we know ? 1. We know that log for operation in "C:\Windows\Logs\MoSetup\BlueBox.log" 2. We know that [WINDLP] = windlp.dll decrypt and transform WinPayload.esd into WinPayload.esd.decrypt and all process is stored into windlp.state.xml (in the Panther directory) 3. We know that is all in windlp.state.xml : a.) SourceUrl of Win8.1.esd or RemoteSourcePath b.) TransformId c.) CryptoKey d.) FileHash What we do not know ? 1. I have not seen, ever, BlueBox.log the completion of the entire online installation, is there have someone? 2. Does SetupHost.exe initiates WINDLP and process to decrypt ? 3. If initiated, for God's sake , what key or switch initiates that process ?
It's for removing existing Apps on windows 8 system before the upgrade Code: 2013-10-21 05:10:34: Attempt to remove staged Appx packages... 2013-10-21 05:10:34: RemoveStagedAppxPackages: Launching [C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe] [-command "& {get-appxpackage | remove-appxpackage}"] from [C:\Windows\System32] in session [0]!
I made a recovery-mode esd with a 16384 -norollup build using dism offline integration of the 3 rollup and 1 flash player update that comes in the oct17 vl re-issue. My esd file was actually smaller than the downloaded esd file. It's probably taking up a bit more room by encrypting it
silly question but i have to ask lol cant you just rename .esd to .wim? i just did with nps but like i said i had to ask.
"If you really want to do something, you'll find a way. If you don't, you'll find an excuse." In one word you can not just simply rename .esd to .wim . ESD is encrypted with 2 stage algorithm and (windlp.dll & SetupHost.exe) transform that ESD file (at least) two times with command TRANSFORM before make it usable.And all esd decrypt tasks are stored in windlp.state.xml We must find real command line options. Something like: SetupHost.exe /Transform /windlp.state.xml /blablabla /blablabla This while requiring more skill or knowledge, by reverse engineering, with interactive disasembler, like IDA, to search for some real command line options (using Search) in windlp.dll and SetupHost.exe p.s. and yes .. who have skill or knowledge do that .. only need : windlp.state.xml , SetupHost.exe, windlp.dll, SetupCore.dll, SetupMgr.dll to automatically download ESD, decrypt ESD , make C:\ESD\Windows and all that with a few commands
must be viewed from a different angle: <TASK> 1. <WINDLP> create Panther WorkingPath 2. <WINDLP> TRANSPORT ESD file from pr.win.esd.microsoft.com/W81DL directly into "WinPayload.esd" 3. <WINDLP> TRANSFORM (Stage 1) "WinPayload.esd" with TransformWeight from WimSourcePath into "WinPayload.esd.decrypt" WimTargetPath with CryptoKey & FileHash 4. <WINDLP> TRANSFORM (Stage 2) "WinPayload.esd.decrypt" with TransformWeight directly into LayoutPath "C:\ESD\Windows\" </TASK> There is no guessing what WINDLP must do, since that TASK is from the recorded WINDLP state XML file downloaded from Microsoft directly... And all that in one and single TASK and command
Guys stop wasting time with the downloaded esd version... We need to figure out how to extract the install.esd from the created iso version. We can use the setup files and boot.wim from the oct17 release or downloaded iso version itself. We need to narrow down the list of programs that can extract the contents of the install.esd I know from messing with dism, that it doesn't extract or mount them. We need someone that's good with tinkering with exe's to tinker with the setup.exe, possibly with a kernel debugger attached to a vm or something... I'm not sure if we could attach a debugger to the websetupbox.exe or windowssetupbox.exe Remember that win8 also had the ability to extract the install.esd files, so playing with those would work as well. We really need a small program that you can simply point at the install.esd and specify an extraction directory. edit: on second thought... if we could figure out which arguments to send to the program to get it to turn the downloaded esd into the iso version, it could potentially have some sort of other features we're unaware of. perhaps if we could somehow monitor which programs start with exactly which commandline arguments....
yeah but if it is encrypted there must be a key of encryption we need to find where it is store on iso, I think that should be the first preference