From c87069ecc17baf55be4ee8b23d68af42b2bcbebe Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 16 Jun 2023 13:35:59 +0300 Subject: [PATCH] QWORD / AuthInfo / Upgrade Bit / ComboBox --- Keygen.vcxproj | 1 + Keygen.vcxproj.filters | 3 + header.h | 52 ++--- key.cpp | 66 +++--- resource.h | 3 +- resource.rc | Bin 5104 -> 5258 bytes resources/dropdown.bmp | Bin 0 -> 182 bytes server.cpp | 4 +- windows.cpp | 491 ++++++++++++++++++++++++++++++++--------- xp.cpp | 22 +- 10 files changed, 469 insertions(+), 173 deletions(-) create mode 100644 resources/dropdown.bmp diff --git a/Keygen.vcxproj b/Keygen.vcxproj index 1e38300..58e61ef 100644 --- a/Keygen.vcxproj +++ b/Keygen.vcxproj @@ -290,6 +290,7 @@ + diff --git a/Keygen.vcxproj.filters b/Keygen.vcxproj.filters index 9298848..03c29d4 100644 --- a/Keygen.vcxproj.filters +++ b/Keygen.vcxproj.filters @@ -66,6 +66,9 @@ Resources + + Resources + diff --git a/header.h b/header.h index 91941a4..a07067d 100644 --- a/header.h +++ b/header.h @@ -42,22 +42,28 @@ #define IDC_BUTTON3 1002 #define IDC_BUTTON4 1003 -#define IDC_RADIO1 1005 -#define IDC_RADIO2 1006 +#define IDC_COMBO1 1020 -#define IDC_EDIT1 1010 +#define IDC_RADIO1 1030 +#define IDC_RADIO2 1031 -#define IDC_INPUT1 1020 -#define IDC_INPUT2 1021 +#define IDC_CHECK1 1036 -#define IDC_IMAGE1 1050 -#define IDC_IMAGE2 1051 +#define IDC_EDIT1 1040 -#define IDC_LABEL1 1055 -#define IDC_LABEL2 1056 -#define IDC_LABEL3 1057 -#define IDC_LABEL4 1058 -#define IDC_LABEL5 1059 +#define IDC_INPUT1 1060 +#define IDC_INPUT2 1061 +#define IDC_INPUT3 1062 + +#define IDC_IMAGE1 1080 +#define IDC_IMAGE2 1081 + +#define IDC_LABEL1 1105 +#define IDC_LABEL2 1106 +#define IDC_LABEL3 1107 +#define IDC_LABEL4 1108 +#define IDC_LABEL5 1109 +#define IDC_LABEL6 1110 typedef uint64_t QWORD; @@ -67,12 +73,12 @@ extern const char pXP[]; extern const long aXP; extern const long bXP; - // xp.cpp VOID unpackXP( - QWORD (&pRaw)[2], - BOOL &pUpgrade, - DWORD &pSerial, + QWORD(&pRaw)[2], + BOOL &pUpgrade, + DWORD &pChannelID, + DWORD &pSequence, DWORD &pHash, QWORD &pSignature ); @@ -80,18 +86,12 @@ VOID unpackXP( VOID packXP( QWORD (&pRaw)[2], BOOL pUpgrade, - DWORD pSerial, + DWORD pChannelID, + DWORD pSequence, DWORD pHash, QWORD pSignature ); -BOOL verifyXPKey( - EC_GROUP *eCurve, - EC_POINT *basePoint, - EC_POINT *publicKey, - CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR] -); - VOID generateXPKey( EC_GROUP *eCurve, EC_POINT *basePoint, @@ -184,8 +184,8 @@ int BN_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen); bool unbase24(BYTE *byteSeq, CHAR (&pKey)[PK_LENGTH + NULL_TERMINATOR]); void base24(BYTE *byteSeq, CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR]); -void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText); -void formatServer(WCHAR *pText); +VOID formatXP(BOOL bUpgrade, WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText); +VOID formatServer(BOOL bUpgrade, WCHAR *pBSection, WCHAR *pAuthSection, WCHAR *pText); // windows.cpp diff --git a/key.cpp b/key.cpp index 9a040ad..2d54fed 100644 --- a/key.cpp +++ b/key.cpp @@ -73,10 +73,9 @@ void base24(BYTE *byteSeq, CHAR(&pKey)[PK_LENGTH + NULL_TERMINATOR]) { } /* Formats Windows XP key output. */ -void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) { +void formatXP(BOOL bUpgrade, WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) { WCHAR pDashedKey[PK_LENGTH + 4 + NULL_TERMINATOR]{}; - - int pSSection = 0; + INT pSSection = 0; for (int i = 0; i < wcslen(pCSection); i++) pSSection -= pCSection[i] - '0'; @@ -84,69 +83,82 @@ void formatXP(WCHAR *pBSection, WCHAR *pCSection, WCHAR *pText) { while (pSSection < 0) pSSection += 7; - CHAR pKey[PK_LENGTH + NULL_TERMINATOR]{}; - DWORD pChannelID = _wtoi(pBSection), - pSequence = _wtoi(pCSection); + CHAR pKey[PK_LENGTH + NULL_TERMINATOR]{}; + DWORD nChannelID = wcstoul(pBSection, nullptr, 10), + nSequence = wcstoul(pCSection, nullptr, 10); + + BOOL bValid = keyXP(pKey, nChannelID, nSequence, bUpgrade); - DWORD pHash; QWORD pRaw[2]{}, pSignature; - bool bValid = keyXP(pKey, pChannelID, pSequence, false); + DWORD pChannelID, + pSequence, + pSerial, + pHash; - DWORD pSerial; - BOOL pUpgrade = false; + BOOL pUpgrade; unbase24((BYTE *)pRaw, pKey); - unpackXP(pRaw, pUpgrade, pSerial, pHash, pSignature); + unpackXP(pRaw, pUpgrade, pChannelID, pSequence, pHash, pSignature); + + pSerial = pChannelID * 1'000'000 + pSequence; for (int i = 0; i < 5; i++) wsprintfW(pDashedKey, L"%s%s%.5S", pDashedKey, i != 0 ? L"-" : L"", &pKey[5 * i]); swprintf( pText, - L"Product ID:\tPPPPP-%03d-%06d%d-23XXX\r\n\r\nBytecode:\t%016llX %016llX\r\nHash:\t\t%lX\r\nSignature:\t%llX\r\nCurve Point:\t%s\r\n\r\n%s\r\n", - pSerial / 1'000'000, - pSerial % 1'000'000, + L"PRODUCT ID:\tPPPPP-%03d-%06d%d-23XXX\r\n\r\nBYTECODE:\t%016llX %016llX\r\nUPGRADE:\t%s\r\nSERIAL:\t\t0x%lX (%d)\r\nHASH:\t\t0x%lX\r\nSIGNATURE:\t0x%llX\r\nCURVE POINT:\t%s\r\n\r\n\r\n%s\r\n", + pChannelID, + pSequence, pSSection, pRaw[1], pRaw[0], + pUpgrade ? L"TRUE" : L"FALSE", + pSerial, pSerial, pHash, pSignature, - bValid ? L"True" : L"False", + bValid ? L"TRUE" : L"FALSE", pDashedKey ); } /* Formats Windows Server 2003 key output. */ -void formatServer(WCHAR *pText) { +void formatServer(BOOL bUpgrade, WCHAR *pBSection, WCHAR *pAuthSection, WCHAR *pText) { WCHAR pDashedKey[32]{}; - char pKey[PK_LENGTH + NULL_TERMINATOR]{}; - DWORD pHash = 0, - pChannelID = 0, - pAuthInfo = 0; + CHAR pKey[PK_LENGTH + NULL_TERMINATOR]{}; + DWORD nChannelID = wcstoul(pBSection, nullptr, 10); + DWORD nAuthInfo = wcstoul(pAuthSection, nullptr, 0) % 0x400; + + BOOL bValid = keyServer(pKey, nChannelID, nAuthInfo, bUpgrade); QWORD pRaw[2]{}, - pSignature; + pSignature; + + DWORD pHash, + pChannelID, + pAuthInfo; - BOOL pUpgrade = false; - bool bValid = keyServer(pKey, 640, 0, pUpgrade); + BOOL pUpgrade; unbase24((BYTE *)pRaw, pKey); unpackServer(pRaw, pUpgrade, pChannelID, pHash, pSignature, pAuthInfo); for (int i = 0; i < 5; i++) - wsprintfW(pDashedKey, L"%s%s%.5S", pDashedKey, i != 0 ? L"-" : L"", &pKey[5 * i]); + swprintf(pDashedKey, L"%s%s%.5S", pDashedKey, i != 0 ? L"-" : L"", &pKey[5 * i]); swprintf( pText, - L"Bytecode:\t%016llX %016llX\r\nChannel ID:\t%d\r\nHash:\t\t%lX\r\nSignature:\t%llX\r\nAuthInfo:\t%d\r\nCurve Point:\t%s\r\n\r\n%s\r\n", - pRaw[1], pRaw[0], + L"PRODUCT ID:\tPPPPP-%03d-CCCCCCS-45XXX\r\n\r\nBYTECODE:\t%016llX %016llX\r\nUPGRADE:\t%s\r\nCHANNEL ID:\t0x%lX (%d)\r\nHASH:\t\t0x%lX\r\nSIGNATURE:\t0x%llX\r\nAUTHINFO:\t0x%03lX\r\nCURVE POINT:\t%s\r\n\r\n%s\r\n", pChannelID, + pRaw[1], pRaw[0], + pUpgrade ? L"TRUE" : L"FALSE", + pChannelID, pChannelID, pHash, pSignature, pAuthInfo, - bValid ? L"True" : L"False", + bValid ? L"TRUE" : L"FALSE", pDashedKey ); } diff --git a/resource.h b/resource.h index 6d93db9..4dd5806 100644 --- a/resource.h +++ b/resource.h @@ -8,12 +8,13 @@ #define IDB_BITMAP2 104 #define IDB_BITMAP3 105 #define IDB_BITMAP4 106 +#define IDB_BITMAP5 107 // Next default values for new objects // #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 107 +#define _APS_NEXT_RESOURCE_VALUE 108 #define _APS_NEXT_COMMAND_VALUE 40001 #define _APS_NEXT_CONTROL_VALUE 1001 #define _APS_NEXT_SYMED_VALUE 101 diff --git a/resource.rc b/resource.rc index 4d10680688f1fe89218cec214f1488b27b3315f2..0bf79e1394a34434da7f04a7bd8d8220e5052147 100644 GIT binary patch delta 42 wcmeyM-le%=o4{ll0TD*i$%X>S{3#4Y4EYQN3@JdeoFQ*=A;0kEZ30%z01&wg*#H0l delta 12 TcmeCu{Gh&Jo51D(K`UkeBS{33 diff --git a/resources/dropdown.bmp b/resources/dropdown.bmp new file mode 100644 index 0000000000000000000000000000000000000000..de5eb8d6aa8783468d71adaa2aad876401efc9e9 GIT binary patch literal 182 zcmZ?r-Npa`Za_){i20zHk%0vw0VIzA1wj}j0u}x5=H~XFhll6?hYuhA!xiFYC_$u{ fj1|BPWkDkl&1A?R3=&WlU|<9ZFaogv5EB3ZCnXI1 literal 0 HcmV?d00001 diff --git a/server.cpp b/server.cpp index d77b07b..8e6c0f6 100644 --- a/server.cpp +++ b/server.cpp @@ -23,7 +23,7 @@ const char genOrderSv[] = "4CC5C56529F0237D"; // Computed private key const char privateKeySv[] = "2606120F59C05118"; -/* Windows XP x64 +/* Windows XP x64 Public key (-K) = (1989960177638374390878377737764297057685259206834686428253479199374616869742150776410973898745805799780071536831208959469038333664656928533078897351495263; 2680493145252003995204016438404731303203625133293449171132691660710342616258476835192643732221910418645447349019141673820306444587247165566828458285756618) Order of base point G (n) = 4710798293276956193 Private key (k) = 4699066967014190092 for INVERSE. 11731326262766101 @@ -43,7 +43,7 @@ const char pubYSv[] = "A186A2C2913E5584F05E97D3CD49E354E6C41BE329877D7FCC7B2BF87 const char genOrderSv[] = "41601E16BF4A1621"; // Computed private key <- CALCULATED ON MY i7-12700K in 5 minutes 40 seconds -const char privateKeySv[] = "4136708280A72C0C";*/ +const char privateKeySv[] = "29AD943EA2EA15"; */ /* Windows XP x64 OEM diff --git a/windows.cpp b/windows.cpp index 20d1640..c3fef0e 100644 --- a/windows.cpp +++ b/windows.cpp @@ -15,13 +15,65 @@ HWND hMainWindow; const WCHAR *pAboutLink = L"https://github.com/Endermanch/XPKeygen", *pWebsite = L"https://malwarewatch.org", - *pVersion = L"2.3", + *pVersion = L"2.5", *pTitle = L"Windows XP Pro SP3 // Server 2003 SP0 x86 VLK - Enderman[ch]", - *pGroupTitle = L"Windows XP Pro SP3 // Server 2003 SP0 x86 VLK"; + *pGroupTitle = L"Windows XP Pro SP3 // Server 2003 SP0 x86 VLK", + *pRBText = L"z22 / MSKey / Endermanch ◄ 14/06/2023"; bool bServer = false, + bUpgrade = false, bMusic = true; +const int w = 615, + h = 545, + x = (GetSystemMetrics(SM_CXSCREEN) - w) / 2, + y = (GetSystemMetrics(SM_CYSCREEN) - h) / 2; + +/* Hexadecimal edit processor. */ +LRESULT HexEditProc(HWND hWindow, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uIdSubclass, DWORD_PTR dwRefData) { + static EDITBALLOONTIP balloonTip; + + switch (uMsg) { + case WM_APP + IDC_EDIT1: { + balloonTip.cbStruct = sizeof(EDITBALLOONTIP); + balloonTip.pszTitle = L"Unacceptable Character"; + balloonTip.pszText = L"You can only type decimal/hexadecimal numbers here."; + balloonTip.ttiIcon = TTI_ERROR; + + break; + } + + case WM_CHAR: { + WCHAR isXPresent[2 + 1]; // 0x and the NULL terminator. + + WCHAR hexNumber = toupper(wParam); + ULONG hexLength = SendMessageW(hWindow, WM_GETTEXTLENGTH, 0, 0); + + SendMessageW(hWindow, WM_GETTEXT, 3, (LPARAM)isXPresent); + + if (hexNumber >= L'A' && hexNumber <= L'F' && toupper(isXPresent[1]) == 'X' || + hexNumber >= L'0' && hexNumber <= L'9' || + hexNumber == L'X' && hexLength == 0x01 || + hexNumber < L' ' || hexLength == 0x0C) goto forward; + + SendMessageW(hWindow, EM_SHOWBALLOONTIP, 0, (LPARAM)&balloonTip); + + break; + } + + case WM_NCDESTROY: { + RemoveWindowSubclass(hWindow, HexEditProc, 1); + + break; + } + + forward: + default: return DefSubclassProc(hWindow, uMsg, wParam, lParam); + } + + return 0; +} + /* Bitmap link processor. */ LRESULT BitmapLinkProc(HWND hWindow, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uIdSubclass, DWORD_PTR dwRefData) { static TRACKMOUSEEVENT trackMouse; @@ -136,6 +188,98 @@ LRESULT StaticLinkProc(HWND hWindow, UINT uMsg, WPARAM wParam, LPARAM lParam, UI return 0; } +/* Combo box processor. */ +LRESULT CALLBACK ComboProc(HWND hWindow, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uIdSubclass, DWORD_PTR dwRefData) { + switch (uMsg) { + case WM_PAINT: { + // If the combobox isn't dropdown-only, there's no support for it. + if ((GetWindowLongPtrW(hWindow, GWL_STYLE) & CBS_DROPDOWNLIST) == 0) + break; + + RECT rClient; + PAINTSTRUCT paintStruct; + BITMAP pBitmap; + + HDC hClientDC = BeginPaint(hWindow, &paintStruct), + hCompatDC = CreateCompatibleDC(hClientDC); + + HBITMAP hDropDownBitmap = LoadBitmapW((HINSTANCE)GetWindowLongPtrW(hWindow, GWLP_HINSTANCE), MAKEINTRESOURCEW(IDB_BITMAP5)); + HBRUSH hBlackBrush = CreateSolidBrush(RGB(0, 0, 0)); + HPEN hPen = CreatePen(PS_SOLID, 1, RGB(128, 128, 128)); + HGDIOBJ hOldBrush = SelectObject(hClientDC, hBlackBrush), + hOldPen = SelectObject(hClientDC, hPen), + hOldBitmap = SelectObject(hCompatDC, hDropDownBitmap); + + // Acquire client coordinates, select current font of the window. + GetClientRect(hWindow, &rClient); + SelectObject(hClientDC, (HFONT)SendMessage(hWindow, WM_GETFONT, 0, 0)); + + // Draw border. + Rectangle(hClientDC, 0, 0, rClient.right, rClient.bottom); + + // Set background and foreground text colors. + SetBkColor(hClientDC, RGB(0, 0, 0)); + SetTextColor(hClientDC, RGB(255, 255, 255)); + + // Select bitmap object and copy bits. + GetObjectW(hDropDownBitmap, sizeof(pBitmap), &pBitmap); + BitBlt( + hClientDC, + rClient.right - (pBitmap.bmWidth + 3), + rClient.bottom - (rClient.bottom - rClient.top + pBitmap.bmHeight) / 2, + pBitmap.bmWidth, pBitmap.bmHeight, + hCompatDC, + 0, 0, + SRCCOPY + ); + + // Re-select old bitmap. + SelectObject(hCompatDC, hOldBitmap); + + INT nSelect = SendMessageW(hWindow, CB_GETCURSEL, 0, 0); + + // If an item is selected, we need to draw it as well. + if (nSelect >= 0) { + INT nLength = SendMessageW(hWindow, CB_GETLBTEXTLEN, nSelect, 0); + WCHAR *pBuffer = (WCHAR *)calloc(nLength + NULL_TERMINATOR, sizeof(WCHAR)); + + // Acquire item text. + SendMessageW(hWindow, CB_GETLBTEXT, nSelect, (LPARAM)pBuffer); + + // Add left margin and draw text. + rClient.left += 5; + DrawTextW( + hClientDC, + pBuffer, + -1, + &rClient, + DT_EDITCONTROL | DT_LEFT | DT_VCENTER | DT_SINGLELINE + ); + + free(pBuffer); + } + + // Re-select previous objects. + SelectObject(hClientDC, hOldPen); + SelectObject(hClientDC, hOldBrush); + + // Free memory. + DeleteObject(hBlackBrush); + DeleteObject(hPen); + + EndPaint(hWindow, &paintStruct); + return 0; + } + + case WM_NCDESTROY: { + RemoveWindowSubclass(hWindow, ComboProc, uIdSubclass); + break; + } + } + + return DefSubclassProc(hWindow, uMsg, wParam, lParam); +} + /* Main window processor. */ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lParam) { static HINSTANCE hInstance; @@ -208,8 +352,8 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar case WM_PAINT: { SelectObject(hMainDC, hFrameColor); SelectObject(hMainDC, GetStockObject(HOLLOW_BRUSH)); - - RoundRect(hMainDC, 10, 165, 589, 430, 12, 12); + + RoundRect(hMainDC, 10, 165, w - 26, h - 65, 12, 12); InvalidateRect(GetDlgItem(hWindow, IDC_LABEL1), nullptr, true); goto execute; @@ -228,10 +372,12 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar } else if ((HWND)lParam == GetDlgItem(hWindow, IDC_LABEL4)) { SetTextColor((HDC)wParam, RGB(140, 140, 255)); + return (LRESULT)(hBGColorPrim); } else if ((HWND)lParam == GetDlgItem(hWindow, IDC_LABEL5)) { SetTextColor((HDC)wParam, RGB(255, 140, 140)); + return (LRESULT)(hBGColorPrim); } else { @@ -250,10 +396,31 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar else if ((HWND)lParam == GetDlgItem(hWindow, IDC_INPUT2)) { SetTextColor((HDC)wParam, RGB(140, 140, 255)); } + else if ((HWND)lParam == GetDlgItem(hWindow, IDC_INPUT3)) { + SetTextColor((HDC)wParam, RGB(255, 255, 140)); + } + else if ((HWND)lParam == GetDlgItem(hWindow, IDC_COMBO1)) { + SetTextColor((HDC)wParam, RGB(255, 255, 255)); + } else goto execute; return (LRESULT)(hBGColorSec); + case WM_CTLCOLORLISTBOX: { + COMBOBOXINFO hComboBoxInfo{}; + + hComboBoxInfo.cbSize = sizeof(hComboBoxInfo); + SendDlgItemMessageW(hWindow, IDC_COMBO1, CB_GETCOMBOBOXINFO, 0, (LPARAM)&hComboBoxInfo); + + SetBkMode((HDC)wParam, TRANSPARENT); + + if ((HWND)lParam == hComboBoxInfo.hwndList) { + SetTextColor((HDC)wParam, RGB(255, 255, 255)); + } + + return (LRESULT)(hBGColorSec); + } + case WM_NOTIFY: { LPNMHDR nmHeader = (LPNMHDR)lParam; @@ -374,10 +541,36 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar break; } + case IDC_COMBO1: + switch (HIWORD(wParam)) { + case CBN_SELCHANGE: + int nSelect = SendMessageW((HWND)lParam, CB_GETCURSEL, 0, 0); + + switch (nSelect) { + case 0: + EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT2), true); + EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT3), false); + + bServer = false; + break; + + case 1: + EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT2), false); + EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT3), true); + + bServer = true; + break; + } + + break; + } + + break; + case IDC_LABEL2: { switch (HIWORD(wParam)) { case STN_CLICKED: - CheckRadioButton(hWindow, IDC_RADIO1, IDC_RADIO2, IDC_RADIO1); + SendDlgItemMessageW(hWindow, IDC_CHECK1, BM_SETCHECK, !SendDlgItemMessageW(hWindow, IDC_CHECK1, BM_GETCHECK, 0, 0), 0); break; } @@ -385,21 +578,17 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar __fallthrough; } - case IDC_RADIO1: + case IDC_CHECK1: switch (HIWORD(wParam)) { case BN_CLICKED: - EnableWindow(GetDlgItem(hMainWindow, IDC_BUTTON4), true); - - EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT1), true); - EnableWindow(GetDlgItem(hMainWindow, IDC_INPUT2), true); - - bServer = false; + bUpgrade = IsDlgButtonChecked(hWindow, IDC_CHECK1); break; } break; - + + /* case IDC_LABEL3: { switch (HIWORD(wParam)) { case STN_CLICKED: @@ -425,6 +614,7 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar } break; + */ case IDC_BUTTON1: { ShellExecuteW(hWindow, L"open", pAboutLink, nullptr, nullptr, SW_SHOWNORMAL); @@ -433,21 +623,24 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar } case IDC_BUTTON2: { - WCHAR *pText = (WCHAR *)calloc(512, sizeof(WCHAR)); - HWND hEdit = GetDlgItem(hMainWindow, IDC_EDIT1); + WCHAR *pText = (WCHAR *)calloc(512, sizeof(WCHAR)), + pBSection[4]{}, pCSection[8]{}, pAuthSection[8]{}; + + HWND hInput1 = GetDlgItem(hMainWindow, IDC_INPUT1), + hInput2 = GetDlgItem(hMainWindow, IDC_INPUT2), + hEdit = GetDlgItem(hMainWindow, IDC_EDIT1); + + SendMessageW(hInput1, WM_GETTEXT, 3 + NULL_TERMINATOR, (LPARAM)pBSection); + SendMessageW(hInput2, WM_GETTEXT, 6 + NULL_TERMINATOR, (LPARAM)pCSection); if (bServer) { - formatServer(pText); + HWND hInput3 = GetDlgItem(hMainWindow, IDC_INPUT3); + + SendMessageW(hInput3, WM_GETTEXT, 5 + NULL_TERMINATOR, (LPARAM)pAuthSection); + formatServer(bUpgrade, pBSection, pAuthSection, pText); } else { - WCHAR pBSection[4]{}, pCSection[8]{}; - HWND hInput1 = GetDlgItem(hMainWindow, IDC_INPUT1), - hInput2 = GetDlgItem(hMainWindow, IDC_INPUT2); - - SendMessageW(hInput1, WM_GETTEXT, 3 + NULL_TERMINATOR, (LPARAM)pBSection); - SendMessageW(hInput2, WM_GETTEXT, 6 + NULL_TERMINATOR, (LPARAM)pCSection); - - formatXP(pBSection, pCSection, pText); + formatXP(bUpgrade, pBSection, pCSection, pText); } SendMessageW(hEdit, WM_SETTEXT, 0, (LPARAM)pText); @@ -463,16 +656,16 @@ LRESULT CALLBACK WNDProc(HWND hWindow, UINT uMessage, WPARAM wParam, LPARAM lPar } case IDC_BUTTON4: { - DWORD msDigits = randomRange(0, 999), - lsDigits = randomRange(0, 999'999); + DWORD nChannelID = randomRange(1, 999), + nSequence = randomRange(0, 999'999); WCHAR pBSection[4]{}, pCSection[8]{}; - wsprintfW(pBSection, L"%03d", msDigits); - wsprintfW(pCSection, L"%06d", lsDigits); + wsprintfW(pBSection, L"%03d", nChannelID); + wsprintfW(pCSection, L"%06d", nSequence); SendMessageW(GetDlgItem(hMainWindow, IDC_INPUT1), WM_SETTEXT, 0, (LPARAM)pBSection); - SendMessageW(GetDlgItem(hMainWindow, IDC_INPUT2), WM_SETTEXT, 0, (LPARAM)pCSection); + if (!bServer) SendMessageW(GetDlgItem(hMainWindow, IDC_INPUT2), WM_SETTEXT, 0, (LPARAM)pCSection); break; } @@ -579,11 +772,6 @@ bool InitializeWindow(HINSTANCE hInstance) { InitializeFonts(&hLabelFont, &hSmolFont, &hBoldFont, &hCaptionFont); - const int w = 615, - h = 495, - x = (GetSystemMetrics(SM_CXSCREEN) - w) / 2, - y = (GetSystemMetrics(SM_CYSCREEN) - h) / 2; - hMainWindow = CreateWindowExW( 0, L"XPKeygen", @@ -650,104 +838,76 @@ bool InitializeWindow(HINSTANCE hInstance) { SendMessageW(hGroupBox, WM_SETFONT, (WPARAM)hCaptionFont, 0); - HWND hRPKLabel = CreateWindowExW( + HWND hVersionLabel = CreateWindowExW( 0, - L"Static", L"Raw Product Key:", + L"Static", L"Version:", WS_CHILD | WS_VISIBLE, 20, 190, - 100, 16, + 50, 16, hMainWindow, nullptr, hInstance, nullptr ); - SendMessageW(hRPKLabel, WM_SETFONT, (WPARAM)hBoldFont, 0); + SendMessageW(hVersionLabel, WM_SETFONT, (WPARAM)hBoldFont, 0); - HWND hInput1 = CreateWindowExW( + HWND hComboBox = CreateWindowExW( 0, - L"Edit", + WC_COMBOBOX, L"", - WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | - ES_LEFT | ES_NUMBER, - 130, 189, - 40, 20, + WS_CHILD | WS_VISIBLE | WS_OVERLAPPED | WS_BORDER | WS_TABSTOP | + CBS_DROPDOWNLIST | CBS_HASSTRINGS, + 70, 190 - 2, + 400, 20, hMainWindow, - (HMENU)IDC_INPUT1, - hInstance, - nullptr - ); - - SendMessageW(hInput1, EM_SETCUEBANNER, 0, (LPARAM)L"BBB"); - SendMessageW(hInput1, WM_SETTEXT, 0, (LPARAM)L"640"); - SendMessageW(hInput1, WM_SETFONT, (WPARAM)hLabelFont, 0); - - SendMessageW(hInput1, EM_SETLIMITTEXT, (WPARAM)3, 0); - - HWND hRPKDash = CreateWindowExW( - 0, - L"Static", L"-", - WS_CHILD | WS_VISIBLE, - 173, 190, - 10, 16, - hMainWindow, nullptr, + (HMENU)IDC_COMBO1, hInstance, nullptr ); - SendMessageW(hRPKDash, WM_SETFONT, (WPARAM)hBoldFont, 0); + SetWindowSubclass(hComboBox, (SUBCLASSPROC)ComboProc, IDC_COMBO1, 0); - HWND hInput2 = CreateWindowExW( - 0, - L"Edit", - L"", - WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | - ES_LEFT | ES_NUMBER, - 181, 189, - 70, 20, - hMainWindow, - (HMENU)IDC_INPUT2, - hInstance, - nullptr - ); + SendMessageW(hComboBox, WM_SETFONT, (WPARAM)hLabelFont, 0); - SendMessageW(hInput2, EM_SETCUEBANNER, 0, (LPARAM)L"CCCCCC"); - SendMessageW(hInput2, WM_SETTEXT, 0, (LPARAM)L"883400"); - SendMessageW(hInput2, WM_SETFONT, (WPARAM)hLabelFont, 0); + SendMessageW(hComboBox, CB_ADDSTRING, 0, (LPARAM)L"Windows XP (SP0 - SP3)"); + SendMessageW(hComboBox, CB_ADDSTRING, 0, (LPARAM)L"Windows Server 2003 (SP0)"); - SendMessageW(hInput2, EM_SETLIMITTEXT, (WPARAM)6, 0); + SendMessageW(hComboBox, CB_SETCURSEL, 0, 0); - HWND hRandomize = CreateWindowExW( - 0, + HWND hUpgrade = CreateWindowExW( + WS_EX_WINDOWEDGE, L"Button", - L"Randomize", - WS_CHILD | WS_VISIBLE | WS_TABSTOP, - 260, 188, - 75, 22, + L"", + WS_VISIBLE | WS_CHILD | WS_TABSTOP | + BS_AUTOCHECKBOX, + 480, 190 - 1, + 17, 20, hMainWindow, - (HMENU)IDC_BUTTON4, - hInstance, - nullptr + (HMENU)IDC_CHECK1, + hInstance, nullptr ); - SendMessageW(hRandomize, WM_SETFONT, (WPARAM)hLabelFont, 0); + SendMessageW(hUpgrade, WM_SETFONT, (WPARAM)hLabelFont, 0); - HWND hVersionLabel = CreateWindowExW( + HWND hUpgradeLabel = CreateWindowExW( 0, - L"Static", L"Version:", - WS_CHILD | WS_VISIBLE, - 20, 220, - 100, 16, - hMainWindow, nullptr, + L"Static", + L"Upgrade", + WS_CHILD | WS_VISIBLE | + SS_NOTIFY, + 497, 190 + 1, + 50, 16, + hMainWindow, (HMENU)IDC_LABEL2, hInstance, nullptr ); - SendMessageW(hVersionLabel, WM_SETFONT, (WPARAM)hBoldFont, 0); + SendMessageW(hUpgradeLabel, WM_SETFONT, (WPARAM)hLabelFont, 0); - HWND hRadio1 = CreateWindowExW( + /*HWND hRadio1 = CreateWindowExW( WS_EX_WINDOWEDGE, L"Button", L"", WS_VISIBLE | WS_CHILD | WS_GROUP | WS_TABSTOP | BS_AUTORADIOBUTTON, - 70, 219, + 70, 190 - 1, 17, 20, hMainWindow, (HMENU)IDC_RADIO1, @@ -763,7 +923,7 @@ bool InitializeWindow(HINSTANCE hInstance) { L"Windows XP VLK", WS_CHILD | WS_VISIBLE | SS_NOTIFY, - 89, 221, + 89, 190 + 1, 90, 16, hMainWindow, (HMENU)IDC_LABEL2, hInstance, nullptr @@ -777,7 +937,7 @@ bool InitializeWindow(HINSTANCE hInstance) { L"", WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_AUTORADIOBUTTON, - 200, 219, + 200, 190 - 1, 17, 20, hMainWindow, (HMENU)IDC_RADIO2, @@ -791,13 +951,128 @@ bool InitializeWindow(HINSTANCE hInstance) { L"Windows Server 2003 VLK", WS_CHILD | WS_VISIBLE | SS_NOTIFY, - 218, 221, + 218, 190 + 1, 142, 16, hMainWindow, (HMENU)IDC_LABEL3, hInstance, nullptr ); - SendMessageW(hRadioLabel2, WM_SETFONT, (WPARAM)hLabelFont, 0); + SendMessageW(hRadioLabel2, WM_SETFONT, (WPARAM)hLabelFont, 0);*/ + + HWND hSerialLabel = CreateWindowExW( + 0, + L"Static", L"Serial:", + WS_CHILD | WS_VISIBLE, + 20, 220 + 1, + 50, 16, + hMainWindow, nullptr, + hInstance, nullptr + ); + + SendMessageW(hSerialLabel, WM_SETFONT, (WPARAM)hBoldFont, 0); + + HWND hChannelID = CreateWindowExW( + 0, + L"Edit", + L"", + WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | + ES_LEFT | ES_NUMBER, + 70, 220 - 1, + 40, 20, + hMainWindow, + (HMENU)IDC_INPUT1, + hInstance, + nullptr + ); + + SendMessageW(hChannelID, EM_SETCUEBANNER, 0, (LPARAM)L"BBB"); + SendMessageW(hChannelID, WM_SETTEXT, 0, (LPARAM)L"640"); + SendMessageW(hChannelID, WM_SETFONT, (WPARAM)hLabelFont, 0); + + SendMessageW(hChannelID, EM_SETLIMITTEXT, (WPARAM)3, 0); + + HWND hSerialDash = CreateWindowExW( + 0, + L"Static", L"-", + WS_CHILD | WS_VISIBLE, + 113, 220, + 10, 16, + hMainWindow, nullptr, + hInstance, nullptr + ); + + SendMessageW(hSerialDash, WM_SETFONT, (WPARAM)hBoldFont, 0); + + HWND hSequence = CreateWindowExW( + 0, + L"Edit", + L"", + WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | + ES_LEFT | ES_NUMBER, + 121, 220 - 1, + 70, 20, + hMainWindow, + (HMENU)IDC_INPUT2, + hInstance, + nullptr + ); + + SendMessageW(hSequence, EM_SETCUEBANNER, 0, (LPARAM)L"CCCCCC"); + SendMessageW(hSequence, WM_SETTEXT, 0, (LPARAM)L"883400"); + SendMessageW(hSequence, WM_SETFONT, (WPARAM)hLabelFont, 0); + + SendMessageW(hSequence, EM_SETLIMITTEXT, (WPARAM)6, 0); + + HWND hRandomize = CreateWindowExW( + 0, + L"Button", + L"Randomize", + WS_CHILD | WS_VISIBLE | WS_TABSTOP, + 200, 220 - 2, + 75, 22, + hMainWindow, + (HMENU)IDC_BUTTON4, + hInstance, + nullptr + ); + + SendMessageW(hRandomize, WM_SETFONT, (WPARAM)hLabelFont, 0); + + HWND hAuthInfoLabel = CreateWindowExW( + 0, + L"Static", L"AuthInfo:", + WS_CHILD | WS_VISIBLE, + 290, 220 + 1, + 70, 16, + hMainWindow, nullptr, + hInstance, nullptr + ); + + SendMessageW(hAuthInfoLabel, WM_SETFONT, (WPARAM)hBoldFont, 0); + + HWND hAuthInfo = CreateWindowExW( + 0, + L"Edit", + L"", + WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | + WS_DISABLED | ES_LEFT, + 350, 220 - 1, + 50, 20, + hMainWindow, + (HMENU)IDC_INPUT3, + hInstance, + nullptr + ); + + SetWindowSubclass(hAuthInfo, HexEditProc, IDC_EDIT1, 0); + + SendMessageW(hAuthInfo, EM_SETCUEBANNER, 0, (LPARAM)L"0 - 1023"); + SendMessageW(hAuthInfo, EM_SETLIMITTEXT, (WPARAM)5, 0); + + SendMessageW(hAuthInfo, WM_SETTEXT, 0, (LPARAM)L"0x1A4"); + + SendMessageW(hAuthInfo, WM_APP + IDC_EDIT1, 0, 0); + SendMessageW(hAuthInfo, WM_SETFONT, (WPARAM)hLabelFont, 0); HWND hEdit = CreateWindowExW( 0, @@ -805,7 +1080,7 @@ bool InitializeWindow(HINSTANCE hInstance) { L"", WS_CHILD | WS_VISIBLE | WS_BORDER | ES_MULTILINE | ES_READONLY | - ES_LEFT | ES_UPPERCASE, + ES_LEFT, 20, 250, w - 57, h - 360, hMainWindow, @@ -874,7 +1149,7 @@ bool InitializeWindow(HINSTANCE hInstance) { pVersionString, WS_CHILD | WS_VISIBLE | SS_NOTIFY, - 10, 436, + 10, h - 58, 170, 16, hMainWindow, (HMENU)IDC_LABEL4, hInstance, nullptr @@ -888,10 +1163,10 @@ bool InitializeWindow(HINSTANCE hInstance) { HWND hBRText = CreateWindowExW( 0, L"Static", - L"z22 / mskey / Endermanch ◄ 16/04/2023", + pRBText, WS_CHILD | WS_VISIBLE, - w - (170 + 20), 436, - 170, 16, + w - (173 + 20), h - 58, + 173, 16, hMainWindow, (HMENU)IDC_LABEL5, hInstance, nullptr ); diff --git a/xp.cpp b/xp.cpp index 2a2bd27..3f3f98a 100644 --- a/xp.cpp +++ b/xp.cpp @@ -48,7 +48,8 @@ const char privateKeyXP[] = "B9E99B9BB9812E"; // "677A485D4BE4A0";*/ VOID unpackXP( QWORD (&pRaw)[2], BOOL &pUpgrade, - DWORD &pSerial, + DWORD &pChannelID, + DWORD &pSequence, DWORD &pHash, QWORD &pSignature ) { @@ -59,7 +60,8 @@ VOID unpackXP( pUpgrade = FIRSTNBITS(pRaw[0], 1); // Serial = Bits [1..30] -> 30 bits - pSerial = NEXTSNBITS(pRaw[0], 30, 1); + pChannelID = NEXTSNBITS(pRaw[0], 30, 1) / 1'000'000; + pSequence = NEXTSNBITS(pRaw[0], 30, 1) % 1'000'000; // Hash = Bits [31..58] -> 28 bits pHash = NEXTSNBITS(pRaw[0], 28, 31); @@ -72,7 +74,8 @@ VOID unpackXP( VOID packXP( QWORD (&pRaw)[2], BOOL pUpgrade, - DWORD pSerial, + DWORD pChannelID, + DWORD pSequence, DWORD pHash, QWORD pSignature ) { @@ -81,7 +84,7 @@ VOID packXP( // 64 * 2 = 128 // Signature [114..59] <- Hash [58..31] <- Serial [30..1] <- Upgrade [0] - pRaw[0] = FIRSTNBITS(pSignature, 5) << 59 | FIRSTNBITS(pHash, 28) << 31 | (QWORD)pSerial << 1 | pUpgrade; + pRaw[0] = FIRSTNBITS(pSignature, 5) << 59 | FIRSTNBITS(pHash, 28) << 31 | (QWORD)(pChannelID * 1'000'000 + pSequence) << 1 | pUpgrade; pRaw[1] = NEXTSNBITS(pSignature, 51, 5); } @@ -98,7 +101,8 @@ BOOL verifyXPKey( pSignature; DWORD pData, - pSerial, + pChannelID, + pSequence, pHash; BOOL pUpgrade; @@ -107,9 +111,9 @@ BOOL verifyXPKey( unbase24((BYTE *)pRaw, pKey); // Extract RPK, hash and signature from bytecode. - unpackXP(pRaw, pUpgrade, pSerial, pHash, pSignature); + unpackXP(pRaw, pUpgrade, pChannelID, pSequence, pHash, pSignature); - pData = pSerial << 1 | pUpgrade; + pData = (pChannelID * 1'000'000 + pSequence) << 1 | pUpgrade; /* * @@ -203,7 +207,7 @@ VOID generateXPKey( QWORD pRaw[2]{}, pSignature = 0; - // Data segment of the RPK. + // Data segment of the RPK (first 31 bits). DWORD pData = (pChannelID * 1'000'000 + pSequence) << 1 | pUpgrade; do { @@ -271,7 +275,7 @@ VOID generateXPKey( BN_bn2lebinpad(s, (BYTE *)&pSignature, BN_num_bytes(s)); // Pack product key. - packXP(pRaw, pUpgrade, pChannelID * 1'000'000 + pSequence, pHash, pSignature); + packXP(pRaw, pUpgrade, pChannelID, pSequence, pHash, pSignature); EC_POINT_free(r); } while (pSignature > BITMASK(55));