Add Windows 10 21H1 19043.985 builds

* https://support.microsoft.com/en-us/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11

.whitesource

@@ -0,0 +1,8 @@
+{
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure"
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW"
+  }
+}

Fido.ps1

@@ -1,6 +1,6 @@
 #
-# Fido v1.11 - Retail Windows ISO Downloader
-# Copyright © 2019 Pete Batard <pete@akeo.ie>
+# Fido v1.19 - Retail Windows ISO Downloader
+# Copyright © 2019-2021 Pete Batard <pete@akeo.ie>
 # ConvertTo-ImageSource: Copyright © 2016 Chris Carter
 #
 # This program is free software: you can redistribute it and/or modify
@@ -30,11 +30,7 @@ param(
 	[string]$Icon,
 	# (Optional) Name of a pipe the download URL should be sent to.
 	# If not provided, a browser window is opened instead.
-	[string]$PipeName,
-	# (Optional) Disable IE First Run Customize so that Invoke-WebRequest
-	# doesn't throw an exception if the user has never launched IE.
-	# Note that this requires the script to run elevated.
-	[switch]$DisableFirstRunCustomize
+	[string]$PipeName
 )
 #endregion
 
@@ -63,7 +59,11 @@ $code = @"
 	}
 "@
 
-Add-Type -MemberDefinition $code -Namespace Gui -UsingNamespace "System.IO", "System.Text", "System.Drawing", "System.Globalization" -ReferencedAssemblies System.Drawing -Name Utils -ErrorAction Stop
+if ($host.version -ge "7.0") {
+  Add-Type -WarningAction Ignore -IgnoreWarnings -MemberDefinition $code -Namespace Gui -UsingNamespace System.Runtime, System.IO, System.Text, System.Drawing, System.Globalization -ReferencedAssemblies System.Drawing.Common -Name Utils -ErrorAction Stop
+} else {
+  Add-Type -MemberDefinition $code -Namespace Gui -UsingNamespace System.IO, System.Text, System.Drawing, System.Globalization -ReferencedAssemblies System.Drawing -Name Utils -ErrorAction Stop
+}
 Add-Type -AssemblyName PresentationFramework
 # Hide the powershell window: https://stackoverflow.com/a/27992426/1069307
 [Gui.Utils]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0) | Out-Null
@@ -75,6 +75,48 @@ $ko = 0x20000
 $WindowsVersions = @(
 	@(
 		@("Windows 10", "Windows10ISO"),
+		@(
+			"21H1 (Build 19043.985 - 2021.05)",
+			@("Windows 10 Home/Pro", 2033),
+			@("Windows 10 Education", 2032),
+			@("Windows 10 Home China ", ($zh + 2034))
+		),
+		@(
+			"20H2 (Build 19042.631 - 2020.12)",
+			@("Windows 10 Home/Pro", 1882),
+			@("Windows 10 Education", 1884),
+			@("Windows 10 Home China ", ($zh + 1883))
+		),
+		@(
+			"20H2 (Build 19042.508 - 2020.10)",
+			@("Windows 10 Home/Pro", 1807),
+			@("Windows 10 Education", 1805),
+			@("Windows 10 Home China ", ($zh + 1806))
+		),
+		@(
+			"20H1 (Build 19041.264 - 2020.05)",
+			@("Windows 10 Home/Pro", 1626),
+			@("Windows 10 Education", 1625),
+			@("Windows 10 Home China ", ($zh + 1627))
+		),
+		@(
+			"19H2 (Build 18363.418 - 2019.11)",
+			@("Windows 10 Home/Pro", 1429),
+			@("Windows 10 Education", 1431),
+			@("Windows 10 Home China ", ($zh + 1430))
+		),
+		@(
+			"19H1 (Build 18362.356 - 2019.09)",
+			@("Windows 10 Home/Pro", 1384),
+			@("Windows 10 Education", 1386),
+			@("Windows 10 Home China ", ($zh + 1385))
+		),
+		@(
+			"19H1 (Build 18362.30 - 2019.05)",
+			@("Windows 10 Home/Pro", 1214),
+			@("Windows 10 Education", 1216),
+			@("Windows 10 Home China ", ($zh + 1215))
+		),
 		@(
 			"1809 R2 (Build 17763.107 - 2018.10)",
 			@("Windows 10 Home/Pro", 1060),
@@ -110,7 +152,7 @@ $WindowsVersions = @(
 			@("Windows 10 Home China", ($zh + 364))
 		),
 		@(
-			"1607 [Redstone 1] (Build 14393.0 - 2017.07)",
+			"1607 [Redstone 1] (Build 14393.0 - 2016.07)",
 			@("Windows 10 Home/Pro", 244),
 			@("Windows 10 Home/Pro N", 245),
 			@("Windows 10 Single Language", 246),
@@ -192,10 +234,10 @@ function Select-Language([string]$LangName)
 		($SysLocale.StartsWith("da") -and $LangName -like "*Danish*") -or `
 		($SysLocale.StartsWith("nl") -and $LangName -like "*Dutch*") -or `
 		($SysLocale -eq "en-US" -and $LangName -eq "English") -or `
-		($SysLocale.StartsWith("en") -and $LangName -like "*English*" -and $LangName -like "*inter*") -or `
+		($SysLocale.StartsWith("en") -and $LangName -like "*English*" -and ($LangName -like "*inter*" -or $LangName -like "*ingdom*")) -or `
 		($SysLocale.StartsWith("et") -and $LangName -like "*Eston*") -or `
 		($SysLocale.StartsWith("fi") -and $LangName -like "*Finn*") -or `
-		($SysLocale -eq "fr-CA"  -and $LangName -like "*French*" -and $LangName -like "*Canad*") -or `
+		($SysLocale -eq "fr-CA" -and $LangName -like "*French*" -and $LangName -like "*Canad*") -or `
 		($SysLocale.StartsWith("fr") -and $LangName -eq "French") -or `
 		($SysLocale.StartsWith("de") -and $LangName -like "*German*") -or `
 		($SysLocale.StartsWith("el") -and $LangName -like "*Greek*") -or `
@@ -367,12 +409,9 @@ function Error([string]$ErrorMessage)
 	Write-Host Error: $ErrorMessage
 	$XMLForm.Title = $(Get-Translation("Error")) + ": " + $ErrorMessage
 	Refresh-Control($XMLForm)
-	$Continue.Content = Get-Translation("Close")
-	Refresh-Control($Continue)
+	$XMLGrid.Children[2 * $script:Stage + 1].IsEnabled = $True
 	$UserInput = [System.Windows.MessageBox]::Show($XMLForm.Title,  $(Get-Translation("Error")), "OK", "Error")
-	$script:ExitCode = $Stage
-	$script:Stage = -1
-	$Continue.IsEnabled = $True
+	$script:ExitCode = $script:Stage--
 }
 
