[HWID] Add Basic Activation Mechanism

Add Ticket Generation and Validation Scripts, still heavily unpolished and may contain bugs
3 years ago · 72627ef6c4
parent c863c2a575
commit 72627ef6c4
7 changed files with 187 additions and 5 deletions
--- a/main.js
+++ b/main.js
@ -14,7 +14,7 @@ const createWindow = () => {
    webPreferences: {
      nodeIntegration: true,
      contextIsolation: false,
-      devTools: true,
+      devTools: false,
    },
    autoHideMenuBar: true
  })
@ -141,7 +141,7 @@ function genExe(){
    }
  }

-  let exeGenProc = exec('powershell cd C:\\Users\\Public\\ActTicket ; echo "Y-> EXTRACTING GATHEROSSTATE.EXE Z" ; expand .\\14f4df8a2a7fc82a4f415cf6a341415d.cab -F:filf8377e82b29deadca67bc4858ed3fba9 . ; powershell mv .\\filf8377e82b29deadca67bc4858ed3fba9 .\\gatherosstate.exe ; echo "*Modifying Binary Code To Enable Exploit, credit to GamerOSState*" & powershell "" $bytes  = [System.IO.File]::ReadAllBytes("""C:\\Users\\Public\\ActTicket\\gatherosstate.exe""") ; $bytes[320] = 0xf8 ; $bytes[321] = 0xfb ; $bytes[322] = 0x05 ; $bytes[324] = 0x03 ; $bytes[13672] = 0x25 ; $bytes[13674] = 0x73 ; $bytes[13676] = 0x3b ; $bytes[13678] = 0x00 ; $bytes[13680] = 0x00 ; $bytes[13682] = 0x00 ; $bytes[13684] = 0x00 ; $bytes[32748] = 0xe9 ; $bytes[32749] = 0x9e ; $bytes[32750] = 0x00 ; $bytes[32751] = 0x00 ; $bytes[32752] = 0x00 ; $bytes[32894] = 0x8b ; $bytes[32895] = 0x44 ; $bytes[32897] = 0x64 ; $bytes[32898] = 0x85 ; $bytes[32899] = 0xc0 ; $bytes[32900] = 0x0f ; $bytes[32901] = 0x85 ; $bytes[32902] = 0x1c ; $bytes[32903] = 0x02 ; $bytes[32904] = 0x00 ; $bytes[32906] = 0xe9 ; $bytes[32907] = 0x3c ; $bytes[32908] = 0x01 ; $bytes[32909] = 0x00 ; $bytes[32910] = 0x00 ; $bytes[32911] = 0x85 ; $bytes[32912] = 0xdb ; $bytes[32913] = 0x75 ; $bytes[32914] = 0xeb ; $bytes[32915] = 0xe9 ; $bytes[32916] = 0x69 ; $bytes[32917] = 0xff ; $bytes[32918] = 0xff ; $bytes[32919] = 0xff ; $bytes[33094] = 0xe9 ; $bytes[33095] = 0x80 ; $bytes[33096] = 0x00 ; $bytes[33097] = 0x00 ; $bytes[33098] = 0x00 ; $bytes[33449] = 0x64 ; $bytes[33576] = 0x8d ; $bytes[33577] = 0x54 ; $bytes[33579] = 0x24 ; $bytes[33580] = 0xe9 ; $bytes[33581] = 0x55 ; $bytes[33582] = 0x01 ; $bytes[33583] = 0x00 ; $bytes[33584] = 0x00 ; $bytes[33978] = 0xc3 ; $bytes[34189] = 0x59 ; $bytes[34190] = 0xeb ; $bytes[34191] = 0x28 ; $bytes[34238] = 0xe9 ; $bytes[34239] = 0x4f ; $bytes[34240] = 0x00 ; $bytes[34241] = 0x00 ; $bytes[34242] = 0x00 ; $bytes[34346] = 0x24 ; $bytes[34376] = 0xeb ; $bytes[34377] = 0x63 ; [System.IO.File]::WriteAllBytes("""C:\\Users\\Public\\ActTicket\\gatherosstatemodified.exe""", $bytes) "" & echo "-> Set exe Compatiblility Mode to xpsp3 in Registry" & powershell start-process powershell -verb runas { reg.exe Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Users\Public\ActTicket\gatherosstatemodified.exe" /d "WINXPSP3" /f } & echo "Y -> File gatherosstatemodified.exe has now been sucesfully pacified and should output DownLevel tickets regardless or conditions met Z"')
