Skip to content

re-ws.pl

ReverseEngineering WorkStation

  • Home
  • Tutorials
  • Random
  • About

[Import]How to bypass Secure Download Manager while downloading from Dreamspark

Posted on September 4, 2017 - December 11, 2017 by Kamil (aka. v3l0c1r4pt0r)

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 1st June 2014.

NOTE2: As people are reporting, THIS METHOD DOES NOT WORK anymore. Also I don’t have access to Imagine, so I would not be able to provide any help. Therefore, this article is left only for historic purposes, or for those that have some SDC files downloaded, when it was still valid and have valid decryption keys.

About a month or so ago I had an urgent need to download a copy of Microsoft Windows from Dreamspark. Unfortunately I haven’t Windows installed then so had to do this using Linux. After successful transaction I was given a link to SDX file and program called SDM. It looked that it would be easy. But it wasn’t. Program that I was encouraged to download was archive with .pkg extension. As I discovered few minutes later it was OS X application package. So the next step was to try to download Windows version and try to execute it with help of Wine. It failed. Then I tried to find some tips on the Net. I found a few other people having the same problem. Some of them could download using Wine and some not. For me there was only one solution: do it myself. As you probably guessed that way was a (almost) full success.

Solution

If you already have SDC file please do not skip since you probably still don’t have a key needed to unpack the file. The first step is to open SDX file in your favorite text editor. You will see a link. Open it in a web browser. Now you need to get to page source. The way it can be done depends on your web browser. Now we need to find few strange values in the code. The easiest way to achieve this is to search for keyword ‘edv*’ where * is the number of file you want to download counting from 1 (they are on ‘Items’ list on page you opened). Now you need to copy somewhere values of the following variables: ‘oiopu*’, ‘oiop*’, ‘fileID*’ (*-see above). The last one we need is ‘dlSelect*’ but for that one you need to search cause it is in a different place. Now you can build URL that will let you to file containing two interesting values: file URL and decryption string. This URL’s format is:

http://[SDXdomain]/WebStore/Account/SDMAuthorize.ashx?oiopu=[oiopu]&f=[fileID]&oiop=[oiop]&dl=[dlSelect]

Now you should see XML file that looks similar to this:

<information>
 <oiopua>01234abcd-0123-4567-890a-0123456789ab</oiopua>
 <edv>0123456789^^0123456789QwErTyUiOpAsDfGhJkLzXc0123456789QwErTyUiOpAsDfGhJkLzXc12345678</edv>
 <linkAvailable>1</linkAvailable>
 <errorTextKey/>
 <invokeExternalDownload>0</invokeExternalDownload>
 <fileUrl><![CDATA[http://software.dreamspark.com/dreamspark/ENGLISH/SDCfileName.sdc]]></fileUrl>
</information>

The last step here will be downloading file from fileUrl and saving edv value in file. The important thing is that the file with a key should be named exactly as SDC file with addition of ‘.key’ suffix.

Update:

I’ve just discovered that things are getting a bit different when the file size exceeds 2.0 GB. In that case Dreamspark is splitting file in two or more files. That situation could be easily recognized, because sdc file name’s suffix is: ‘.01.sdc’. In that case you need to try to download file which URL differs by only that one digit, ie. ‘.01.sdc’, ‘.02.sdc’, ‘.03.sdc’. When you encounter last file it should have smaller size than the rest and incrementing that number by one should give you BlobNotFound error.

After downloading all the files they just need to be joined into one. It can be easily achieved with dd, ie.

dd if=pl_windows_7_professional_with_sp1_x64_dvd_u_676944.02.sdc >> pl_windows_7_professional_with_sp1_x64_dvd_u_676944.01.sdc

and then optionally

dd if=pl_windows_7_professional_with_sp1_x64_dvd_u_676944.03.sdc >> pl_windows_7_professional_with_sp1_x64_dvd_u_676944.01.sdc

After that you will get sdc file prepared to unpack.

