The Secure Microsoft Windows Downloader
Mido is a secure and open source download client for Microsoft's (reverse engineered) proprietary downloading API! Downloads are sourced from official Microsoft servers and you only have to run one command to go from start to finish in no time!
Comes with advanced features like download resumption, SHA-256 checksum verification, and downloading many different Windows versions in a single command. Did I mention it's written in pure POSIX sh (w/ few coreutils) + curl so it will run anywhere (even on Windows with WSL or a Cygwin shell)? So robust, very minimalist!
It's very well-suited to full automation if you just want to set it and forget it too... ⭐ Start saving time today with Mido!
mediacreationtool.exe
proprietary bloatware)
Bloated website: https://www.microsoft.com/en-us/software-download/windows11
Get Mido.sh by opening the link, right-clicking and then selecting "Save [Page] as..."
You're done! Just open a terminal, give the file execution permissions (chmod +x Mido.sh
), and run the script (as seen in the above GIF) to start using Mido.
To run Mido on Windows, use WSL (Windows Subsystem for Linux). If you don't have it enabled already then search "Turn Windows features on or off" in the Start menu, open that, check the "Windows Subsystem for Linux" box, and click "OK". This is the best option.
Alternatively, install Cygwin or MSYS2 from their download pages, or in one command using WinGet:
winget install -e --id Cygwin.Cygwin
winget install -e --id MSYS2.MSYS2
Both are POSIX emulation environments for Windows and you can use either one.
It interacts with Microsoft's proprietary downloading API (reverse engineered thanks to Pete Batard, @pbatard) to grab the latest release of Windows and generate a fresh download link (valid for 24 hours). Then we grab that link and get the file over to you as quickly as possible!
Other than the consumer versions of Windows like 11 and 10, it can also automatically download the latest Server (e.g. Windows Server 2022) and Enterprise editions of every Windows version all the way back to Windows 7 (or Server 2008 R2)!
Want a more secure and minimalist Windows installation out-of-the-box that's officially provided by Microsoft? Then download the LTSC version of Windows. It comes with way less bloat and supports Microsoft's "Security" telemetry mode (plus it comes with long-term support). Microsoft is yet to release an LTSC version of Windows 11 (so 10 only for now) but it is planned.
Check out the create-media.sh
script in Qvm-Create-Windows-Qube! Now complete with Mido and an answer file to go with each provided download. With that you will be saving time in downloading Windows and installing it to a VM. This is all very well-tested and could easily save you many hours of time over doing it manually. I usually reinstall my Windows VMs quite often because they tend to get slow over time and so a refresh always helps.
Mido is reasonably secure software. Every chance to reduce attack surface is taken. Untrusted data is treated as such with proper validation steps. The highest possible version of TLS is always used (up to TLS 1.3). Easily verify security properties yourself in the transparent shell script.
No web browser (e.g. headless Chromium running JavaScript) reduces the attack surface by many orders of magnitude.
Microsoft download servers (e.g. download.microsoft.com
) support insecure TLS versions 1.0 and 1.1? Force TLS 1.2 or TLS 1.3 (the latter when Microsoft servers support it).
The next Shellshock/Bashdoor? POSIX sh compatible.
Frequent Curl HTTP 2.0 & 3.0 bugs? Force HTTP/1.1.
Coreutil bugs? Only builtins are used for the most critical functionality.
Still bugs? Wrap it in bubble wrap: bwrap --ro-bind /bin /bin --ro-bind /usr/bin /usr/bin --ro-bind /lib /lib --ro-bind /usr/lib /usr/lib --ro-bind /lib64 /lib64 --ro-bind /usr/lib64 /usr/lib64 --ro-bind /usr/share /usr/share --ro-bind /etc /etc --dev-bind /dev/null /dev/null --bind "$PWD" "$PWD" --ro-bind "$PWD/Mido.sh" "$PWD/Mido.sh" --unshare-all --share-net -- ./Mido.sh --help
With sandbox/VM escape or privilege escalation bugs? GG, you win!!
curl
stderr
) and shows an error log if anything goes wrongMIT License - Copyright (C) 2024 Elliot Killick contact@elliotkillick.com