View Single Post
  #11  
Old August 22nd 15, 03:23 PM posted to alt.windows7.general,alt.comp.os.windows-10,alt.comp.os.windows-8
Paul
external usenet poster
 
Posts: 18,275
Default I am downloading the Windows 10 ISO (is that all I need)

Mike Tomlinson wrote:
En el artículo , Paul
escribió:

They can't. The encryption on the payload is
custom on each download. Even if the same
customer downloads the same object twice,
the checksum is not the same.


Incorrect. As has been shown in another thread, Curt and I separately
downloaded the ISO and the checksum/hash that we independently created
is the same, meaning we have the *exact* same ISO image.

I can't speak for the one created by the Media Creation Tool, though.

Since encryption is still being used
on Win10 delivery,


What is your evidence that the download is encrypted? It's time
limited, sure, and a unique ID is created for each download, but that
doesn't mean it is encrypted.


There are two kinds of containers in usage.

install.esd (encrypted)
install.wim (not encrypted)

The C:\$WINDOWS.~BT folder happens to have both
items in it. Implying the process of populating
that folder, involved install.esd on download,
and install.wim was converted from install.esd.

When an ISO9660 is either made, or downloaded,
it all depends on what is inside it. If an ISO9660
contains install.esd, then the checksum of the
disc is different for each one.

If the ISO9660 contains install.wim, then the checksum
should be reproducible from disc to disc.

On Windows 8, if you paid $39.95 and downloaded
the disc from the Microsoft Store, then the disc
contained install.esd. I downloaded the same
DVD twice, using the same customer identifier
from the purchase, and the checksum on the
two discs were different (and both discs worked).

I can tell you what to look for, but I can't
predict what Microsoft is going to do. The MSDN
subscription DVD uses an install.wim, and there
is nothing to identify who downloaded it. For
any other disc, where you download directly
from Microsoft, only Microsoft knows, in their
own tiny minds, why the disc should use an install.esd
versus an install.wim. As both work at installation
time, and the installer knows how to unpack both.
Because they're basically both laid out as WIM
files, but one is encrypted.

And the design of the ESD has changed slightly,
in that at one time, the key was in text (XML
formatting) right near the end of the file.
The third-party decryptor (RSA2 CBC mode) used
to extract the text string from the end of the
file, to attempt to decrypt the file. But since
that tool appeared, Microsoft removed the string
at the end of the file. And during Win10 preview,
the key was changed a couple of times. (The
person who designed the decryptor, tried
to keep the default key value inside the tool,
for easy usage.)

I think DISM may have some way of dealing with
these files, so it's probably not an issue for
someone using ADK. The ADK for Win10 was not
available when I wanted a copy, but the beta
of the Win10 ADK was being worked on during
the Win10 Preview era. So maybe you can remaster
discs now if you want.

For an end user, why this is important, is if
you need a single file, like bootsect.exe for
some reason. If you have media with install.esd,
then it's not immediately apparent how you get
something out of there. That's why it matters
to an end user.

The 7ZIP program, used to be able to read
install.wim, but with the delivery of Win10,
that capability has stopped working. So even
the WIM format has been changed in some subtle
way. All it would take, is another code point
declaration, to throw off 7ZIP.

As for the question about how you verify the DVD
you've made is good, I couldn't find *anything*
on the disc that would seem to have verification
capability. Maybe it would be DISM or similar,
which can do that. But there didn't appear to be
a program in the installer DVD for verifying the
manifest. Since the installer doesn't seem to
checksum the entire thing it works with, one
would assume each file has a check at install
time (as many of the files are signed, and the
signing could be checked). If you got one
of the truncated downloads like I got, I don't
know how you would know your downloaded file
was bad, short of trying to use it. I got
a complaint about the ISO format, and that
was my first hint it wasn't complete.

Paul
Ads