I believe nothing is read from the actual data, and xml meta contains very much all the info needed for such operation you mean "copy /b file1+file2+.. finalfile" but the xml is not always at the exact end of wim file
Testeing the /apply-image Created a VHD mounted and now applying index:4 of the install.esd. Code: C:\windows\system32>DISM.exe /Apply-Image /ImageFile:s:\test\install.esd /Index: 4 /ApplyDir:t:\ Deployment Image Servicing and Management tool Version: 6.3.9600.16610 Applying image [==========================100.0%==========================] The operation completed successfully. C:\windows\system32> index:4 -> 7.47 gig Applyed index:3 ..... setup.exe in root and only 937 MB
We're trying to extract the freshly downloaded esd files, not the already extracted install.esd version. We've already established that we can extract those since they are not encrypted.
I tried using DISM/GET-WIMNFO, but it didn't work returned error 11, can you help me? below is the command and his return: DISM/Get-WIMInfo >/WIMFile C:\Windows\system32: C:\ESD\Windows\sources\install.e (d) Tool of deployment image servicing and management Version: 6.3.9600.16384 Error: 11 An attempt was made to load a program with an incorrect format. The DISM log file can be found on C:\Windows\Logs\DISM\dism.log I try this command too: DISM /APPLY-IMAGE /IMAGEFILE:C:\ESD\Windows\sources\install.esd /INDEX:1 /APPLYDIR:N:\ and got the same error message.... Can someone help-me?
It only works in the dism from 8.1 update 1 that wzt leaked. It didn't work in any previous versions of dism. Are you using update 1?
I see the <CryptoKey> is actually an RSA key pair in CSP blob format (and it's in plaintext). But it seems the <Key> from embedded XML is not simply an RSA encrypted session key. It forms 256 bytes after base64 decoded (which is the block size of RSA-2048) and, in common practice, it should be an encrypted session key by using the public key. But I can neither decrypt it with the private key nor import it as a simple key blob into CSP. Crypto API just fails with the error code NTE_BAD_DATA whenever I try to decrypt/import it. Any thoughts? Thanks
Seems I misunderstood the endianness of the <Key> data. I peeked the actual key data with debugger (I can see the decryption routine is run in WinDlp.dll with normal Crypto APIs). It needs to be swapped in byte array and, if that's been done, the base64 decoded <Key> is also an AES-256 session key blob (encrypted with the RSA pubkey). Also, there is no initial vector for AES-256 and the encrypted blocks are independent from one another. Thx to nosferati87 for giving info.
What is exactly new? IIRC we already could extract and capture esd files, right? And dism always worked on an extracted windows image.
I'm not clued up on crypto so just wanna get some insight into this thing... but here's a snippet with what I came up with so far... Spoiler Code: byte[] GetEncryptedData(int startoffset, int endoffset, string ESDfile) { using (BinaryReader b = new BinaryReader(File.Open(ESDfile,FileMode.Open))) { int length = (int)b.BaseStream.Length; int pos = startoffset; int required = endoffset - startoffset; // Seek the required index. b.BaseStream.Seek(pos, SeekOrigin.Begin); return b.ReadBytes(required); } } private static String DecryptIt(String s, byte[] key, byte[] IV) { String result; RijndaelManaged rijn = new RijndaelManaged(); rijn.Mode = CipherMode.CBC; rijn.Padding = PaddingMode.Zeros; using (MemoryStream msDecrypt = new MemoryStream(Convert.FromBase64String(s))) { using (ICryptoTransform decryptor = rijn.CreateDecryptor(key, IV)) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { using (StreamReader swDecrypt = new StreamReader(csDecrypt)) { result = swDecrypt.ReadToEnd(); } } } } rijn.Clear(); return result; } } }
Here's a pre-compiled I tested as working guys... Obviously it's 10x better that qad hooked us up with a source, but a lot of guys may not want to go through hassle of installing the vs. You might need vs2013 runtime... don't know... Usage is just as qad suggested... just esddecrypt esdfile.esd The extra argument would be for if you had an esd file with a different decryption (which we haven't seen yet) EDIT: I *MIGHT* make an iso creation tool for this later... I've already got a lot on my plate with my diskpart/apply project
DISM can't export an esd to a wim. You can apply to a directory and re-capture it to a wim though. You wouldn't really need to for the main install index, but if you wanted to modify it, you could. You'd have to apply/capture the setup and/or the winpe index though for a full iso. Really it would be much easier to just cut/paste the decrypted install.esd to a GA iso, but all of the iso elements are there. I'll see about getting a script for this made when I'm done testing my diskpart/apply script.