Structure of KMSpico with it's source code.
I cannot reveal the whole source code for few reasons.
I'm sorry about that.
How does KMSpico work?
Many people claim that it uses the legal KMS method to activate. No, it doesn't.
It creates an emulation in your Windows edition's
memory with IP of 127.0.0.1. That is your own machine.
That means, it doesn't activate the way it is supposed to as mentioned in
Microsoft's website:
http://technet.microsoft.com/en-us/libr ... 93419.aspxSteps-
1) It identifies your OS through an unique ID as mentioned .
2) It disables your smart-screen to prevent any interruption
and getting caught .
3) It stops Windows Defender Service and adds it self into your Anti-Virus or Defender's
exceptions list to prevent getting caught.
4) It clears out the script values from "C:\Windows\Setup\Script" to prevent conflicts.
Finally, it has few predefined hex(s) values, which are integrated into your systems using regedit or merge method.
This happens in the background since the commands use a special "nul" method, which doesn't generate any output.
Finally, few small changes in your Activation status are made and your machine is activated.
It also adds a scheduled task and service, which run at 11:59:59 everyday to keep the activation status intact.
Scheduled tasks are made to run in the background, so you won't notice it running.
It says that it has activated your copy for 180 days, but it's a fake display, since it is extended
everyday.
It is able to do this because you've granted it admin rights.
This is how KMSpico works. It's just like other activators, but more intelligent.
Nothing special and remember, all activations are illegal.
1) Identifies the OS and then accordingly, executes it self-
Identification source code-
--------------------------------------------------------------------------------------------------------------------------------------
<!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
<!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
--------------------------------------------------------------------------------------------------------------------------------------
2) Disables the smart screen-
Since Smartscreen and Defender services are stopped, you won't know if it acesses your files.
Code-
--------------------------------------------------------------------------------------------------------------------------------
SET RQR=REG QUERY "HKLM\SOFTWARE\Microsoft\Internet Explorer" /v "Version"
%RQR% | findstr /I "\<10\>" >nul && %INL% reg add "HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d "00000000" /f >nul
Const HKEY_LOCAL_MACHINE = &H80000002
Dim StrComputer,strKeyPath,strValueName
Dim objRegistry
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\System\"
strValueName = "EnableSmartScreen"
objRegistry.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
Dim RegKeyPath
Set objShell = CreateObject("Wscript.Shell")
regKeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen"
'determine if a registry key exists
If IsNull(dwValue) Then
'if the registry key does not exist, create a new registry key
objShell.RegWrite regKeyPath,0,"REG_DWORD"
WScript.Echo "Turn off SmartScreen successfully."
Else
If dwValue = 0 Then
WScript.Echo "You have already turn off SmartScreen successfully."
Else
objShell.RegWrite regKeyPath,0,"REG_DWORD"
WScript.Echo "Turn off SmartScreen successfully."
End If
End If
-----------------------------------------------------------------------------------------------------------------------------------
3) Stops Defender Service to prevent getting caught and also adds an exception in the anti-virus.
Code-
-----------------------------------------------------------------------------------------------------------------------------------
NET STOP "Windows Defender Service" > nul 2>&1
-----------------------------------------------------------------------------------------------------------------------------------
4) Clears your entire scripts from from C:\ to prevent conflicts-
-----------------------------------------------------------------------------------------------------------------------------------
RMDIR /S /Q "C:\Windows\Setup\Scripts"
RD /S /Q "C:\Windows\Setup\Scripts"
-----------------------------------------------------------------------------------------------------------------------------------
5) It installs it's scheduled services and tasks, so it runs everyday at 11:59:59, prolonging the activation.
The 180 days activation is just a fake display. It can go on for ever.
Code-
-----------------------------------------------------------------------------------------------------------------------------------
start /wait KMSpico.exe
regedit /s RunOnce.reg
pushd "%~dp0"
set directorio=%~dp0
set name="AutoPico Daily Restart"
SCHTASKS /Create /TN %name% /TR "%directorio%AutoPico.exe /silent" /SC DAILY /ST 11:59:59 /RU SYSTEM /RL Highest
pushd "%~dp0"
set dr=%~dp0
set name="Service KMSELDI"
sc create %name% binPath= "%dr%Service_KMS.exe" type= own error= normal start= auto DisplayName= %name%
rem sc start %name%
-----------------------------------------------------------------------------------------------------------------------------------
5) Replaces your product's activation hex with it's own. Hex(s) can be found in \KMSpico\cert\
You will find 2 different folders there. 2010 office cert and 2013 office cert.
There you can find these hex(s) values in a regedit file.
There are around 45 hex files in \cert folder. 3 Hex files for each office suite product like word, powerpoint, excel etc.
You can also find the files that KMSpico modifies with , in \KMSpico\cert\
Code-
Eg-
--------------------------------------------------------------------------------------------------------------------------------
"ProductID"="00219-40000-00000-AA810"
"DigitalProductID"=hex:f8,04,00,00,04,00,00,00,38,00,32,00,35,00,30,00,33,00,\
2d,00,30,00,32,00,31,00,39,00,34,00,2d,00,30,00,30,00,30,00,2d,00,30,00,30,\
00,30,00,30,00,30,00,30,00,2d,00,30,00,33,00,2d,00,32,00,30,00,35,00,32,00,\
2d,00,39,00,32,00,30,00,30,00,2e,00,30,00,30,00,30,00,30,00,2d,00,33,00,30,\
00,34,00,32,00,30,00,31,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,65,00,31,00,33,00,61,\
00,63,00,31,00,30,00,65,00,2d,00,37,00,35,00,64,00,30,00,2d,00,34,00,61,00,\
66,00,66,00,2d,00,61,00,30,00,63,00,64,00,2d,00,37,00,36,00,34,00,39,00,38,\
00,32,00,63,00,66,00,35,00,34,00,31,00,63,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,56,00,69,00,73,00,69,00,6f,00,50,00,72,\
00,6f,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,92,08,00,00,00,00,cc,46,47,a9,\
a2,ba,7c,4d,09,00,d4,e0,37,84,8c,77,18,67,58,91,b4,8a,cd,83,77,95,3b,b6,00,\
0d,6a,4f,7d,47,cc,65,fe,b8,b5,c3,ae,c2,ca,97,f4,ab,b9,a0,b6,0c,bf,07,0f,62,\
6f,f1,e9,46,73,7e,05,6e,9c,c2,99,75,09,81,74,ac,95,c6,b7,0e,58,00,31,00,38,\
00,2d,00,33,00,33,00,32,00,38,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,56,00,\
6f,00,6c,00,75,00,6d,00,65,00,3a,00,47,00,56,00,4c,00,4b,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,6c,00,74,00,4b,00,4d,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00