Skip to content

Instantly share code, notes, and snippets.

@Dhanvesh
Created June 5, 2018 17:37
Show Gist options
  • Save Dhanvesh/abcc26792f08755827bc2cd64c50ac3c to your computer and use it in GitHub Desktop.
Save Dhanvesh/abcc26792f08755827bc2cd64c50ac3c to your computer and use it in GitHub Desktop.
Windows 10 Activation Batch File
@echo off
title Windows 10 ALL version activator&cls&echo ************************************&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation...
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul
echo ************************************ &echo.&echo.&set i=1
:server
if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
if %i%==6 exit
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ato | find /i "successfully" && (echo.& echo ************************************ & echo. & choice /n /c YN /m "Do you want to restart your PC now [Y,N]?" & if errorlevel 2 exit) || (echo The connection to the server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server)
shutdown.exe /r /t 00
@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.

I removed that bit although I did feel insulted. I just feel I am wasting my time. A Microsoft server AFAIK is the one that is by default suppose to negotiate the cryptographic signature that is happening in the background which is the point of KMS. I do not know anything about KMS because it is all closed source but I know very well the fundamentals of cryptographic signatures. The servers may obviously break tos but I think that is the point.

Pasting small bits of code like that into virus total which scans it with every AV is totally useless. When I was programming web miners for my website changing a variable name would get rid of of those false positives (simply because those AV's were targeting monero's variable names [totally illogical]). They are often times not logical but political and to this date monero is flagged as a virus. In your case it is not a variable name triggering it but merely that KMS was called is my guess. It really is an expected false positive.

And as far as your operating system is concerned everything going on is using the official client, protocol, and server. For example you can hot swap that domain in the code to any other KMS host (associated with your key) so a enterprise key would need an enterprise kms server.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 22, 2023

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

@ileathan
Copy link

ileathan commented May 22, 2023

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

You can ignore that bit about the bat file, I rephrased what I meant. Also I am not even looking at your links I already know it is not a virus lol. But again "Application.KMSTool.AH" would be an expected false positive.

Like I said I do not know anything about KMS but I do know about cryptographic signatures. I reckon KMS even stands for key management server. It probably returns a signature which is invalidated after the 180 days or whatnot. If KMS was reverse engineered like you say that would explain the existence of all these KMS servers. Like I said you can hotswap that endpoint with any other and it will work the same to your OS.

It does use signatures and is probably not using gpg as that is an open source standard and even then it would depend on how the technology is deployed.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented May 25, 2023

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

@RizzWann
Copy link

This code made a trojan virus in my case, I recommend all to not use it

@RokeJulianLockhart
Copy link

@RizzWann,

This code made a trojan virus in my case, I recommend all to not use it

Please elaborate.

@ileathan
Copy link

ileathan commented Jun 10, 2023

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

Well no. Prime numbers are used in cryptography because they are difficult to factorize (you wont get a remainder of 0) yes but that is not exclusive to GPG or even asymmetric encryption. They are just harder to predict but you don't technically need to use them.

Public Key Infrastructure models like GPG use asymmetric encryption, that is to say the keys used to encrypt and decrypt that most people seem to more intuitively understand are not the same and replaced with two keys (massive primes/semi primes) one which is a secret and one which is derived from the secret. The secret is used to decrypt and sign. The public is used to encrypt and verify.

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code, well except when shamelessly lifted.

@ileathan
Copy link

This code made a trojan virus in my case, I recommend all to not use it

False positive.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Jun 10, 2023

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code

https://github.com/gpg/gnupg#readme states that it's licensed under GPLv3. @ileathan, does that have the same requirement as v2 - that all modifications be posted upstream? That'd be a reason not to include it in Windows.

@ileathan
Copy link

ileathan commented Jun 10, 2023

Its open source, windows is closed.

@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Jun 10, 2023

Was that really worth stating...? It's pretty obvious.

@ileathan
Copy link

That'd be a reason not to include it in Windows.

Are you trolling me?

@RokeJulianLockhart
Copy link

Are you trolling me?

Although I'm unfamiliar with the term, a cursory search makes me think I should rather ask the same – I've never had someone think that clarification that Windows is proprietary was necessary.

That'd be a reason not to include it in Windows.

I know. I just said that. What it this?!

@ileathan
Copy link

Is there another language I can speak to you in?

Its open source, windows is closed.

@RokeJulianLockhart
Copy link

I know. Why do you keep saying that, @ileathan? I never, ever insinuated otherwise.

@ileathan
Copy link

ileathan commented Jun 10, 2023

I am saying that would be a reason not to include it in the closed windows operating system code. If you did it would not be open. No?

@Ahmed-Abd-Elhady
Copy link

i think this script is bad

@ileathan
Copy link

Always works for me.

@teachbard
Copy link

ITS A MALWARE. YOU WILL BE LISTED AS A VICTIM ON DARK NET. DON'T USE THIS. ITS A MALWARE. IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, , IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE

@ileathan
Copy link

Lol <3

@infradragon
Copy link

my man still using key management for his windows
real gigachads activate by generating genuineticket.xml and a custom slc.dll

@infradragon
Copy link

if anyone here (not you ileathan) genuinely uses this script to activate windows i will eat my pants

@infradragon
Copy link

also you can obfuscate your server addresses so that they dont generate false positives
(similar to this) massgravel/Microsoft-Activation-Scripts@b5c63b2

@Edward-Silver
Copy link

Works like a cham ^_^
Thanks
for other people who want to use it:
1- Copy the code
2- open a new notepad file & paste it there
3- Save as >> name it watever but be sure to add [.bat] to the end of the name
4- right click on it & run it as adminstrator

Also, I had to run it a couple of times until it connected to the server.
so if it timed out just try again till it works. I also heard that creating a new one and running it helped for some ppl****

@under1aker
Copy link

simplified:

@echo off
cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /skms kms8.MSGuides.com >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ato
shutdown.exe /r /t 00

I haven't had any issues with false positives either.

@elonmasai7
Copy link

Thanks it worked for me windows 10 pro

@vzph
Copy link

vzph commented Sep 17, 2023

why is there a shutdown command there, what does it do?

@under1aker
Copy link

why is there a shutdown command there, what does it do?

shutdown.exe /r /t 0 - launch system shutdown prog to reboot (/r) the computer immediately (/t 0) to activate the license, because the changes take effect only after a reboot :/

@Anythingfrees
Copy link

Thank you, https://hypestkey.com/product/windows-11-pro/ I bought the key here for cheap price, the key was retail and activated without problems. and they microsoft partner

@ileathan
Copy link

ileathan commented Sep 24, 2023

Don't give virus Microsoft too much money unless you have too, copy pasting the code is also often more practical.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment