Skip to content

Instantly share code, notes, and snippets.

@Dhanvesh
Created June 5, 2018 17:37
Star You must be signed in to star a gist
Save Dhanvesh/abcc26792f08755827bc2cd64c50ac3c to your computer and use it in GitHub Desktop.
Windows 10 Activation Batch File
@echo off
title Windows 10 ALL version activator&cls&echo ************************************&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation...
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul
echo ************************************ &echo.&echo.&set i=1
:server
if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
if %i%==6 exit
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ato | find /i "successfully" && (echo.& echo ************************************ & echo. & choice /n /c YN /m "Do you want to restart your PC now [Y,N]?" & if errorlevel 2 exit) || (echo The connection to the server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server)
shutdown.exe /r /t 00
Copy link

ghost commented Aug 12, 2022

its work!

@notkirb
Copy link

notkirb commented Aug 21, 2022

windows defender quite literally deletes the file

i dont even have a chance to click on it before windows defender deletes it

@crabdemlastina
Copy link

Ty

@xlxk-of
Copy link

xlxk-of commented Sep 8, 2022

anyone having issues with widows defender, turn off real time protection. Run as admin, wait AT LEAST 5 minutes, if it doesnt work just buy windows

@Magnetrix-Hex
Copy link

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB).
Its a HACKER......BEWARE...BEWARE...BEWARE
ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

@ileathan
Copy link

ileathan commented Nov 30, 2022

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB). Its a HACKER......BEWARE...BEWARE...BEWARE ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

Edit: Oh sorry for my last text I thought you were talking to the OP.

@q0wbx
Copy link

q0wbx commented Dec 16, 2022

not even all version

@krystian3w
Copy link

Github seems removed comment with linked trojan with spam of empty li elements (~120 lines).

@Tiethuz
Copy link

Tiethuz commented Dec 20, 2022

Does this still work?

@rohitbaijal
Copy link

yes it worked. thank you !!

@rohitbaijal
Copy link

Does this still work?

yes for me it worked.

@Diga1jj
Copy link

Diga1jj commented Jan 6, 2023

NOT workeng for me

@faslanetech
Copy link

faslanetech commented Jan 10, 2023

works for me as of today (1-10-23) everyone saying it's a virus blah blah, use common sense, its NOT. Everyone saying it doesn't work, have PATIENCE it DOES work. Jesus.......common sense people, common sense.....

literally JUST used it again. It seems to have a mind if it’s own but it did work after about 3 mins. Sometimes it’s a few seconds, sometimes minutes and sometimes I reboot to flush everything and it works so yeah….works great. Have not EVER has Windows security or otherwise report it as a virus or malware, because it’s NOT….literally never once has anything popped up attempting to block it. Now the MAS .bat file for office will but you simply turn off live detection in windows security first. Also not a malware or virus.

@Banois
Copy link

Banois commented Jan 15, 2023

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

@btwitsdhruuv
Copy link

faced the same issue

@Yarpopcat08
Copy link

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB). Its a HACKER......BEWARE...BEWARE...BEWARE ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

Edit: Oh sorry for my last text I thought you were talking to the OP.

Cmon, stop believing the MS Defender. Seriously, does the "trojan" name give you anything? If it doesn't, don't beleive it and don't spread disinformation.

@praveen4781
Copy link

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

same problem with me please help me

@praveen4781
Copy link

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

bro same type of problem with me also

@faslanetech
Copy link

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

same problem with me please help me

I literally have copied and pasted the contents into a new file and re-saved it and that’s made it work almost instantly but it shouldn’t matter it’s the same contents. Weird but always works sooner or later. Kinda has a mind of its own sometimes but it’s always lays worked for me. Sometimes I’ll reboot and run it again and that seems to speed it up a bit. You might try that.

@panyiliu
Copy link

Works like a charm !

@wedlinedesginer
Copy link

is it safe

@Diga1jj
Copy link

Diga1jj commented Feb 18, 2023 via email

@Krishgaming1455
Copy link

thankyou a lot .

@nilotpol8448
Copy link

nilotpol8448 commented Feb 26, 2023

Not working for me. its shuts down everytime after 4 line of server filed written line, it doesn't show the usual "shut down y/n" message. the water mark disappears but after some time probably 2 to3 hours later the water mark appears again.
my system is Windows 10 Enterprise Version 22H2.
don't know if its only me or what.

@Adeelaman
Copy link

It seemed to keep saying "failed to connect to the server."
Yes, I ran it as an admin.

