Jump to content

Multi Manufacturer Pre-Activation


Recommended Posts

I think I have a working set of files. Extract these files to your hard drive and run GetOEMFiles.bat then copy the files to the $OEM$ directory of your CD. I haven't tested these yet but it looks good.

You don't have to use my cmdlies.txt file but you need to run RestoreOEMFiles.bat before WFP starts protecting the files (I think T-9)

If anyone has a Manufacturer's string that contains a ' or a " (single quote or double quote) or anyone else for that matter let me know if it works.

Attachment Removed - See Post #34

Edited by Bezalel
Link to comment
Share on other sites


Mitec GetSysInfo.exe will not be available for one year.

Instead of using IBM smbios tool, why not using:

Compname.exe was written using the excellent Mitec SysInfo by Michal Mutl (see www.mitec.d2.cz) and Indy.

@for /F "tokens=2* delims=: " %%i in ('compname /s ^|findstr /L /c:"System	manufacturer"') do @set Manufacturer=%%j &@call manufacturerhex "%%j"

EDIT: previous script modified to trim any leading/trailing spaces &call Djé script.

Djé manufacturerhex.cmd script modified to take manufacturer string as 1st parameter

FOR /F "tokens=1* delims=: " %%i IN ('smbiosd /t:1 ^|findstr "Manufacturer"') DO SET "TEST=%%j"

SET TEST=%1

SET TEST=%TEST:"=%

echo Manufacturer: %TEST%

Edited by Bilou_Gateux
Link to comment
Share on other sites

Instead of using IBM smbios tool, why not using:

Compname.exe was written using the excellent Mitec SysInfo by Michal Mutl (see www.mitec.d2.cz) and Indy.

@for /f "tokens=1* delims=:" %%i in ('compname /s ^|findstr /L /c:"System	manufacturer"') do @set Manufacturer=%%j

Because I didn't know about this program. At this stage I'm going to stay with smbios2.exe because it is a well known product and I can freely distribute it.

If someone writes an executable thet will output just the Manufacturer's String with no additional formatting I might change my script to use it.

Feel free to use whatever method you like in your own script but please don't use this thread to distribute these changes yet (unless my code is broken). There are a number of enhancements (OEMLOGO.BMP, OEMINFO.INI, Signature checking, Verifying SLP Status, SFX Support) that I want to add and don't want this project to be pulled in too many directions

Link to comment
Share on other sites

I removed the attachment from post 31 bacause it failed on my PC. Apparently .VBS is not associated with wscript at T-12. My next test is to chance the line

setEnvVar.vbs "%%b"

to

wscript setEnvVar.vbs "%%b"

and see what happens. If this works I will repost the files.

Link to comment
Share on other sites

  • 3 weeks later...

Hello and greetings from YerMoney!

This is my first time posting on this board, so let me start with telling you, that I'm deeply impressed by the threads I read tonite.

I focused mainly on the 'works' of Bezalel, because I'm trying to figure out, which part of the DMI-table is checked to see whether the installed Windows is pre-activated or not.

My first guess was the "Manufacturer"-string, since I was able to install a pre-activated (SLP) OEM Windows on a different mainboard after I patched the "Manufacturer"-string in this boards DMI-table.

Well, this worked like a charme!

Now it is interesting to see that you're trying to get rid of the problem to keep the pre-activation the other way round - by exchanging the OEMBIOS-files on the setup media (as far as I understand this thread).

Anyway - patching the DMI-table or collecting a pool of different oembios-files - I greatly apreciate the fact, that this thread gives a collection of different manufacturer strings!

So here is my contribution

Manufacturer: MEDIONPC

Model: AWRDACPI

4D454449 4F4E5043

Oh, and by the way, a very informative tool is available from german compu-mag c't, named ctdmi.exe and bundled in ctbios15.zip - unfortunately only available in german.

Link to comment
Share on other sites

I'm trying to figure out, which part of the DMI-table is checked to see whether the installed Windows is pre-activated or not.

SLP Activation doesn't check the DMI tables, it searches through a specific memory address range looking for a particular string. The OEMs provide the address range and string to MS who encrypt them and provide the OEMs with an OEMBIOS file set.

Link to comment
Share on other sites

I'll reply to that more detailed later on (it's early morning over here in Germany and I want to check a few things first).

But ...

SLP Activation doesn't check the DMI tables, it searches through a specific memory address range looking for a particular string.

Even if SLP activation doesn't check the DMI tables itself, the manufacturer string for sure derives from the DMI table data.

Otherwise I wouldn't have been successfull in patching the string in the DMI table and keep the pre-activation working on atotally different hardware leaving OEMBIOS files untouched.

In my opinion this is a more than sufficient practical proof.

To verify this (theoretically) we have to ask how and from where the WMI does collect it's infos.

For example:

With the function you use, you retrieve the "Manufacturer-" and the "Model-String".

This "Model-String" is non existent in the DMI tables, but instead I discovered it in the ACPI APIC table ("OEM TABLE ID") - where you (vice versa) won't find a "Manufacturer-String".

