[Suggestion] Addition Of Windows 95 Retail And OEM Key Generation
TrialMedusa64 opened this issue · 37 comments
Since Windows 95s Key Generation Algorithm Is Alot More Simplistic (And More Well Known), It Should Be Alot Easier To Implement Than XP's Algorithm.
This keygen is for keys that use BINK, not the Windows 95/NT4 algorithm.
Hi @techguy16, I Understand That This Keygen Is Focusing On Keys That Uses BiNK And Not The Mod7 Algorithm That 95 & NT4 Use. I Think Its A Cool Addition To The Keygen. I Just Wanted 95 & NT4 To Added In To The Keygen.
Nice Python Library @techguy16!
@TrialMedusa64 'm about to implement XP keygen too. Thnx to @WitherOrNot over at UMSKT for the SageMath code for generating WinXP keys.
Nice
@techguy16 if your going to make a keygen that makes XP keys (or any other ms products dat use the PID-BiNK licensing system), its important to know the channel IDs first! so far, we know... we know... uhh we know.... wait how many channel IDs do we know so far?
I know. It's all in the keys.json file in UMSKT.
Those are BINK ID's. We still need to figure out every Channel ID (more specifically, the ranges).
Oops....
Now that I think about it, it's possible to find every product that at least verifies the Channel ID, and then brute force 000-999 to find which ones work and which ones don't (provided we don't have the ranges from decompilation anyway).
So just run a github action 24/7 that tests every Channel ID against every BINK? I'll run it?
Problem is how you check to see if it's a valid Channel ID or not. In the case of Office, it tells you to put in a new product key. In the case of Windows, you get the infamous activation loop. Hard to put that through an Actions script.
But UMSKT, verify a key?
But UMSKT, verify a key?
I completely forgot you could do that.
I'm making one now.
Here's the full code (.NET 7 Console App):
using System.Diagnostics;
namespace ChannelVerifier
{
internal class Program
{
static void Main()
{
File.Create("log_cv.txt").Dispose();
File.Create("log_umskt.txt").Dispose();
for (int i = 0; i <= 255; i++) // 00 (0) through FF (255)
{
string binkId = i.ToString("X2");
for (int i2 = 0; i2 <= 999 ; i2++) // 000 through 999
{
string channelId = i2.ToString("D3");
File.AppendAllText("log_umskt.txt", $"[{binkId},{channelId}]\n");
Process umskt = new();
string arguments = $"-b {binkId} -c {channelId}";
umskt.StartInfo.FileName = "umskt.exe";
umskt.StartInfo.Arguments = arguments;
umskt.StartInfo.RedirectStandardOutput = true;
File.AppendAllText("log_umskt.txt", $"{arguments}\n");
umskt.Start();
umskt.WaitForExit();
string keyToVerify = umskt.StandardOutput.ReadToEnd();
File.AppendAllText("log_umskt.txt", umskt.StandardOutput.ReadToEnd());
keyToVerify = keyToVerify.Replace("\n", "").Replace(" ", "").Replace("\r", "");
if (string.IsNullOrEmpty(keyToVerify) )
{
Console.WriteLine($"No Listing: BINK ID = {binkId}");
File.AppendAllText("log_cv.txt", $"No Listing: BINK ID = {binkId}\n");
i2 = 999; // effectively cancels going through unlisted bink
}
else
{
Process umskt2 = new();
umskt2.StartInfo.FileName = "umskt.exe";
string arguments2 = $"--validate {keyToVerify}";
umskt2.StartInfo.RedirectStandardOutput = true;
umskt2.StartInfo.Arguments = arguments2;
File.AppendAllText("log_umskt.txt", $"{arguments2}\n");
umskt2.Start();
umskt2.WaitForExit();
string validateStatus = umskt2.StandardOutput.ReadToEnd();
File.AppendAllText("log_umskt.txt", validateStatus + "\n");
if (validateStatus.Contains("Key validated successfully!"))
{
Console.WriteLine($"Match: BINK ID = {binkId}, Channel ID = {channelId}");
File.AppendAllText("log_cv.txt", $"Match: BINK ID = {binkId}, Channel ID = {channelId}\n");
}
else
{
Console.WriteLine($"Invalid: BINK ID = {binkId}, Channel ID = {channelId}");
File.AppendAllText("log_cv.txt", $"Invalid: BINK ID = {binkId}, Channel ID = {channelId}\n");
}
}
}
};
}
}
}
umskt.exe needs to be in the same directory, then just run and let it do it's thing. Expect log.txt to get pretty big.
I Think You Should Make A List (Preferably A Spreadsheet) Of Channel IDs @thepwrtank18 And @techguy16 Its Important To Know That 1 Channel ID, Are Sometimes Linked To Multiple Products For Example, ID "640". Is Linked To VL [Volume Licensing] Versions Of XP, Server 2k3, Office XP And Office 2k3, And ID "865", Is Linked To Office 2007 Enterprise. How i Do Know All Of This? Well Keep In Mind That I'm No Expert In Cryptography (In This Case ECC Cryptography) I Heard About XPKeygen And UMSKT In One Of Enderman Videos And I Was Like "Ey Lets Check It Out" I Downloaded The Latest Version At The Time And I Was Really Impressed On How Well It Works Not Only That It Can Make Keys But The Keys Are Random. RANDOM! I Was Like "I Can't Believe That This An Real Thing" XPKeygen Would Later Be Added In To My Set Of [REDACTED] Tools. Oh And In Case If Your Wondering How I Know The ID For Office 2007 Enterprise, I Seem To Just Have A Text File Title "ms_chl_id.txt" Along With 9 IDs
It looks like --validate is broken, where every channel ID is "valid" when the BINK is 2E (even ones that would never be used, like 999), but none of them are "valid" otherwise.
Update: It looks like the Rust port validates everything successfully (still wrong), but not the original UMSKT. Regardless, we're not gonna be able to brute force our way through it.
I'm working on a WIP Python port which I will take this onboard.
@techguy16 & @thepwrtank18 Can I Share A List Of Channel IDs That I Know With You?
@thepwrtank18 & @techguy16 Here's A List Of Channel IDs That I Know So Far:
906-Office 2007 Home & Student
862-Project 2007 Professional
640-Windows XP Professional x86 VL Windows Server 2k3 VL x86 Office XP VL Office 2k3 VL
652-Windows XP Professional x64 VL
641-Office XP VL Applications
861-Groove 2007 Publisher 2007 Project 2007 Professional OneNote 2007
864-Office 2007 Standard
902-Office 2007 Small Business
865-Office 2007 Enterprise
905-Visio 2007 Professional
As You Can See, Some IDs (Like 861 And 640) Are Linked To Multiple Products. There's An Oddball In This List, And That Oddball Is ID 862. ID 862 Is Oddly Enough, Linked To Project 2007 Professional, Which Is Also Linked To ID 861. And To Make This Even More Of A Oddball, Some Office 2007 Keys Are Actually (And You Wil Not Believe This) Longhorn Keys Yepp! You Heard Me Correctly! Some Office 2007 Keys, Are Longhorn Keys Not All Of Them Are Longhorn Keys, But Some Of Them Are. Confusing? Yes Surprising? Yes (I Guess???)
Keep In Mind That The List Is NOT A Definitive (You Can Obviously Tell Its Not) List And I Might Have Got Some IDs Wrong And There Are F A R More Channel IDs That We Haven't Discovered Yet. So Lets Get To Building That List Channel IDs! :D
Hey @TrialMedusa64 , thanks for your list of Channel IDs.
I have a valid copy of Office 2007 Professional so I will be seeing which channel IDs work.
I think the only way to actually test which CID's work is to create every single key through 000 to 999, and manually see which CID's work in each product through some AutoHotKey script.
- Make list of keys, with channel ID's of 000 to 999
- Make virtual machine with product specified
- Make a snapshot before the key is put in
- Use script to put key in, click all the buttons, and see if it errors or not
- If it does, mark invalid, if it's fine, mark valid
- Restore snapshot, repeat from step 4
An alternative method is croudsourcing. Get people to use https://mskt.surge.sh?validate= on their key, and post the channel ID. With enough data, we could get the ranges.
@techguy16 Your Welcome! :D
@techguy16 & @thepwrtank18! Got Another ID!
492-Windows XP Home
@TrialMedusa64 can you provide a spreadsheet?
Making The Spreadsheet Now!
Oh And In Case If Your Wondering, Yes! I Am Updating The Spreadsheet With New IDs Being Discovered By Yours Truly.
You Know, Now That I Think About It, I'm Really Glad That Can Help You All Out! Sure I Can't Help You With The ECC And Cryptography Nonsense, But I Can Help You With The ID Situation!
Again Glad I Can Help! :D
@thepwrtank18 @TrialMedusa64 @drazisil I made a C implementation for this a while back
I did in umsktpy as well: https://github.com/techguy16/umsktpy
Sorry, I guess I might have accidentally blindly clicked the suggestions of GHs auto complete