+  let exeGenProc = exec('powershell cd C:\\Users\\Public\\ActTicket ; echo "Y-> EXTRACTING GATHEROSSTATE.EXE Z" ; expand .\\14f4df8a2a7fc82a4f415cf6a341415d.cab -F:filf8377e82b29deadca67bc4858ed3fba9 . ; powershell mv .\\filf8377e82b29deadca67bc4858ed3fba9 .\\gatherosstate.exe ; echo "*Modifying Binary Code To Enable Exploit, credit to GamerOSState*" & powershell "" $bytes  = [System.IO.File]::ReadAllBytes("""C:\\Users\\Public\\ActTicket\\gatherosstate.exe""") ; $bytes[320] = 0xf8 ; $bytes[321] = 0xfb ; $bytes[322] = 0x05 ; $bytes[324] = 0x03 ; $bytes[13672] = 0x25 ; $bytes[13674] = 0x73 ; $bytes[13676] = 0x3b ; $bytes[13678] = 0x00 ; $bytes[13680] = 0x00 ; $bytes[13682] = 0x00 ; $bytes[13684] = 0x00 ; $bytes[32748] = 0xe9 ; $bytes[32749] = 0x9e ; $bytes[32750] = 0x00 ; $bytes[32751] = 0x00 ; $bytes[32752] = 0x00 ; $bytes[32894] = 0x8b ; $bytes[32895] = 0x44 ; $bytes[32897] = 0x64 ; $bytes[32898] = 0x85 ; $bytes[32899] = 0xc0 ; $bytes[32900] = 0x0f ; $bytes[32901] = 0x85 ; $bytes[32902] = 0x1c ; $bytes[32903] = 0x02 ; $bytes[32904] = 0x00 ; $bytes[32906] = 0xe9 ; $bytes[32907] = 0x3c ; $bytes[32908] = 0x01 ; $bytes[32909] = 0x00 ; $bytes[32910] = 0x00 ; $bytes[32911] = 0x85 ; $bytes[32912] = 0xdb ; $bytes[32913] = 0x75 ; $bytes[32914] = 0xeb ; $bytes[32915] = 0xe9 ; $bytes[32916] = 0x69 ; $bytes[32917] = 0xff ; $bytes[32918] = 0xff ; $bytes[32919] = 0xff ; $bytes[33094] = 0xe9 ; $bytes[33095] = 0x80 ; $bytes[33096] = 0x00 ; $bytes[33097] = 0x00 ; $bytes[33098] = 0x00 ; $bytes[33449] = 0x64 ; $bytes[33576] = 0x8d ; $bytes[33577] = 0x54 ; $bytes[33579] = 0x24 ; $bytes[33580] = 0xe9 ; $bytes[33581] = 0x55 ; $bytes[33582] = 0x01 ; $bytes[33583] = 0x00 ; $bytes[33584] = 0x00 ; $bytes[33978] = 0xc3 ; $bytes[34189] = 0x59 ; $bytes[34190] = 0xeb ; $bytes[34191] = 0x28 ; $bytes[34238] = 0xe9 ; $bytes[34239] = 0x4f ; $bytes[34240] = 0x00 ; $bytes[34241] = 0x00 ; $bytes[34242] = 0x00 ; $bytes[34346] = 0x24 ; $bytes[34376] = 0xeb ; $bytes[34377] = 0x63 ; [System.IO.File]::WriteAllBytes("""C:\\Users\\Public\\ActTicket\\gatherosstatemodified.exe""", $bytes) "" & echo "-> Set exe Compatiblility Mode to xpsp3 in Registry" & echo "Y -> File gatherosstatemodified.exe has now been sucesfully pacified and should output DownLevel tickets regardless or conditions met Z"')

  exeGenProc.stdout.on('data', (data) => {
    win.webContents.send('stdout', String(data))
@ -152,7 +152,7 @@ function genExe(){
  })

  exeGenProc.on('close', () => {
-    exec('powershell {reg.exe Add `HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers` /v "C:\\ProgramData\\ActTicket\\gatherosstatemodified.exe" /d "WINXPSP3" /f ; echo "`n=======> Put file (gatherosstatemodified.exe) in Windows XP SP3 compatibility mode`n" ; pause}')
+    exec('powershell start-process powershell -verb runas {reg Add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\` NT\\CurrentVersion\\AppCompatFlags\\Layers /v "C:\\Users\\Public\\ActTicket\\gatherosstatemodified.exe" /d "WINXPSP3" ; pause }')

    if(fs.existsSync('C:\\Users\\Public\\ActTicket\\gatherosstatemodified.exe')){
      var exeStream = fs.readFileSync('C:\\Users\\Public\\ActTicket\\gatherosstatemodified.exe')
@ -170,6 +170,23 @@ function genExe(){
  })
 }

+function runIpk(){
+  exec('powershell start-process powershell -verb runas { cscript C:\\Windows\\System32\\slmgr.vbs /ipk ' + windowsProductKey + ' ; pause }')
+}
+
+function genTicket(){
+  let tickGenProc = exec('powershell "cd C:\\Users\\Public\\ActTicket ; $value = (Get-ItemProperty HKLM:\\SYSTEM\\CurrentControlSet\\Control\\ProductOptions).OSProductPfn ; .\\gatherosstatemodified.exe /c Pfn=$value`;DownlevelGenuineState=1 ; sleep 1" & type C:\\Users\\Public\\ActTicket\\GenuineTicket.xml')
+
+  tickGenProc.stdout.on('data', (data) => {
+    win.webContents.send('ticketout', String(data))
+    console.log(data)
+  })
+}
+
+function installTicket(){
+  exec('powershell start-process powershell -verb runas { clipup -v -o -altto C:\\Users\\Public\\ActTicket ; cscript C:\\Windows\\System32\\slmgr.vbs /ato ; echo `n`n`nWINDOWS ACTIVATED SUCCESFULLY ; start ms-settings:activation ; pause }')
+}
+
 ipcMain.on("getCertDetails", getCertDetails)

 ipcMain.on("setKMS", (event, response) => {
@ -206,6 +223,12 @@ ipcMain.on("downloadexe", downloadExe)

 ipcMain.on("genexe", genExe)

+ipcMain.on("runIpk", runIpk)
+
+ipcMain.on("genTicket", genTicket)
+
+ipcMain.on("installTicket", installTicket)
+
 app.whenReady().then(() => {
  createWindow()
 })
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "univator",
-  "version": "1.1.5",
+  "version": "1.2.0",
  "description": "Microsoft Product Activator",
  "main": "main.js",
  "scripts": {
--- a/webPage/css/dist.css
+++ b/webPage/css/dist.css
@ -629,6 +629,10 @@ Ensure the default browser behavior of the `hidden` attribute.
  border-radius: 1.5rem;
 }

+.rounded-2xl {
+  border-radius: 1rem;
+}
+
 .bg-transparent {
  background-color: transparent;
 }
--- a/webPage/winhwid/done.html
+++ b/webPage/winhwid/done.html
@ -0,0 +1,37 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link href="../css/dist.css" rel="stylesheet">
+  <title>Univator</title>
+  <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';" />
+</head>
+<body>
+<div class="flex min-h-[100vh] justify-center items-center text-white" bg-[url('../../img/bground1.jpg')]>
+    <div class="ml-auto mr-auto">
+        
+        <div class="min-w-[60vw] rounded-3xl flex flex-wrap sm:flex-nowrap items-center py-10 sm:py-100 px-8 pb-10 justify-center text-center">
+            <div class="my-5 w-5/6 items-center justify-center text-center">
+                <p class="text-3xl pb-10 font-extrabold tracking-wide">Done.</p>
+                <p class="text-md md:text-xl font-normal tracking-wide pb-10">Wait for the confirmation message to appear (might take a bit), and then your product should be fully activated</p>
+            </div>
+        </div>
+
+
+        
+    </div>
+
+
+    <div class="text-white bold fixed bottom-4 flex flex-row flex-wrap sm:flex-nowrap items-center mx-50 justify-center ml-auto mr-auto mx-100 px-2 pt-100 text-md bg-purple md:bg-transparent">
+       
+        <button type="button" class="redir outline rounded-md py-1 md:py-3 bg-mycol2 px-3 md:px-7 outline-0  outline-white hover:bg-indigo-900 mx-2" onclick="location.href = '../index.html';">
+            <span class="hidden md:inline">Home</span>
+        </button>
+    </div>
+
+</div>
+
+</body>
+
+</html>
--- a/webPage/winhwid/genexe.html
+++ b/webPage/winhwid/genexe.html
@ -20,7 +20,7 @@
                </div>
                <p class="text-md md:text-xl font-normal tracking-wide pb-10" style="display: none;" id="label">Mirror: <span class="bold underline bg-white text-black">[https://download.microsoft.com/download/9/A/E/9AE69DD5-BA93-44E0-864E-180F5E700AB4/adk/Installers/14f4df8a2a7fc82a4f415cf6a341415d.cab]</span><br /><br /></p>

-                <button type="button" class="rounded-xl w-full bg-indigo-900 my-2 py-5 my-2 px-5 text-sm md:text-xl font-bold tracking-wide justify-center items-center font-[manrope] hidden" id="next" onclick="location.href = './genticket.html';">Continue →</button>
+                <button type="button" class="rounded-xl w-full bg-indigo-900 my-2 py-5 my-2 px-5 text-sm md:text-xl font-bold tracking-wide justify-center items-center font-[manrope] hidden" id="next" onclick="location.href = './ipk.html';">Continue →</button>
            </div>
        </div>

--- a/webPage/winhwid/genticket.html
+++ b/webPage/winhwid/genticket.html
@ -0,0 +1,63 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link href="../css/dist.css" rel="stylesheet">
+  <title>Univator</title>
+  <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';" />
+</head>
+<body>
+<div class="flex min-h-[100vh] justify-center items-center text-white" bg-[url('../../img/bground1.jpg')]>
+    <div class="ml-auto mr-auto">
+        
+        <div class="min-w-[60vw] rounded-3xl flex flex-wrap sm:flex-nowrap items-center py-10 sm:py-100 px-8 pb-10 justify-center text-center">
+            <div class="my-5 w-5/6 items-center justify-center text-center max-w-3/4">
+                <p class="text-3xl pb-10 font-extrabold tracking-wide" id="title">Generate Activation Request Ticket</p>
+                <div class="text-center text-white" id="okdiv">
+                    <button type="button" class="rounded-xl w-full bg-indigo-900 my-2 py-5 my-2 px-5 text-sm md:text-xl font-bold tracking-wide justify-center items-center font-[manrope]" id="ok">Generate →</button>
+                    
+                </div>
+                
+                <textarea class="rounded-2xl text-xl monospace bg-white text-black hidden" id="txtbox" cols="38" rows="10" style="font-family: monospace; display: none; margin-left: auto; margin-right: auto;">[GENERATED TICKET WILL APPEAR HERE]</textarea>
+
+                <button type="button" class="rounded-xl w-full bg-indigo-900 my-2 py-5 my-2 px-5 text-sm md:text-xl font-bold tracking-wide justify-center items-center font-[manrope] hidden" id="next" onclick="location.href = './done.html';">Install Ticket and Activate Windows (Permanent) →<p class="text-[0.5rem] md:text-xs">admin required</p></button>
+            </div>
+        </div>
+
+
+        
+    </div>
+
+
+</div>
+
+</body>
+
+<script>
+
+    const { ipcRenderer } = require('electron');
+
+    const txtbox = document.getElementById('txtbox');
+    const okbut = document.getElementById('ok');
+    const nextbut = document.getElementById('next');
+
+    okbut.addEventListener('click', () => {
+        ipcRenderer.send('genTicket');
+        okbut.style.display = 'none';
+        
+    });
+
+    ipcRenderer.on('ticketout', (ticket) => {
+        txtbox.textContent = String(ticket);
+        nextbut.style.display = 'block';
+        txtbox.style.display = 'block';
+    });
+
+    nextbut.addEventListener('click', () => {
+        ipcRenderer.send('installTicket');
+    })
+
+</script>
+
+</html>
--- a/webPage/winhwid/ipk.html
+++ b/webPage/winhwid/ipk.html
@ -0,0 +1,55 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link href="../css/dist.css" rel="stylesheet">
+  <title>Univator</title>
+  <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';" />
+</head>
+<body>
+<div class="flex min-h-[100vh] justify-center items-center text-white" bg-[url('../../img/bground1.jpg')]>
+    <div class="md:max-w-[70vw] ml-auto mr-auto">
+        
+        <div class="min-w-[60vw] rounded-3xl flex flex-wrap sm:flex-nowrap items-center py-10 sm:py-100 px-8 pb-10 justify-center text-center">
+            <div class="my-5 md:w-2/3 items-center justify-center text-center">
+                <p class="text-3xl pb-10 font-extrabold tracking-wide">Install Retail Product Key</p>
+                <p class="text-md md:text-xl font-normal tracking-wide pb-10">Next we need to install a generic retail product key to make sure windows is not in volume or oem mode</p>
+                
+                <div class="text-center text-white">
+                    <button type="button" class="rounded-xl w-full bg-indigo-900 my-2 py-5 my-2 px-5 text-sm md:text-xl font-bold tracking-wide justify-center items-center font-[manrope]" id="ok">Install Product Key →<p class="text-[0.5rem] md:text-xs">admin required</p></button>
+                </div>
+                
+            </div>
+        </div>
+
+
+        
+    </div>
+
+
+    <div class="text-white bold fixed bottom-4 flex flex-row flex-wrap sm:flex-nowrap items-center mx-50 justify-center ml-auto mr-auto mx-100 px-2 pt-100 text-md bg-purple md:bg-transparent">
+       
+        <button type="button" class="redir outline rounded-md py-1 md:py-3 bg-mycol2 px-3 md:px-7 outline-0  outline-white hover:bg-indigo-900 mx-2" onclick="location.href = './edt.html';">
+            <span class="hidden md:inline">Back</span>
+        </button>
+    </div>
+
+</div>
+
+</body>
+
+<script>
+
+    const { ipcRenderer } = require('electron');
+
+    document.getElementById('ok').addEventListener("click", function(){
+
+        ipcRenderer.send("runIpk");
+        location.href='./genticket.html';
+
+    });
+
+</script>
+
+</html>