 function Get-RandomDate()
@@ -410,14 +449,11 @@ $MaxStage = 4
 $SessionId = [guid]::NewGuid()
 $ExitCode = 100
 $Locale = "en-US"
-$DFRCKey = "HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\"
-$DFRCName = "DisableFirstRunCustomize"
-$DFRCAdded = $False
 $RequestData = @{}
 $RequestData["GetLangs"] = @("a8f8f489-4c7f-463a-9ca6-5cff94d8d041", "getskuinformationbyproductedition" )
 $RequestData["GetLinks"] = @("cfa9e580-a81e-4a4b-a846-7b21bf4e2e5b", "GetProductDownloadLinksBySku" )
 # Create a semi-random Linux User-Agent string
-$FirefoxVersion = Get-Random -Minimum 30 -Maximum 60
+$FirefoxVersion = Get-Random -Minimum 50 -Maximum 90
 $FirefoxDate = Get-RandomDate
 $UserAgent = "Mozilla/5.0 (X11; Linux i586; rv:$FirefoxVersion.0) Gecko/$FirefoxDate Firefox/$FirefoxVersion.0"
 #endregion
@@ -448,20 +484,6 @@ if ($PSVersionTable.PSVersion.Major -lt 3) {
 	exit 102
 }
 
-# If asked, disable IE's first run customize prompt as it interferes with Invoke-WebRequest
-if ($DisableFirstRunCustomize) {
-	try {
-		# Only create the key if it doesn't already exist
-		Get-ItemProperty -Path $DFRCKey -Name $DFRCName
-	} catch {
-		if (-not (Test-Path $DFRCKey)) {
-			New-Item -Path $DFRCKey -Force | Out-Null
-		}
-		Set-ItemProperty -Path $DFRCKey -Name $DFRCName -Value 1
-		$DFRCAdded = $True
-	}
-}
-
 # Form creation
 $XMLForm = [Windows.Markup.XamlReader]::Load((New-Object System.Xml.XmlNodeReader $XAML))
 $XAML.SelectNodes("//*[@Name]") | ForEach-Object { Set-Variable -Name ($_.Name) -Value $XMLForm.FindName($_.Name) -Scope Script }
@@ -490,11 +512,7 @@ $WindowsVersion.DisplayMemberPath = "Version"
 
 # Button Action
 $Continue.add_click({
-	if ($script:Stage++ -lt 0) {
-		Get-Process -Id $pid | Foreach-Object { $_.CloseMainWindow() | Out-Null }
-		return
-	}
-
+	$script:Stage++
 	$XMLGrid.Children[2 * $Stage + 1].IsEnabled = $False
 	$Continue.IsEnabled = $False
 	$Back.IsEnabled = $False
@@ -559,14 +577,11 @@ $Continue.add_click({
 			$i = 0
 			$SelectedIndex = 0
 			try {
-				$r = Invoke-WebRequest -UserAgent $UserAgent -WebSession $Session $url
+				$r = Invoke-WebRequest -UseBasicParsing -UserAgent $UserAgent -SessionVariable "Session" $url
+				$pattern = '(?s)<select id="product-languages">(.*)?</select>'
+				$html = [regex]::Match($r, $pattern).Groups[1].Value
 				# Go through an XML conversion to keep all PowerShells happy...
-				if (-not $($r.AllElements | ? {$_.id -eq "product-languages"})) {
-					throw "Unexpected server response"
-				}
-				$html = $($r.AllElements | ? {$_.id -eq "product-languages"}).InnerHTML
 				$html = $html.Replace("selected value", "value")
-				$html = $html.Replace("&", "&amp;")
 				$html = "<options>" + $html + "</options>"
 				$xml = [xml]$html
 				foreach ($var in $xml.options.option) {
@@ -584,7 +599,7 @@ $Continue.add_click({
 				}
 			} catch {
 				Error($_.Exception.Message)
-				return
+				break
 			}
 			$script:Language = Add-Entry $Stage "Language" $array "DisplayLanguage"
 			$Language.SelectedIndex = $SelectedIndex
@@ -610,17 +625,15 @@ $Continue.add_click({
 			$array = @()
 			try {
 				$Is64 = [Environment]::Is64BitOperatingSystem
-				$r = Invoke-WebRequest -UserAgent $UserAgent -WebSession $Session $url
-				if (-not $($r.AllElements | ? {$_.id -eq "expiration-time"})) {
-					Throw-Error -Req $r -Alt Get-Translation($English[14])
-				}
-				$html = $($r.AllElements | ? {$_.tagname -eq "input"}).outerHTML
+				$r = Invoke-WebRequest -UseBasicParsing -UserAgent $UserAgent -WebSession $Session $url
+				$pattern = '(?s)(<input.*?/>)'
+				ForEach-Object { [regex]::Matches($r, $pattern) } | ForEach-Object { $html += $_.Groups[1].value }
 				# Need to fix the HTML and JSON data so that it is well-formed
 				$html = $html.Replace("class=product-download-hidden", "")
 				$html = $html.Replace("type=hidden", "")
-				$html = $html.Replace(">", "/>")
-				$html = $html.Replace("IsoX86", """x86""")
-				$html = $html.Replace("IsoX64", """x64""")
+				$html = $html.Replace("&nbsp;", " ")
+				$html = $html.Replace("IsoX86", "&quot;x86&quot;")
+				$html = $html.Replace("IsoX64", "&quot;x64&quot;")
 				$html = "<inputs>" + $html + "</inputs>"
 				$xml = [xml]$html
 				foreach ($var in $xml.inputs.input) {
@@ -634,11 +647,11 @@ $Continue.add_click({
 					}
 				}
 				if ($array.Length -eq 0) {
-					Throw-Error -Req $r -Alt "Could not retreive ISO download links"
+					Throw-Error -Req $r -Alt "Could not retrieve ISO download links"
 				}
 			} catch {
 				Error($_.Exception.Message)
-				return
+				break
 			}
 
 			$script:Arch = Add-Entry $Stage "Architecture" $array "Type"
@@ -675,7 +688,7 @@ $Continue.add_click({
 	}
 	$Continue.IsEnabled = $True
 	if ($Stage -ge 0) {
-		$Back.IsEnabled = $True;
+		$Back.IsEnabled = $True
 	}
 })
 
@@ -699,10 +712,12 @@ $Back.add_click({
 		$Margin.Top -= $dh2
 		$Back.Margin = $Margin
 		$script:Stage = $Stage - 1
+		$XMLForm.Title = $AppTitle
 		if ($Stage -eq 0) {
 			$Back.Content = Get-Translation("Close")
-		} elseif ($Stage -eq 3) {
+		} else {
 			$Continue.Content = Get-Translation("Continue")
+			Refresh-Control($Continue)
 		}
 	}
 })
@@ -712,7 +727,4 @@ $XMLForm.Add_Loaded( { $XMLForm.Activate() } )
 $XMLForm.ShowDialog() | Out-Null
 
 # Clean up & exit
-if ($DFRCAdded) {
-	Remove-ItemProperty -Path $DFRCKey -Name $DFRCName
-}
 exit $ExitCode

README.md

@@ -7,26 +7,32 @@ Fido: Full ISO Download Script (for Windows retail ISOs)
 Description
 -----------
 
-Fido is a PowerShell script that is primarily designed to be used in [Rufus](https://github.com/pbatard/rufus) but that
-can also be used in standalone fashion, and that automates access to the official Windows retail ISO download links.
+Fido is a PowerShell script that is primarily designed to be used in [Rufus](https://github.com/pbatard/rufus), but that
+can also be used in standalone fashion, and whose purpose is to automate access to the official Microsoft Windows retail
+ISO download links.
 
-We decided to create this script because, while Microsoft does make retail ISO download links freely and publicly
-available on their website (at least for Windows 8 and Windows 10), it only does so after actively forcing users to
-jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly,
-consumer experience, which greatly detracts from what people really want (direct access to ISO downloads).
+This script exists because, while Microsoft does make retail ISO download links freely and publicly available (at least
+for Windows 8 and Windows 10), it only does so after actively forcing users to jump through a lot of unwarranted hoops,
+that create an exceedingly counterproductive, if not downright unfriendly, consumer experience and that greatly detract
+from what people really want (direct access to ISO downloads).
 
-As to the reason one might want to download Windows __retail__ ISOs, as opposed to the ISOs that can be generated by
-Microsoft's own Media Creation Tool (MCT), this is because it is only with an official retail ISO that one can assert
-with complete certainty whether its content has been altered in any way or not. Indeed, retail Microsoft's ISOs are the
-only ones you will be able to obtain an official SHA-1 for (from sites [such as this one](https://msdn.rg-adguard.net/public.php))
-allowing you to be 100% certain that the image you are using is non corrupted and safe to use.
+As to the reason one might want to download Windows __retail__ ISOs, as opposed to the ISOs that are generated by
+Microsoft's own Media Creation Tool (MCT), this is because using official retail ISOs is currently the only way to
+assert with absolute certainty that the OS content has not been altered. Indeed, because there only exists a single
+master for each of them, Microsoft retail ISOs are the only ones you can obtain an official SHA-1 for (from MSDN, if you
+have access to it, or from sites [such as this one](https://msdn.rg-adguard.net/public.php)) allowing you to be 100%
+sure that the image you are using has not been corrupted and is safe to use.
 
-This, in turn, offers assurance that the content __YOU__ are using to install your OS, and which it is indeed critical
-to validate beforehand if you care about security, does matches bit for bit the one that Microsoft officially released.
+This, in turn, offers assurance that the content __YOU__ are using to install your OS, which it is indeed critical to
+validate beforehand if you have the slightest concern about security, does match, bit for bit, the one that Microsoft
+released.
 
-On the other hand, because no two MCT ISOs are the same (due to MCT always regenerating the ISO content on the fly)
-it is impossible to get the same kind of assurance from non-retail ISOs. Hence the need to provide users with a much
-easier and less restrictive way to access official retail ISOs...
+On the other hand, regardless of the manner in which Microsoft's Media Creation Tool produces its content, because no
+two MCT ISOs are ever the same (due to MCT always regenerating the ISO content on the fly) it is currently impossible to
+validate with absolute certainty whether any ISO that was generated by the MCT is safe to use. Especially, unlike what
+is the case for retail ISOs, it is impossible to tell whether an MCT ISO may have been corrupted after generation.
+
+Hence the need to provide users with a much easier and less restrictive way to access official retail ISOs...
 
 License
 -------
@@ -36,7 +42,7 @@ License
 How it works
 ------------
 
-The script basically performs the same operation as one might perform when visiting either of the following ULRs (that
+The script basically performs the same operation as one might perform when visiting either of the following URLs (that
 is, provided that you have also changed your `User-Agent` browser string, since, when they detect that you are using a
 version of Windows that is the same as the one you are trying to download, the Microsoft web servers at these addresses
 redirect you __away__ from the pages that allow you to download retail ISOs):
@@ -45,31 +51,26 @@ redirect you __away__ from the pages that allow you to download retail ISOs):
 * https://www.microsoft.com/software-download/Windows10ISO
 
 After visiting those with a full browser (Internet Explorer, running through the `Invoke-WebRequest` PowerShell Cmdlet),
-to confirm that they are accessible queries web APIs on the Microsoft servers to first request the language selection
-available for the for the version of Windows that was selected, and then the download links for the various architecture
-enabled for that version + language combination.
+to confirm that they are accessible, the script then queries the web API from the Microsoft servers to first request the
+language selection available for the version of Windows selected by the user, and then request the actual download links
+for all the architectures available for that specific combination of version + language.
 
 Requirements
 ------------
 
-PowerShell 3.0 or later is required. But the script does detect if you are using an older version and points you to the
-relevant PowerShell 3.0 download page if needed, which should only be the case if you are running a vanilla version of
-Windows 7.
+PowerShell 3.0 or later is required. However the script should detect if you are using an older version and point you to
+the relevant PowerShell 3.0 download page if needed (which should only ever occur if you are running a vanilla version
+of Windows 7).
 
-Also, because Internet Explorer is being used behind the scenes, if you haven't gone through the first time setup for
-Internet Explorer, you may receive an error about it when running the script. If that is the case, then you need to
-make sure that you manually launch IE at least once and complete the setup.
-
-Note that, if running this script elevated, this annoyance can be avoided by using the `-DisableFirstRunCustomize`
-option (which basically __temporarily__ creates the key of the same name in the registry __if__ it doesn't already
-exist, to bypass that behaviour).
+Note that the current version of the script does not need Internet Explorer to be installed and should also work with
+PowerShell 7.
 
 Additional Notes
 ----------------
 
-Because of it's intended usage with Rufus, this script is not designed to cover all possible retail ISO downloads, but
-mostly those that the general public are likely to use. For instance, we currently have no plan to add support for
-LTSB/LTSC Windows 10 ISOs downloads.
+Because of its intended usage with Rufus, this script is not designed to cover every possible retail ISO downloads.
+Instead we mostly chose the ones that the general public is likely to request. For instance, we currently have no plan
+to add support for LTSB/LTSC Windows 10 ISOs downloads.
 
-If you are interested in such downloads, you are kindly invited to visit the relevant download pages from Microsoft
-such as [this one](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) for LTSC versions.
+If you are interested in such downloads, then you are kindly invited to visit the relevant download pages from Microsoft
+such as [this one](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) for LTSC versions.

sign.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# This script creates the RSA-2048 signatures for our downloadable content
+# Creates an LZMA compressed Fido.ps1 (including decompressed size) and sign it
 
 PRIVATE_KEY=/d/Secured/Akeo/Rufus/private.pem
 PUBLIC_KEY=/d/Secured/Akeo/Rufus/public.pem
@@ -25,6 +25,10 @@ echo
 # Confirm that the pass phrase is valid by trying to sign a dummy file
 openssl dgst -sha256 -sign $PRIVATE_KEY -passin pass:$PASSWORD $PUBLIC_KEY >/dev/null 2>&1 || { echo Invalid pass phrase; exit 1; }
 
-find . -maxdepth 1 -name "*.ps1" | while read FILE; do sign_file; done
+lzma -kf Fido.ps1
+# The 'lzma' utility does not add the uncompressed size, so we must add it manually. And yes, this whole
+# gymkhana is what one must actually go through to insert a 64-bit little endian size into a binary file...
+printf "00: %016X" `stat -c "%s" Fido.ps1` | xxd -r | xxd -p -c1 | tac | xxd -p -r | dd of=Fido.ps1.lzma seek=5 bs=1 status=none conv=notrunc
+find . -maxdepth 1 -name "Fido.ps1.lzma" | while read FILE; do sign_file; done
 # Clear the PASSWORD variable just in case
 PASSWORD=`head -c 50 /dev/random | base64`