[Updated] WSService Tokens Extractor v1.4.2 [Windows 8 Application Store Crack]
Installation Method:
How to start :
1) Install wscrack_32 or wscrack_64 depending on your Windows version - x86 or x64.
2) Install trial app store
3) Enter wscrack_anycpu \ TokensExtractor.exe
4) Now click on "Brute Force tokens.dat"
5) Locate your product and click "CrackIt!" (bottom of the list is mostly "............. (Trial)")
6) App is now full license.
7) Run app and see if it is unlocked.
My trial has expired. What to do ?
I suggested above only as simple start. Any unskilled user can do it.
If you think you have some skill it would be wise for you to make redistributables for all apps you like
so you can install them anytime later without the need of windows store or even internet connection.
See "redistribution" folder for details.
After trial period MS will not allow you download apps again.
But my trial has already expired ! What to do ? Read info/MachineID.txt.
It requires some skill but it is possible to reset all trials.
As another solution I would suggest installing win8 VM with clean LiveID and getting appx from there.
IMPORTANT : Do not download/update through winstore client any apps you have bogus license for
before you read info/StoreWUAuth.txt carefully.
Important
Spoiler
***
Here WSService store license tokens :
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\WSLicense\tokens.dat
if you delete this file WSService recreate it empty with no licenses.
You can also backup and restore this file.
***
Force WSService to revalidate licenses :
rundll32.exe WSClient.dll,WSpTLR licensing
If WSService find bogus signature on an app it disables app.
To reenable it run WSServiceCrk and run revalidation manually.
It will see licenses are valid and reenable apps.
It is highly recommended to always have WSServiceCrk running.
***
Windows have some scheduled tasks about WS.
Run taskschd.msc and see yourself in \Microsoft\Windows\WS.
How to disable them :
schtasks /change /disable /TN "\Microsoft\Windows\WS\License Validation"
schtasks /change /disable /TN "\Microsoft\Windows\WS\WSRefreshBannedAppsListTask"
***
If you modify some files inside appcontainer app may become invalid.
To reenable it without reinstalling restore original files and look at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList
You will see subkey with <PackageName> and PackageStatus=2.
Delete subkey <PackageName>. This will restore ability to run the app.
***
You can monitor acitivity of WSServiceCrk by running DebugView from sysinternals.
To see what WSServiceCrk does check menu item : Capture -> Capture global WIN32.
You will see when and what is validated by WSService.
***
Here WSService store license tokens :
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\WSLicense\tokens.dat
if you delete this file WSService recreate it empty with no licenses.
You can also backup and restore this file.
***
Force WSService to revalidate licenses :
rundll32.exe WSClient.dll,WSpTLR licensing
If WSService find bogus signature on an app it disables app.
To reenable it run WSServiceCrk and run revalidation manually.
It will see licenses are valid and reenable apps.
It is highly recommended to always have WSServiceCrk running.
***
Windows have some scheduled tasks about WS.
Run taskschd.msc and see yourself in \Microsoft\Windows\WS.
How to disable them :
schtasks /change /disable /TN "\Microsoft\Windows\WS\License Validation"
schtasks /change /disable /TN "\Microsoft\Windows\WS\WSRefreshBannedAppsListTask"
***
If you modify some files inside appcontainer app may become invalid.
To reenable it without reinstalling restore original files and look at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList
You will see subkey with <PackageName> and PackageStatus=2.
Delete subkey <PackageName>. This will restore ability to run the app.
***
You can monitor acitivity of WSServiceCrk by running DebugView from sysinternals.
To see what WSServiceCrk does check menu item : Capture -> Capture global WIN32.
You will see when and what is validated by WSService.
MachineID
Spoiler
After numerous experiments I have discovered how microsoft track win8
devices in their store.
This information can be used to reset all trials and make microsoft
see your device as new - never seen before - without reinstalling windows.
To install something from windows store you need to enter your liveID.
Microsoft under your liveid keep track about everything you have ever installed,
license status - full,trial,expiration date.
If you move to another device and enter the same liveid - license sync occurs.
If you install a trial app , uninstall it, enter another liveid and
try to install it again - windows store says "you have installed this
app on this computer before" and prohibit installation. Installation
is possible if trial is not expired and you use the same liveid
you first used to acquire trial license on this device.
Furthermore, If you even reinstall windows and try to use previous liveid
store will prohibit installation.
