mirror of
https://github.com/pbatard/Fido.git
synced 2025-09-16 14:18:02 +02:00
Use our GUID for the session-id and remove the need for initial JS execution
* Credits go to whatever127 for the suggestion * Also ensure that the "Please wait..." message displays for all server queries * Closes #6
This commit is contained in:
Pete Batard
38
README.md
38
README.md
@@ -11,8 +11,8 @@ Fido is a PowerShell script that is primarily designed to be used in [Rufus](htt
|
||||
can also be used in standalone fashion, and that automates access to the official Windows retail ISO download links.
|
||||
|
||||
We decided to create this script because, while Microsoft does make retail ISO download links freely and publicly
|
||||
available on their website (at least for Windows 8 and Windows 10), it only does so after actively forcing users to jump
|
||||
through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly,
|
||||
available on their website (at least for Windows 8 and Windows 10), it only does so after actively forcing users to
|
||||
jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly,
|
||||
consumer experience, which greatly detracts from what people really want (direct access to ISO downloads).
|
||||
|
||||
As to the reason one might want to download Windows __retail__ ISOs, as opposed to the ISOs that can be generated by
|
||||
@@ -44,14 +44,10 @@ redirect you __away__ from the pages that allow you to download retail ISOs):
|
||||
* https://www.microsoft.com/software-download/Windows8ISO
|
||||
* https://www.microsoft.com/software-download/Windows10ISO
|
||||
|
||||
From visiting those with a full browser (Internet Explorer, running through the `Invoke-WebRequest` PowerShell Cmdlet),
|
||||
the script then obtains a `session-id` which it can then use to query web APIs on the Microsoft servers to first request
|
||||
the language selection available for the for the version of Windows that was selected, and then the download links for
|
||||
the various architecture enabled for that version + language combination.
|
||||
|
||||
As to why a full browser is required, the reason behind that is that the JavaScript from the Microsoft pages does need
|
||||
to execute before we can access the `session-id`, and PowerShell + `Invoke-WebRequest` is the most flexible, universal
|
||||
and lightweight way to get that to run, without having to install a bunch of non-native dependencies.
|
||||
After visiting those with a full browser (Internet Explorer, running through the `Invoke-WebRequest` PowerShell Cmdlet),
|
||||
to confirm that they are accessible queries web APIs on the Microsoft servers to first request the language selection
|
||||
available for the for the version of Windows that was selected, and then the download links for the various architecture
|
||||
enabled for that version + language combination.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
@@ -67,25 +63,3 @@ make sure that you manually launch IE at least once and complete the setup.
|
||||
Note that, if running this script elevated, this annoyance can be avoided by using the `-DisableFirstRunCustomize`
|
||||
option (which basically __temporarily__ creates the key of the same name in the registry __if__ it doesn't already
|
||||
exist, to bypass that behaviour).
|
||||
|
||||
Additional information
|
||||
----------------------
|
||||
|
||||
As mentioned earlier, because we need to execute JavaScript (to obtain a `session-id`), "dumb" calls cannot be used
|
||||
to query the Microsoft servers. This is why we can't use `-UseBasicParsing` with `Invoke-WebRequest` as this option
|
||||
would remove all JavaScript execution.
|
||||
|
||||
Also, because we are really using IE behind the scenes, the PowerShell script does create a few of Windows Security
|
||||
Alerts regarding the creation of cookies, which you may see flash. And since it is not possible to tell
|
||||
`Invoke-WebRequest` to accept or refuse cookies altogether, we must run a second process in the background that
|
||||
detects and close these alerts automatically.
|
||||
|
||||
Finally, you should be mindful that, since Microsoft __really__ does not appear to like having legitimate customers
|
||||
trying to download their retail ISOs, they are using deep fingerprinting technology to prevent repeat downloads...
|
||||
As such, if you request a few too many downloads (3 or 4 in the space of an hour or so), you may get a message about
|
||||
being temporarily banned. This temporary ban is usually reset within 12-24 hours (or, if you're lucky, it might also
|
||||
be reset if you switch IP). __However__ you do want to be cautious about triggering this ban a few too many times,
|
||||
as it appears that Microsoft are using the JavaScript to uniquely fingerprint a specific browser-engine + machine
|
||||
combination (and, as far as I can tell, this fingerprinting is based on more than cookies + cache data + User-Agent +
|
||||
IP/MAC address) and if they detect that you have triggered the temporary ban to many times with the script, they
|
||||
may enact a permanent ban)... You have been warned!
|
||||
|
||||
Reference in New Issue
Block a user