Dynamic Windows 11 Setup TPM Bypass

Discussion in 'Windows 11' started by AveYo, Sep 2, 2021.

  1. drew84

    drew84 MDL Expert

    Mar 13, 2014
    1,476
    2,578
    60
  2. naxal

    naxal MDL Member

    May 15, 2014
    145
    32
    10
    Intel Core 2 Quad line up with a basic SSD & cheap 8GB RAM is still good enough hardware for Office Apps / Internet Browsing / printing / accounting / billing software and stuff like that. First world people wont understand but these kind of cheap hardware is actually used by huge number of small businesses & offices around countries like India, China, South East Asia, parts of other African & south American population.

    Removing support from modern OS forces these older hardware users to actually use older, unsupported OS like Windows 7.

    Now who cares if they get hacked or virus. It is their headache to deal with. Right?

    Think again, since bad actors do things for their "profit" and modern malware is made with lot of effort to "earn something" out of that effort. These smaller 3rd world individuals can only give one thing in return, that is processing power for a bad actors world wide bot net.

    Not thinking about them will come back to hit larger target with DDOS / BotNet & so on.

    People can't realize or grasp this aspect since number of really old PCs are actually huge & cheap internet has ensured that ever increasing number of them are getting connected to the same world wide network as we with our modern shiny new software.

    Many will argue, those people must use Linux and so on. But they are not under your or my control and these people are free to use whatever suites their needs. Heck, we as security concern folks could not force our "banks" to ditch Windows XP out of their ATMs, so who are we to decide about those individuals on Windows 7.

    So this kind of planned or forced obsolescence has some real drawbacks for everyone, including those who thinks "we are not effected"

    Thanks.
     
  3. DrunkF

    DrunkF MDL Junior Member

    Jun 15, 2010
    84
    30
    0
    IMHO the issue is that while the CPU might work - there may not be any decent driver support (inbox or compatible old version) for some devices like Video, Sound, etc. Intel is now dropping suppport for old gens quite quickly. For desktops - that can be worked around with different devices - but for laptops? Death sentence.

    Refreshing a Core 6th gen laptop was rough, a Core 4th gen laptop had to go back to Win 10 (or Ubuntu)... Being a Lenovo, it required a BIOS white-list unlock mod to replace a 7260 wifi that is even worse now with old driver and recent Win 10 builds. IMHO I would not bother with anything older on Windows unless you enjoy pain...
     
  4. Gibral

    Gibral MDL Junior Member

    Jan 11, 2023
    92
    3
    0
    A basic question is AMD's Ftpm the same as Windows' TPM? If I disable TPM in Bios, will I automatically disable FTPM?
     
  5. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    fTPM is simply a TPM 2.0 implementation in the Ryzen CPU itself. It will be used by Windows in the same way any discrete TPM 2.0 would.

    If and how you can disable it depends entirely on the UEFI implementation. Some allow to disable both discrete and fTPM, some only allow to switch but not disable, and some have no such setting at all.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. pm67310

    pm67310 MDL Guru

    Sep 6, 2011
    3,875
    3,149
    120
    Intel i3 from 2011 are cheap price , if you need to use very very old computer with cpu like core2duo use windows 10 iot ltsc 2021 to have update up to 2032 ( and after 2032 .. buy more recent computer

    The last core2duo are from 2011 .. 13years old you can buy old computer from 2010/2011 era for low price with intel i7 or i5
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Shortyportuguese

    Shortyportuguese MDL Addicted

    Apr 3, 2019
    586
    218
    30
    Are these set of instructions OK for Win 11 LTSC?

    fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nonstop_tsc extd_apicid aperfmperf pni monitor ssse3 cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch ibs skinit wdt arat hw_pstate npt lbrv svm_lock nrip_save pausefilter vmmcall

    Or the setup will not work? I think to use WinNTSetup 5.3.5.2, should I do any special procedure?
     
  8. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,409
    2,055
    210
    And junk, so they should be WEEEd
    But strangely they do still work
     
  9. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    You need SSE4.2. POPCNT is not sufficient, anymore.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,409
    2,055
    210
    Just apply wim with dism & carry on regardless if you must
     
  11. pm67310

    pm67310 MDL Guru

    Sep 6, 2011
    3,875
    3,149
    120
    #353 pm67310, Aug 25, 2024
    Last edited by a moderator: Aug 26, 2024
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. My VN

    My VN MDL Member

    Oct 10, 2018
    100
    17
    10
    #354 My VN, Aug 26, 2024
    Last edited by a moderator: Aug 26, 2024
  13. pm67310

    pm67310 MDL Guru

    Sep 6, 2011
    3,875
    3,149
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. My VN

    My VN MDL Member

    Oct 10, 2018
    100
    17
    10
    Not working for Windows 11 v22h2.2428 bro. It's still the same
     
  15. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    54,966
    125,938
    450
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,109
    201
    60
    Just posting this as a possibility, but it seems as of 26120.1930 that Skip_TPM_Check_on_Dynamic_Update no longer works. WU gets to the reboot phase but soon returns 0xc1900101. Repeating doesn't help.

    I've seen comments over on deskmodder saying that as of the above build you now need to use an ISO to update (an unsupported system, of course), which is what I did since I was out of ideas. I hope this isn't the end of the line for the WU method and that this is just a one-build thing.
     
  17. dany0071199661

    dany0071199661 MDL Member

    Oct 5, 2021
    136
    20
    10
    #359 dany0071199661, Oct 5, 2024
    Last edited by a moderator: Oct 6, 2024
    for me skip dyn update TPM v 13 works ok i run this then run installation from MS iso and everything was ok :) also not have secure boot tpm
    Code:
    @(set '(=)||' <# lean and mean cmd / powershell hybrid #> @'
    
    ::# Get 11 on 'unsupported' PC via Windows Update or mounted ISO (no patching needed)
    ::# if WU is stuck use windows_update_refresh.bat; Beta/Dev/Canary needs OfflineInsiderEnroll
    ::# V13: skip 2nd tpm check on Canary iso; no Server label; future proofing; tested with 26010 iso, wu and wu repair version
    
    [USER=842012]@echo[/USER] off & title get 11 on 'unsupported' PC || AveYo 2023.12.07
    if /i "%~f0" neq "%SystemDrive%\Scripts\get11.cmd" goto setup
    powershell -win 1 -nop -c ";"
    set CLI=%*& set SOURCES=%SystemDrive%\$WINDOWS.~BT\Sources& set MEDIA=.& set MOD=CLI& set PRE=WUA& set /a VER=11
    if not defined CLI (exit /b) else if not exist %SOURCES%\SetupHost.exe (exit /b)
    if not exist %SOURCES%\WindowsUpdateBox.exe mklink /h %SOURCES%\WindowsUpdateBox.exe %SOURCES%\SetupHost.exe
    reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v DisableWUfBSafeguards /d 1 /t reg_dword
    reg add HKLM\SYSTEM\Setup\MoSetup /f /v AllowUpgradesWithUnsupportedTPMorCPU /d 1 /t reg_dword
    set OPT=/Compat IgnoreWarning /MigrateDrivers All /Telemetry Disable
    set /a restart_application=0x800705BB & (call set CLI=%%CLI:%1 =%%)
    set /a incorrect_parameter=0x80070057 & (set SRV=%CLI:/Product Client =%)
    set /a launch_option_error=0xc190010a & (set SRV=%SRV:/Product Server =%)
    for %%W in (%CLI%) do if /i %%W == /PreDownload (set MOD=SRV)
    for %%W in (%CLI%) do if /i %%W == /InstallFile (set PRE=ISO& set "MEDIA=") else if not defined MEDIA set "MEDIA=%%~dpW"
    if %VER% == 11 for %%W in ("%MEDIA%appraiserres.dll") do if exist %%W if %%~zW == 0 set AlreadyPatched=1 & set /a VER=10
    if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[2-9]" %SOURCES%\SetupHost.exe >nul 2>nul || set /a VER=10
    if %VER% == 11 if not exist "%MEDIA%EI.cfg" (echo;[Channel]>%SOURCES%\EI.cfg & echo;_Default>>%SOURCES%\EI.cfg)
    if %VER%_%PRE% == 11_ISO (%SOURCES%\WindowsUpdateBox.exe /Product Server /PreDownload /Quiet %OPT%)
    if %VER%_%PRE% == 11_ISO (del /f /q %SOURCES%\appraiserres.dll 2>nul & cd.>%SOURCES%\appraiserres.dll & call :canary)
    if %VER%_%MOD% == 11_SRV (set ARG=%OPT% %SRV% /Product Server)
    if %VER%_%MOD% == 11_CLI (set ARG=%OPT% %CLI%)
    %SOURCES%\WindowsUpdateBox.exe %ARG%
    if %errorlevel% == %restart_application% (call :canary & %SOURCES%\WindowsUpdateBox.exe %ARG%)
    exit /b
    
    :canary iso skip 2nd tpm check by AveYo
    set C=  $X='%SOURCES%\hwreqchk.dll'; $Y='SQ_TpmVersion GTE 1'; $Z='SQ_TpmVersion GTE 0'; if (test-path $X) {
    set C=%C%  try { takeown.exe /f $X /a; icacls.exe $X /grant *S-1-5-32-544:f; attrib -R -S $X; [io.file]::OpenWrite($X).close() }
    set C=%C%  catch { return }; $R=[Text.Encoding]::UTF8.GetBytes($Z); $l=$R.Length; $i=2; $w=!1;
    set C=%C%  $B=[io.file]::ReadAllBytes($X); $H=[BitConverter]::ToString($B) -replace '-';
    set C=%C%  $S=[BitConverter]::ToString([Text.Encoding]::UTF8.GetBytes($Y)) -replace '-';
    set C=%C%  do { $i=$H.IndexOf($S, $i + 2); if ($i -gt 0) { $w=!0; for ($k=0; $k -lt $l; $k++) { $B[$k + $i / 2]=$R[$k] } } }
    set C=%C%  until ($i -lt 1); if ($w) { [io.file]::WriteAllBytes($X, $B); [GC]::Collect() } }
    if %VER%_%PRE% == 11_ISO powershell -nop -c iex($env:C) >nul 2>nul
    exit /b
    
    :setup
    ::# elevate with native shell by AveYo
    >nul reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%%2\"& call \"%%2\" %%3"& set _= %*
    >nul fltmc|| if "%f0%" neq "%~f0" (cd.>"%temp%\runas.Admin" & start "%~n0" /high "%temp%\runas.Admin" "%~f0" "%_:"=""%" & exit /b)
    
    ::# lean xp+ color macros by AveYo:  %<%:af " hello "%>>%  &  %<%:cf " w\"or\"ld "%>%   for single \ / " use .%|%\  .%|%/  \"%|%\"
    for /f "delims=:" %%s in ('echo;prompt $h$s$h:^|cmd /d') do set "|=%%s"&set ">>=\..\c nul&set /p s=%%s%%s%%s%%s%%s%%s%%s<nul&popd"
    set "<=pushd "%appdata%"&2>nul findstr /c:\ /a" &set ">=%>>%&echo;" &set "|=%|:~0,1%" &set /p s=\<nul>"%appdata%\c"
    
    ::# toggle when launched without arguments, else jump to arguments: "install" or "remove"
    set CLI=%*& (set IFEO=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options)
    wmic /namespace:"\\root\subscription" path __EventFilter where Name="Skip TPM Check on Dynamic Update" delete >nul 2>nul & rem v1
    reg delete "%IFEO%\vdsldr.exe" /f 2>nul & rem v2 - v5
    if /i "%CLI%"=="" reg query "%IFEO%\SetupHost.exe\0" /v Debugger >nul 2>nul && goto remove || goto install
    if /i "%~1"=="install" (goto install) else if /i "%~1"=="remove" goto remove
    
    :install
    mkdir %SystemDrive%\Scripts >nul 2>nul & copy /y "%~f0" "%SystemDrive%\Scripts\get11.cmd" >nul 2>nul
    reg add "%IFEO%\SetupHost.exe" /f /v UseFilter /d 1 /t reg_dword >nul
    reg add "%IFEO%\SetupHost.exe\0" /f /v FilterFullPath /d "%SystemDrive%\$WINDOWS.~BT\Sources\SetupHost.exe" >nul
    reg add "%IFEO%\SetupHost.exe\0" /f /v Debugger /d "%SystemDrive%\Scripts\get11.cmd" >nul
    echo;
    %<%:f0 " Skip TPM Check on Dynamic Update V13 "%>>% & %<%:2f " INSTALLED "%>>% & %<%:f0 " run again to remove "%>%
    if /i "%CLI%"=="" timeout /t 7
    exit /b
    
    :remove
    del /f /q "%SystemDrive%\Scripts\get11.cmd" "%Public%\get11.cmd" "%ProgramData%\get11.cmd" >nul 2>nul
    reg delete "%IFEO%\SetupHost.exe" /f >nul 2>nul
    echo;
    %<%:f0 " Skip TPM Check on Dynamic Update V13 "%>>% & %<%:Df " REMOVED "%>>% & %<%:f0 " run again to install "%>%
    if /i "%CLI%"=="" timeout /t 7
    exit /b
    
    '@); $0 = "$env:temp\Skip_TPM_Check_on_Dynamic_Update.cmd"; ${(=)||} -split "\r?\n" | out-file $0 -encoding default -force; & $0
    # press enter
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,109
    201
    60
    I was talking about the problem relating to WU though. You used an ISO.

    Now that you mention an ISO though, at least with 26120 builds (you didn't say what you were using), I found some months ago when using a mounted ISO that you have to disable the script. Otherwise, Setup complains about not having Secure Boot (if you really don't, which I don't). The workaround is to run it as: setup.exe /product server

    When complete, re-enable the script.