Updated 30-08-2019
====================================================================================================
Activation FAQs:
====================================================================================================
The following text is a mixture of facts and few guesses. The facts as listed are true as far as
I am able to know.
You should read it with a grain of salt. It's a good habit to doubt things, but don't start to
believe your doubts if you don't have any reasonable argument to justify the doubt.
Digital License and KMS38 activation descriptions are based on reverse engineering efforts by
the methods' authors - @mspaintmsi and an Anonymous developer.
If you think anything written here is false, please notify https://massgrave.dev/
====================================================================================================
=====================================
Digital License (HWID) Activation:
=====================================
Written by @mspaintmsi-
During the upgrade process from Windows 7, 8, 8.1 to Windows 10 (Also from Windows 10 to a newer
version of Windows 10) properly activated systems are eligible for a digital license.
The digital license activation is permanent and linked to a specific user (Through hardware and optionally through a Microsoft Account).
Internally it works something like this,
The upgrade process executes gatherosstate.exe contained in the installation medium.
The job of gatherosstate is to generate a Genuine Ticket for use by the Client License Platform migration tool (ClipUp)
This ticket is a GenuineAuthorization XML file containing the following information: (There are more fields in tickets from ClipUp, but we won't need those)
* Its version. As of now, this is always "1.0"
* the genuineProperties:
* Properties:
* OA3xOriginalProductId - The Product ID of the BIOS key.
* OA3xOriginalProductKey - The BIOS product key.
* SessionId:
* OSMajorVersion - The OS Version Major
* OSMinorVersion - The OS Version Minor
* OSPlatformId - The OS Platform ID. Always 2 (2 means Windows NT)
* PP - Protected Process - Whether or not gatherosstate was run as a protected process
(It practically never does. ClipUp is also capable of generating those tickets, and it runs as a protected process.)
* Hwid - The Hardware Id - a base64-encoded byte array containing information about the current hardware configuration.
* Pfn - Package Family Name - The package family name of your Windows edition.
* OA3xOriginalProductKey - The BIOS product key. (Yes, it's a duplicate)
* DownlevelGenuineState - Indicates whether or not your system is genuine. (activated)
* TimeStampClient - The ISO 8601 format date of ticket generation.
* Signatures:
* signature: (Either downlevelGTkey or clientLockboxKey depending on which utility actually generated the ticket - SLC, gatherosstate or ClipUp)
* downlevelGTkey - rsa-sha256 signature for the Properties field
* clientLockboxKey - rsa-sha256 signature for the Properties field
This ticket is later applied using ClipUp and sent to Microsoft Servers.
In return, the Microsoft servers responds with the JSON "receipt" for the digital license. The fields in it are irrelevant and mean practically nothing.
This license is linked to specific hardware, and can be transferred to other hardware if needed using a linked Microsoft Account.
This process during upgrading requires a lot of time, and it's not as easy as clicking an “Activate” button.
so to achieve this, @mspaintmsi and an Anonymous developer discovered a way to quickly generate a valid ticket for acquiring a license.
There were a lot of methods for this, but the simplest one is placing a modified SLC (Software Licensing Client) library next to gatherosstate.
Due to gatherosstate loading this library dynamically it can be substituted very easily without modifying the gatherosstate file at all.
This library was originally a modified version of SLSHIM by @vyvojar on GitHub (but has went through so many changes that it barely resembles it anymore).
This library is supposed to query the licensing information for use by gatherosstate.
gatherosstate has no way to verify this information, so it blindly places it into the ticket.
After sending the ticket and receiving the receipt your system is activated.
Now a question arises,
Q.) Can Microsoft differentiate counterfeit tickets and block the license?
A.) Umm.. Yes, but actully no.
The signature type can (sort of) be used to determine what utility is responsible for the ticket.
There is no way (in a standard environment) for a non-activated Windows 10 installation to generate a ticket.
In the normal process, gatherosstate will ask SLC for the entire ticket, but when this fails it will generate and sign it by itself, creating a
"downlevelGTkey" signature.
For every system with an installed product key a generated ticket will be returned by SLC and thus will have a "clientLockboxKey" signature.
Put simply, the signature (should) always be a "clientLockboxKey" one in case of an activated system, but in this case it isn't.
Microsoft will not take action against it, because of the risk of voiding valid licenses.
Besides, they never really cared for consumer piracy; That's not where they get the most money from.