Unpacking SDC

Now since you have SDC file you can start unpacking it. The previous part was, at least for me, very easy. The problem started when I tried to discover how the file is stored in that container. But don’t worry, I’ve written simple program to do it for you. As of now (1st June) it is still in really early alpha stage and have lot of constraints. It is able to unpack containers that contains only one file packed, doesn’t create any directories, cannot verify file’s checksum and probably few other problems I don’t remember or don’t know about.

If you were searching a bit in the Internet, you probably found out that someone cracked that container in the past. Unfortunately Microsoft changed format since then. It is also possible that in response to this article it will be changed again. To make it a bit harder for them to block my software I’m publishing source code on github and after the process of reverse engineering is finished will write second article describing how things works under the hood and describe sdc file format.

But let’s get back to unpacking. Now you need to download xSDM from github. The newest version can be downloaded by typing

git clone https://github.com/v3l0c1r4pt0r/xSDM.git

in your terminal (of course you need to have git installed). Nevertheless I advice you to download newest tagged release. You can do this by clicking on releases on project page and then choosing the one on the top (or first beta/stable if any) and clicking on “tar.gz”. tar.gz can be unpacked by typing

tar -zxvf xSDM-[tag-name].tar.gz

into console. Then get into xSDM directory by typing

cd xSDM

(or your release directory) and compile the program by standard

./configure
make
make install

where installation is optional. Now to unpack your file you just need to type

src/xsdm [path-to-your-sdc-file]

And that’s it, you should now be able to open file you downloaded. As mentioned above the program is in very early alpha so I cannot guarantee that it will work in any case. If you will encounter any problems feel free to open issue on project page at github.

Posted in TutorialsTagged Dreamspark, English, Linux, Reverse Engineering, SDC, SDM, Windows

Post navigation

[Import]TP-Link TD-W8901G UART pinout
[Import]SDC file format description and security analysis of SDM

44 Comments

  1. dranoelf says:
    July 7, 2014 at 21:20

    Thanks for this great solution.
    Got some hard time with microsofts dreamspark and their policy of handicaping
    linux users.

    Worked for me with one minor change.
    Instead of the URL you provide to get to the XML-file I was successful with an URL like this:

    http://[SDXdomain]/WebStore/Account/SDMAuthorize.ashx?oiopu=%5Boiopu%5D&f=%5BfileID%5D&oiop=%5Boiop%5D&dl=%5BdlSelect%5D

    Note, that all occurences of & are replaced by just &.

    Maybe other people struggle with a similar issue and this comment helps.

    Reply
    1. v3l0c1r4pt0r says:
      July 8, 2014 at 09:21

      Fixed. That was just WordPress issue. Thanks.

      Reply
  2. GMMan says:
    July 8, 2014 at 23:11

    Interesting tidbit: if you never fire back a request with the oiopua field and value, the site won’t count it as a download. Also, you can place whatever valid fileID in there and it would give you the decryption key for it.

    Reply
  3. tatsu says:
    September 14, 2014 at 16:18

    It doesn’t work.

    here’s the point where it fell appart in config (and the make didn’t work either) :

    checking for CHECK… no
    configure: error: Package requirements (check >= 0.9.4) were not met:

    No package ‘check’ found

    Consider adjusting the PKG_CONFIG_PATH environment variable if you
    installed software in a non-standard prefix.

    Alternatively, you may set the environment variables CHECK_CFLAGS
    and CHECK_LIBS to avoid the need to call pkg-config.
    See the pkg-config man page for more details.
    t@tsu:~/xSDM-master$ make
    Making all in src
    make[1]: Entering directory `/home/t/xSDM-master/src’
    Makefile:336: *** missing separator. Stop.
    make[1]: Leaving directory `/home/t/xSDM-master/src’
    make: *** [all-recursive] Error 1

    what is this “check” and why is it not finding it? could you leave a .deb in your github, please?

    Reply
    1. tatsu says:
      September 14, 2014 at 16:23

      never mind i installed check and now it goes further but stops at missing Libmcrypt (-lmcrypt) so i tired sudo apt-get install mcrypt wich worked but still the same error.

      Reply
      1. v3l0c1r4pt0r says:
        September 14, 2014 at 19:14

        Try looking at config.log file. It should contain more hints what went wrong. If it didn’t help please post issue on github and include its content.

        Reply
      2. Tijs says:
        June 24, 2015 at 03:02

        You are compiling software manually here, and that may be challenging, but you should not be beaten that easily :p. By examining the configure file I found out that the linker (ld) could simply not find lmcrypt and then I realized that I needed to install dependency libmcrypt-devel.

        Reply
  4. pauka says:
    January 6, 2015 at 02:09

    Hello,
    to begin, thank you for this tutorial, it is clear, accurate and easy.
    But I am having an error in the execution :
    src/xsdm: error while loading shared libraries: libmcrypt.so.4: cannot open shared object file: No such file or directory
    it seems to a bug known, but I have execute
    sudo make uninstall
    ./configure \
    > –with-libdir=lib64 \
    > –with-apxs2=/usr/sbin/apxs \
    > –with-config-file-path=/etc \
    > –enable-sigchild \
    > –with-openssl \
    > –enable-bcmath \
    > –with-curl \
    > –with-mcrypt \
    > –with-mysql \
    > –with-mysqli=/usr/bin/mysql_config \
    > –enable-sockets \
    > –with-gd \
    > –with-jpeg-dir=lib64 \
    > –with-png-dir \
    > –with-freetype-dir \
    > –with-zlib

    make

    sudo make install

    but the error is still there.
    Do you know why ?

    Reply
    1. v3l0c1r4pt0r says:
      January 6, 2015 at 10:58

      The information you gave may not be sufficient to tell what have gone wrong. Maybe config.log could tell what’s going on. It maybe useful to look into /proc/$XSDM_PID/environ or the same file of a shell and at first check if libmcrypt.so.4 really exists in your lib directory. If you cannot manage it yourself, please open an issue on projects github page.

      Reply
  5. Gulliver says:
    January 29, 2015 at 22:53

    Hi,
    for comfortable downloading is good this testing (beta) script:
    https://github.com/RadekSimkanic/Linux-SDM-Downloader

    This script copy the above steps.
    Have fun.

    Reply
  6. jeffg says:
    February 9, 2015 at 02:25

    Hey-

    A linux illiterate here. I’m getting makefile errors, line 336, about a missing separator.

    Any ideas?

    Thanks.

    https://drive.google.com/file/d/0B-olREfWlf_4NGJkQUthN2NIYWs/view?usp=sharing

    Reply
    1. v3l0c1r4pt0r says:
      February 9, 2015 at 16:56

      No prerequisites installed, again. Please read Readme.md before installation. Before installation you have to have check, zlib, libmcrypt and sometimes libmcrypt-dev (it depends on distro, afaik).
      Edit: and one more thing: you CANNOT make if configuration fails, because it is meaningless!

      Reply
      1. jeffg says:
        February 9, 2015 at 19:14

        Hey bud,

        Finding my way along here, made major progress but hung up at very end.

        Here is what transpired – remember, I am brand new at Linux.

        Installed Ubuntu in a VM instance. The Ubuntu website automatically sent me the amd64 version of the iso. I didn’t catch it until much later.

        So now on i386. I can’t get networking to run, other win vm’s have no issues, whatever. I’ll just copy files in by hand.

        Well, not so nice, turns out Linux has a cool package installer which I can’t use due to lack of network. Anyway…

        I start with xsdm tarball, tells me it has a dependancy on zlib (or something else), get that tarball, another dependency….Go through them all and everything appears to be cool. I can run make install on xsdm and it goes no problem.

        Then I try to run it. Get nor found errors on the libmcrypt libraries. Digging around I found I had to set an environment variable, LD_LIBRARY_PATH.

        Did that and xsdm runs!

        Ok, I copy in my SDC file (2 stitched together) and the key file, run xsdm and am told that ” the value is too long for defined data type”. I shortened up the sdc filename in case that was it but no difference.

        Thanks man.

        Reply
        1. v3l0c1r4pt0r says:
          February 9, 2015 at 22:40

          You are second person that got ‘value too long’ error. Maybe the problem is that you are using i386 system? Honestly I wasn’t testing xsdm against that architecture because I forgot that it exists long time ago πŸ™‚ . In Linux world there is no reason to use it unless you use something made in pre-x64 era.

          Reply
          1. jeffg says:
            February 9, 2015 at 22:46

            I just chose i386 b/c I was having trouble and realized I was on an AMD package.

            I’ll try loading your source in a C IDE and see if I can get it to run and give the same error.

            I’d really like to get this, the download manager is so so so broken I am going nuts.

            Thanks man.

          2. jeffg says:
            February 14, 2015 at 04:17

            Oh well, I guess it isn’t meant to be. I got everything running under amd64, got networking, xsdm running – all cool.

            Small file, about 50M, passes crc but then gives a pointer error.

            The larger files, multi-part, after joining fail crc check every time. I even redownload, from w/in Ubuntu, and get a fail with different CRC every time.

          3. jeffg says:
            February 16, 2015 at 02:08

            Having success. Got your source to run in Eclipse, the compiled version gave a pointer error when trying to create the output file, runs fine in the IDE.

            Just can’t get multi-part files to pass CRC. The downloads always stop and I have to resume, I don’t know if that is a factor. I forced them to be made anyways and the decompression failed.

            Of well, thx for the work.

  7. McAko says:
    February 11, 2015 at 03:08

    Thanks for your job! I had problems using Software Download Manager for Mac OS X because it was always freezing, not responding and crashing. Finally I downloaded the files manually and I run your tool on my Mac OS X Snow Leopard and surprisingly it could decrypt them without any problems.

    Reply
  8. SomeUser says:
    March 28, 2015 at 09:58

    First thank you for the great work. I think this helps a lot of academic linux user to download m$ related stuff.

    Currently I am seeing problems unpacking large sdc containers. E.g.:

    xsdm en_windows_embedded_compact_7_disc_2_x86_x64_dvd_645485.sdc
    Opening SDC file… [OK]
    Verifying keyfile… [OK]
    Validating SDC header… [FAIL]
    xsdm: File given is not valid SDC file or decryption key wrong

    This sdc is 7.3G in size and glued together using dd. For smaller sdc (e.g. 3.5G I did not receive such an error this is why I think sdc size may be the showbreaker)

    Reply
    1. SomeUser says:
      March 28, 2015 at 10:39

      Well the isue seems to be caused by a 32bit unsigned int limit for for sdc filesize within the sdc header. So a simple fix worked for me:

      — snip —
      //check if valid sdc file
      …
      if(header->compressedSize + headerSize + 4 != sdcSize)
      >> changed to >>
      if(header->compressedSize + headerSize + 4 != (sdcSize % 4294967296))

      Reply
      1. v3l0c1r4pt0r says:
        March 29, 2015 at 12:21

        There was an easier method to obey this error. xSDM has –force option which should have ignored this one, because that line just checks if you have given him valid sdc file and key file. The workaround you have done will void the verification procedure on all files you will unpack in future so you won’t know what have gone wrong next time.
        Nonetheless thanks for info that on i386 there are still problems to solve.

        Edit: OK, I think I’ve managed to fix it anyway.

        Reply
  9. Flo says:
    April 8, 2015 at 00:25

    Hi guys and girls,

    when I try to extract my SDC file (after I merged them), I get the following error:
    Opening SDC file… [OK]
    [FAIL]
    de_windows_8_1_x64_dvd_2707227.sdc.key: No such file or directory

    what is or where can I get this key file?? Anybody experienced the same?

    greetings!!

    Reply
  10. Tijs says:
    June 24, 2015 at 01:37

    When I open the link in the SDX I see a fancy webpage with a download bar. For those of you who are constructing the link manually, in my case there is a hidden element fileUrl1 with the contained in it πŸ™‚

    Reply
  11. Dechcaudron says:
    July 3, 2015 at 19:04

    Thanks a lot for the amazing tool. Didn’t have Windows at hand and this worked perfectly. You did a brilliant job. Do you accept donations?

