-
Star
(126)
You must be signed in to star a gist -
Fork
(53)
You must be signed in to fork a gist
-
-
Save Dhanvesh/abcc26792f08755827bc2cd64c50ac3c to your computer and use it in GitHub Desktop.
| @echo off | |
| title Windows 10 ALL version activator&cls&echo ************************************&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation... | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul | |
| echo ************************************ &echo.&echo.&set i=1 | |
| :server | |
| if %i%==1 set KMS_Sev=kms.shuax.com | |
| if %i%==2 set KMS_Sev=NextLevel.uk.to | |
| if %i%==3 set KMS_Sev=GuangPeng.uk.to | |
| if %i%==4 set KMS_Sev=AlwaysSmile.uk.to | |
| if %i%==5 set KMS_Sev=kms.chinancce.com | |
| if %i%==6 exit | |
| cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ato | find /i "successfully" && (echo.& echo ************************************ & echo. & choice /n /c YN /m "Do you want to restart your PC now [Y,N]?" & if errorlevel 2 exit) || (echo The connection to the server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server) | |
| shutdown.exe /r /t 00 |
In your case it is not a variable name triggering it but merely the fact that its a batch file
Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .
That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.
And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.
Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.
In your case it is not a variable name triggering it but merely the fact that its a batch file
Actually, it's not a
.batfile. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it asApplication.KMSTool.AH.That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.
And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.
Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for
*live.comor*microsoft.comto be involved. If there was a need for a cryptographic signature using the same technology asgpg, we wouldn't be able to fool Windows's internal KMS client.
You can ignore that bit about the bat file, I rephrased what I meant. Also I am not even looking at your links I already know it is not a virus lol. But again "Application.KMSTool.AH" would be an expected false positive.
Like I said I do not know anything about KMS but I do know about cryptographic signatures. I reckon KMS even stands for key management server. It probably returns a signature which is invalidated after the 180 days or whatnot. If KMS was reverse engineered like you say that would explain the existence of all these KMS servers. Like I said you can hotswap that endpoint with any other and it will work the same to your OS.
It does use signatures and is probably not using gpg as that is an open source standard and even then it would depend on how the technology is deployed.
But again "Application.KMSTool.AH" would be an expected false positive.
But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.
Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.
[it] is probably not using
gpg
Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.
This code made a trojan virus in my case, I recommend all to not use it
This code made a trojan virus in my case, I recommend all to not use it
Please elaborate.
But again "Application.KMSTool.AH" would be an expected false positive.
But isn't it a key management tool, @ileathan?
As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps
Application.KMSTool.AHdoes designate it as malicious.[it] is probably not using
gpgYeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.
Well no. Prime numbers are used in cryptography because they are difficult to factorize (you wont get a remainder of 0) yes but that is not exclusive to GPG or even asymmetric encryption. They are just harder to predict but you don't technically need to use them.
Public Key Infrastructure models like GPG use asymmetric encryption, that is to say the keys used to encrypt and decrypt that most people seem to more intuitively understand are not the same and replaced with two keys (massive primes/semi primes) one which is a secret and one which is derived from the secret. The secret is used to decrypt and sign. The public is used to encrypt and verify.
GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code, well except when shamelessly lifted.
This code made a trojan virus in my case, I recommend all to not use it
False positive.
GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code
https://github.com/gpg/gnupg#readme states that it's licensed under GPLv3. @ileathan, does that have the same requirement as v2 - that all modifications be posted upstream? That'd be a reason not to include it in Windows.
Its open source, windows is closed.
Was that really worth stating...? It's pretty obvious.
That'd be a reason not to include it in Windows.
Are you trolling me?
Are you trolling me?
Although I'm unfamiliar with the term, a cursory search makes me think I should rather ask the same – I've never had someone think that clarification that Windows is proprietary was necessary.
That'd be a reason not to include it in Windows.
I know. I just said that. What it this?!
Is there another language I can speak to you in?
Its open source, windows is closed.
I know. Why do you keep saying that, @ileathan? I never, ever insinuated otherwise.
I am saying that would be a reason not to include it in the closed windows operating system code. If you did it would not be open. No?
i think this script is bad
Always works for me.
Lol <3
my man still using key management for his windows
real gigachads activate by generating genuineticket.xml and a custom slc.dll
if anyone here (not you ileathan) genuinely uses this script to activate windows i will eat my pants
also you can obfuscate your server addresses so that they dont generate false positives
(similar to this) massgravel/Microsoft-Activation-Scripts@b5c63b2
Thanks it worked for me windows 10 pro
Don't give virus Microsoft too much money unless you have too, copy pasting the code is also often more practical.
How do you remove this if needed?
wow it work for me 24/1/2024 window 10 pro. i copied the first script copy to text save as .bat
save txt file as .bat
Run as admin
press enter when CMD opens
wait for batch to finish running
restart computer
done
can you please tell me if this is safe?
I'm here because I am unable to afford the original windows key. Please respond.
Hello, ur computer has virus (yes its safe)
dosent this just hide the activation logo? i havent tried this but does it like give you access to those settings which are not available.
I removed that bit although I did feel insulted. I just feel I am wasting my time. A Microsoft server AFAIK is the one that is by default suppose to negotiate the cryptographic signature that is happening in the background which is the point of KMS. I do not know anything about KMS because it is all closed source but I know very well the fundamentals of cryptographic signatures. The servers may obviously break tos but I think that is the point.
Pasting small bits of code like that into virus total which scans it with every AV is totally useless. When I was programming web miners for my website changing a variable name would get rid of of those false positives (simply because those AV's were targeting monero's variable names [totally illogical]). They are often times not logical but political and to this date monero is flagged as a virus. In your case it is not a variable name triggering it but merely that KMS was called is my guess. It really is an expected false positive.
And as far as your operating system is concerned everything going on is using the official client, protocol, and server. For example you can hot swap that domain in the code to any other KMS host (associated with your key) so a enterprise key would need an enterprise kms server.