====================================================================================================
==============================
KMS38 Activation:
==============================
Written by @mspaintmsi-
The KMS38 method is closely related to the HWID method, as it utilizes the same tools.
This method also generates a GenuineAuthorization XML file using gatherosstate, but with slight differences.
This time instead of the "Pfn" field, we have the "GVLKExp" field.
GVLKExp is short for "Generic Volume Key Expiration (date)" and contains an ISO 8601 timestamp of when the KMS activation ends.
This volume expiration date can be changed to an arbitrarily (signed) integer value using the SLC library.
The very long time for activation is related to the Y2K38 problem as this date (19 january 2038 around 3AM) is the maximum date we can give
to gatherosstate without it looping back to year 1970.
The main difference is that those tickets are only valid on Volume:GVLK systems. That mostly includes Enterprise and Education editions.
Now another question,
Q.) Can Microsoft block this kind of activation?
A.) Not directly. They could only update Clipup to allow for a maximum activation period of 180 days.
Not much beside that can be done on their part.
The tickets are not sent to Microsoft at all, so they can't block them or take action directly.
====================================================================================================
==============================
Online KMS Activation:
==============================
- What is KMS activation?
Key Management Service (KMS) is a genuine activation method provided by Microsoft for volume
licensing customers (organizations, schools or governments). The machines in those environments
(called KMS clients) are activated via the Environment KMS Host Server (authorized Microsoft's
licensing key), instead of Microsoft activation servers.
By design, the KMS activation period lasts up to 180 Days (6 Months) at max, with the ability to
renew and reinstate the period at any time. Activation renewal automatically happens every 7
days if the client can connect to the KMS host server.
For more info, see,
https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=201#215
https://technet.microsoft.com/en-us/library/ee939272(v=ws.10).aspx#kms-overview
- How we are getting it for free?
Developers reverse-engineered the KMS Host Server setup, so now anyone can host a KMS server and
activate the systems without any limitations.
KMS activators such as KMSpico, MTK, KMS_VL_ALL, and etc., locally create an emulated KMS Host
Server and activate Windows and Office.
This locally-emulated KMS server requires you to run binary files which often cause
anti-virus alerts (false positives).
Another method of KMS activation is publicly-available Online KMS Host Server.
In this method, the site hosts the emulated KMS server and anyone can simply use this server to
activate their systems, there is no requirement for running any software on your system and
no worry of AV's alert. And this method is the most identical to the genuine KMS activation.
As long as the site hosting the emulated KMS server remains on line, and is available to connect
to, continued activation will be assured.
- Is it safe to use Online KMS activation?
Yes.
Now let's go into the details, why,
In the KMS protocol, there is a relationship of host and client. The client system asks the host
system to grant the activation, and the host system grants the activation if it's eligible.
In doing this, the client system shares some of the system’s data, which is not sensitive in nature.
According to the Microsoft documents, the client system shares the following LIMITED data
with the host system:
Client FQDN, CMID, time-stamp, Product license state, expiration time and IP address
https://technet.microsoft.com/en-us/library/ee939272(v=ws.10).aspx#kms-overview
In this info sharing, the only important part is your IP address.
We can now talk about possible assumptions and consequences regarding this, but before we begin,
you should know the following facts.
- IP addresses do not necessarily represent a specific person. Internet Service Providers (ISP's)
mostly use DYNAMIC IP, which means the same IP address can be used by many different persons,
and a dynamic IP address is periodically reassigned to different people all the time. But a
STATIC IP address is permanently assigned to a single, unique, subscriber.
However, the Internet Service Provider (ISP) won't reveal that information unless
there is a legal reason to do so.
- Microsoft has NEVER tried to catch Home users for using a few pirated activations (not
talking about stolen legal keys) simply because the cost of legal actions would be much higher
than the amount of money gained by forcing a few people to PURCHASE activations.
- No law enforcement is going to take action based on the IP's from all over the world without
the consent from the Microsoft itself.
- In case you are feeling that your machine’s sharing of IP address information as part of the
ongoing KMS activation process is quite intrusive in nature, then you should keep in
mind that any website can fingerprint your device, which means that website can keep a record of
you not only by your IP address, but also with information about your device hardware.
* After these facts, I can't imagine how Online KMS Activation can negatively affect the user.
If you know exactly how it can, than please let me know. Thanks.
====================================================================================================