[Request] Watermark in 8.1

Discussion in 'Windows 8' started by heldigard, Sep 18, 2013.

  1. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    Sry but some aspects aren't true.
    I don't want to edit tokens.dat or data.dat. I want to all over queryied system-used key to modify. Wit registry-keys I guess you mean WPA and so on, but not the ProductPolicy Value.

    My VMs are still running fine (RTM) no updates (any more) without tokens.dat or data.dat. Only disabled (start=4) sppsvc and edited productpolicy. So it's kind of a way to bypass not only the activation, to bypass all sku-limitations! I explaint this in several threads. I'm not into bypass activation i'm more into customize by sku limited windows features (like e.g. raid 5, terminal server / remote desktop support) and so on.

    WES7 supportes fully Offline activation. Typ in the your OEM/Volume:BA Key and it's activated. - No response to server or telephone in any way.
     
  2. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    Windows 8 sports a different activation system as opposed to Windows 7. Most of that was to split it for the Metro and desktop side.

    You do not need to explain to me how this system works as I have prior knowledge concerning the windows 7 licensing.

    Even though I love offline activation stuff.
     
  3. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    #23 KNARZ, Sep 30, 2013
    Last edited: Sep 30, 2013
    you're not arguing... i'm willing to lern but your answer is no reply on my statement as it's more about "i know it better"
    try yourself PPE in a vm and you will see what minior process i want to achieve. - unprotect the key/value or make it some kind of non-accessable for the system/sppsvc. i'm don't wanna screw with the whole process (sppsvc, activation and so on -- possible/optional) only with this one string. from my pov it also should be possible to do some kind of permanent-injection/hook. some kind of rootkit or (if possible) driver which manipulates the value/data on every boot. than it doesn't matter whats inside tokens.dat and so on, as the systems responses to the reg-key and for most of the values only after a reboot.
     
  4. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    You could try to disable the trustedinstaller executable before the install takes place so there is no protection over the wpa/genuine keys.

    Sorry long day full of calc 2 my brain gets tired.
     
  5. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    No problem, as it is/was no offense. You may can describe little more what I should try?
    It's kernel-proteced and not about permission. You 'can' edit but with a refresh changes to the data become undone istantly (never really written).
    I'm not aware which process or part of the kernel is protecting the value but this would be pretty interessting. - With SetupType=1 It's unprotected und will remain if sppsvc is disabled. (<- State of VM)
     
  6. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    Well there is more then one way to get around the kernel protection.

    What about deleting the trustedinstaller components via dism in order to bypass it. I've been hopping for a way to get rid of the trusteduser from the registry and system files for awhile.

    Windows 8.1 has some of the worse protection for the preinstall I've ever seen.
     
  7. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    I'm not an expert on kernel debugging or similar. I have ideas but can't research every trace to the end. I don't really think that deleting or removing trustedinstaller(exe) will unprotect the kernel, but i tried to research how to remove it within dism but it's not packed as a package as it is in the fondation. may it's worth a try to work with manipulated pending actions (editing by hand).
    so what might be the best / a good attempt to make this key unprotected? recommandtions?
     
  8. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    #28 Smorgan, Oct 1, 2013
    Last edited: Oct 1, 2013
    Thats because the kernel in windows is encrypted at the highest level for the OS. I'm trying to think of how to do this. Ok the key is protected using the ACL for the files which are stored in data files for the registry. They are already pre-configured to be protected from the moment we get them from the Windows image or ISO. We would have to crack the registry and make our own registry hive in order to get around from the start.

    For the timing be no Kernel Cracking as its far too deep for my liking.
     
  9. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    I think you getting it the wrong way. The key is not ACL protected! Wrinting is possible without errors, not will be refreshed istantly by the kernel or other sppsvc actions. disabled sppsvc = key remains. - setuptype=1 allowes editing but sppsvc has to be disabled all over. now my approach would be unprotect this key and overwrite or some kind disallow sppsvc/kernel to write.

    nothing with acl, nothing with config\system hive directoy. otherwise i don't understand what you mean with own reg-hive or acl permissions - pointless.

    ...will sleep now.
     
  10. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    (Rubs his eyes) Look up what Account Control List means and permissions they are directly associated with the protection in the registry.

    .......

    Disallow sppsvc/kernel to write are you serious? We could overwrite the registry keys all day but they would never be accepted because they are burned into the licensing files literally.
     
  11. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    895
    482
    30
    #31 KNARZ, Oct 1, 2013
    Last edited: Oct 1, 2013
    I give up, your not following nor listening me.
    Or we both talking about different things.
     
  12. cuteee

    cuteee MDL Guru

    Oct 13, 2012
    5,720
    978
    180
    #32 cuteee, Oct 1, 2013
    Last edited by a moderator: Apr 20, 2017
    Is this do something ?
     
  13. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    7,394
    11,615
    240
    Might remove the nag stuff on KMS activations, but not other methods...
     
  14. Leolo

    Leolo MDL Member

    Jan 23, 2010
    169
    37
    10
    I'm not sure about Windows 8.1 (I've installed it a few days ago), but I can assure you that Windows 8 Enterprise (Volume Licensing version) will keep running forever unactivated.

    It nags you, but keeps running and almost all the functionality of the system works very well.