HWID Generation doesn’t need KMS in order to activate Windows

s1ave77 (known from MDL forums) wrote another little utility in order to activate any Windows 10 version, for Volume license versions this means it doesn’t require KMS in order to activate it. It’s also not depending to install an older Windows Version in order to ‘upgrade’ your Windows to a newer version (upgrade ‘trick). The program itself has a strange name, it’s called ‘hwidgen.mk3‘ but who really cares about names, right?

hwidgen.mk3
Fresh installed Win 10 April Update Ent. x64 activated via hwidgen.mk3

Overview

The little program hwidgen.mk3 (.mk3 extension stands for the AutoHotkey program extension) enables your Windows Update services in order to function properly after it does its ‘magic‘ it will deactivate the service. This step is needed in order to activate your Windows and to verify the license status (the watermark will disappear). However, the program doesn’t require any KMS for Volume license SKU’s.

The program works via slshim and Windows 10 own GatherOsState.exe (which you can extract from the ISO). The activation keys are used from the products.ini, these keys are generic ones and a legal to post/share – in other words, these are the keys you can temporarily use during setup (usually).

When a Volume License Windows version is installed from the official VLSC or MVS Business ISO, the default Retail/OEM key needs to be inserted to regain activation. You will find the list with the generic keys (the default ones provided by MS) here. The keys are extracted from the Products_RS4_04_20_2018.xml file which comes from the Windows 10 Media Creation Tool.

Supported SKU’s 

  • Basically, all Windows versions which are right now available, except Server variants.
  • Core (Home) (N)
  • Core Single Language (N)
  • Professional (N)
  • Professional Education (N)
  • Professional Workstation (N)
  • Education (N)
  • Enterprise (N)
  • Enterprise S (N)

The program itself is somewhat beta but it already worked since day one.

How many times do I need to execute the program?

The process only needs to be executed once (for each machine). In newer installs/upgrades just skip any key prompts and choose ‘I have no product key‘ during setup. At the first online contact, the MS Server will recognize the HWID and grant the activation automatically.

Is it required that the Windows Update service is running?

Yes, but only during the activation process, the program normally checks and if disabled, enable the Windows Update service and stops it automatically when everything is done. In case you’re behind a VPN/Proxy you might need to disable it until the activation was successful, Microsoft might blocks some VPN’s and Proxies which then result in an error.

Program changelog (so far)

  • v10.08
    * added Key-Install-Mode (Drop-Down-Menu) to allow fast switch to Retail/OEM on re-Installs with VL ISO, which already have HWID and don’t need the whole process, tool will show this key in System Info if not installed
  • v10.01
    * changed process slightly to run gatherosstate.exe in Win 7 compatibility mode, so created ticket will have operation system info set to Windows 7, this better mimiks the original ticket from a Win 7 system
    * optimized the Splash screens
  • v9.32
    * added hyperlinks to nsane and aiowares forums threads for info and support
  • v9.25
    * changed the initial Msgbox to splash screen with no user intervention
  • v9.18
    * reworked system check
  • v9.11
    * added LTSB 2015 (only non-N and not tested so far) and native splash screen to silent mode
  • v9.04
    * fixed spelling error in splash pic
  • v9.01
    * fixed the KMS detection (will work on activated KMS systems now) and added silent mode
  • v8.13
    * added Messagebox to inform user tool-start-up might need a moment, fixed tool not closing when done via the ‘X’
  • v8.06
    * changed disabled WU handling to: set to auto, start service, activate, stop service and set back to disabled
  • v7.99
    * added last checks and some code cleanup
  • v7.77
    * implemented disabled WU handling.

Why is slshim required?
Slshim was created by it’s author as a replacement of software protection platform (he called it ‘unlock hidden features’) that allows to use Windows 7 without too much problems, but with changed Product Policy using registry entries. It had nothing to do with gatherosstate and it’s causing troubles. Gatherosstate itself uses the slc.dll library to determine the Windows activation status and licensing channel from the product policy.
Basically, because slshim is only an emulation of slc.dll that is read by gatherosstate. The value which will be returned can be manipulated. Slshim passes a few changed policies during the activation process and gatherosstate thinks that Windows was activated because of the manipulation and the value it returns. That’s how it works, gatherosstate creates then the legit GenuineTicket without any further verification.

Why 1803 gatherosstate?
Gatherosstate in 1803 (April Update) contains information about every single Windows Edition (SKU) that exists and due to this, it is able to create a ticket on any edition. Older versions also work, but it can only create tickets on some specific editions.

So, overall the activation isn’t illegal it basically abuses an activation weakness (which is opened for several years in Windows) because Microsoft still allows you to ‘get Windows for free’. Changing the HWID does the rest in order to fool or bypass the integrated activation mechanism.

The program has two modes, one is an automatic mode which activates all MS Windows versions and the other method is the manual method which can be used in order to activate problematically SKU’s like S/N versions.

v10_08.thumb.jpg.cce7198bc2d30770565bd1895da913bc

The program takes some time, so be patient. Another thing I can suggest is that you run it from a C:\ drive directly with administrative privileges (and use a folder/path without spaces). Once the tool is running it creates some kind of debug log near the executable.

Why we can still activate Windows using GenuineTicket?
Windows 10 internally uses the same activation system for legitimate Retail and OEM activations so users do not need to enter their key when reinstalling the system. Systems activated using these keys are first activated using a key, then HWID license is created.

Why are there two methods?

There are two activating mechanisms (called ‘Work Mode’) the first is ‘Key-Install’ which is required in case you’re behind a Volume license Windows Version or any of the listed and supported version and the second method is ‘Full’ which you might already see when your OS is activated. You do not need to switch anything here the program detects everything automatically.

Backup method – manually mode

This mode is not needed and should only be used in case you have troubles activating your OS.

  • Get GatherOsState.exe from the official Windows 10 17134 ISO
  • Get the latest version of slshim (it’s already included in my package [see download link at the bottom])
  • Extract slshim32.dll which is required for gatherosstate from the corresponding OS version eg. x86 ISO or slshim64.dll for gatherosstate in case you are on a x64 ISO.
  • Place the gatherosstate and extracted slshim.dll into the same directory and rename slshim.dll to slc.dll
  • Set the real value for %sku% from beneath list and import the following into your Registry:
// Use the command promt (CMD) to import the following reg entries
// But first replace the 'XXX' with the needed sku value. If using REG make sure the string is 7 digits long, the CMD will take the value from above.
// Ensure that the XXX are peplaced by the shown ID from SKUID list. Adapt the above path to gatherosstate.exe to the actual path.
reg add "HKLM\SYSTEM\Tokens" /v "Channel" /t REG_SZ /d "Retail" /f
reg add "HKLM\SYSTEM\Tokens\Kernel" /v "Kernel-ProductInfo" /t REG_DWORD /d XXX /f
reg add "HKLM\SYSTEM\Tokens\Kernel" /v "Security-SPP-GenuineLocalStatus" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\gatherosstate.exe" /d "~ WIN7RTM" /f

You need to replace %sku% with the corresponding Edition you’re behind.

Here is the current SKUID list

  • edition=Cloud                                            sku=178
  • edition=CloudN                                         sku=179
  • edition=Core                                              sku=101
  • edition=CoreCountrySpecific                 sku=99
  • edition=CoreN                                           sku=98
  • edition=CoreSingleLanguage                 sku=100
  • edition=Education                                    sku=121
  • edition=EducationN                                 sku=122
  • edition=Enterprise                                   sku=4
  • edition=EnterpriseN                                sku=27
  • edition=EnterpriseS                                 sku=125
  • edition=EnterpriseSN                              sku=126
  • edition=Professional                                sku=48
  • edition=ProfessionalEducation             sku=164
  • edition=ProfessionalEducationN          sku=165
  • edition=ProfessionalN                             sku=49
  • edition=ProfessionalWorkstation         sku=161
  • edition=ProfessionalWorkstationN      sku=162

After you’re done with this step simply enter the default Retail/OEM key. As mentioned above these are generic keys provided by MS. There normally used during the Setup process.