Even though the "Model-String" is (yet) of no interest for the pre-activation (but it will become important in concern of Trusted Computing), it leads me to the conclusion that the WMI data is collected from different sources (DMI table, ACPI APIC table and so on) and compiled to the WMI database.

So my intension is to find out what data sources should be examined and how the chances are to modify them.

Some thoughts on "Trusted Computing":

head_02_TC.jpg

Edited by mittern8
Link to comment
Share on other sites

Maybe I should clarify my last post. SLP doesn't browse the DMI or SMBIOS tables for a specific entry, instead it searches for the sting within a specific range. The manufacturer may choose to search from 000E:4000 to 000F:FFFF (the entire BIOS) to allow for flexibility in BIOS design and allow them to place the string anywhere in their BIOS. They may also choose to use their name as the search string.

WMI uses multiple sources for its data. I think the manufacturer and model originate from SMBIOS.

Link to comment
Share on other sites

Maybe I should clarify my last post. SLP doesn't browse the DMI or SMBIOS tables for a specific entry, instead it searches for the sting within a specific range. The manufacturer may choose to search from 000E:4000 to 000F:FFFF (the entire BIOS) to allow for flexibility in BIOS design and allow them to place the string anywhere in their BIOS. They may also choose to use their name as the search string.

WMI uses multiple sources for its data. I think the manufacturer and model originate from SMBIOS.

Ja, okay!

So, it seems quite clear that SLP is using a different mechanism as WMI does, right?

P.S.:

I'm very keen to see how U solve the problem with the OEMBIOS files!

And, BTW, just read an articel on Windows Vista and BitLocker Drive Encryption :no:

Edited by mittern8
Link to comment
Share on other sites

I removed the attachment from post 31 bacause it failed on my PC. Apparently .VBS is not associated with wscript at T-12. My next test is to chance the line

You can run .vbs files from cmdlines.txt just fine, however you're limited to cscript.exe.

On another note, would it be beneficial to make a repository of the BIOS files for various makes and models?

Link to comment
Share on other sites

would it be beneficial to make a repository of the BIOS files for various makes and models?

The OEMBIOS files are MS copyrighted files, such a project would probably be considured warez.

Edited by Bezalel
Link to comment
Share on other sites

That was running through my mind, but I rationalized it by assuming the BIOS files would not allow you to install XP on a computer that it wasn't meant for. This would presumably mean Dell, Gateway, Emachines, etc. Furthermore, the key codes would not be a part of this, only the files. The other thing I thought about was the fact that people don't seem to have a crisis of conscious when it comes to distributing patched OS files - uxtheme.dll, tcpip.sys, etc.

I'm not a lawyer, but that was my take on it.

Link to comment
Share on other sites

I have a set of files that worked on a Dell, HP, and Toshiba PC. I made the following changes to the CD:

I deleted OEMBIOS.BI_ OEMBIOS.DA_, OEMBIOS.SI_ from the CD (make sure you leave OEMBIOS.CA_)

I removed all lines referancing any of the OEMBIOS files (including OEMBIOS.CAT) from txtsetup.sif and dosnet.inf.

I created a winnt.sif file that included a MS Generic key http://www.microsoft.com/technet/prodtechn...y/oempreac.mspx (Home users should use a Factory Key)

I copied the files from activation.rar to the $OEM$ directory along with the files created using CollectFiles.rar

Link to comment
Share on other sites

Hi Bezalel,

Sorry for the newbie question, but i got abit lost on this thread. :blushing:

Do i copy the files created by the CollectFiles.rar on each of my PC's (a Dell and a HP) to the $OEM$ folder on my UAXPCD, with the files inside the activation.rar.

Then burn and run, is that correct ?

Link to comment
Share on other sites

Sorry for the newbie question, but i got abit lost on this thread. :blushing:

Thats understandable, I myself am figuring out this process so it keeps changing

Do i copy the files created by the CollectFiles.rar on each of my PC's (a Dell and a HP) to the $OEM$ folder on my UAXPCD, with the files inside the activation.rar.

You only need the files created by CollectFiles.rar you don't need the files contained in ColletFiles.rar (The files in CollectFiles.rar are pretty sloppy and leave behind an enviroment variable but they do work.)

Here is listing of the contents of my $OEM$ directory:

44656C6C20436F6D707574657220436F72702E.BIN
44656C6C20436F6D707574657220436F72702E.CAT
44656C6C20436F6D707574657220436F72702E.DAT
44656C6C20436F6D707574657220436F72702E.SIG
44656C6C20436F6D707574657220436F72706F726174696F6E.BIN
44656C6C20436F6D707574657220436F72706F726174696F6E.CAT
44656C6C20436F6D707574657220436F72706F726174696F6E.DAT
44656C6C20436F6D707574657220436F72706F726174696F6E.SIG
4865776C6574742D5061636B617264.BIN
4865776C6574742D5061636B617264.CAT
4865776C6574742D5061636B617264.DAT
4865776C6574742D5061636B617264.SIG
544F5348494241.BIN
544F5348494241.CAT
544F5348494241.DAT
544F5348494241.SIG
cmdlines.txt
CreateBatFile.vbs
RestoreOEMFiles.bat
RestoreOEMFiles.tmp
smbios2.exe

Edited by Bezalel
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...