    Reply
    1. v3l0c1r4pt0r says:
      July 4, 2015 at 14:23

      Thanks for your thanks πŸ™‚ I’ve never thought about any method for receiving donations but if you’d like to send me some you could try to send it to my PayPal account: kamill1993 at gmail dot com

      Reply
  12. Dima says:
    July 21, 2015 at 17:34

    Great, it still works (as of 21 July 2015)!

    Reply
  13. Tito_Li says:
    August 31, 2015 at 14:32

    Good job.
    yesterday everything works fin for me.
    Today in the moring also. Now I can’t get the xml file.
    ValidationExceptions.DownloadNotAllowedForFile

    best regards
    Tito_Li

    Reply
  14. Dido_Mi says:
    October 22, 2015 at 00:49

    It works. You’re a fucking genius! Keep up the good stuff πŸ™‚

    best regards
    Dido_Mi

    Reply
  15. 4lian7 says:
    October 27, 2015 at 00:30

    Flo Posted:

    “Hi guys and girls,

    when I try to extract my SDC file (after I merged them), I get the following error:
    Opening SDC file… [OK]
    [FAIL]
    de_windows_8_1_x64_dvd_2707227.sdc.key: No such file or directory

    what is or where can I get this key file?? Anybody experienced the same?

    greetings!!”

    I’ve exactly the same problem. Could anybody explain what’s wrng?

    Reply
    1. Adam says:
      October 29, 2015 at 21:53

      Same here…

      Reply
    2. Adam says:
      October 29, 2015 at 22:13

      Nevermind, IT WORKED! Wielkie dzieki, v3l0c1r4pt0r!!!!

      Flo, you have to create a file called ‘de_windows_8_1_x64_dvd_2707227.sdc.key’ which contains the edv value you have obtained in a previous step.

      Reply
  16. MariuszF says:
    November 14, 2015 at 12:05

    Thanks a lot to you and all the ppl who were solving problems in comments πŸ˜‰ (I’ve got almost every one of them). You R true hero for me.

    Reply
  17. student says:
    January 18, 2016 at 19:43

    Thank you, you are awesome!

    Reply
  18. Nithanim says:
    October 9, 2016 at 02:19

    Holy fu*** %&$&$%Β§!
    I really, really hate MS for this buΒ§$%Β§&!
    I didn’t read this but the version you posted on SO but you saved my good old Win7 from the virus called SDM since this does not work in sandboxie and I refuse to setup a windows vm only for this sh***.
    THANK YOU

    Reply
  19. Jodelking says:
    October 15, 2016 at 13:20

    Hello πŸ™‚

    First of all, thank you a lot for the great description and the solution to this problem. I have a small question regarding an error, that ocurred while doing the very last step: Somehow everything stops while checking the file integrity. The CRC32 part of my key-file seems to be wrong (I used the edv-part of the XML-file of dreamspark). The exact text is:

    src/xsdm: CRC32 of sdc file did not match the one supplied in keyfile (0xF69F170A expected while have 0x8A2F17D2)

    thank you very much πŸ™‚

    Reply
    1. Jodelking says:
      October 15, 2016 at 13:36

      Hello again πŸ˜€

      I found a solution to this problem and it is rather funny (I have no idea, what happened there).
      When I converted my CRC32 into a hexdecimal number, it was F69F170A. So apparently, your application is reading it in hexadecimal. However, Microsoft seems to have changed the key. By comparing the numbers, I realised, that 8A2F17D2 is exactly the half of F69F170A. So I just had to divide the CRC32-part of the edv-number by two in my key file and everything worked just fine πŸ˜€

      Thanks anyways πŸ™‚

      Reply
  20. zardoz says:
    April 10, 2017 at 19:05

    Doesn’t work for me, neither does the python script.