In case you’re behind an Enterprise N or LTSB 2016 N Version use the following elevated (admin) Powershell command:

:: For Enterprise N Versions
((Get-Content '.\gatherosstate.exe') -replace "`0" | Select-String -Pattern "(.....-){4}C372T" -AllMatches).Matches | Select-Object -ExpandProperty Value

:: For Enterprise SN Versions
((Get-Content '.\gatherosstate.exe') -replace "`0" | Select-String -Pattern "(.....-){4}VMJWR" -AllMatches).Matches | Select-Object -ExpandProperty Value

This basically will gather the key from the gatherosstate.exe.

Now run gatherosstate and after a few seconds, you normally should get a valid  GenuineTicket.xml file.

Remove the token from your registry (this step is optional)

reg delete "HKLM\SYSTEM\Tokens" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\gatherosstate.exe" /f

The last step is to place the created GenuineTicket.xml into your root of C:\ and execute via command prompt (CMD) the following

clipup -v -o -altto C:\

After this, you can force the activation as usual.

cscript /nologo %windir%\system32\slmgr.vbs -ato

Sample output

13:45:42 SYSTEM INFO:
13:45:42 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:42 Product: Professional [15063.0]
13:45:42 Description: Windows(R) Operating System, RETAIL channel
13:45:42 Architecture: x64
13:45:42 LicenseID: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
13:45:42 PartialKey: 3V66T
13:45:42 Status: Notification
13:45:42 WU Status: DISABLED (NOTE: will be changed for the process duration)
13:45:42 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:56 PATCH PROCESS PREREQUISITES
13:45:56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:56 Preparing...
13:46:25 Installing key: VK7JG-NPHTM-C97JM-9MPGT-3V66T
13:46:51 Adding registry entries...
13:46:51 SKUID: 48
13:46:51 Running GatherOsState...
13:47:05 Removing registry entries...
13:47:05 Applying GenuineTicket.xml...
13:47:09 WU is disabled...
13:47:09 Setting to manual...
13:47:09 Activating...
13:47:49 Setting WU back to disabled...
13:47:49 Done
13:47:49 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Be careful Chinese people already faking this tool

I already saw the program on several torrent sites and several other known Chinese forums like PCBeta & Co. Keep in mind that these forums mostly steel other peoples work without giving proper credits, the only two official forums with ‘official’ support for this program are linked within the program (and also shown in the screenshot above). Other sources are mostly untrusted because they steal or rename the programs without giving a rats ass about who really coded it.

The same what they did with dazloader and KMSPico seems to happen right now again, simply check the real checksums from the official sources and don’t load any Chinese bullshit or from any torrent sites. It’s simply not worth because you never know if it wasn’t repacked or something if you won’t check the checksums.

Known fakes:

Is Microsoft already aware of this program and trick?

Yes, I already submitted it. They removed my description and wrongly classified it as ‘malware’.

ht

  1. I didn’t ‘tried‘ it, I did it.
  2. MS will not block the method because it also blocks legal activations coming from Windows 7+ This is all I have proven here, MS now even wrongly detect it as a trojan in order to ‘block’ the utility from been downloaded/executed whenever SmartScreen/WD is activated but the method itself is for now not blocked.
  3. The detection is false/positive on every program, like any other activation mechanism everything gets detected soon or later and if not you simple manually submit something.

 

Download

The program is already available on several shitty forums which I not like to support/mention here, so I made a public mirror on GitHub. I also integrated the source code, readme, and other important things. The checksum for the entire package and a VirusTotal link is also provided.

