Bob65536, Is it possible that there are Windows 8 keys without an 'N' in the product key like the ServerHyperCore entry in the product.ini?
The short answer is yes. The long answer is Code: <Configurations> <Configuration> <ActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</ActConfigId> <RefGroupId>206</RefGroupId> <EditionId>Enterprise;EnterpriseN;Professional;ProfessionalN</EditionId> <ProductDescription>Win 8 RTM Enterprise;EnterpriseN;Professional;ProfessionalN Volume:CSVLK</ProductDescription> <ProductKeyType>Volume:CSVLK</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> <Configuration> <ActConfigId>{044ba67a-4c54-47ee-941a-d6f2efaa6891}</ActConfigId> <RefGroupId>206</RefGroupId> <EditionId>Enterprise;EnterpriseN;Professional;ProfessionalN</EditionId> <ProductDescription>Win 8 RTM Enterprise;EnterpriseN;Professional;ProfessionalN Volume:CSVLK VL Additional</ProductDescription> <ProductKeyType>Volume:CSVLK</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> <Configuration> <ActConfigId>{7b37c913-252b-46be-ad80-b2b5ceade8af}</ActConfigId> <RefGroupId>206</RefGroupId> <EditionId>ServerDatacenter;ServerStandard;ServerMultiPointStandard;ServerMultiPointPremium</EditionId> <ProductDescription>Windows Server 2012 RTM ServerDatacenter;ServerStandard;ServerMultiPointStandard;ServerMultiPointPremium Volume:CSVLK</ProductDescription> <ProductKeyType>Volume:CSVLK</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> <Configuration> <ActConfigId>{fe27276b-a5a9-4b4d-88e3-14271beb79be}</ActConfigId> <RefGroupId>206</RefGroupId> <EditionId>ServerDatacenter;ServerStandard;ServerMultiPointStandard;ServerMultiPointPremium</EditionId> <ProductDescription>Windows Server 2012 RTM ServerDatacenter;ServerStandard;ServerMultiPointStandard;ServerMultiPointPremium Volume:CSVLK VL Additional</ProductDescription> <ProductKeyType>Volume:CSVLK</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> <Configuration> <ActConfigId>{2cf1c8d6-ebe1-4ce9-83c6-c4877fae1355}</ActConfigId> <RefGroupId>152</RefGroupId> <EditionId>ServerHyper</EditionId> <ProductDescription>Hyper-V ProdAct All Programs</ProductDescription> <ProductKeyType>Retail</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> <Configuration> <ActConfigId>{4a8149bb-7d61-49f4-8822-82c7bf88d64b}</ActConfigId> <RefGroupId>170</RefGroupId> <EditionId>OCUR</EditionId> <ProductDescription>Windows 7 OCUR Retail</ProductDescription> <ProductKeyType>Retail</ProductKeyType> <IsRandomized>false</IsRandomized> </Configuration> </Configurations> </KeyRanges> <KeyRange> <RefActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</RefActConfigId> <PartNumber>X18-10776</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>199000000</Start> <End>213999999</End> </KeyRange> <KeyRange> <RefActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</RefActConfigId> <PartNumber>X18-10777</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>18000000</Start> <End>18699999</End> </KeyRange> <KeyRange> <RefActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</RefActConfigId> <PartNumber>X18-10778</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>10003000</Start> <End>10007999</End> </KeyRange> <KeyRange> <RefActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</RefActConfigId> <PartNumber>X18-10779</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>10500000</Start> <End>10599999</End> </KeyRange> <KeyRange> <RefActConfigId>{24259a22-3bf0-44af-a68b-1b858bce1894}</RefActConfigId> <PartNumber>X18-10780</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>10008000</Start> <End>10012999</End> </KeyRange> <KeyRange> <RefActConfigId>{044ba67a-4c54-47ee-941a-d6f2efaa6891}</RefActConfigId> <PartNumber>X18-20784</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>21100000</Start> <End>21599999</End> </KeyRange> <KeyRange> <RefActConfigId>{7b37c913-252b-46be-ad80-b2b5ceade8af}</RefActConfigId> <PartNumber>X18-09067</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>99000000</Start> <End>108999999</End> </KeyRange> <KeyRange> <RefActConfigId>{7b37c913-252b-46be-ad80-b2b5ceade8af}</RefActConfigId> <PartNumber>X18-09068</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>152000000</Start> <End>191999999</End> </KeyRange> <KeyRange> <RefActConfigId>{7b37c913-252b-46be-ad80-b2b5ceade8af}</RefActConfigId> <PartNumber>X18-09069</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>10100000</Start> <End>10499999</End> </KeyRange> <KeyRange> <RefActConfigId>{fe27276b-a5a9-4b4d-88e3-14271beb79be}</RefActConfigId> <PartNumber>X18-20804</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>98500000</Start> <End>98999999</End> </KeyRange> <KeyRange> <RefActConfigId>{7b37c913-252b-46be-ad80-b2b5ceade8af}</RefActConfigId> <PartNumber>X18-09068</PartNumber> <EulaType>Volume</EulaType> <IsValid>true</IsValid> <Start>214000000</Start> <End>233999999</End> </KeyRange> <KeyRange> <RefActConfigId>{4a8149bb-7d61-49f4-8822-82c7bf88d64b}</RefActConfigId> <PartNumber>X15-39781</PartNumber> <EulaType>Retail</EulaType> <IsValid>true</IsValid> <Start>972900100</Start> <End>972900109</End> </KeyRange> <KeyRange> <RefActConfigId>{2cf1c8d6-ebe1-4ce9-83c6-c4877fae1355}</RefActConfigId> <PartNumber>X14-19709:Virtual</PartNumber> <EulaType>Retail</EulaType> <IsValid>true</IsValid> <Start>29000004</Start> <End>29000004</End> </KeyRange> </KeyRanges> <PublicKeys> <PublicKey> <GroupId>152</GroupId> <AlgorithmId>msft:rm/algorithm/pkey/2005</AlgorithmId> <PublicKeyValue>d2ZVRAABAAEzAQAAMyIRAAABAAEADg4DAAAAAgAAAAAAAAAAAAAAAAAAAA4AAAApAAAAyAAAAB8AAAAjAQMIDw8PHwMDAwMDBz9lRlQkZQyCO4odm4yzK+95rQH3Rhg7ih2bjLMrBAEAAQIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADaFNTfbm0EpMA/0x9NAU3mwCIgcXWY/gwmaFsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQtQwnEjeMO435FSKAT02MHfL0K3obXP6BnmypAiVJBxT6ko3TQw2MfDnrwVPkbRsevs+N6MW0Tg8SSDF/mrIJIOrf+qCfFwYRj2PbF/1vbrUCnIar+ie6fhx1PJNd5Q74S9Impt4iKsQMw9WueECGiTdTuTwI/rWQ2QT3EED98vQNU60pqyNDICbcRkVcYsMNnjQryB36x0Au0VjeDRCvKkxtK0l/JHg8AD2RkxB6nm5wg5V8eS5iaC1rypq3YCOI+iSB/Mo09T265a22lMT1uJYUC/n8oGfcerpNfdjYORgfRIi7RXq67zQ0V9RsMBNKWif61QkflIaRMFeTXSbsZJpBsQ8W8DMUkk/25huff6Dw6uPhZ7ClIKt12u/sbk9ZgytOnBJeVu7shJUqxhWz8QOEgs4gMHg1/I2UteRKWsAeFrbyT3kVZH7/A8+PVKImesDlDOIVAT1A3KmonMj82VQVLlaOis7pDfR/l+zuYkpUYiU6tSZZ4GD4vW15F8xxt+iq3j2Ii69IqKljtCcjRO4xI9ROVzFXHBHpDYgmqDgBDGDVD53QN9jW7yBj8LYUWr6+4cmCwrWqyHOb15x8O182G8CDMFujdRwGKF9wTzItFaVjCevMiQrQDB0fyPrW9YfC5RBU4PSE61rNkctj93Yb17IeeEl/6T3o4Z4wURSjBxlQM7HJ7zMQz2TeDbn//lxcOzxg6hBgkPxpaOiyWBO/WLTwISOJSNoRvSAcoW1KDiAo/nlPwQ/AAohWxeum8tNWEtophv74TJAaqlUoGRT6vJMwyhUgZhgc1sCUaD1jcQE2vHwmC4ojXZpy3tTxIX0iYI3EWavXGtwZtywe6MhISG0P7iwLYexwtRhkkKQBjZJ++OHZTyed1q0mEA56JrQ5mIFoyre/GlD4Ogd/HumtirUEFljCYVxrcDlhm2WEn4dqkdmvZI43f0ZQ84EdarG0qgAcCUFwzSIV8Riw/8u7a+ylcc9qtDgPRKodptJ5PJH8L7ywd3paQhORbgS8EDNhJxyfPd6sIabsrNyLPXof6zAHLAYIqIv64JiKJGoBJHSqp1zvNl28mnIILJ02lxDoE+8lwoBkNC22LdQQw2o+x5ipQARytMw+OpYcybI1wyMkmoMgzPfWrSI974gmecRB1IrftTrST/j8BgowvD0ga110d5DBaVq9qRTwUhmn3tViGnJZMA2AD0hn86oK4SYNqgXj9Bm9xJqpKqRMCOs4jA75TJIMnrHfl8W0bu9eTz97cfxmwtmFnWDVKK8OU7gMvJbbIY3cdjIpKGx0DUJsrGR/iZHRduewKZFD/VQNIRUOR+wfqxYNFhNjhIalQTWpEV+0P8vxsy8spkfSdRYukwvAcMBN4ASMQKO0plXEGubF1U+2fDrfLazwNYaKAIKSfTKYA6zVuQBNt5benFJP2BRh6BThTRBY9arIXVpwmAjxBBoQxH/BpBW0yXL4USw3lWlc0anIcO7J3VxOFBWLULsQ0TTyAW3VWJSiHoFFdevz9zXYVbeYb+eKhjUb07jWDSKT7YQ1w/QBi4oPtKD1pqQd+BiORWfSz9HIQpyFjczkMWFwqq9eBkaJWJ92gJAQvCQcvH/i6qhuP4rtVC3fEX6QKfEfqZnnOJekoHCYk2qBjuAHO8O+3uQWSwJp49CXwfsnMAfb4KQ==</PublicKeyValue> </PublicKey> <PublicKey> <GroupId>170</GroupId> <AlgorithmId>msft:rm/algorithm/pkey/2005</AlgorithmId> <PublicKeyValue>d2ZVRAABAAEzAQAAMyIRAAABAAEADg4DAAAAAgAAAAAAAAAAAAAAAAAAAA4AAAApAAAAyAAAAB8AAAAjAQMIDw8PHwMDAwMDBz9lRlQkZQyCO4odm4yzK+95rQH3Rhg7ih2bjLMrBAEAAQIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADaFNTfbm0EpMA/0x9NAU3mwCIgcXWY/gwmaFsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6tSIHo/hc7tV1+7QESubaaeDS8UnVp6Na3Tir0ztv6i495sDpcj41RB11UupxrXNdgDjAExkcm/feCZLXxPfiRSLtaEytiY4pQ2cb2j/F0Wn2sHhUHVg+//r8aa7++3QsAe6MRrLToaUoS4opF9BusPTvlCkU69tNsCQWxCDHAAcCfTd2kP4/LpN0oSE+uPFy4OK51MAW+GQuPLL5vgZ8tdMlVtvgvEXPEgCYTqXctqZCVMS0k2fPYu5i1gah3TpIL6yM6gunhGhNmJoPdjNIQBKXZ3t2AbnrEBVJx1oYUihlC7XdThy/SPSeaFRJZkvOnPNTXstui302eB+U5QksTqp9kKuJS8+QpUP6NIhXfUU9YxcgycAP6X/O9UcxGUE2buYaOA1E1qlSO3W4IhWtpzgoGpRsEC8Bbo5Xcnvkrewsz6KljTXhB+o8kJPPBBH9Fcf0Zt6WqL9VFO2IkUYuBRzO6kKWGqP9U9hkpGUAA9YcajP3ADbx7HEhkZk+PMwdP2GgxqyAMJgvVrx4bJYsuuM17mQ9i6log2ofCWGj8kXJDJQJjEC4KJDaukbXbGiIjQ6tXsUh/vg/FBPkCWB68TP4d6HlLH63z+rEyJCUNRupsJQZhmzksuPgpo9fjTPh3oR6Pjuok7SXJfpxLnOCcuD+eTlG3EUY1g1jjqiUOgUZYaZQc7LwbXafIJnOKZNRgGifgK2Lsw51YTdY1Bv3KGC6a33DL2ik+2Dq21vgZdLG9GJHXtcwzY37u2yhoCRQTgY7l0+3MgxUUCuTTDZTef+b/20sv4q0nYnRrbIRxATYTR3KU3gUykg8B1TQPAnX9PlttF2Y0BPH343tWaeBP3pcW54bp4eTt4Rg77RVcrxCu4qi7Orb/mzadI2t+HFQj5E+KZM3PHUR/RxoWOPA0mC6CuqaYA+cwzxexHZXvlBtOgXV7Xz86J7js3fbaEimqMYnh1pgUMZBkXrVnCn6ZvegAQCVO9TvJ/a6RhxjVDziXKlRyUhkoVc56c+IuJrUgQH9YZ9Znidtk5oWruykXwF2gOnah+1DWTVXUIZKvgcT2d/9DbjqdWOolFQ8D31NtO/8VBnGvaCTu3qRiOo3sy9T2dEU5HvtqAsrRV5W6r1Xl/SgBlx2KHXTnpE66YWwWaCPfo5no7qmGjeAipgryBsRi6WVrFizh+o4g9Zofv42aIWMPcqRt5WdLkg46hAN0lEEmdikGuF+YBgvm4GUWE0NxiyYd5V4AtgT8tba0yL/WbrfSzRBD3zO/19M9CRPiGV/pGQCIzphT4CjSZCcrdtsctzOZ56fCLW5kaBfxygVw7nY+pTfn9fvJ9c1bKdN7sUj77NQUB44JnL0nj2GzZsgRaSNqpAF6Hg3gGAk5drf1MRxlq/XuCcRG26zDJJPwSdJDMEYc58FC3ong27qKBKuG6CC/kLVO2yY4ZljtF9YwC8ZRmZwONj5h3RUqzycnjJJSDObzeaXWgCGP5Sdg9wUOnOh89n7s5+XLCXZvF8nWRsH0QFzN5cojjbElJswBbsBJvKXHbQL1ywmEz2K+daAyzwN+GrDfYD1s0rbu8PsRWPoLlm7eYIMg2p/IGYFs0QgRGZ8jqeHt3p4tEmuLJ+2YdVIkb7kTGMWLZpAiYjIZa5oRBPiV6Oj6Fw3JybTY9mPXBExgmBN8Ig==</PublicKeyValue> </PublicKey> <PublicKey> <GroupId>206</GroupId> <AlgorithmId>msft:rm/algorithm/pkey/2005</AlgorithmId> <PublicKeyValue>d2ZVRAABAAEzAQAAMyIRAAABAAEADg4DAAAAAgAAAAAAAAAAAAAAAAAAAA4AAAApAAAAyAAAAB8AAAAjAQMIDw8PHwMDAwMDBz9lRlQkZQyCO4odm4yzK+95rQH3Rhg7ih2bjLMrBAEAAQIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADaFNTfbm0EpMA/0x9NAU3mwCIgcXWY/gwmaFsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5m8v5q3sSP02Y01kAGIhotU18UAcHzbe1TIwDvTFmqtkoCTJMmo+vCBC+zOi43YWB9AEprGQMam464gSeFuX76npOf6BE2Q0AEquOLGralRoZvHjmPgVr7QpwAbMdbTUgmxqiUf0Z1he7GWl8NmQrVZT2WM/O1XuVr3kKWERURji6tQMyaxtXr49sCJnw9tSnyzCRgr/vruRHid4v8GUIlCS1g3OMDAEYvYfaSSfwYWbmvzukWhLUxE2egSW+nbzlkaBPoi/6Dr8+RaxspphNRFHSvdH3n8n9MW1ccyNAi6vxghWs27E8bD3jbwRSYhmOCV9uHZdVjfpUVEmASEgMnzlJpQupHGTYSpZ04aPqxEoCqlaqPrhklPaURghFJL8yfzmYMF23aX5GA6FRmshIL7vgOfRed6MTXZCtvP+Vk1yefygy475XnWoeYjsJnIVKYkZnwu8L3lcy85P8dg03mXC6h4xWnnBn4HQGwsWlVCcSjV/QGthyhES2mLut8I+hjbgbFz+sGPBzDHWCIXwzDMwi9wirgvcpY7PEfrR84I/FjDiBqrQLscmKVYLAn5t0DUvO695drx0A+tnClRBTDTjAYJyrSHMD46KJaI1d6y1nxclnlhljaQxQlkyYvfsheGHE12HdMmw181WzxE/iCat44TW0UBC5ali4a8bG+ouqSQnkZ0MJbnucdbGdkcW1pzCN4ZRyTCqpJKTaXTb64IPBr5/LL95sNiAaUciMj3jp7FB0d7NCFp/TpqhA5pBQMR4rgWdFa+5SQA1PMbU7UQ7V6fUO1Jl0gTu/F0Hc3Pzpf0/v9vR7MqTCp0pEm+aS7lot6HnVg758reZL410FHlRUMnSEHTCUZDii1gTGZaSZ8H7i4X6pG5D3NFNVKDFAk/g9vpj/J3smuyxwUei36QSs2XJtC0mmwKyNMdj9H4BbYNOzj585mIWGKt8ruM8p+mjPMrCQYUU5U6Ya83WRjt8wg0hF0AATDGTp6ZvXtSJQQJ4kKtNodiDZRkQdX/GURyl9dplnTvHFu2FtWQAfBE2ObXTALqPREfQ4AKjtYZkd7QzIMdE3OOAErGJ4nTTmxKjHv1H7gpSu36zGUA5IyYNvimqD6DIOhyysP/FBi//f//+gSeHlzsK3RQojt5zjogRkv+1j1QyPM9TG87LGbF86j0oungcb6oEdf+KAY5c2e71svL74Qd0spehi0gRGU7BlE2LL29l+bApc9h84a9DPNDjmxsAwVh64J2uNa2VZw/zQD3ijvrcEtDe6QpruLLTU5IfcOroxqmNRmJDGMLXMBD54V00iccDDU8QtdxSkCvZ3ZU22NpXWaCL74GERAkJV0jmLEZVYmSMsMn1jlw31GA4oEpqkPVwzj1oq6tP8vnvnhTQg5AEF4LNBkmGFcM4caITMkmWHQQpYPrtlVm4VR4iBdd4WBkWuE8MT3dYu9CVU/yG0S/O7+uOSBgr0Fllaw+D+I/K4eDnvbnxSwVSWnZ69YJS5rJnWQI3ikHbRA3B7kH/KPv6cfIG5zoHnAGKweud4ExymTpSs+k6Ro0JeTzY/xExupOAJczqWgqVNxtxgYK59qdZ4EgExgGJ+rgx+qv8FjNm49axXIiQJ1ET6lmHPBX8jBfq+/7csj4sqtCWoFjync42qqqBRwiFXqsqN2cglK1WWlFg==</PublicKeyValue> </PublicKey> </PublicKeys> These are all the key ranges that are valid for Windows 8 that use the old msft:rm/algorithm/pkey/2005 algorithm. If it is a msft:rm/algorithm/pkey/2009 key, then it must have an N in it. The decoding algorithm I presented here cannot be used with pkey/2005 keys. Thanks for posting that. I hadn't noticed those entries in the XML.
Yes. I'm not going to reverse the algorithm, but if someone else does I will add it into the KeyInfo program.
@Bob65536 Thank you for your answer. @Admins Thanks for making this a sticky. Shouldn't this be in MDL Projects and Applications?
In general, sppsvc dosn't need any complex kernel level debugging. I did my investigations directly attaching usermode debugger (from IDApro disassembly) to running sppsvc process
Thanks to Bob65536 for this great value share ... You can do this with VmWare Workstation if you prefer use it: Setting -> Add Serial Port -> Output to named Pipe Then follow the same procedure ...
Hi Bob65536, You are doing excellent job, Thanks and hats of to you. I hope you will come up with confirmation id creator very soon. Thanks once again. Bodivijay1985
The story so far... All of the information here applies to confirmation IDs and installation IDs used in phone activation. CIDs and IIDs start out as Unicode strings with no delimiting characters between groups. Step 1: Verify Check Character The last character of each group is a check character. I gave the formula for calculating the check character a few posts ago. Step 2: Create Decimal Array Remove the check characters and convert the string from an array of decimal characters to a byte array of decimal numbers. ex L"139" = 01 03 09 Step 3: Convert Base Each byte in the array is a decimal digit. The most significant digit is the first byte. Convert this to a binary number. This is the same as the decoding step for pkeys except this is a different base. Code: union UINT192u { UINT64 u64[3]; UINT32 u32[6]; UINT16 u16[12]; UINT8 u8[24]; }; void Decode(const BYTE* arr,UINT32 len,UINT192u& val) { val.u64[0]=0; val.u64[1]=0; val.u64[2]=0; UINT64u res; for(UINT i=0;i<len;++i) { res.u64=10ULL*val.u32[0]+arr; val.u32[0]=res.u32[0]; res.u64>>=32; res.u64+=10ULL*val.u32[1]; val.u32[1]=res.u32[0]; res.u64>>=32; res.u64+=10ULL*val.u32[2]; val.u32[2]=res.u32[0]; res.u64>>=32; res.u64+=10ULL*val.u32[3]; val.u32[3]=res.u32[0]; res.u64>>=32; res.u64+=10ULL*val.u32[4]; val.u32[4]=res.u32[0]; res.u64>>=32; res.u64+=10ULL*val.u32[5]; val.u32[5]=res.u32[0]; } } More to come soon I hope. It calculates a couple of sha256 hashes of the IID and CID, but so far it doesn't look like these are used for verification.
Thanks for the informations you have been provided, guys... This will be a big help for everyone of us who wants to make a deep research for the new MS os...
sppsvc calculates two sha256 hashes that contain the IID or CID. First one is sha256(IID+CID) + is concatenation. The IID and CID are Unicode strings. The null terminators of the strings are included in the hash. The second one is sha256(BYTE(01)+IID) This hash does not include the null terminator on the IID string. The first hash cannot be used for verification. It is probably dropped in the license file if the activation succeeds. The second hash is copied into memory directly after the decoded CID. I believe this is used for verification. At this point my debugger crashed and I lost track of the IID and hash. I did find the CID again after I restarted the debugger. The CID is then decrypted. I didn't really focus much on the decryption. I'm not sure what algorithm its using yet. Its not a trivial algorithm though. I did find the encryption key though that must have been encoded into the IID. The CID and key are both 17 bytes long and padded with zeros into 24 bytes. All 24 bytes are decrypted together. Now that I know the key for a particular IID, I'm going to focus on the IID and find out how it is extracted from it. My guess is that it works like this. 1. Extract key from IID. 2. Decrypt CID. 3. Compress hash to 17 bytes 4. Compare hash to CID. EDIT: Btw, all of the code for CID verification is in sppwinob.dll.
Would it help to running inside a r/b/ootkit giving you some ring-zero action, or is that a non-issue.
It is obvious that the GroupID and the KeyID used in KeyInfo32 that is made by Bob65536 is related to the pkeyconfig file. Decoding the pkeyconfig file delivered a surprise to me. Why are there something like product key's embedded in the pkeyconfig file? Is that something that Microsoft will release someday or is it something left over from their alpha's and/or beta's versions?
Some of those keys can be found on google - yes they're from 'beta' builds. Others probably also are left from there.