search

LukeFZ / CikExtractor

Tool to extract and derive stored CIKs and the unique device key from the registry.
MIT License
34 stars 3 forks source link

Exception "OSError: [WinError -1073741795] Windows Error 0xc000001d" when trying to derive device key #5

Closed dragonk-m closed 8 months ago

dragonk-m commented 1 year ago

Parsing registry entries... Registry loaded. Deriving device key... Traceback (most recent call last): File "G:\CikExtractor\Emulation\clep_vault.py", line 108, in ql.run(begin=clep_vault_func, end=clep_vault_func + clep_vault_size) File "C:\Program Files\Python311\Lib\site-packages\qiling\core.py", line 582, in run self.os.run() File "C:\Program Files\Python311\Lib\site-packages\qiling\os\windows\windows.py", line 219, in run self.ql.emu_start(entry_point, exit_point, self.ql.timeout, self.ql.count) File "C:\Program Files\Python311\Lib\site-packages\qiling\core.py", line 753, in emu_start self.uc.emu_start(begin, end, timeout, count) File "C:\Program Files\Python311\Lib\site-packages\unicorn\unicorn.py", line 545, in emu_start status = _uc.uc_emu_start(self._uch, begin, until, timeout, count) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ OSError: [WinError -1073741795] Windows Error 0xc000001d Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object. at CikExtractor.DeviceKeyDumper.DeriveDeviceKey(Byte[] smbios, Byte[] driveSerial, Byte[] encryptedLicense) in M:\DevEnvironment\DevWorkspace\dotNETProjects\CIKExtractor\CikExtractor\DeviceKeyDumper.cs:line 69 at CikExtractor.DeviceKeyDumper.DumpDeviceKey(Byte[] encryptedLicense) in M:\DevEnvironment\DevWorkspace\dotNETProjects\CIKExtractor\CikExtractor\DeviceKeyDumper.cs:line 12 at CikExtractor.Program.Main(String[] args) in M:\DevEnvironment\DevWorkspace\dotNETProjects\CIKExtractor\CikExtractor\Program.cs:line 12

LukeFZ commented 1 year ago

Please send the SHA256 hash and/or version of your clipsp.sys - I do know that some windows 11 insider preview builds contain a slightly different version of it that requires a different pattern, so if you are running that please also let me know.

dragonk-m commented 1 year ago

Algorithm : SHA256 Hash : A719CF2482ECAD230A85BC8914F257034531E58BD5BCCA5B4B141D1FCF00303C Path : G:\CikExtractor\Emulation\clipsp.sys

LukeFZ commented 1 year ago

I've tried running it with the same clipsp.sys version as you mentioned, and I didn't have any issues on my end. You can try reinstalling Qiling or running the extractor in a virtual machine, that has also helped some people

LukeFZ commented 8 months ago

closing due to no response.