 

Advertisements

21 thoughts on “HWID Generation doesn’t need KMS in order to activate Windows

  1. So to put it bluntly, is there anything Microsoft can do about the tool? Will they know you used it and deactivate your Windows installation out of the blue? I understand they most likely can’t as you mentioned since it blocks legal activations from Windows 7 SP1/Windows 8.1 Update upgrades.

    Liked by 1 person

    1. Seems there is a misunderstanding regarding cracking tools vs Microsoft spreading wrongly on the internet. If MS really wanted to close all ‘holes’ they simply would check with each update if you altered system files + check your MAC/Registry + last registration information and then no crack would be possible. They already did this with Windows Home Server, which never got cracked, there was only a Trial reset (which I invented) and even this (theoretically) could be detected with a simple online check.

      I’m not an enemy by reporting KMSPico, this tool or any other tool, MS is already well aware, especially because people still ‘depending’ on AV products and then their partners (and MS) already get the tools anyway and there is nothing you can do about it, expect not posting programs like this in the public. There was an entire team back in XP times which worked on anti-crack mechanism or to detect frankenstein builds, they coded a small utility to detect this (genuine verifier) and even this could be cheated, they didn’t really say they gave up on this but the entire ‘I get the OS’ for free thing just only helped MS at the end and that’s (what I think) the real reason MS has no interest to make their OS anti-cracking proof.

      MS can’t in fact block no tools, what they can do is to change the activation mechanism (which would affect everyone). They already detect every tool since years but the tools are simply abusing official or unoffical activation mechanism that’s why there ‘hard’ to block. There basically three solutions right now

      KMS (OEM keys) which means MS would also block legit OEM’s if they block the key
      Upgrade trick (like HWID tool uses) this affects normal consumers who like to upgrade, however MS officially closed this year and it’s unclear when they really shutdown this. This would also be the end for this tool here. And this has nothing to do with reporting this tool, it’s when MS really decided to close it…
      Android ‘self-hosting’ KMS solution, this is probably the best way to activate your OS since this doesn’t connect to any chinese server to activate your OS. You basically setup your Android which acts as KMS server, the benefit is that you don’t need to trust chinese people to activate your machine.
      Mac key, there is no way someone gets a legal mac key, so you know they already stole such keys from bigger organisations (enterprise). This is mostly done (as what I am aware of) that russians, chinese and some americans stole such keys (with malware etc) and ‘leak’ them into several forums or Twitter. However, this method is most stupid cause such public keys are worth shit because there down after 1 day after they got leaked.

      These are the cracking methods which exist and this is not even a secret I’m telling here. Mac keys have an activation limit, KMS (first method) have no limit since there ‘designed’ for it. I guess daz loader (which was faked all over the place by chinese people) and renamed, repacked under several names was imho one of the first tools which worked with the GenuineTicket trick, slave’s tool is nothing special here. He simply added an GUI for something which can be done manually or via batch script or which was already partially integrated in already existent tools, so this hype about this tool is not really understandable for me except that this is more or less legal.

      From the comments in several forums I see that noobs are attracted by this tool cause it has a GUI and is simply to use but the method which is abused here is already old.

      KMSPrico and the other tools are similar here, they are new and they not invented the wheel, they just offered a GUI and that’s why such tools are hyped cause every troll can now activate the OS.

      You simply have to be careful to use such tools cause it often gets faked, repacked and renamed to get 2 minutes attention or to infect you, that was the main reason I uploaded it to github since everyone can see how it’s done and you can verify every file on your own. So you not need to trust any forum or strange file hoster to download something which should (in my opinion) avaible for everyone.

      To finally answer the question:
      I assume MS will close the current loophole when the support for Windows 7 or 8 are official ended or when they decide to drop the current activation process (for whatever reason). So the advice I can give is to backup your activation status and then you will be fine even after you re-installed your OS.

