Add Windows 10 20H1 19041.264 builds

* Also enable going back on error

.whitesource

@@ -0,0 +1,8 @@
+{
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure"
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW"
+  }
+}

Fido.ps1

@@ -1,6 +1,6 @@
 #
-# Fido v1.11 - Retail Windows ISO Downloader
-# Copyright © 2019 Pete Batard <pete@akeo.ie>
+# Fido v1.16 - Retail Windows ISO Downloader
+# Copyright © 2019-2020 Pete Batard <pete@akeo.ie>
 # ConvertTo-ImageSource: Copyright © 2016 Chris Carter
 #
 # This program is free software: you can redistribute it and/or modify
@@ -75,6 +75,30 @@ $ko = 0x20000
 $WindowsVersions = @(
 	@(
 		@("Windows 10", "Windows10ISO"),
+		@(
+			"20H1 (Build 19041.264 - 2020.05)",
+			@("Windows 10 Home/Pro", 1626),
+			@("Windows 10 Education", 1625),
+			@("Windows 10 Home China ", ($zh + 1627))
+		),
+		@(
+			"19H2 (Build 18363.418 - 2019.11)",
+			@("Windows 10 Home/Pro", 1429),
+			@("Windows 10 Education", 1431),
+			@("Windows 10 Home China ", ($zh + 1430))
+		),
+		@(
+			"19H1 (Build 18362.356 - 2019.09)",
+			@("Windows 10 Home/Pro", 1384),
+			@("Windows 10 Education", 1386),
+			@("Windows 10 Home China ", ($zh + 1385))
+		),
+		@(
+			"19H1 (Build 18362.30 - 2019.05)",
+			@("Windows 10 Home/Pro", 1214),
+			@("Windows 10 Education", 1216),
+			@("Windows 10 Home China ", ($zh + 1215))
+		),
 		@(
 			"1809 R2 (Build 17763.107 - 2018.10)",
 			@("Windows 10 Home/Pro", 1060),
@@ -110,7 +134,7 @@ $WindowsVersions = @(
 			@("Windows 10 Home China", ($zh + 364))
 		),
 		@(
-			"1607 [Redstone 1] (Build 14393.0 - 2017.07)",
+			"1607 [Redstone 1] (Build 14393.0 - 2016.07)",
 			@("Windows 10 Home/Pro", 244),
 			@("Windows 10 Home/Pro N", 245),
 			@("Windows 10 Single Language", 246),
@@ -192,10 +216,10 @@ function Select-Language([string]$LangName)
 		($SysLocale.StartsWith("da") -and $LangName -like "*Danish*") -or `
 		($SysLocale.StartsWith("nl") -and $LangName -like "*Dutch*") -or `
 		($SysLocale -eq "en-US" -and $LangName -eq "English") -or `
-		($SysLocale.StartsWith("en") -and $LangName -like "*English*" -and $LangName -like "*inter*") -or `
+		($SysLocale.StartsWith("en") -and $LangName -like "*English*" -and ($LangName -like "*inter*" -or $LangName -like "*ingdom*")) -or `
 		($SysLocale.StartsWith("et") -and $LangName -like "*Eston*") -or `
 		($SysLocale.StartsWith("fi") -and $LangName -like "*Finn*") -or `
-		($SysLocale -eq "fr-CA"  -and $LangName -like "*French*" -and $LangName -like "*Canad*") -or `
+		($SysLocale -eq "fr-CA" -and $LangName -like "*French*" -and $LangName -like "*Canad*") -or `
 		($SysLocale.StartsWith("fr") -and $LangName -eq "French") -or `
 		($SysLocale.StartsWith("de") -and $LangName -like "*German*") -or `
 		($SysLocale.StartsWith("el") -and $LangName -like "*Greek*") -or `
@@ -367,12 +391,9 @@ function Error([string]$ErrorMessage)
 	Write-Host Error: $ErrorMessage
 	$XMLForm.Title = $(Get-Translation("Error")) + ": " + $ErrorMessage
 	Refresh-Control($XMLForm)
-	$Continue.Content = Get-Translation("Close")
-	Refresh-Control($Continue)
+	$XMLGrid.Children[2 * $script:Stage + 1].IsEnabled = $True
 	$UserInput = [System.Windows.MessageBox]::Show($XMLForm.Title,  $(Get-Translation("Error")), "OK", "Error")
-	$script:ExitCode = $Stage
-	$script:Stage = -1
-	$Continue.IsEnabled = $True
+	$script:ExitCode = $script:Stage--
 }
 
 function Get-RandomDate()
@@ -490,11 +511,7 @@ $WindowsVersion.DisplayMemberPath = "Version"
 
 # Button Action
 $Continue.add_click({
-	if ($script:Stage++ -lt 0) {
-		Get-Process -Id $pid | Foreach-Object { $_.CloseMainWindow() | Out-Null }
-		return
-	}
-
+	$script:Stage++
 	$XMLGrid.Children[2 * $Stage + 1].IsEnabled = $False
 	$Continue.IsEnabled = $False
 	$Back.IsEnabled = $False
@@ -584,7 +601,7 @@ $Continue.add_click({
 				}
 			} catch {
 				Error($_.Exception.Message)
-				return
+				break
 			}
 			$script:Language = Add-Entry $Stage "Language" $array "DisplayLanguage"
 			$Language.SelectedIndex = $SelectedIndex
@@ -619,6 +636,7 @@ $Continue.add_click({
 				$html = $html.Replace("class=product-download-hidden", "")
 				$html = $html.Replace("type=hidden", "")
 				$html = $html.Replace(">", "/>")
+				$html = $html.Replace("&nbsp;", " ")
 				$html = $html.Replace("IsoX86", """x86""")
 				$html = $html.Replace("IsoX64", """x64""")
 				$html = "<inputs>" + $html + "</inputs>"
@@ -634,11 +652,11 @@ $Continue.add_click({
 					}
 				}
 				if ($array.Length -eq 0) {
-					Throw-Error -Req $r -Alt "Could not retreive ISO download links"
+					Throw-Error -Req $r -Alt "Could not retrieve ISO download links"
 				}
 			} catch {
 				Error($_.Exception.Message)
-				return
+				break
 			}
 
 			$script:Arch = Add-Entry $Stage "Architecture" $array "Type"
@@ -675,7 +693,7 @@ $Continue.add_click({
 	}
 	$Continue.IsEnabled = $True
 	if ($Stage -ge 0) {
-		$Back.IsEnabled = $True;
+		$Back.IsEnabled = $True
 	}
 })
 
@@ -699,10 +717,12 @@ $Back.add_click({
 		$Margin.Top -= $dh2
 		$Back.Margin = $Margin
 		$script:Stage = $Stage - 1
+		$XMLForm.Title = $AppTitle
 		if ($Stage -eq 0) {
 			$Back.Content = Get-Translation("Close")
-		} elseif ($Stage -eq 3) {
+		} else {
 			$Continue.Content = Get-Translation("Continue")
+			Refresh-Control($Continue)
 		}
 	}
 })

README.md

@@ -7,26 +7,32 @@ Fido: Full ISO Download Script (for Windows retail ISOs)
 Description
 -----------
 
-Fido is a PowerShell script that is primarily designed to be used in [Rufus](https://github.com/pbatard/rufus) but that
-can also be used in standalone fashion, and that automates access to the official Windows retail ISO download links.
+Fido is a PowerShell script that is primarily designed to be used in [Rufus](https://github.com/pbatard/rufus), but that
+can also be used in standalone fashion, and whose purpose is to automate access to the official Microsoft Windows retail
+ISO download links.
 
-We decided to create this script because, while Microsoft does make retail ISO download links freely and publicly
-available on their website (at least for Windows 8 and Windows 10), it only does so after actively forcing users to
-jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly,
-consumer experience, which greatly detracts from what people really want (direct access to ISO downloads).
+This script exists because, while Microsoft does make retail ISO download links freely and publicly available (at least
+for Windows 8 and Windows 10), it only does so after actively forcing users to jump through a lot of unwarranted hoops,
+that create an exceedingly counterproductive, if not downright unfriendly, consumer experience and that greatly detract
+from what people really want (direct access to ISO downloads).
 
-As to the reason one might want to download Windows __retail__ ISOs, as opposed to the ISOs that can be generated by
-Microsoft's own Media Creation Tool (MCT), this is because it is only with an official retail ISO that one can assert
-with complete certainty whether its content has been altered in any way or not. Indeed, retail Microsoft's ISOs are the
-only ones you will be able to obtain an official SHA-1 for (from sites [such as this one](https://msdn.rg-adguard.net/public.php))
-allowing you to be 100% certain that the image you are using is non corrupted and safe to use.
+As to the reason one might want to download Windows __retail__ ISOs, as opposed to the ISOs that are generated by
+Microsoft's own Media Creation Tool (MCT), this is because using official retail ISOs is currently the only way to
+assert with absolute certainty that the OS content has not been altered. Indeed, because there only exists a single
+master for each of them, Microsoft retail ISOs are the only ones you can obtain an official SHA-1 for (from MSDN, if you
+have access to it, or from sites [such as this one](https://msdn.rg-adguard.net/public.php)) allowing you to be 100%
+sure that the image you are using has not been corrupted and is safe to use.
 
-This, in turn, offers assurance that the content __YOU__ are using to install your OS, and which it is indeed critical
-to validate beforehand if you care about security, does matches bit for bit the one that Microsoft officially released.
+This, in turn, offers assurance that the content __YOU__ are using to install your OS, which it is indeed critical to
+validate beforehand if you have the slightest concern about security, does match, bit for bit, the one that Microsoft
+released.
 
-On the other hand, because no two MCT ISOs are the same (due to MCT always regenerating the ISO content on the fly)
-it is impossible to get the same kind of assurance from non-retail ISOs. Hence the need to provide users with a much
-easier and less restrictive way to access official retail ISOs...
+On the other hand, regardless of the manner in which Microsoft's Media Creation Tool produces its content, because no
+two MCT ISOs are ever the same (due to MCT always regenerating the ISO content on the fly) it is currently impossible to
+validate with absolute certainty whether any ISO that was generated by the MCT is safe to use. Especially, unlike what
+is the case for retail ISOs, it is impossible to tell whether an MCT ISO may have been corrupted after generation.
+
+Hence the need to provide users with a much easier and less restrictive way to access official retail ISOs...
 
 License
 -------
@@ -36,7 +42,7 @@ License
 How it works
 ------------
 
-The script basically performs the same operation as one might perform when visiting either of the following ULRs (that
+The script basically performs the same operation as one might perform when visiting either of the following URLs (that
 is, provided that you have also changed your `User-Agent` browser string, since, when they detect that you are using a
 version of Windows that is the same as the one you are trying to download, the Microsoft web servers at these addresses
 redirect you __away__ from the pages that allow you to download retail ISOs):
@@ -45,31 +51,31 @@ redirect you __away__ from the pages that allow you to download retail ISOs):
 * https://www.microsoft.com/software-download/Windows10ISO
 
 After visiting those with a full browser (Internet Explorer, running through the `Invoke-WebRequest` PowerShell Cmdlet),
-to confirm that they are accessible queries web APIs on the Microsoft servers to first request the language selection
-available for the for the version of Windows that was selected, and then the download links for the various architecture
-enabled for that version + language combination.
+to confirm that they are accessible, the script then queries the web API from the Microsoft servers to first request the
+language selection available for the version of Windows selected by the user, and then request the actual download links
+for all the architectures available for that specific combination of version + language.
 
 Requirements
 ------------
 
-PowerShell 3.0 or later is required. But the script does detect if you are using an older version and points you to the
-relevant PowerShell 3.0 download page if needed, which should only be the case if you are running a vanilla version of
-Windows 7.
+PowerShell 3.0 or later is required. However the script will detect if you are using an older version and point you to
+the relevant PowerShell 3.0 download page if needed (which should only ever occur if you are running a vanilla version
+of Windows 7).
 
-Also, because Internet Explorer is being used behind the scenes, if you haven't gone through the first time setup for
-Internet Explorer, you may receive an error about it when running the script. If that is the case, then you need to
+Also, because Internet Explorer is being invoked behind the scenes, if you haven't gone through the first time setup for
+Internet Explorer, you may receive an error about this when running the script. If that is the case, then you should
 make sure that you manually launch IE at least once and complete the setup.
 
-Note that, if running this script elevated, this annoyance can be avoided by using the `-DisableFirstRunCustomize`
-option (which basically __temporarily__ creates the key of the same name in the registry __if__ it doesn't already
-exist, to bypass that behaviour).
+Note however that, if you are running the script elevated, you can work around the above annoyance by using the
+`-DisableFirstRunCustomize` option which basically __temporarily__ creates a key of the same name in the registry __if__
+it doesn't already exist, to bypass the first time setup error.
 
 Additional Notes
 ----------------
 
-Because of it's intended usage with Rufus, this script is not designed to cover all possible retail ISO downloads, but
-mostly those that the general public are likely to use. For instance, we currently have no plan to add support for
-LTSB/LTSC Windows 10 ISOs downloads.
+Because of its intended usage with Rufus, this script is not designed to cover every possible retail ISO downloads.
+Instead we mostly chose the ones that the general public is likely to request. For instance, we currently have no plan
+to add support for LTSB/LTSC Windows 10 ISOs downloads.
 
-If you are interested in such downloads, you are kindly invited to visit the relevant download pages from Microsoft
-such as [this one](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) for LTSC versions.
+If you are interested in such downloads, then you are kindly invited to visit the relevant download pages from Microsoft
+such as [this one](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) for LTSC versions.

sign.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# This script creates the RSA-2048 signatures for our downloadable content
+# Creates an LZMA compressed Fido.ps1 (including decompressed size) and sign it
 
 PRIVATE_KEY=/d/Secured/Akeo/Rufus/private.pem
 PUBLIC_KEY=/d/Secured/Akeo/Rufus/public.pem
@@ -25,6 +25,10 @@ echo
 # Confirm that the pass phrase is valid by trying to sign a dummy file
 openssl dgst -sha256 -sign $PRIVATE_KEY -passin pass:$PASSWORD $PUBLIC_KEY >/dev/null 2>&1 || { echo Invalid pass phrase; exit 1; }
 
-find . -maxdepth 1 -name "*.ps1" | while read FILE; do sign_file; done
+lzma -kf Fido.ps1
+# The 'lzma' utility does not add the uncompressed size, so we must add it manually. And yes, this whole
+# gymkhana is what one must actually go through to insert a 64-bit little endian size into a binary file...
+printf "00: %016X" `stat -c "%s" Fido.ps1` | xxd -r | xxd -p -c1 | tac | xxd -p -r | dd of=Fido.ps1.lzma seek=5 bs=1 status=none conv=notrunc
+find . -maxdepth 1 -name "Fido.ps1.lzma" | while read FILE; do sign_file; done
 # Clear the PASSWORD variable just in case
 PASSWORD=`head -c 50 /dev/random | base64`