HWIDGEN Souce Code
This project provides the source code of the popular HWIDGEN Windows activation "tool" which basically is only an AutoHotKey script compiled into an .exe binary.
A public discussion around the source code can be found here.
- Please don't abuse GitHub's issue ticket system for any basic questions, otherwise I'm going to close it! For common questions check Reddit, Nsane or AiOwares forums.
- Constructive feedback is (of course) always welcome.
- The main credit goes to the original author of HWIDGEN which is slave (a.k.a. s1ave77).
- All contributors for this project which helped to reveal the source code or to provide some useful background information, pull requests.
- The people (including me) which originally worked on the first 'KMS solution'. KMS Pico was not the original project, but got very popular because it got published on a bigger russian website.
- Avxgov which contributed (a lot) to the original HWIDGEN project.
- The community around hwidgen, which helped a lot to improve it (bug reports, feedback - you name it!).
- TheMCHK for his reddit post.
This project has no real license (unlicensed) since I'm not the original developer of "HWIDGEN".
The HWIDGEN-SRC project only provides the information and the files to show how the script actually works and how Microsoft license verification is been bypassed.
- Opening and realasing the full source code of HWIDGEN.
- Provide an archive/changelog.
- Provide a full documentation on how HWIDGEN works.
- Provide compiler & decompiler instructions.
- List & show external dependencies which are required by HWIDGEN.
HWIDGEN requires several dependencies to run:
- Windows 10
- gatherosstate (can be extracted from the Windows 10 Image)
- AutoHotKey (AHK)
Why should HWIDGEN be open source'd?
- Preventing fakes (malware repacks), one popular example is dazloader. It got thousend times repacked, and people even created "fan" websites. Some people even "frankenstein'ed" Windows Builds and sold them via eBay just to make some quick cash.
- Hosting such tools on e.g. GDrive is against their ToS - The reason why the packages are always been password protected (with very weak passwords). However, the content provider still could get the program name and index it, not based on a hash, but because the name itself.
- Verification - You don't need to upload the files and fear they getting removed, if everyone just could go ahead and compile them. This would also prevent fakes because everyone could verify the binaries.
- Fixes - Some people might want to re-write parts or the entire tool to improve several things.
Why isn't the original HWIDGEN tool open source'd?
Notice: - The strange part is that slave releases his source for his other
tools scripts on GitLab. -
There are multiple reasons, the original author slave has another opinion on open sourcing programs than I have. He believes keeping the source closed will prevent people from stealing his work. Keep in mind that I do not stole his work here, I just provide the code because he refused it (many times) to open it and he got several times asked (e.g. on Reddit, Nsane,..), yet he (still) refuses to do that, so let's decompile it and show the world how his script works.
I believe publishing the source code is overall a good thing for everyone because it levels the playing field. White hats, "cracker" or other people want to know about the current Windows activation holes and I don''t think that "security through obscurity" is the way to go.
Most people simply want to learn from Microsoft Windows exploits & holes. It also helps to find new strategies and other holes in case Microsoft decides to modify/patch something.
Several attempts have been made to open source (fork) hwidgen, e.g. DigitalLicense script.
Isn't it dangerous to open source it, now Microsoft can learn from it and close the hole!
- Microsoft certainly has some anti-piracy measures in place e.g. Windows Home Server never got cracked (there is only a trial reset), so if Microsoft really wants to shutdown something or prevent someone from activating the OS they "could" - no matter if the activation program is closed or open sourced!
- Microsoft makes (similar like Intel) most money with Server Hardware/OS, not the desktop consumer market, that does not mean they don't care about "the little ones" but the priorities are just different.
- Microsoft is already well aware of all activation "tricks", most source is already on GitHub, GitLab & Co. Some (old) holes like KMS simply can't be easily shutdown without hurting the OEM customers.