      The rest is nothing but guessing and speculation.

      Liked by 2 people

  2. I tried to run the application, but I received a “Error 0x80070422 On a computer running Microsoft Windows non-core edition, run slui.exe 0x2a 0x80070422 to display the error test” message. What should I do?

    Liked by 1 person

    1. Open cmd (command prompt) with admin rights and type (line by line) the following:

      sc config wuauserv start= auto
      sc config bits start= auto
      sc config DcomLaunch start= auto
      net stop wuauserv
      net start wuauserv
      net stop bits
      net start bits
      net start DcomLaunch

      Ensure you press enter after each line to execute the command. It seems one of the needed services are disabled or not running, HWID tool needs Microsoft’s Windows Update service running, usually, it starts and stops the service when it starts/stops automatically but in your case it couldn’t start it for whatever reason.

      Liked by 1 person

      1. It’s quite odd, while I was able to enter the most of the command lines without any issue, I have receive a “access is denied” message after entering the sc config DcomLaunch start= auto command line. Should I be concerned about that?

        Afterwards, the “Error 0x80070422” still persist somehow.

        Liked by 1 person

        1. You need to start all the services, or you get the error cause the error means that something which is required is not started (or blocked with a firewall). HWID uses the official MS server and Windows Update mechanism in order to get the activation status send back from MS. If that is blocked or disabled or something like this then you’ll get this error code back.

          Download the Microsoft Update Troubleshooter might solve your issue:
          https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter

          Liked by 1 person

          1. Well then, is there anything that I should do about the command line that respond a “access is denied” message? The other command lines seem to work fine after entering, except for this one.

            Regardless, thanks for helping me out on this. KMS auto net worked out for a while for me, but recently it notify me of the same “error 0x80070422” message, and thus I hoped that HWID could help me with the window activation issue.

            Liked by 1 person

  3. Nice write up “Cheffy” and Hey, at least the Shitty Forums are giving you Free Advertising. 🙂 As you already know I dropped out the Forums right before you did and even though I miss our Chatbox Gang sometimes, I don’t have any regrets. Burnt out trying to help people who are just too stupid to understand, and if they do, they’ll never say a word of thanks. I’ll be following your Blog from now on. Take Care…….Now you don’t know anyone wants to buy a good used Ford Pinto

    Liked by 1 person

  4. -You submitted the file to MS? WHY?
    -You posted it on a public mirror on GitHub without contacting S1ave77?? That’s rude! You should have asked before posting because it should be up to S1ave77 to create a mirror on GitHub
    -I wonder what you’re trying to accomplish with this article here

    Like

    1. Everyone can submit whatever he wants to MS & Co.
      Slave didn’t invented the method nor is it new, the upgrade trick is ‘offered’ by MS itself and will only be closed when MS really does it (they officially already said it’s closed).
      The entire tool is avbl. on public forums hosted on suspect file hosters which are often down when it’s reported, not so on GitHub.
      I’m not rude uploading a mirror which doesn’t require you to go to any shitty forums. The credits and checksums are given.
      Unless other forums and board I did not claim anything here, I didn’t repacked or changed anything on the tool.
      The program anyway gets uploaded to WD cloud when someone has this feature enabled, so overall you can’t stop anything from being submitted to MS (if that is your concern).
      I did uploaded it to show that MS wrongly detects legit activation mechanism (offered by themselves) as trojan. A similar story already happened with several ‘legit’ KMS scripts which just inserting your ‘legal’ keys).

      Maybe re-read the article and understand that this is an overview nothing more and nothing less it’s up to you how you interpret the results.

      Liked by 2 people

      1. [quote]Maybe re-read the article and understand that this is an overview nothing more and nothing less it’s up to you how you interpret the results.[/quote]I just re-read your answers to my questions and the way I interpret it is that all you’re trying to achieve is for MS to close the holes asap so the tool will be useless and S1ave77 will get a bad rep.
        If that really is what you’re trying to achieve I have some words for you that I won’t use here in this reply!

        Liked by 1 person

        1. My last comment on this:

          It’s just your guess and nothing but this if I wanted to “destroy” all illegal cracks, holes or bypasses I would have just reported it without saying anything. If I would be the bad guy like you think I’m I would just have contacted all hosters to ban the forums instead and believe me I know every forum such things usually come from. MS is already well aware of MDL, nsane, WarezBB, ruboard & others for years and this is not even a secret.

          I read several respectless comments attacking my person without checking the facts and I only can laugh about the ignorance and intelligence in such forums.
          I don’t have any account on nsane forums if there is an account then this is 100% a faker. Just contact the admin and let this account delete, my eMail address is public avaible, so everyone can verify if it’s me or not.
          I’m not interested in pointless forum discussions, it’s a waste of time and I only can give you the advice to stay on topic instead of trying to blow up the threads without anything useful. I guess the developer want to stay on the subject and not questions related to my article or blog.
          There is no need to defend anyone just because you do not agree with something I wrote here, everyone has his own opinion if there are ‘correct’ or not is something everyone must check on his own.
          Why should S1ave77 get a bad reputation is beyond me, he provides a utility for a loophole, it’s not his fault if MS (one day) decided to close it. It doesn’t matter if I or anyone else submit it, you guys at nsane forums mostly use AV products from what I can see, so what do you think these programs do, correct they submitting unknown samples/checksums for programs into a cloud .. so how I’m different here? Maybe switch to Linux and don’t worry about Windows anymore.

          Liked by 2 people

  5. Does slshim have any other uses ? Or is it used only for this activation ?
    It seems to me that it was released in 2016 with different intention. Maybe to modify Product policies?
    ANy more pointers or ideas on what exactly it does ?

    Like

    1. Slshim was created by it’s author as a replacement of software protection platform (he called it ‘unlock hidden features’) that allows to use Windows 7 without too much problems, but with changed Product Policy using registry entries. It had nothing to do with gatherosstate and it’s causing troubles. Gatherosstate itself uses the slc.dll library to determine the Windows activation status and licensing channel from the product policy.
      Basically because slshim is only an emulation of slc.dll that is read by gatherosstate. The value which will be returned can bbe manipulated. Slshim passes a few changed policies during the activation process and gatherosstate thinks that Windows was activated because of the manipulation and the value it returns. That’s how it works, gatherosstate creates then the legit GenuineTicket without any further verification.

      Like

  6. Is this activation any better than KMS solutions? Can you compare? Like KMS solutions expire after 6 months, is this a one-hit solution?

    Like

    1. Volume license SKU based versions always needs a re-activation after some time. So the GenuineTicket trick is not ‘better’ here but since KMS needs to add an certificate (or inject some hooks) into your System, I would prefer the ‘official’ ways.

      You can’t compare anything here because the result is the same, however, every KMS ‘solution’ is already detected by Microsoft/Windows Defender (except he manual scripts of course). The new program is right now undetected (there I guess 3 chinese AV’s which detect this as threat cause the program was coded with AutoIT and they always detect such packer programs for no reasons [it’s not even obfuscated or shrinked via upx), the main problem I see is that MS might close this at any time they already closed it (officially) this year but they haven’t blocked it (yet). Most KMS ‘solutions’ might also adding tasks into your system so it automatically re-activates volume licensed based OS while this program constantly needs to run into the tray (for now) until it might add also a task into your scheduler in order to do this.

      Liked by 1 person

    1. Thanks, I wasn’t really away but I still have financial problems, so don’t expect daily articles until I get some support(er). I might activate the new design over the next two months, it’s sadly still bugged for mobile devices which is the reason I need to hold it back until it’s working better.

      The main page should also work better now since the last WordPress update because the caching mechanism got improved.

      Liked by 1 person

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: