大家一定都知道win可免费升级到7win升级前升级前win7的版本是激活的,所以升级后win十是激活状态,这是真正意义上的正版洗白。俄罗斯大神Ratiborus分析后发现:win7/8/8.1升级到win10:00存在于执行安装包中gatherosstate.exe该程序生成一个包含当前硬件信息和其他信息的程序xml该文件将上传到微软服务器并反馈给一个json文件。大神测试发现: 通过欺骗gatherosstate生成有效程序的程序xml为了实现永久激活,这种方法是数字权利激活的原理。
XML文件内容如下:
<?xml version="1.0" encoding="utf-8"?><genuineAuthorization xmlns="http://www.microsoft.com/DRM/SL/GenuineAuthorization/1.0"><version>1.0</version><genuineProperties origin="sppclient"><properties>OA3xOriginalProductId=00342-36118-15340-AAOEM;OA3xOriginalProductKey=VNG7P-7JH2D-4GM6F-6KB7P-V8RXJ;SessionId=TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0AMQAwADsATwBTAE0AaQBuAG8AcgBWAGUAcgBzAGkAbwBuAD0AMAA7AE8AUwBQAGwAYQB0AGYAbwByAG0ASQBkAD0AMgA7AFAAUAA9ADAAOwBIAHcAaQBkAD0AVQB3AEEAQQBBAEIATQBBAEsAQQBBAEEAQQBBAEUAQQBBAFEAQQBBAEEAQQBFAEEAQQBBAEEAQgBBAEEAQQBBAEEAUQBBAEIAQQBBAEUAQQB2AE8AbgBhAC8ANABXADIAMQBCAGEAbQBYAHMAQwAwAE0ASwBnADgAaABBAHcAQQBBAGcAQQBCAEEAUQBBAEMAQgBRAEEARABBAFEAQQBFAEEAZwBBAEcAQQBRAEEASQBCAHcAQQBKAEEAdwBBAEsAQQBRAEEATQBCAHcAQQBBAEEAQQBBAEEAQQBBAEEAPQA7AFAAZgBuAD0ATQBpAGMAcgBvAHMAbwBmAHQALgBXAGkAbgBkAG8AdwBzAC4AOQA5AC4AWAAxADkALQA5ADkANgA1ADIAXwA4AHcAZQBrAHkAYgAzAGQAOABiAGIAdwBlADsATwBBADMAeABPAHIAaQBnAGkAbgBhAGwAUAByAG8AZAB1AGMAdABLAGUAeQA9AFYATgBHADcAUAAtADcASgBIADIARAAtADQARwBNADYARgAtADYASwBCADcAUAAtAFYAOABSAEoAWAA7AEQAbwB3AG4AbABlAHYAZQBsAEcAZQBuAHUAaQBuAGUAUwB0AGEAdABlAD0AMQA7AAAA;TimeStampClient=2021-08-15T06:17:49Z</properties><signatures><signature name="clientLockboxKey" method="rsa-sha256">nHykhTgdtPYhX/lPaM599s99OPLxJQPX6ogtrCOPaQ0kQtWUH3ihi1Mb6NCI0ogVZ2ybdeNELl6EZsI4n0AVnilKbdxD4 Zk/tXW1qhyHMgyjETpjlc 239ablFXU1q0bsOuqpGGIlAVLx0mT4z2DaJy2hGZZKrrkZQRNUKWXOQ=</signature></signatures></genuineProperties></genuineAuthorization>
除了记录密钥外,上述代码还记录了硬件配置等信息。上传到微软服务器后,会被记录下来。如果新系统后续重新安装,只要版本一到,微软服务器将在联网后自动获取json当系统判断时,文件json如果文件与系统配置信息匹配,密钥信息将自动读取并自动激活。
为了被系统识别并上传到微软服务器,必须将生成的文件放置在固定位置。C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\
基于此原理,个人编写代码以实现其功能,具体内容如下:
@echo off color 1F mode con cols=98 lines=30 title W10主板正版密钥读取工具v1.0 setlocal EnableExtensions EnableDelayedExpansion pushd "%~dp0" cd /d "%~dp0" @if exist GenuineTicket.xml del GenuineTicket.xml set "gatherosstate=gatherosstate.exe" echo Creating GenuineTicket.XML file for Windows 10 %osedition% ... start /wait "" "%gatherosstate%" timeout /t 3 >nul 2>&1 cls for /f "delims=; tokens=2" %%i in (GenuineTicket.xml) do for /f "delims=^= tokens=2" %%j in ("%%i") do set key=%%j echo,%key% >%HOMEDRIVE%%HOMEPATH%\desktop\key.ini echo. echo,现在的密钥是:%key% 已经创建key桌面上的文本。 echo. @xcopy /s /y .\GenuineTicket.xml C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\ cls %windir%\system32\slmgr.vbs -ipk %key% @if exist GenuineTicket.xml del GenuineTicket.xml exit
我相信在阅读了这篇文章后,我已经理解了具体的工作方法。所以对于网络上的各种软件,其工作原理是相似的,只是定制的UI界面不同。