@LizoMakinana
Copy link

While I.m about to excute it all I does I blinks the file then no cmd screen displays help

@LizoMakinana
Copy link

Uploading 16783678011405569685644846600279.jpg…

@ariaesdf
Copy link

March 2023, Still works.

  1. save txt file as .bat
  2. Run as admin
  3. press enter when CMD opens
  4. wait for batch to finish running
  5. restart computer

@nilotpol8448
Copy link

nilotpol8448 commented Mar 11, 2023

Same problem as @Adeelaman.

https://msguides.com/windows-11#:~:text=%40echo%20off%0Atitle,halt%0Apause%20%3Enul works.

Thanks man this one worked for me. Even though it was for win 11 my win 10 pc is showing its activated..

@LizoMakinana
Copy link

LizoMakinana commented Mar 11, 2023 via email

@Abzelite
Copy link

Abzelite commented Apr 4, 2023

Don us it it downloads (Trojan:Win32/Skeeyah.A!MTB). This trojan scam malware beware!!!!!!!!!!!!!!!!!!!!

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Apr 29, 2023

@Abzelite, per what? Do you have an AV report you can share?

Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.

GitHub is investigating as of 20230502T170936+0100.

@Simon1907
Copy link

This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.

@xtho25
Copy link

xtho25 commented May 16, 2023

does this still work?

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 17, 2023

@Simon1907, https://www.chinancce.com/ has a valid certificate currently. However, whether it did or not wouldn't be a useful distinction anyway, since unless you're going to operate your own KMS server, external (and thus fundamentally untrusted due to their illegality) servers are choices available. Note that it's https://www.kms.chinancce.com/ that is used in the script.

Although https://adsecurity.org/?p=284 demonstrates that installation of the KMS opens a port, I'd hope that it can only accept very basic data, and thus shouldn't generate vulnerability. Anyone wanna bother asking on Quora etc. for us?

@Mrityunjoy1412
Copy link

ITS A MALWARE. YOU WILL BE LISTED AS A VICTIM ON DARK NET. DON'T USE THIS. ITS A MALWARE. IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, , IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 18, 2023

@Mrityunjoy1412,

YOU WILL BE LISTED AS A VICTIM ON DARK NET.

You're making stuff up. Don't just espouse what seems correct when you've obviously little understanding of this kind of stuff. We can't even be certain that it's malware, since none of us here are knowledgeable enough to identify the patterns that VirusTotal can.

Don't assume that someone has been malicious until you've very good evidence, even regarding code - chances are that the OP posted this because it worked for them.

However, more importantly than all of that, I doubt anyone wants to be notified for comments like yours, which are just copy-pasted CAPITAL LETTERS.

@ileathan
Copy link

ileathan commented May 19, 2023

This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.

Interestingly enough, since a small boy obsessed with c.s. I have found microsoft servers to be insecure and malicious (fundamentally as they are closed source) and hide my valuable information from the operating system itself via encryption of data drives. It has since turned into so much profit I think I was on to something. The KMS insecurity you speak of would manifest itself regardless as well as many closed source open bi directional (like KMS) microsoft ports vulnerabilities do.

@ileathan
Copy link

does this still work?

Still working for me <3

@ileathan
Copy link

ileathan commented May 19, 2023

@Abzelite, per what? Do you have an AV report you can share?

Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.

GitHub is investigating as of 20230502T170936+0100.

Its really short code just search what every line does. Remembering microsoft is closed source. It does activate windows using their own protocols.

It's pretty useless to punch 26 lines of code into virustotal. You really should not trust AV's either for example the false positive you posted is expected, sometimes changing variable names will get rid of false positive (roflmao). I get that they are good for the masses in many ways but this is github just ask someone what the code does.

@RokeJulianLockhart
Copy link

@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt localhost, but this is more guaranteed to work.

Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.

@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt localhost, but this is more guaranteed to work.

Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.

It is indeed using the official msft KMS protocol. The code above uses a remote server set with /skms %KMS_Sev%. And can be verified after with slmgr.vbs /dlv You could change it to any appropriate KMS server so long as it downloads the Microsoft expected licensing binary associated with the keypair you chose it will work. Also of course Microsoft has port vulnerabilities which are exploitable by the general public haha. It is closed source after all. Use a search engine if your curious.

Sorry if what I wrote was rude, it just honestly really is a bad idea to copy paste few lines of code into a AV like that you linked an expected false positive. What I wrote about how to trick AV's is true and is from personal experience I can explain more if you would like, but it is a bad idea unless I guess you have no way to read the code or any way to ask someone what it does.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 22, 2023

@ileathan,

it just honestly really is a bad idea to copy paste few lines of code into a AV

There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.

The code above uses a remote server set with /skms %KMS_Sev%

I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:

if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul

Those are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.

@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan,

it just honestly really is a bad idea to copy paste few lines of code into a AV

There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.

The code above uses a remote server set with /skms %KMS_Sev%

I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:

if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul

Those are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.

It's being used to store the remote KMS server domain based on your respective keypair choice. A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy. I am going to drop this conversation. Also this does not disable any KMS client ability whatsoever either. It uses the official protocol/client. A official KMS server does also not need to be a official Microsoft server period a normal use case would imply the KMS host be running a msft server.

Lastly if you think Microsoft-owned domains are inherently safe then good luck haha.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 22, 2023

@ileathan,

If you think Microsoft-owned domains are inherently safe then good luck.

I've never said that. I don't think any of this script is safe – https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c?permalink_comment_id=4553318#gistcomment-4553318. I dunno what your obsession about Microsoft-owned domains is anyway, since you haven't yet informed me about how it's calling any of Microsoft's servers.

It's being used to pair your chosen key with its respective pair on a remote server.

Yeah – kms.shuax.com's.

A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy.

So look at the report logs: https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7. They're not as detailed as I'd like from a cursory evaluation, but I think we can agree that it correctly identified it as https://www.hybrid-analysis.com/search?query=vxfamily%3A%22Application.KMSTool%22, specifically Application.KMSTool.AH (https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/).

Consequently, chances are that the rest of the diagnostics (which I've reviewed) are probably accurate. They're not mental things anyway – just GETs at places it probably shouldn't be invoking WebRequests from.

https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8

@ileathan
Copy link

ileathan commented May 22, 2023

Sorry man I dropped the conversation. Its an expected false positive, go ask another programmer or be wrong and trust your AV.

To anyone else the script is safe and afaik is not even illegal albeit can be against tos.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 22, 2023

@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.

@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.

I removed that bit although I did feel insulted. I just feel I am wasting my time. A Microsoft server AFAIK is the one that is by default suppose to negotiate the cryptographic signature that is happening in the background which is the point of KMS. I do not know anything about KMS because it is all closed source but I know very well the fundamentals of cryptographic signatures. The servers may obviously break tos but I think that is the point.

Pasting small bits of code like that into virus total which scans it with every AV is totally useless. When I was programming web miners for my website changing a variable name would get rid of of those false positives (simply because those AV's were targeting monero's variable names [totally illogical]). They are often times not logical but political and to this date monero is flagged as a virus. In your case it is not a variable name triggering it but merely that KMS was called is my guess. It really is an expected false positive.

And as far as your operating system is concerned everything going on is using the official client, protocol, and server. For example you can hot swap that domain in the code to any other KMS host (associated with your key) so a enterprise key would need an enterprise kms server.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 22, 2023

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

You can ignore that bit about the bat file, I rephrased what I meant. Also I am not even looking at your links I already know it is not a virus lol. But again "Application.KMSTool.AH" would be an expected false positive.

Like I said I do not know anything about KMS but I do know about cryptographic signatures. I reckon KMS even stands for key management server. It probably returns a signature which is invalidated after the 180 days or whatnot. If KMS was reverse engineered like you say that would explain the existence of all these KMS servers. Like I said you can hotswap that endpoint with any other and it will work the same to your OS.

It does use signatures and is probably not using gpg as that is an open source standard and even then it would depend on how the technology is deployed.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 25, 2023

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

@RizzWann
Copy link

This code made a trojan virus in my case, I recommend all to not use it

@RokeJulianLockhart
Copy link

@RizzWann,

This code made a trojan virus in my case, I recommend all to not use it

Please elaborate.

@ileathan
Copy link

ileathan commented Jun 10, 2023

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

Well no. Prime numbers are used in cryptography because they are difficult to factorize (you wont get a remainder of 0) yes but that is not exclusive to GPG or even asymmetric encryption. They are just harder to predict but you don't technically need to use them.

Public Key Infrastructure models like GPG use asymmetric encryption, that is to say the keys used to encrypt and decrypt that most people seem to more intuitively understand are not the same and replaced with two keys (massive primes/semi primes) one which is a secret and one which is derived from the secret. The secret is used to decrypt and sign. The public is used to encrypt and verify.

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code, well except when shamelessly lifted.

@ileathan
Copy link

This code made a trojan virus in my case, I recommend all to not use it

False positive.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Jun 10, 2023

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code

https://github.com/gpg/gnupg#readme states that it's licensed under GPLv3. @ileathan, does that have the same requirement as v2 - that all modifications be posted upstream? That'd be a reason not to include it in Windows.

@ileathan
Copy link

ileathan commented Jun 10, 2023

Its open source, windows is closed.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Jun 10, 2023

Was that really worth stating...? It's pretty obvious.

@ileathan
Copy link

That'd be a reason not to include it in Windows.

Are you trolling me?

@RokeJulianLockhart
Copy link

Are you trolling me?

Although I'm unfamiliar with the term, a cursory search makes me think I should rather ask the same – I've never had someone think that clarification that Windows is proprietary was necessary.

That'd be a reason not to include it in Windows.

I know. I just said that. What it this?!

@ileathan
Copy link

Is there another language I can speak to you in?

Its open source, windows is closed.

@RokeJulianLockhart
Copy link

I know. Why do you keep saying that, @ileathan? I never, ever insinuated otherwise.

@ileathan
Copy link

ileathan commented Jun 10, 2023

I am saying that would be a reason not to include it in the closed windows operating system code. If you did it would not be open. No?

@Ahmed-Abd-Elhady
Copy link

i think this script is bad

@ileathan
Copy link

Always works for me.

@teachbard
Copy link

ITS A MALWARE. YOU WILL BE LISTED AS A VICTIM ON DARK NET. DON'T USE THIS. ITS A MALWARE. IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, , IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE

@ileathan
Copy link

Lol <3

@infradragon
Copy link

my man still using key management for his windows
real gigachads activate by generating genuineticket.xml and a custom slc.dll

@infradragon
Copy link

if anyone here (not you ileathan) genuinely uses this script to activate windows i will eat my pants

@infradragon
Copy link

also you can obfuscate your server addresses so that they dont generate false positives
(similar to this) massgravel/Microsoft-Activation-Scripts@b5c63b2

@Edward-Silver
Copy link

Works like a cham ^_^
Thanks
for other people who want to use it:
1- Copy the code
2- open a new notepad file & paste it there
3- Save as >> name it watever but be sure to add [.bat] to the end of the name
4- right click on it & run it as adminstrator

Also, I had to run it a couple of times until it connected to the server.
so if it timed out just try again till it works. I also heard that creating a new one and running it helped for some ppl****

@under1aker
Copy link

simplified:

@echo off
cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /skms kms8.MSGuides.com >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ato
shutdown.exe /r /t 00

I haven't had any issues with false positives either.

@elonmasai7
Copy link

Thanks it worked for me windows 10 pro

@mewnm
Copy link

mewnm commented Sep 17, 2023

why is there a shutdown command there, what does it do?

@under1aker
Copy link

why is there a shutdown command there, what does it do?

shutdown.exe /r /t 0 - launch system shutdown prog to reboot (/r) the computer immediately (/t 0) to activate the license, because the changes take effect only after a reboot :/

@Anythingfrees
Copy link

Thank you, https://hypestkey.com/product/windows-11-pro/ I bought the key here for cheap price, the key was retail and activated without problems. and they microsoft partner

@ileathan
Copy link

ileathan commented Sep 24, 2023

Don't give virus Microsoft too much money unless you have too, copy pasting the code is also often more practical.

@jhcrypt
Copy link

jhcrypt commented Oct 21, 2023

How do you remove this if needed?

@MrChucklepants
Copy link

So now I'm more confused than ever. I'm trying to activate Win 10 Pro. Can anyone please tell me how to do that, in terms so simple a moron (Hello!) could understand?

@kelvinleongcc
Copy link

wow it work for me 24/1/2024 window 10 pro. i copied the first script copy to text save as .bat

save txt file as .bat
Run as admin
press enter when CMD opens
wait for batch to finish running
restart computer

done

@AnyaWehner
Copy link

AnyaWehner commented Feb 9, 2024

Thank you so much for the suggestion, Can I ask a question? Are you feeling the pressure of time in the academic world in the UK? Don't worry, UKWritings https://ukwritings.com/assignment-service which is an assignment writing service that can help you with your essays. As a student, I understand the importance of every moment and have discovered UKWritings to be the perfect solution. They are a trusted essay service in the UK that can handle your essays efficiently. They have a deep understanding of the UK educational system and tailor their services to meet its unique demands.

@Vitaminese
Copy link

Vitaminese commented Feb 19, 2024

Thank you, https://hypestkey.com/product/windows-11-pro/ I bought the key here for cheap price, the key was retail and activated without problems. and they microsoft partner

That working thanks, also found coupon instahype10, i bought pro version, activated without any problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment