Comments (7)
It obtains the crypto-key through Windows Update at the same time you get the ESD normally.
This wasn't always true for internal ESDs, like the well-known ones you have (I saw your post on BA). In these cases, the crypto-key was pre-shared internally and added to the registry. Normally, you'd only get served that ESD because WU detects the presence of the Crypto-key registry entry.
These days, things are better secured and ESDs never get pushed to public WU.
from decryptesd.
Ok. These ESDs come from the caching system of a decommisionned proxy server. I have 72 of them. Some are from known builds but some are from unknown builds: 9833, 10034, 10144, 10152. Are they also "well-known" (strangely, googling their names lead to no result... same for the one I posted on BA)?
from decryptesd.
Yes.
And by "well-known", I mean by anyone who actually cares to investigate such things. That necessarily excludes most of BA and means finding info on Google probably won't return much. Such things are rarely discussed in public.
There's these four and then about 10 other "unleaked" builds that were uploaded to public WU. No way to get CryptoKey for any of them without info from someone on the Windows team.
from decryptesd.
But, when you say "well-known", does it mean you also have the ESD files? Indeed, for example, the ESD of build 9833 can be decoded by your tool.
Thanks for your information about the fact this build comes from WU I searched information for the whole day and I think we need the Update ID to grab the key. I found the Revision ID (not Revision Number) of my builds but I don't know how to obtain/derive the Update ID for this Revision ID... of course, they don't appear on catalog.update.microsoft.com...
from decryptesd.
I do have the files.
The Update ID is not enough to retrieve the key. As I alluded to, these builds rely on pre-shared Crypto Keys. All that's stored on WU is a detectoid that picked up whether you had the key (which was stored in the registry) by comparing the last four base64 characters. The full key was distributed another way internally.
These days, they do it differently anyway, but to unlock these keys, you'll probably need someone who was on the team at the time.
from decryptesd.
I trust your information, thanks for them.
At that time, it was the only way to do it because both the WU agent and the WU server's API were not ready for ESD key delivery. Both have since been updated (probably for the Windows 10 upgrade) and the WU agent can directly request the ESD key to the WU server's API. I imagine you know that... ;)
Hence the fact that I'm interested in the UpdateID of one of these undecryptable builds. I can't imagine the people at Microsoft registering these builds into the WU server's database without saving the decryption key along with it. It probably was saved in the WU server's database but was just not requestable at that time; hence the fact that it was delivered by anohter way. It was also convenient to check if the computer was eligible. Of course, I speculate but it's not totaly stupid and cost nothing to try.
from decryptesd.
At that time, it was the only way to do it because both the WU agent and the WU server's API were not ready for ESD key delivery. Both have since been updated (probably for the Windows 10 upgrade) and the WU agent can directly request the ESD key to the WU server's API. I imagine you know that... ;)
When was WUSP ever not ready for ESD key delivery? Since TH1 the process was mainly to request DecryptionKey along with FileUrl attribute to GetExtendedUpdateInfo2, which will check the MSA token in SOAP's header to ensure your eligibility for getting the content (Although more attributes play role now into getting appropriate authorization, which were added along with UUP). You may be able to get the update GUID from SyncUpdates but you still need proper token for GetExtendedUpdateInfo2 to get filepath and key.
Basically, even if the keys were there (which I doubt they kept them anyway), whatever you do you cannot get them without proper MSA token that is properly registered to an internal ring at Microsoft.
from decryptesd.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from decryptesd.