OEM activation of Windows Vista / 7/8 / 8.1 under the QEMU hypervisor
OEM versions of Microsoft's OS, starting with Vista, use authentication based on a comparison of three components:
Upon successful comparison of these three components, the OS is activated offline. In this case, the PC case has a sticker containing the license key of the specific OS instance (and not the manufacturer), which can be used to activate the OS online if it is installed not from the image provided by the PC manufacturer, but from the “clean” (MSDN) OEM image from Microsoft.
In addition, the license key of a specific instance of the OS can be sewn in text form in the BIOS, in the ACPI MSDM table. In this case, when installing the OS, the key will be removed from the BIOS and sewn into a specific instance of the OS. The OEM sticker on the laptop case in this case may no longer contain a license key. This method is used to activate Windows 8 / 8.1.
You can view the contents of ACPI tables from WIndows, using the RWEverything utility, or by booting from a Linux Live-CD, for example, SystemRescueCD . The latter method is relevant when it is no longer possible to boot into the installed instance of Windows.
')
We have two laptops - Samsung NP305 and Acer Aspire V5-551G, on the first Windows 7 OEM Home Basic x86_64 is preinstalled, on the second - Windows 8 OEM Single Language x86_64. Let's use SystemRescueCD. After loading, we will look at the contents of the / sys / firmware / acpi / tables directory:
We are interested in the SLIC and MSDM tables. A description of their structure can be found, for example, in this file. We first look at the SLIC table on a laptop with Windows 7 (real data is “closed” by the X symbol):
As you can see, licensing information is stored here in binary form.
MSDM tables in the BIOS of a laptop with Windows 7 is not.
Now let's see the SLIC table on a laptop with Windows 8:
The table is empty, so it is not possible to use offline activation on this laptop.
Now let's look at the MSDM table (the real data is “closed” with X).
The 25-digit key of the OS instance is sewn into the MSDM table in clear text.
From the / sys / firmawe / acpi / tables directory, the SLIC and MSDM files can be copied to any other location in the usual way.
Now we have images of the SLIC and MSDM tables. It turns out that you can emulate the presence of these tables when loading Windows in the QEMU / KVM hypervisor environment using the -acpitable option. For example, we will start the installation of Windows 7 with an OEM disk, and we will not connect the network adapter to make sure it is in offline activation.
After installation, going to Computer -> Properties, we will see that our system is not activated. This is natural, since we emulate only one of the components of the offline activation system — the SLIC table; however, for successful activation, we also need a certificate (an XML file with the XRM-MS extension) and an OEM key. These components are already sewn into the recovery image on the laptop’s disk, and if we mark the recovery partition as bootable, we can activate the installation of the Windows instance that will be authenticated immediately after installation.
If we somehow get the certificate and key separately, you can put them in teams
Need to pay attention to that. that the SLMGR.VBS utility works long enough and upon completion of the work it displays a message in a separate window.
Upon completion of the SLMGR.VBS utility, a copy of Windows will be successfully activated.
I only met three-component offline activation on laptops preinstalled with Windows Vista / 7; for laptops preloaded with Windows 8 / 8.1, online activation is performed using a 25-character key of the OS instance embedded in the MSDM table. When installing Windows 8, the key is extracted from the BIOS automatically, and, after checking for compliance with the installed version of Windows, is written to the registry. Make sure of this:
Install Windows 8 and use the NirSoft Product Key Viewer utility. Indeed, the key of the installed version of Windows 8 and the key from the MSDM table are the same.
Unfortunately, only SeaBIOS, which comes with default QEMU, is able to apply ACPI user tables, but the -acpitable parameter simply ignores the OVMF , which allows you to load the OS in the EFI environment.
Naturally, using ACPI table emulation is possible only by following the letter and spirit of the license agreement with Microsoft, otherwise karmic forces will punish you.
- OEM certificate embedded in the OS distribution
- of a binary key embedded in the BIOS, specifically in the ACPI SLIC table
- 25-digit license key of the manufacturer, sewn into the OS distribution
Upon successful comparison of these three components, the OS is activated offline. In this case, the PC case has a sticker containing the license key of the specific OS instance (and not the manufacturer), which can be used to activate the OS online if it is installed not from the image provided by the PC manufacturer, but from the “clean” (MSDN) OEM image from Microsoft.
In addition, the license key of a specific instance of the OS can be sewn in text form in the BIOS, in the ACPI MSDM table. In this case, when installing the OS, the key will be removed from the BIOS and sewn into a specific instance of the OS. The OEM sticker on the laptop case in this case may no longer contain a license key. This method is used to activate Windows 8 / 8.1.
You can view the contents of ACPI tables from WIndows, using the RWEverything utility, or by booting from a Linux Live-CD, for example, SystemRescueCD . The latter method is relevant when it is no longer possible to boot into the installed instance of Windows.
')
We have two laptops - Samsung NP305 and Acer Aspire V5-551G, on the first Windows 7 OEM Home Basic x86_64 is preinstalled, on the second - Windows 8 OEM Single Language x86_64. Let's use SystemRescueCD. After loading, we will look at the contents of the / sys / firmware / acpi / tables directory:
ls /sys/firmware/acpi/tables/ APIC dynamic DSDT FACP FACS HPET MCFG SLIC SSDT1 SSDT2 We are interested in the SLIC and MSDM tables. A description of their structure can be found, for example, in this file. We first look at the SLIC table on a laptop with Windows 7 (real data is “closed” by the X symbol):
> xxd /sys/firmware/acpi/tables/SLIC 0000000: 534c 4943 7601 0000 01fb 5345 4343 5344 SLICv.....SECCSD 0000010: 4c48 3433 5354 4152 0920 0701 414d 4920 LH43STAR. ..AMI 0000020: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000030: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000040: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000050: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000060: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000070: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000080: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000090: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000a0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000b0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000c0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000d0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000e0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 00000f0: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000100: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000110: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000120: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000130: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000140: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000150: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000160: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX xxxxxxxxxxxxxxxx 0000170: XXXX XXXX XXXX xxxxxx As you can see, licensing information is stored here in binary form.
MSDM tables in the BIOS of a laptop with Windows 7 is not.
Now let's see the SLIC table on a laptop with Windows 8:
> xxd /sys/firmware/acpi/tables/SLIC 0000000: 534c 4943 7601 0000 0168 4143 5253 5953 SLICv....hACRSYS 0000010: 4143 5250 5244 4354 0100 0000 3130 3235 ACRPRDCT....1025 0000020: 0000 0400 0000 0000 0000 0000 0000 0000 ................ 0000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000040: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000140: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000150: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000160: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000170: 0000 0000 0000 ...... The table is empty, so it is not possible to use offline activation on this laptop.
Now let's look at the MSDM table (the real data is “closed” with X).
> xxd /sys/firmware/acpi/tables/MSDM 0000000: 4d53 444d 5500 0000 030b 4143 5253 5953 MSDMU.....ACRSYS 0000010: 4143 5250 5244 4354 0100 0000 3130 3235 ACRPRDCT....1025 0000020: 0000 0400 0100 0000 0000 0000 0100 0000 ................ 0000030: 0000 0000 1d00 0000 XXXX XXXX XXXX XXXX ........XXXXX-XX 0000040: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXX-XXXXX-XXXXX- 0000050: XXXX XXXX XX XXXXX The 25-digit key of the OS instance is sewn into the MSDM table in clear text.
From the / sys / firmawe / acpi / tables directory, the SLIC and MSDM files can be copied to any other location in the usual way.
Now we have images of the SLIC and MSDM tables. It turns out that you can emulate the presence of these tables when loading Windows in the QEMU / KVM hypervisor environment using the -acpitable option. For example, we will start the installation of Windows 7 with an OEM disk, and we will not connect the network adapter to make sure it is in offline activation.
> qemu-img create -f qcow2 -o lazy_refcounts /media/storage/VMs/win7-slic-test.qcow2 40G > qemu-system-x86_64 -smp cores=2 -m 1024 -enable-kvm -cdrom /media/storage/iso/Windows_7_SP1_RU/7601.17514.101119-1850_x64fre_client_ru-ru_OEM_HomeBasic-GRMCHBXFREO_RU_DVD.iso -acpitable file=/media/storage/misc/Samsung_NP305V5A/ACPI/tables/SLIC -net none -drive id=disk,file=/media/storage/VMs/win7-slic-test.qcow2,if=none -device ahci,id=ahci -device ide-drive,drive=disk,bus=ahci.0 After installation, going to Computer -> Properties, we will see that our system is not activated. This is natural, since we emulate only one of the components of the offline activation system — the SLIC table; however, for successful activation, we also need a certificate (an XML file with the XRM-MS extension) and an OEM key. These components are already sewn into the recovery image on the laptop’s disk, and if we mark the recovery partition as bootable, we can activate the installation of the Windows instance that will be authenticated immediately after installation.
If we somehow get the certificate and key separately, you can put them in teams
SLMGR.VBS -ILC <_.XRM-MS> and SLMGR.VBS -IPK <25- > Need to pay attention to that. that the SLMGR.VBS utility works long enough and upon completion of the work it displays a message in a separate window.
Upon completion of the SLMGR.VBS utility, a copy of Windows will be successfully activated.
I only met three-component offline activation on laptops preinstalled with Windows Vista / 7; for laptops preloaded with Windows 8 / 8.1, online activation is performed using a 25-character key of the OS instance embedded in the MSDM table. When installing Windows 8, the key is extracted from the BIOS automatically, and, after checking for compliance with the installed version of Windows, is written to the registry. Make sure of this:
> qemu-img create -f qcow2 -o lazy_refcounts /media/storage/VMs/win8-msdm-test.qcow2 40G > qemu-system-x86_64 -smp cores=2 -m 1024 -enable-kvm -cdrom /media/storage/ISO/Win8_OEM/HRM_CSLA_X64FREO_RU-RU_DV5.ISO -acpitable file=/media/storage/misc/Acer_Aspire_V5-551G/ACPI/tables/MSDM -net none -drive id=disk,file=/media/storage/VMs/win8-msdm-test.qcow2,if=none -device ahci,id=ahci -device ide-drive,drive=disk,bus=ahci.0 Install Windows 8 and use the NirSoft Product Key Viewer utility. Indeed, the key of the installed version of Windows 8 and the key from the MSDM table are the same.
Unfortunately, only SeaBIOS, which comes with default QEMU, is able to apply ACPI user tables, but the -acpitable parameter simply ignores the OVMF , which allows you to load the OS in the EFI environment.
Naturally, using ACPI table emulation is possible only by following the letter and spirit of the license agreement with Microsoft, otherwise karmic forces will punish you.
Source: https://habr.com/ru/post/247597/
All Articles