During the upgrade process from Windows 7, 8, 8.1 to Windows 10 (Also from Windows 10 to a newer
version of Windows 10) properly activated systems are eligible for a digital license.
The digital license activation is permanent and linked to a specific user (Through hardware and optionally through a Microsoft Account).
Internally it works something like this,
The upgrade process executes gatherosstate.exe contained in the installation medium.
The job of gatherosstate is to generate a Genuine Ticket for use by the Client License Platform migration tool (ClipUp)
This ticket is a GenuineAuthorization XML file containing the following information: (There are more fields in tickets from ClipUp, but we won't need those)
* Its version. As of now, this is always "1.0"
* the genuineProperties:
* Properties:
* OA3xOriginalProductId - The Product ID of the BIOS key.
* OA3xOriginalProductKey - The BIOS product key.
* SessionId:
* OSMajorVersion - The OS Version Major
* OSMinorVersion - The OS Version Minor
* OSPlatformId - The OS Platform ID. Always 2 (2 means Windows NT)
* PP - Protected Process - Whether or not gatherosstate was run as a protected process
(It practically never does. ClipUp is also capable of generating those tickets, and it runs as a protected process.)
* Hwid - The Hardware Id - a base64-encoded byte array containing information about the current hardware configuration.
* Pfn - Package Family Name - The package family name of your Windows edition.
* OA3xOriginalProductKey - The BIOS product key. (Yes, it's a duplicate)
* DownlevelGenuineState - Indicates whether or not your system is genuine. (activated)
* TimeStampClient - The ISO 8601 format date of ticket generation.
* Signatures:
* signature: (Either downlevelGTkey or clientLockboxKey depending on which utility actually generated the ticket - SLC, gatherosstate or ClipUp)
* downlevelGTkey - rsa-sha256 signature for the Properties field
* clientLockboxKey - rsa-sha256 signature for the Properties field
This ticket is later applied using ClipUp and sent to Microsoft Servers.
In return, the Microsoft servers responds with the JSON "receipt" for the digital license. The fields in it are irrelevant and mean practically nothing.
This license is linked to specific hardware, and can be transferred to other hardware if needed using a linked Microsoft Account.
This process during upgrading requires a lot of time, and it's not as easy as clicking an “Activate” button.
so to achieve this, @mspaintmsi and an Anonymous developer discovered a way to quickly generate a valid ticket for acquiring a license.
There were a lot of methods for this, but the simplest one is placing a modified SLC (Software Licensing Client) library next to gatherosstate.
Due to gatherosstate loading this library dynamically it can be substituted very easily without modifying the gatherosstate file at all.
This library was originally a modified version of SLSHIM by @vyvojar on GitHub (but has went through so many changes that it barely resembles it anymore).
This library is supposed to query the licensing information for use by gatherosstate.
gatherosstate has no way to verify this information, so it blindly places it into the ticket.
After sending the ticket and receiving the receipt your system is activated.
Now a question arises,
Q.) Can Microsoft differentiate counterfeit tickets and block the license?
A.) Umm.. Yes, but actully no.
The signature type can (sort of) be used to determine what utility is responsible for the ticket.
There is no way (in a standard environment) for a non-activated Windows 10 installation to generate a ticket.
In the normal process, gatherosstate will ask SLC for the entire ticket, but when this fails it will generate and sign it by itself, creating a
"downlevelGTkey" signature.
For every system with an installed product key a generated ticket will be returned by SLC and thus will have a "clientLockboxKey" signature.
Put simply, the signature (should) always be a "clientLockboxKey" one in case of an activated system, but in this case it isn't.
Microsoft will not take action against it, because of the risk of voiding valid licenses.
Besides, they never really cared for consumer piracy; That's not where they get the most money from.