Reasonable question arises. How microsoft track your device.
I know exactly how. It tracks MachineID GUID.
On clean windows there's no MachineID.
First time you install any application from windows store MachineID is created.
If you use you previous liveid microsoft query their database for hardwareid
presented by your windows store application.
If it finds something similar it return previous MachineID with all logical
consequences. Store will not allow you try and try the app endlessly using different LiveIDs
on the same machine.
MachineID association is supposed to be one time and forever.
It is never supposed to change.
Idea here NOT TO USE YOUR PREVIOUS LIVEID.
If no MachineID is associated to the device and you use clean liveid
microsoft has no way to associate your device with something from their
database. MS does not verify your IP. It also assumes there may be
many computers with the same hardwareid. The only piece of information
that help to track you is your LiveID.
Second question is. Is it possible to remove MachineID without reinstalling ?
The answer is YES.
MachineID is stored under registry key
HKEY_LOCAL_MACHINE\SYSTEM\WPA\39EEE4D3-6EBB-4C0A-8CBC-421AB72D114E-1
Once created this key cannot be deleted. It is protected by windows kernel.
But it is still posible to delete it.
You must boot from windows installation disk. Press shift+F10 and you will
get command prompt. Run regedit. Place cursor on HKEY_LOCAL_MACHINE node.
Map SYSTEM hive from your windows installation.
Common location is D:\windows\system32\config\system.
Remove
HKEY_LOCAL_MACHINE\<mapping node>\WPA\39EEE4D3-6EBB-4C0A-8CBC-421AB72D114E-1.
Then boot to your windows installation.
Go to windows store settings and sign out from your current liveid.
Enter there clean liveid. (I suppose you dont use LiveID for windows logon - its very bad idea !)
First time you install an app you'll get new MachineID.
And you will also be able to try all trial apps again.
Microsoft will give you trial licenses because it thinks you are new customer.
Format of stored machine ID :
<Machine>
<Registration>
<MachineID>12345678-cbd7-414b-c217-edb5660512ae</MachineID>
<HardwareID>XAAAABMALgAAAAEAAwABAAEAAAABAAAAAQABAAEA+l6kPOeDJGbmt/7biAR26Hb5GDEAHA0AAgABAQACBQADAQAEAgAFAAAGAQAHAAAIBwAJAwAKAQALAAAMBwA=</HardwareID>
</Registration>
<Signature xmlns="http :// www .w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http :// www .w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http :// www .w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http :// www .w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http :// www .w3.org/2001/04/xmlenc#sha256" />
<DigestValue>92pU0KnXWLTC3Xnj+ka0hnLT2eYNcRD3auqW7jQ1u5o=</DigestValue>
</Reference>
</SignedInfo>
</Machine>
It is signed by microsoft and verified by WSService on its startup.
WSServiceCrk also removes signature checks from MachineID - it removes ALL signature checks from WSService.
You can tamper with MachineID. But if you change it manually and remove
WSServiceCrk - WSService will not be able to verify signature and may fail.
Better to delete it and request new ID. MS will sign it for you.
Also it is desired to delete
"C:\Users\user\AppData\Local\Packages\WinStore_cw5 n1h2txyewy\AC\Microsoft\Windows Store\*"
while Windows Store is not running.
It keeps there some local cache about trial expiration.
After numerous experiments I have discovered how microsoft track win8
devices in their store.
This information can be used to reset all trials and make microsoft
see your device as new - never seen before - without reinstalling windows.
To install something from windows store you need to enter your liveID.
Microsoft under your liveid keep track about everything you have ever installed,
license status - full,trial,expiration date.
If you move to another device and enter the same liveid - license sync occurs.
If you install a trial app , uninstall it, enter another liveid and
try to install it again - windows store says "you have installed this
app on this computer before" and prohibit installation. Installation
is possible if trial is not expired and you use the same liveid
you first used to acquire trial license on this device.
Furthermore, If you even reinstall windows and try to use previous liveid
store will prohibit installation.
Reasonable question arises. How microsoft track your device.
I know exactly how. It tracks MachineID GUID.
On clean windows there's no MachineID.
First time you install any application from windows store MachineID is created.
If you use you previous liveid microsoft query their database for hardwareid
presented by your windows store application.
If it finds something similar it return previous MachineID with all logical
consequences. Store will not allow you try and try the app endlessly using different LiveIDs
on the same machine.
MachineID association is supposed to be one time and forever.