    In both cases the first url respons with “Your request could not be processed: either the page does not exist or a general error has occurred.”

    guess api changed? could someone investigate?

    Reply
    1. v3l0c1r4pt0r says:
      April 11, 2017 at 17:47

      It seems that (at least I checked that on one random product) the xSDM is not needed anymore. Current interface allows to download exe/zip/whatever directly on any operating system. Thanks for notifying me, BTW!
      Edit: at least one of my previous orders still serves SDX file, so xSDM is not completely dead, yet. Anyway, you should try direct download and check if it helps.

      Reply
  21. algawi says:
    June 11, 2017 at 20:40

    I get “input out of range” when trying to retrieve the key.

    has anyone seen something like that ?

    Reply
  22. Nomad says:
    September 26, 2017 at 13:30

    Hey,
    i’ve got the problem that the “dlSelect*” value is only available for the first downloadable item (dlSelect1), but there is no attribute “dlSelect2”. I’ve already tried using the dlSelect1 value or trying to get the decryption key for the first download with the appropriate “oiop”, “oiopu” and “fileID” values but that didn’t work either. I get to see a SystemError page. Do you have any suggestions on how to fix that issue?

    Reply
    1. v3l0c1r4pt0r says:
      October 10, 2017 at 18:21

      Sorry for answering so late, your comment landed in my SPAM folder somehow.

      Could you give me the name of the product, on which you have that problem. I still should have access to Imagine, so maybe I will be able to help. But some time ago Microsoft was tampering with SDM stuff, so maybe my method is not needed at all?

      Reply
  23. Cysioland says:
    December 10, 2017 at 15:02

    As people above say, your method doesn’t work anymore.

    Reply
    1. v3l0c1r4pt0r says:
      December 11, 2017 at 18:42

      Yup, I’ve seen some changes about a year ago, but then they were made only to newly uploaded content. If nothing changed since that time there still should be plenty of older stuff that requires my application.

      Unfortunately, I don’t have access to Imagine anymore, so I will be unable to verify if it is useless globally or only for most of the products. I’m adding notice to the article, so anyone can see at the beginning that it might not be the thing they are looking for.

      Reply
  24. SebM says:
    January 19, 2018 at 00:12

    Hi,
    My question might be stupid but never mind :
    Is [SDXdomain] the fqdn of the URL of the SDC file or the fqdn of the URL of the SDX file ?

    Reply

Leave a Reply to algawi Cancel reply

Your email address will not be published. Required fields are marked *

Tags

Android assembly busybox C CAN can-hacking cc-factory cmake compiler docker Dreamspark electronics English gcc hacking hardware JavaCard JCOP kernel KiCAD library Linux PC PCB pinout PKI polski programming Python radio Raspberry Pi Reverse Engineering RTL-SDR SDC SDM SDR smart card software tor tty UART UEFi Windows X.509 Xperia Pro

Recent Posts

  • PHP build for use bundled in Android applications
  • Running graphical apps inside Docker containers
  • Plugin architecture demo for Python projects
  • Authorizing adb connections from Android command line (and making other service calls from cli)
  • How to recover torrent from rtorrent meta files

Recent Comments

  • John Patel on Authorizing adb connections from Android command line (and making other service calls from cli)
  • pomi on Playing with GF-07 GPS device
  • pomi on Playing with GF-07 GPS device
  • Hamdy Abumgata on Playing with GF-07 GPS device
  • Mousum Gogoi on Playing with GF-07 GPS device

Categories

  • News
  • Random
  • Reversing LKV373A
  • Setting up new v3 Hidden Service with ultimate security
  • Tutorials
  • Uncategorized
  • Understanding JCOP

Links

  • Me @ github
  • LKV373A Wiki
  • DevTomek

Archives

  • December 2024
  • November 2024
  • May 2024
  • July 2023
  • October 2022
  • August 2022
  • July 2021
  • June 2021
  • May 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • February 2019
  • November 2018
  • October 2018
  • June 2018
  • May 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress | Theme: micro, developed by DevriX.