How to actually use these ESD from the store? I replaced my install.wim with one on these renamed to install.esd. But the windows setup did not accept any product key
The CryptoKey is a RSA key exchange keypair in csp blob format. The encrypted ESD contains XML at the very end with information about which regions in the file are encrypted. The XML also contains the AES CBC session key, RSA-encrypted.
Any chance you could help us figure out how to extract the single install index from the downloaded versions nos? None of us are any good at reversing...
@NiFu Indeed the cryptokey is always the same Found this while testing 8.1 upgrade Code: <WimSourcePath>C:\$Windows.~BT\sources\install.esd</WimSourcePath> <CryptoKey>BwIAAACkAABSU0EyAAgAAAEAAQD1uPI7ZDwMsPbQSyrXDZblLcBf9VNiOSYNOWsLhHkyqpipeo7uOdXrONjHU2MQLZyobpVyunYMUgmU8vaBRMJHyW+Dj0xJqb9urwYFfoExrVDQVpDOOy0kDG1cGus8utua9d64n4vwRwHM4Mtta7T4sQ/o1J9L4QYUQ9xvDc8sWSA2T47n0y3Sj4OCY0RQeQFMke6+3cdnsAYevx4wL8aRS9PKHa8ItyazQJLxmKpb8HnOJn2Ws2ycr4ClGAjT4mqaflEvZ93DWZrk2RyWos0y20NmQ7mAWrVMSSuuINExN5PcvmAuMmvU2N/sCyNa2jPlaQTjJtm0DKoADRfu+W66vTHTwyJ+P2vKQv7HtbsNZMXN0cnhxSnUlwB1C5vnYRkh3tQItJu3OR5EfbF1a3Skx9g6fhCFKbZyjNWZbVxmfn9GDYmeviJiVsp2c0Wf5qg7QT5MJZtzHFB4T+/fV9TQetBCW9LKctFclCjgrw0aaqxNUHaDBvsR/uOG7KchmsuZa7DXvCc4vo15ZSVrCD5kGYhv+PzRfT4ht8r8S/GxAaPi8gZZsQBl/iOEAdhnWwTYwyZvxgkWegQw+guYfdZzi8JZmcoFA/OTognIG2SHMBu5nM8RpBfP8MKjP7UatbGPRo5+lNx26nxiw84bLVFokSxf5JcwhMP4CTHtR7tp6jnOaVHM3ANZ/Pk9mDuo9UBoLKt6amieTK+X9fvszpLbKpp9GKlp8bb4mk96Tgs1YP4108X1fMOJNrawn67OGXhJ+MqpiPs0ORDi5ILTCdfsxb+DLuAAyp/fcWuPnZEdC/VGFL/3Ydj9yqLuk3JFvwpSVD8nI+gZdFYI/qpRV4Q5mWoqzEyzObSj4yt8Do1FL1xgDEvdSxOqmLOB9Mer1DLzzTaE3O1Is3yvPerXJN7gqgpQ69k7if1a6H23AAeEVknNj6rQof2rBrFvnkquf/4uq01jVpQqW6Pez70eYPOuLyVRrdg/X8fSrXHiWdS/df9J0jRjFleHqJy9OI7MMyUK0OTfg1ZxBc8aSEkYaZ/u5G8BKJvhhySgiQvf+j4oAuPibIvZQZ3NF90Bso9hYL8HsvPB2CiYrNzTBuIafLJ6GfHT0dxamSSzP6rW+x+LnbUersORYhx65WekmTQM1Nh8+rFRTgKLQZAS9nVnc9GZ/aZ0SIN5+wWCAFwmLcpReuEcfFBKfdnItS8426wuRKIxzC9YkrQnTQkVuOpc/IUAFoVxApqMIWZYmFFpFGm5MWUiUYlq/Pb2rEgRyYhlASYxjL4QqERC2Aq1Fi8LOQ/TfTbkqyWZQqpWVWurlnMYCf5q8B1k21JwsCYbk/waosnRvbysiCJxzk4XbQ6vBrWiDurLh1KCGeFz8XFmhoudbdAjPWyB6TgY3K9OEHmVeHRbpCosy0gCuac5N6HGAqK9H1UpqgVGOqiSFC/EyRDUSXg14d8w7CZvZEsuMgPz29LGgGx0u2pLsWTsC5XHzgqT8vfJqFHm8w+0+rf9CO70eNcrkzVqn0ubtYDPHcTzdw8=</CryptoKey>
The extraction should be possible with the latest DISM? Before that you'll have to decrypt the ESD like I described above.
That's kind-of what I'm talking about. How do we decrypt this thing so we can extract the install index?
Read out <Key> from embedded XML in ESD, decrypt it with the RSA key <CryptoKey>, use the decrypted key as AES CBC key to decrypt all the byte ranges listed in the embedded XML in the ESD.
I hate to be a whiny murphy, but is there any chance you could help us make a script or a small exe that can read the xml range stuff and decrypt using the key that seems to be the same on all of the esd files? I tried to find some existing decryption programs, but everything I've found either requires special dual-key files to decrypt, or decrypts the entire file. Edit: tried to just apply the index without decrypting first and it error'd out (no surprise)
Second that. I updated from 8 ProWMC to 8.1 ProWMC, so wouldn't that essentially mean it's a semi-official 8.1 ProWMC image?
What about truncating the encrypted parts of the file into a temp file and apply decryption programs to this temp file ?
Confirmed, though that might be in the xml section: Code: Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved. C:\Windows\system32>cd\temp C:\temp>dism /get-wiminfo /wimfile:c:\temp\WindowsBlue-ProESDwithApps-32bit-Engl ish-X1897212.esd Deployment Image Servicing and Management tool Version: 6.3.9600.16610 Details for image : c:\temp\WindowsBlue-ProESDwithApps-32bit-English-X1897212.es d Index : 1 Name : Windows Setup Media Description : Windows Setup Media Size : 300,165,585 bytes Index : 2 Name : Microsoft Windows PE (x86) Description : Microsoft Windows PE (x86) Size : 1,056,420,905 bytes Index : 3 Name : Microsoft Windows Setup (x86) Description : Microsoft Windows Setup (x86) Size : 1,133,005,213 bytes Index : 4 Name : Windows 8.1 Pro Description : Windows 8.1 Pro Size : 8,691,578,728 bytes The operation completed successfully. C:\temp> However, that makes me wonder if supplying the cut-off end of the file would allow an /apply-image
Yes, obviously the command basically reads the embedded xml, which is good enough how is that? the file is encrypted in certain parts, so even dism itself cannot decrypted it on-the-fly to apply it
Beats me. I really don't know how much is read from the xml and how much is read from the actual data. Being that it's encrypted suggests that it's probably reading most or all from the xml and probably just reporting the size of the indexes or other information that you could determine without decrypting... Does anyone know how to do that one command that people were doing with sfx files where you simply combine 2 files? I'm thinking that we could attempt to combine the esd file with an xml file that would contain the end-of-file xml data such as the one from install.esd variants. Then we could try to get it to /apply-image and see if it works. For instance, using the added cryptokey stuff in the xml...