Reverse-Engineering Vista/Windows 7 Activation

witherornot · Aug 21, 2023

You need to login to view this posts content.

sml156 · Aug 21, 2023

witherornot said: ↑

My deobfuscator: https[:]//github[.]com/UMSKT/peacestone

Download for sppsvc (obfuscated and deobfuscated): https[:]//pastebin[.]com/BaSMJ0Ms

Please feel free to join the UMSKT chat, where we are actively discussing this topic: https[:]//umskt[.]zulipchat[.]com/

Hopefully with this, we can now understand the internals of activation for this era of Windows.
Click to expand...

why did you you obfuscat your links -- now I'm going to have to download a deobfuscator for links where do I find that and don't obfuscat that link please

thetank18 · Aug 22, 2023

sml156 said: ↑

why did you you obfuscat your links -- now I'm going to have to download a deobfuscator for links where do I find that and don't obfuscat that link please
Click to expand...
Code:
string unobfLink = obfLink.Replace("[", "").Replace("]","");
return unobfLink; // /s

gailium119 · Aug 25, 2023

last time I checked, there ain't symbols for windows7's sppsvc.

witherornot · Aug 28, 2023

gailium119 said: ↑

last time I checked, there ain't symbols for windows7's sppsvc.
Click to expand...

The sppsvc I used is from the KMS Server for Windows Server 2003. I have also been able to locate symbols for windows 7's sppsvc, but it doesn't seem to contain anything not already in the one I've deobfuscated.

gailium119 · Aug 29, 2023

witherornot said: ↑

The sppsvc I used is from the KMS Server for Windows Server 2003. I have also been able to locate symbols for windows 7's sppsvc, but it doesn't seem to contain anything not already in the one I've deobfuscated.
Click to expand...

Can you locate any windows 10 sppsvc's symbols?

witherornot · Aug 30, 2023

gailium119 said: ↑

Can you locate any windows 10 sppsvc's symbols?
Click to expand...

My focus is not on Windows 10, so unfortunately I have not looked hard into this. However, I can say that SPP related code is (relatively) well guarded nowadays, and even in leaked private symbol dumps from Windows 10, there is no mention of sppsvc.

gailium119 · Aug 30, 2023

witherornot said: ↑

My focus is not on Windows 10, so unfortunately I have not looked hard into this. However, I can say that SPP related code is (relatively) well guarded nowadays, and even in leaked private symbol dumps from Windows 10, there is no mention of sppsvc.
Click to expand...

Can this tool deobfuscate binaries which only have specific functions warbirded like the watermark function in explorer.exe?

CONIGUERO · Aug 31, 2023

gailium119 said: ↑

Can this tool deobfuscate binaries which only have specific functions warbirded like the watermark function in explorer.exe?
Click to expand...

It only works for Vista-era warbirded binaries, and even then only if you have symbols.

witherornot · Sep 9, 2023

You need to login to view this posts content.

Reverse-Engineering Vista/Windows 7 Activation

witherornot MDL Junior Member

sml156 MDL Member

thetank18 MDL Member

gailium119 MDL Addicted

witherornot MDL Junior Member

gailium119 MDL Addicted

witherornot MDL Junior Member

gailium119 MDL Addicted

CONIGUERO MDL Novice

witherornot MDL Junior Member