Beranda / komputer / Pengetahuan

Why you probably shouldn't use activators like KMSpico.

Oleh Sufyan Saori 3 komentar 
     Hallo Guys, Happy to see you again at my blog's , i share this article because one of my facebook friend shared about danger behind the kmspico activator. (honestly i used it). so lets read this article (Sorry about My English is Bad) :)






Structure of KMSpico with it's source code


I cannot reveal the whole source code for few reasons.
I'm sorry about that.

How does KMSpico work?
Many people claim that it uses the legal KMS method to activate. No, it doesn't. 


It creates an emulation in your Windows edition's
memory with IP of 127.0.0.1. That is your own machine. 


That means, it doesn't activate the way it is supposed to as mentioned in
Microsoft's website: 
http://technet.microsoft.com/en-us/library/ff793419.aspx

Steps-
1) It identifies your OS through an unique ID as mentioned .


2) It disables your smart-screen to prevent any interruption
   and getting caught .


3) It stops Windows Defender Service and adds it self into your Anti-Virus or Defender's
exceptions list to prevent getting caught.


4) It clears out the script values from "C:\Windows\Setup\Script" to prevent conflicts.
Finally, it has few predefined hex(s) values, which are integrated into your systems using regedit or merge method. 
This happens in the background since the commands use a special "nul" method, which doesn't generate any output.
Finally, few small changes in your Activation status are made and your machine is activated.

It also adds a scheduled task and service, which run at 11:59:59 everyday to keep the activation status intact. 


Scheduled tasks are made to run in the background, so you won't notice it running. 


It says that it has activated your copy for 180 days, but it's a fake display, since it is extended
everyday.
It is able to do this because you've granted it admin rights.
This is how KMSpico works. It's just like other activators, but more intelligent. 


Nothing special and remember, all activations are illegal.

1) Identifies the OS and then accordingly, executes it self-
Identification source code-
--------------------------------------------------------------------------------------------------------------------------------------
<!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->


<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
<!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
--------------------------------------------------------------------------------------------------------------------------------------
2) Disables the smart screen- 
Since Smartscreen and Defender services are stopped, you won't know if it acesses your files.
Code-
--------------------------------------------------------------------------------------------------------------------------------
SET RQR=REG QUERY "HKLM\SOFTWARE\Microsoft\Internet Explorer" /v "Version"
%RQR% | findstr /I "\<10\>" >nul && %INL% reg add "HKEY_CURRENT_USER\Software\Microsoft\


Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d "00000000" /f >nul 


Const HKEY_LOCAL_MACHINE = &H80000002
Dim StrComputer,strKeyPath,strValueName
Dim objRegistry

strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Policies\Microsoft\Windows\System\"
strValueName = "EnableSmartScreen"
objRegistry.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue


Dim RegKeyPath
Set objShell = CreateObject("Wscript.Shell")
regKeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreen"

'determine if a registry key exists 
If IsNull(dwValue) Then
 'if the registry key does not exist, create a new registry key
 objShell.RegWrite regKeyPath,0,"REG_DWORD"
 WScript.Echo "Turn off SmartScreen successfully."
Else
 If dwValue = 0 Then
  WScript.Echo "You have already turn off SmartScreen successfully."
 Else
  objShell.RegWrite regKeyPath,0,"REG_DWORD"
  WScript.Echo "Turn off SmartScreen successfully."
 End If
End If
-----------------------------------------------------------------------------------------------------------------------------------
3) Stops Defender Service to prevent getting caught and also adds an exception in the anti-virus. 
Code-
-----------------------------------------------------------------------------------------------------------------------------------
NET STOP "Windows Defender Service" > nul 2>&1
-----------------------------------------------------------------------------------------------------------------------------------
4) Clears your entire scripts from from C:\ to prevent conflicts-
-----------------------------------------------------------------------------------------------------------------------------------
RMDIR /S /Q "C:\Windows\Setup\Scripts"
RD /S /Q "C:\Windows\Setup\Scripts"
-----------------------------------------------------------------------------------------------------------------------------------
5) It installs it's scheduled services and tasks, so it runs everyday at 11:59:59, prolonging the activation. 


The 180 days activation is just a fake display. It can go on for ever.
Code-
-----------------------------------------------------------------------------------------------------------------------------------
start /wait KMSpico.exe
regedit /s RunOnce.reg

pushd "%~dp0"
set directorio=%~dp0
set name="AutoPico Daily Restart"
SCHTASKS /Create /TN %name% /TR "%directorio%AutoPico.exe /silent" /SC DAILY /ST 11:59:59 /RU SYSTEM /RL Highest

pushd "%~dp0"
set dr=%~dp0
set name="Service KMSELDI"
sc create %name% binPath= "%dr%Service_KMS.exe" type= own error= normal start= auto DisplayName= %name%
rem sc start %name%

-----------------------------------------------------------------------------------------------------------------------------------
5) Replaces your product's activation hex with it's own. Hex(s) can be found in \KMSpico\cert\
You will find 2 different folders there. 2010 office cert and 2013 office cert. 


There you can find these hex(s) values in a regedit file.
There are around 45 hex files in \cert folder. 3 Hex files for each office suite product like word, powerpoint, excel etc.
You can also find the files that KMSpico modifies with , in \KMSpico\cert\
Code-
Eg-
--------------------------------------------------------------------------------------------------------------------------------
"ProductID"="00219-40000-00000-AA810"
"DigitalProductID"=hex:f8,04,00,00,04,00,00,00,38,00,32,00,35,00,30,00,33,00,\
  2d,00,30,00,32,00,31,00,39,00,34,00,2d,00,30,00,30,00,30,00,2d,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,2d,00,30,00,33,00,2d,00,32,00,30,00,35,00,32,00,\
  2d,00,39,00,32,00,30,00,30,00,2e,00,30,00,30,00,30,00,30,00,2d,00,33,00,30,\
  00,34,00,32,00,30,00,31,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,65,00,31,00,33,00,61,\
  00,63,00,31,00,30,00,65,00,2d,00,37,00,35,00,64,00,30,00,2d,00,34,00,61,00,\
  66,00,66,00,2d,00,61,00,30,00,63,00,64,00,2d,00,37,00,36,00,34,00,39,00,38,\
  00,32,00,63,00,66,00,35,00,34,00,31,00,63,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,56,00,69,00,73,00,69,00,6f,00,50,00,72,\
  00,6f,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,92,08,00,00,00,00,cc,46,47,a9,\
  a2,ba,7c,4d,09,00,d4,e0,37,84,8c,77,18,67,58,91,b4,8a,cd,83,77,95,3b,b6,00,\
  0d,6a,4f,7d,47,cc,65,fe,b8,b5,c3,ae,c2,ca,97,f4,ab,b9,a0,b6,0c,bf,07,0f,62,\
  6f,f1,e9,46,73,7e,05,6e,9c,c2,99,75,09,81,74,ac,95,c6,b7,0e,58,00,31,00,38,\
  00,2d,00,33,00,33,00,32,00,38,00,37,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,56,00,\
  6f,00,6c,00,75,00,6d,00,65,00,3a,00,47,00,56,00,4c,00,4b,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,6c,00,74,00,4b,00,4d,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00
-------------------------------------------------------------------------------------------------------------------------------- 


Note- Since you grant it admin rights, it can do what ever it wants. It can even gain access to critical file systems


and make changes which might make your system unstable. It can even gain access to your private files during


this process. 






source : http://technology-decoded.blogspot.com/2013/11/why-you-probably-shouldnt-use.html




Lokasi:




























3 komentar
untuk "Why you probably shouldn't use activators like KMSpico."
        






  1. Gedha Rizka20 Juni 2015 pukul 14.39
    ini aplikasi andalan banget dah buat aktivasi :)

    kunjungan balik http://gedharizka17.blogspot.com
    BalasHapus
    Balasan
    1. Sufyan Saori22 Juni 2015 pukul 22.56
      sip makasih gan, lain waktu dah :D, BTW dopost tuh gan :v
      Hapus
  2. Gedha Rizka20 Juni 2015 pukul 14.51
    followed
    BalasHapus










Berilah komentar, saran, dan kritik dengan bijak