HWID Generation doesn’t need KMS in order to activate Windows

s1ave77 (known from MDL forums) wrote another little utility in order to activate any Windows 10 version, for Volume license versions this means it doesn’t require KMS in order to activate it. It’s also not depending to install an older Windows Version in order to ‘upgrade’ your Windows to a newer version (upgrade ‘trick). The program itself has a strange name, it’s called ‘hwidgen.mk3‘ but who really cares about names, right?

Fresh installed Win 10 April Update Ent. x64 activated via hwidgen.mk3

Overview

The little program hwidgen.mk3 (.mk3 extension stands for the AutoHotkey program extension) enables your Windows Update services in order to function properly after it does its ‘magic‘ it will deactivate the service. This step is needed in order to activate your Windows and to verify the license status (the watermark will disappear). However, the program doesn’t require any KMS for Volume license SKU’s.

The program works via slshim and Windows 10 own GatherOsState.exe (which you can extract from the ISO). The activation keys are used from the products.ini, these keys are generic ones and a legal to post/share – in other words, these are the keys you can temporarily use during setup (usually).

When a Volume License Windows version is installed from the official VLSC or MVS Business ISO, the default Retail/OEM key needs to be inserted to regain activation. You will find the list with the generic keys (the default ones provided by MS) here. The keys are extracted from the Products_RS4_04_20_2018.xml file which comes from the Windows 10 Media Creation Tool.

Supported SKU’s 

• Basically, all Windows versions which are right now available, except Server variants.
• Core (Home) (N)
• Core Single Language (N)
• Professional (N)
• Professional Education (N)
• Professional Workstation (N)
• Education (N)
• Enterprise (N)
• Enterprise S (N)

The program itself is somewhat beta but it already worked since day one.

How many times do I need to execute the program?

The process only needs to be executed once (for each machine). In newer installs/upgrades just skip any key prompts and choose ‘I have no product key‘ during setup. At the first online contact, the MS Server will recognize the HWID and grant the activation automatically.

Is it required that the Windows Update service is running?

Yes, but only during the activation process, the program normally checks and if disabled, enable the Windows Update service and stops it automatically when everything is done. In case you’re behind a VPN/Proxy you might need to disable it until the activation was successful, Microsoft might blocks some VPN’s and Proxies which then result in an error.

Program changelog (so far)

• v10.08
  * added Key-Install-Mode (Drop-Down-Menu) to allow fast switch to Retail/OEM on re-Installs with VL ISO, which already have HWID and don’t need the whole process, tool will show this key in System Info if not installed
• v10.01
  * changed process slightly to run gatherosstate.exe in Win 7 compatibility mode, so created ticket will have operation system info set to Windows 7, this better mimiks the original ticket from a Win 7 system
  * optimized the Splash screens
• v9.32
  * added hyperlinks to nsane and aiowares forums threads for info and support
• v9.25
  * changed the initial Msgbox to splash screen with no user intervention
• v9.18
  * reworked system check
• v9.11
  * added LTSB 2015 (only non-N and not tested so far) and native splash screen to silent mode
• v9.04
  * fixed spelling error in splash pic
• v9.01
  * fixed the KMS detection (will work on activated KMS systems now) and added silent mode
• v8.13
  * added Messagebox to inform user tool-start-up might need a moment, fixed tool not closing when done via the ‘X’
• v8.06
  * changed disabled WU handling to: set to auto, start service, activate, stop service and set back to disabled
• v7.99
  * added last checks and some code cleanup
• v7.77
  * implemented disabled WU handling.

Why is slshim required?
Slshim was created by it’s author as a replacement of software protection platform (he called it ‘unlock hidden features’) that allows to use Windows 7 without too much problems, but with changed Product Policy using registry entries. It had nothing to do with gatherosstate and it’s causing troubles. Gatherosstate itself uses the slc.dll library to determine the Windows activation status and licensing channel from the product policy.
Basically, because slshim is only an emulation of slc.dll that is read by gatherosstate. The value which will be returned can be manipulated. Slshim passes a few changed policies during the activation process and gatherosstate thinks that Windows was activated because of the manipulation and the value it returns. That’s how it works, gatherosstate creates then the legit GenuineTicket without any further verification.

Why 1803 gatherosstate?
Gatherosstate in 1803 (April Update) contains information about every single Windows Edition (SKU) that exists and due to this, it is able to create a ticket on any edition. Older versions also work, but it can only create tickets on some specific editions.

So, overall the activation isn’t illegal it basically abuses an activation weakness (which is opened for several years in Windows) because Microsoft still allows you to ‘get Windows for free’. Changing the HWID does the rest in order to fool or bypass the integrated activation mechanism.

The program has two modes, one is an automatic mode which activates all MS Windows versions and the other method is the manual method which can be used in order to activate problematically SKU’s like S/N versions.

The program takes some time, so be patient. Another thing I can suggest is that you run it from a C:\ drive directly with administrative privileges (and use a folder/path without spaces). Once the tool is running it creates some kind of debug log near the executable.

Why we can still activate Windows using GenuineTicket?
Windows 10 internally uses the same activation system for legitimate Retail and OEM activations so users do not need to enter their key when reinstalling the system. Systems activated using these keys are first activated using a key, then HWID license is created.

Why are there two methods?

There are two activating mechanisms (called ‘Work Mode’) the first is ‘Key-Install’ which is required in case you’re behind a Volume license Windows Version or any of the listed and supported version and the second method is ‘Full’ which you might already see when your OS is activated. You do not need to switch anything here the program detects everything automatically.

Backup method – manually mode

This mode is not needed and should only be used in case you have troubles activating your OS.

• Get GatherOsState.exe from the official Windows 10 17134 ISO
• Get the latest version of slshim (it’s already included in my package [see download link at the bottom])
• Extract slshim32.dll which is required for gatherosstate from the corresponding OS version eg. x86 ISO or slshim64.dll for gatherosstate in case you are on a x64 ISO.
• Place the gatherosstate and extracted slshim.dll into the same directory and rename slshim.dll to slc.dll
• Set the real value for %sku% from beneath list and import the following into your Registry:

// Use the command promt (CMD) to import the following reg entries
// But first replace the 'XXX' with the needed sku value. If using REG make sure the string is 7 digits long, the CMD will take the value from above.
// Ensure that the XXX are peplaced by the shown ID from SKUID list. Adapt the above path to gatherosstate.exe to the actual path.
reg add "HKLM\SYSTEM\Tokens" /v "Channel" /t REG_SZ /d "Retail" /f
reg add "HKLM\SYSTEM\Tokens\Kernel" /v "Kernel-ProductInfo" /t REG_DWORD /d XXX /f
reg add "HKLM\SYSTEM\Tokens\Kernel" /v "Security-SPP-GenuineLocalStatus" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\gatherosstate.exe" /d "~ WIN7RTM" /f

You need to replace %sku% with the corresponding Edition you’re behind.

Here is the current SKUID list

• edition=Cloud                                            sku=178
• edition=CloudN                                         sku=179
• edition=Core                                              sku=101
• edition=CoreCountrySpecific                 sku=99
• edition=CoreN                                           sku=98
• edition=CoreSingleLanguage                 sku=100
• edition=Education                                    sku=121
• edition=EducationN                                 sku=122
• edition=Enterprise                                   sku=4
• edition=EnterpriseN                                sku=27
• edition=EnterpriseS                                 sku=125
• edition=EnterpriseSN                              sku=126
• edition=Professional                                sku=48
• edition=ProfessionalEducation             sku=164
• edition=ProfessionalEducationN          sku=165
• edition=ProfessionalN                             sku=49
• edition=ProfessionalWorkstation         sku=161
• edition=ProfessionalWorkstationN      sku=162

After you’re done with this step simply enter the default Retail/OEM key. As mentioned above these are generic keys provided by MS. There normally used during the Setup process.

In case you’re behind an Enterprise N or LTSB 2016 N Version use the following elevated (admin) Powershell command:

:: For Enterprise N Versions
((Get-Content '.\gatherosstate.exe') -replace "`0" | Select-String -Pattern "(.....-){4}C372T" -AllMatches).Matches | Select-Object -ExpandProperty Value

:: For Enterprise SN Versions
((Get-Content '.\gatherosstate.exe') -replace "`0" | Select-String -Pattern "(.....-){4}VMJWR" -AllMatches).Matches | Select-Object -ExpandProperty Value

This basically will gather the key from the gatherosstate.exe.

Now run gatherosstate and after a few seconds, you normally should get a valid  GenuineTicket.xml file.

Remove the token from your registry (this step is optional)

reg delete "HKLM\SYSTEM\Tokens" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\gatherosstate.exe" /f

The last step is to place the created GenuineTicket.xml into your root of C:\ and execute via command prompt (CMD) the following

clipup -v -o -altto C:\

After this, you can force the activation as usual.

cscript /nologo %windir%\system32\slmgr.vbs -ato

Sample output

13:45:42 SYSTEM INFO:
13:45:42 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:42 Product: Professional [15063.0]
13:45:42 Description: Windows(R) Operating System, RETAIL channel
13:45:42 Architecture: x64
13:45:42 LicenseID: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
13:45:42 PartialKey: 3V66T
13:45:42 Status: Notification
13:45:42 WU Status: DISABLED (NOTE: will be changed for the process duration)
13:45:42 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:56 PATCH PROCESS PREREQUISITES
13:45:56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13:45:56 Preparing...
13:46:25 Installing key: VK7JG-NPHTM-C97JM-9MPGT-3V66T
13:46:51 Adding registry entries...
13:46:51 SKUID: 48
13:46:51 Running GatherOsState...
13:47:05 Removing registry entries...
13:47:05 Applying GenuineTicket.xml...
13:47:09 WU is disabled...
13:47:09 Setting to manual...
13:47:09 Activating...
13:47:49 Setting WU back to disabled...
13:47:49 Done
13:47:49 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Be careful Chinese people already faking this tool

I already saw the program on several torrent sites and several other known Chinese forums like PCBeta & Co. Keep in mind that these forums mostly steel other peoples work without giving proper credits, the only two official forums with ‘official’ support for this program are linked within the program (and also shown in the screenshot above). Other sources are mostly untrusted because they steal or rename the programs without giving a rats ass about who really coded it.

The same what they did with dazloader and KMSPico seems to happen right now again, simply check the real checksums from the official sources and don’t load any Chinese bullshit or from any torrent sites. It’s simply not worth because you never know if it wasn’t repacked or something if you won’t check the checksums.

Known fakes:

• https://is.gd/hwidgen from windowsapps.org. The program was never released on this forum.
• EVERY torrent site, no matter if they give credits or not, the program was never released ‘officially’ on torrent pages.
• PCBeta forums HWIDGen_CN.exe is a fucking repack without any credits to the original author .. shame on you guys!
• teamos-hkrg.com – Never got any permission.
• http://philka.ru – Never got any permission.
• digital-eliteboard.com
• .. basically all other listed on google …

Is Microsoft already aware of this program and trick?

Yes, I already submitted it. They removed my description and wrongly classified it as ‘malware’.

1. I didn’t ‘tried‘ it, I did it.
2. MS will not block the method because it also blocks legal activations coming from Windows 7+ This is all I have proven here, MS now even wrongly detect it as a trojan in order to ‘block’ the utility from been downloaded/executed whenever SmartScreen/WD is activated but the method itself is for now not blocked.
3. The detection is false/positive on every program, like any other activation mechanism everything gets detected soon or later and if not you simple manually submit something.

 

Download

The program is already available on several shitty forums which I not like to support/mention here, so I made a public mirror on GitHub. I also integrated the source code, readme, and other important things. The checksum for the entire package and a VirusTotal link is also provided.