It is never supposed to change.
Idea here NOT TO USE YOUR PREVIOUS LIVEID.
If no MachineID is associated to the device and you use clean liveid
microsoft has no way to associate your device with something from their
database. MS does not verify your IP. It also assumes there may be
many computers with the same hardwareid. The only piece of information
that help to track you is your LiveID.
Second question is. Is it possible to remove MachineID without reinstalling ?
The answer is YES.
MachineID is stored under registry key
HKEY_LOCAL_MACHINE\SYSTEM\WPA\39EEE4D3-6EBB-4C0A-8CBC-421AB72D114E-1
Once created this key cannot be deleted. It is protected by windows kernel.
But it is still posible to delete it.
You must boot from windows installation disk. Press shift+F10 and you will
get command prompt. Run regedit. Place cursor on HKEY_LOCAL_MACHINE node.
Map SYSTEM hive from your windows installation.
Common location is D:\windows\system32\config\system.
Remove
HKEY_LOCAL_MACHINE\<mapping node>\WPA\39EEE4D3-6EBB-4C0A-8CBC-421AB72D114E-1.
Then boot to your windows installation.
Go to windows store settings and sign out from your current liveid.
Enter there clean liveid. (I suppose you dont use LiveID for windows logon - its very bad idea !)
First time you install an app you'll get new MachineID.
And you will also be able to try all trial apps again.
Microsoft will give you trial licenses because it thinks you are new customer.
Format of stored machine ID :
<Machine>
<Registration>
<MachineID>12345678-cbd7-414b-c217-edb5660512ae</MachineID>
<HardwareID>XAAAABMALgAAAAEAAwABAAEAAAABAAAAAQABAAEA+l6kPOeDJGbmt/7biAR26Hb5GDEAHA0AAgABAQACBQADAQAEAgAFAAAGAQAHAAAIBwAJAwAKAQALAAAMBwA=</HardwareID>
</Registration>
<Signature xmlns="http :// www .w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http :// www .w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http :// www .w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http :// www .w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http :// www .w3.org/2001/04/xmlenc#sha256" />
<DigestValue>92pU0KnXWLTC3Xnj+ka0hnLT2eYNcRD3auqW7jQ1u5o=</DigestValue>
</Reference>
</SignedInfo>
</Machine>
It is signed by microsoft and verified by WSService on its startup.
WSServiceCrk also removes signature checks from MachineID - it removes ALL signature checks from WSService.
You can tamper with MachineID. But if you change it manually and remove
WSServiceCrk - WSService will not be able to verify signature and may fail.
Better to delete it and request new ID. MS will sign it for you.
Also it is desired to delete
"C:\Users\user\AppData\Local\Packages\WinStore_cw5 n1h2txyewy\AC\Microsoft\Windows Store\*"
while Windows Store is not running.
It keeps there some local cache about trial expiration.
StoreWUAuth
Spoiler
In addition to WSService one more protection component exist - authentication of downloads.
Microsoft will allow you to download content only on behalf of valid license signed by them.
When you start installing an app from winstore client - request goes to windows update service.
If package is in the local cache (C:\windows\softwaredistribution\download) it is used without redownloading.
Otherwise storewuauth.dll is invoked. It's purpose - return downloading URLs to windows update.
It requests WSService for license and constructs authentication tokens based on the license.
Authentication tokens are passed to microsoft as parameters. If microsoft finds them invalid it returns
http error 403 (Forbidden). Storewuauth caches authentication tokens no matter request was successfull or not
and next time you try to redownload the app uses the same bad tokens from its cache even if license
was reinstalled and now valid. That's why you will never recover from this error until you delete
storewuauth cache.
When this kind of error happens you can see error code 0x8024600e in winstore client.
Happily you can easily clean token cache. Delete this file :
C:\Windows\SoftwareDistribution\Plugins\7D5F3CBA-03DB-4BE5-B4B36DBED19A6833\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782.cache
Next time you try storewuauth will have to construct new tokens and now they will be valid (if license is valid).
Please remember : without VALID MICROSOFT SIGNED license YOU CANT DOWNLOAD ANYTHING.
If you use bogus license you will fail. You have to uninstall bogus license first, clear storewuauth token cache and
get valid license. Only then you'll be able to download again.
If your trial is over see MachineID.txt. You can reset all trials.
Right idea - do not download/update through winstore client any apps you have bogus license for.
Correct way - grab appx from VM and install it without winstore.
On a VM you can try apps forever if you do things described in MachineID.txt - and without sacrificing your real LiveID.
If you still want to update through winstore - you need first uninstall your bogus license in TokenExtractor
or you'll get 0x8024600e. But dont forget about trial period. If its over you risk to leave yourself with nothing.
In addition to WSService one more protection component exist - authentication of downloads.
Microsoft will allow you to download content only on behalf of valid license signed by them.
When you start installing an app from winstore client - request goes to windows update service.
If package is in the local cache (C:\windows\softwaredistribution\download) it is used without redownloading.
Otherwise storewuauth.dll is invoked. It's purpose - return downloading URLs to windows update.
It requests WSService for license and constructs authentication tokens based on the license.
Authentication tokens are passed to microsoft as parameters. If microsoft finds them invalid it returns
http error 403 (Forbidden). Storewuauth caches authentication tokens no matter request was successfull or not
and next time you try to redownload the app uses the same bad tokens from its cache even if license
was reinstalled and now valid. That's why you will never recover from this error until you delete
storewuauth cache.
When this kind of error happens you can see error code 0x8024600e in winstore client.
Happily you can easily clean token cache. Delete this file :
C:\Windows\SoftwareDistribution\Plugins\7D5F3CBA-03DB-4BE5-B4B36DBED19A6833\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782.cache
Next time you try storewuauth will have to construct new tokens and now they will be valid (if license is valid).
Please remember : without VALID MICROSOFT SIGNED license YOU CANT DOWNLOAD ANYTHING.
If you use bogus license you will fail. You have to uninstall bogus license first, clear storewuauth token cache and
get valid license. Only then you'll be able to download again.
If your trial is over see MachineID.txt. You can reset all trials.
Right idea - do not download/update through winstore client any apps you have bogus license for.
Correct way - grab appx from VM and install it without winstore.
On a VM you can try apps forever if you do things described in MachineID.txt - and without sacrificing your real LiveID.
If you still want to update through winstore - you need first uninstall your bogus license in TokenExtractor
or you'll get 0x8024600e. But dont forget about trial period. If its over you risk to leave yourself with nothing.
Changelog:
Spoiler
1.3.0
TokenExtractor & wsll : added UTF-8 conversion of licenses XMLs coming from
WS client API.
wsll : new options : -u (uninstall license), -n (do not perform bogus license test).
1.4.0
Breaking WARBIRD code made it possible to enable sideloading on any edition of windows without disabling sppsvc and using ProductPolicyEditor.
1.4.1
Some code refactorings :
Warbird error handling rewritten with exceptions. Tons of ifs gone. Code is easily readable.
Hooking/unhooking API in wsservice_crk uses defines. Repeating code fragments gone.
Verbose DbgLogging : hexdumping of NtSetSystemInformation(134) and stringdumping of BCryptHashData.
Added warbird query format description and sample captures.
1.4.2
Further wsservice code optimization.
Fixed importang bug in warbird code. Bug could result in invalid encryption/decryption.
Warbird code : added support for comfortable artificial calling of NtSetSystemInformation(134).
More precise info about warbird PolicyValueQuery chunk format.
Fixed anchoring of some buttons in TokenExtractor.
TokenExtractor : added text search capability.
1.3.0
TokenExtractor & wsll : added UTF-8 conversion of licenses XMLs coming from
WS client API.
wsll : new options : -u (uninstall license), -n (do not perform bogus license test).
1.4.0
Breaking WARBIRD code made it possible to enable sideloading on any edition of windows without disabling sppsvc and using ProductPolicyEditor.
1.4.1
Some code refactorings :
Warbird error handling rewritten with exceptions. Tons of ifs gone. Code is easily readable.
Hooking/unhooking API in wsservice_crk uses defines. Repeating code fragments gone.
Verbose DbgLogging : hexdumping of NtSetSystemInformation(134) and stringdumping of BCryptHashData.
Added warbird query format description and sample captures.
1.4.2
Further wsservice code optimization.
Fixed importang bug in warbird code. Bug could result in invalid encryption/decryption.
Warbird code : added support for comfortable artificial calling of NtSetSystemInformation(134).
More precise info about warbird PolicyValueQuery chunk format.
Fixed anchoring of some buttons in TokenExtractor.
TokenExtractor : added text search capability.
FAQ :
Spoiler
Q: What is the best way of using this crack ?
A: Prepare redistributables. Do not rely too much on windows store. When you go cracked way for an app - do not turn back. Do not mix using crack and using winstore for an app. Or sometimes your app can go "X" state in result of license sync, winstore will deny updates and so on.
Consider preparing special virtual machine with clean liveid for getting APPXes.
If Microsoft has no record you have ever installed the app on your computer - you will not get "X".
Q: I can't download APPX. I see "access denied" message.
A: Downloads available for the short period of time. Start downloading as soon as winstore client started downloading. You can cancel winstore download immediately after it was actually started.
Q: I have a cracked app on my machine and want update. Winstore download fail with error.
A: See release/info/storewuauth.txt.
In short - you must uninstall your cracked license and delete storewuauth cache file.
Download is possible only with valid microsoft signed license.
After you have updated - apply cracked license again.
Q: Trial has expired. How can I still get the app ?
A: It's possible to reset all trials and move to clean liveid. Read release/info/MachineID.txt.
Another option - use VM with different liveid. This way you keep your liveid on production machine.
Q: Is it possible to get app with only "Buy" option ?
A: No. Someone have to buy it, prepare redistributable and share with others. It's like ripping blueray. Someone has to buy the disc.
Q: I'm preparing redistributable. How do I know what dependencies are required ?
A: Generally, there'are only 3 options. WinJS, VCL x86, VCL x64. See powershell error message to know what it wants.
Or unzip AppxManifest.xml from .appx file. Look there for <Dependencies> tag.
Example:
<Dependencies>
<PackageDependency Name="Microsoft.VCLibs.110.00" MinVersion="11.0.50727.1" />
</Dependencies>
Deps can be found in release/appx_deps folder.
Microsoft will release updates for WinJS/VCL. If you need latest version - it can be found in latest SDK. SDK can be downloaded from download.microsoft.com.
Q: What is the best way of using this crack ?
A: Prepare redistributables. Do not rely too much on windows store. When you go cracked way for an app - do not turn back. Do not mix using crack and using winstore for an app. Or sometimes your app can go "X" state in result of license sync, winstore will deny updates and so on.
Consider preparing special virtual machine with clean liveid for getting APPXes.
If Microsoft has no record you have ever installed the app on your computer - you will not get "X".
Q: I can't download APPX. I see "access denied" message.
A: Downloads available for the short period of time. Start downloading as soon as winstore client started downloading. You can cancel winstore download immediately after it was actually started.
Q: I have a cracked app on my machine and want update. Winstore download fail with error.
A: See release/info/storewuauth.txt.
In short - you must uninstall your cracked license and delete storewuauth cache file.
Download is possible only with valid microsoft signed license.
After you have updated - apply cracked license again.
Q: Trial has expired. How can I still get the app ?
A: It's possible to reset all trials and move to clean liveid. Read release/info/MachineID.txt.
Another option - use VM with different liveid. This way you keep your liveid on production machine.
Q: Is it possible to get app with only "Buy" option ?
A: No. Someone have to buy it, prepare redistributable and share with others. It's like ripping blueray. Someone has to buy the disc.
Q: I'm preparing redistributable. How do I know what dependencies are required ?
A: Generally, there'are only 3 options. WinJS, VCL x86, VCL x64. See powershell error message to know what it wants.
Or unzip AppxManifest.xml from .appx file. Look there for <Dependencies> tag.
Example:
<Dependencies>
<PackageDependency Name="Microsoft.VCLibs.110.00" MinVersion="11.0.50727.1" />
</Dependencies>
Deps can be found in release/appx_deps folder.
Microsoft will release updates for WinJS/VCL. If you need latest version - it can be found in latest SDK. SDK can be downloaded from download.microsoft.com.
Credit: kost [MDL]
Download Link
Download: Site: http://www.mirrorcreator.com/
Sharecode: /files/1TGIXZUS/wsservice_crk_src_1.4.2.rar_links [?]
Virustotal result 6/ 34
Not Tested
Source: kost
Edited by november_ra1n, 07 December 2012 - 11:56 AM.
![KMSpico v6.1 [Activate Windows 7/8/2008/2012 Office 2010/2013] - last post by lieven](http://www.gravatar.com/avatar/801df2e314f2deffe5dce6bc29cbfb4c?s=100&d=http%3A%2F%2Fwww.nsaneforums.com%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png)
