elie/vlmcsd
1
0
Fork 0
mirror of https://github.com/Wind4/vlmcsd.git synced 2025-06-22 01:13:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

vlmcsd-1105-2016-11-28-Hotbird64

Browse Source
This commit is contained in:
Wind4
2016-12-02 15:56:18 +08:00
parent b8fdaf9a6b
commit 9bd3e9c470
68 changed files with 7647 additions and 2252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
man/vlmcs.1
View File

@ -1,5 +1,5 @@
.mso www.tmac
.TH VLMCS 1 "October 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCS 1 "November 2016" "Hotbird64" "KMS Activation Manual"
.LO 1
.SH NAME
@ -81,6 +81,11 @@ Force a specific version of the KMS protocol. Valid versions are 4.0, 5.0 and 6.
.IP "\fB-4\fR, \fB-5\fR and \fB-6"
Force version 4, 5 or 6 of the KMS protocol. These options are actually shortcuts of \fB-K 4.0\fR, \fB-K 5.0\fR and \fB-K 6.0\fR.
.IP "\fB-j\fR \fIfilename\fR"
Use KMS data file \fIfilename\fR. By default vlmcs contains product data that is recent when vlmcs was compiled. You may use a more recent KMS data file that contains additional products.
If vlmcsd has been compiled to use a default KMS data file, you may use \fB-j-\fR to ignore the default configuration file.
.IP "\fB-m"
Let the client pretend to be a virtual machine. Early versions of Microsoft's
KMS server did not increase the client count if the request came from a virtual

173
man/vlmcs.1.dos.txt
View File

@ -100,24 +100,33 @@ OPTIONS
actually shortcuts of -K 4.0, -K 5.0 and -K 6.0.
-m Let the client pretend to be a virtual machine. Early versions
of Microsoft's KMS server did not increase the client count if
the request came from a virtual machine. Newer versions ignore
-j filename
Use KMS data file filename. By default vlmcs contains product
data that is recent when vlmcs was compiled. You may use a more
recent KMS data file that contains additional products.
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
-m Let the client pretend to be a virtual machine. Early versions
of Microsoft's KMS server did not increase the client count if
the request came from a virtual machine. Newer versions ignore
this flag.
-d Use NetBIOS names instead of DNS names. By default vlmcsd gener
ates some random DNS names for each request. If you prefer Net
BIOS names, you may use -d. A real Microsoft activation client
uses DNS names or NetBIOS depending on the client name configu
ates some random DNS names for each request. If you prefer Net
BIOS names, you may use -d. A real Microsoft activation client
uses DNS names or NetBIOS depending on the client name configu
ration. KMS servers treat the workstation name as a comment that
affects logging only. Clients will be identified by a GUID that
can be specified using -c. -d has no effect if you also specify
affects logging only. Clients will be identified by a GUID that
can be specified using -c. -d has no effect if you also specify
-w.
-a application-guid
Send requests with a specific application-guid. There are cur
Send requests with a specific application-guid. There are cur
rently only three known valid application-guids:
@ -126,91 +135,91 @@ OPTIONS
0ff1ce15-a989-479d-af46-f275c6370663 (Office 2013)
A Microsoft KMS server uses these GUIDs to have seperate coun
ters for the already activated clients. A client that does not
contact the KMS server within 30 days will be deleted from the
A Microsoft KMS server uses these GUIDs to have seperate coun
ters for the already activated clients. A client that does not
contact the KMS server within 30 days will be deleted from the
database. Emulated KMS servers are always fully charged.
-k kms-guid
Send requests with a specific kms-guid. A Microsoft KMS server
uses these GUIDs as a product id to decide whether to grant
activation or not. A list of current kms-guids can be found in
kms.c (table KmsIdList). Emulated KMS servers grant activation
Send requests with a specific kms-guid. A Microsoft KMS server
uses these GUIDs as a product id to decide whether to grant
activation or not. A list of current kms-guids can be found in
kms.c (table KmsIdList). Emulated KMS servers grant activation
unconditionally and do not check the kms-guid.
-s activation-guid
The activation-guid defines the actual product, e.g. "Windows
8.1 Professional WMC KMSCLIENT edition". A activation-guid maps
1:1 to a product key. However, neither a Microsoft KMS server
The activation-guid defines the actual product, e.g. "Windows
8.1 Professional WMC KMSCLIENT edition". A activation-guid maps
1:1 to a product key. However, neither a Microsoft KMS server
nor emulated servers check this id. The activation-guid is use
ful in logging to get a specific product description like "Win
dows 8.1 Professional WMC". A list of current activation-guids
ful in logging to get a specific product description like "Win
dows 8.1 Professional WMC". A list of current activation-guids
can be found in kms.c (table ExtendedProductList).
-n requests
Send requests requests to the server. The default is to send at
Send requests requests to the server. The default is to send at
least one request and enough subsequent requests that the server
is fully charged afterwards for the application-guid you
is fully charged afterwards for the application-guid you
selected (explicitly with -a or implicitly by using -l).
-T Causes to use a new TCP connection for each request if multiple
requests are sent with vlmcsd. This is useful when you want to
test an emulated KMS server whether it suffers from memory
leaks. To test for memory leaks use -n with a large number of
requests (> 100000) and then test twice (with and without -T).
This option may become neccessary for future versions of Micro
soft's KMS server because multiple requests with different
clients-guids for the same kms-id-guid are impossible in a real
-T Causes to use a new TCP connection for each request if multiple
requests are sent with vlmcsd. This is useful when you want to
test an emulated KMS server whether it suffers from memory
leaks. To test for memory leaks use -n with a large number of
requests (> 100000) and then test twice (with and without -T).
This option may become neccessary for future versions of Micro
soft's KMS server because multiple requests with different
clients-guids for the same kms-id-guid are impossible in a real
KMS szenario over the same TCP connection.
-c client-machine-guid
Normally vlmcs generates a random client-machine-guid for each
request. By using this option you can specify a fixed client-
machine-guid This causes a Microsoft KMS not to increment its
client count because it receives multiple requests for the same
client. Thus do not use -c if you want to charge a real KMS
Normally vlmcs generates a random client-machine-guid for each
request. By using this option you can specify a fixed client-
machine-guid This causes a Microsoft KMS not to increment its
client count because it receives multiple requests for the same
client. Thus do not use -c if you want to charge a real KMS
server.
-o previous-client-machine-guid
If the client-machine-guid changes for some reason, the real KMS
client stores a previous-client-machine-guid which is sent to
the KMS server. This happens rarely and usually
00000000-0000-0000-0000-000000000000 is used. You can use -o to
client stores a previous-client-machine-guid which is sent to
the KMS server. This happens rarely and usually
00000000-0000-0000-0000-000000000000 is used. You can use -o to
specify a different previous-client-machine-guid.
-G filename
Grabs ePIDs and HWIDs from a KMS server and writes the informa
tion to filename in format suitable to be used as a configura
Grabs ePIDs and HWIDs from a KMS server and writes the informa
tion to filename in format suitable to be used as a configura
tion file (aka ini file) for vlmcsd(8). This is especially use
ful if you have access to a genuine KMS server and want to use
ful if you have access to a genuine KMS server and want to use
the same data with vlmcsd(8).
If filename does not exist, it will be created. If you specify
an existing filename, it will be updated to use the information
received from the remote KMS server and a backup filename~ will
If filename does not exist, it will be created. If you specify
an existing filename, it will be updated to use the information
received from the remote KMS server and a backup filename~ will
be created.
-G cannot be used with -l, -4, -5, -6, -a, -s, -k, -r and -n
-w workstation-name
Send requests with a specific workstation-name. This disables
the random generator for the workstation name. Since it is a
Send requests with a specific workstation-name. This disables
the random generator for the workstation name. Since it is a
comment only, this option does not have much effect.
-r required-client-count
Also known as the "N count policy". Tells the KMS server that
successful activation requires required-client-count clients.
The default is the required-client-count that the product would
need if the request was a real activation. A Microsoft KMS
Also known as the "N count policy". Tells the KMS server that
successful activation requires required-client-count clients.
The default is the required-client-count that the product would
need if the request was a real activation. A Microsoft KMS
server counts clients up to the double amount what was specified
with -r. This option can be used to "overcharge" a Microsoft KMS
server.
@ -218,57 +227,57 @@ OPTIONS
-t status
Reports a specific license status to the KMS server. status is a
number that can be from 0 to 6. 0=unlicensed, 1=licensed, 2=OOB
grace, 3=OOT grace, 4=Non-genuinue grace, 5=notification,
number that can be from 0 to 6. 0=unlicensed, 1=licensed, 2=OOB
grace, 3=OOT grace, 4=Non-genuinue grace, 5=notification,
6=extended grace. Refer to TechNet ⟨http://
technet.microsoft.com/en-us/library/ff686879.aspx#_Toc257201371⟩
for more information. A Microsoft KMS server collects this
for more information. A Microsoft KMS server collects this
information for statistics only.
-g binding-expiration
This tells the KMS server how long a client will stay in its
current license status. This can be the remaining OOB time (the
grace peroid that is granted between installation of a product
and when activation is actuall required) or the remaining time
when KMS activation must be renewed. binding-expiration is
This tells the KMS server how long a client will stay in its
current license status. This can be the remaining OOB time (the
grace peroid that is granted between installation of a product
and when activation is actuall required) or the remaining time
when KMS activation must be renewed. binding-expiration is
specified in minutes. A Microsoft KMS server apparantly does not
use this information.
-i protocol-version
Force the use of Internet protocol protocol-version. Allowed
values are 4 (IPv4) and 6 (IPv6). This option is useful only if
you specfiy a hostname and not an ip-address on the command
Force the use of Internet protocol protocol-version. Allowed
values are 4 (IPv4) and 6 (IPv6). This option is useful only if
you specfiy a hostname and not an ip-address on the command
line.
-p Do not set the RPC_PF_MULTIPLEX flag in the RPC bind request.
-p Do not set the RPC_PF_MULTIPLEX flag in the RPC bind request.
This can be used to test if the KMS server uses the same setting
of this flag in the RPC bind respone. Some KMS emulators don't
of this flag in the RPC bind respone. Some KMS emulators don't
set this correctly.
-N0 and -N1
Disables (-N0) or enables (-N1) the NDR64 transfer syntax in the
RPC protocol. Disable NDR64 only in case of problems. If NDR64
RPC protocol. Disable NDR64 only in case of problems. If NDR64
is not used, vlmcs cannot detect many RPC protocol errors in KMS
emulators. If you want to test whether a KMS emulator fully sup
ports NDR64, you must use the -n option to send at least two
requests. This is because Microsoft's client always sends the
first request using NDR32 syntax and subsequent requests using
ports NDR64, you must use the -n option to send at least two
requests. This is because Microsoft's client always sends the
first request using NDR32 syntax and subsequent requests using
NDR64 syntax.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. Disable BTFN only in case of prob
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. Disable BTFN only in case of prob
lems. If BTFN is not used, vlmcs cannot detect many RPC protocol
errors in KMS emulators.
Options that do not require an argument can be specified together with
a single dash, e.g. vlmcs -6mvT. If you specify an option more than
Options that do not require an argument can be specified together with
a single dash, e.g. vlmcs -6mvT. If you specify an option more than
once, the last occurence will be in effect.
@ -278,34 +287,34 @@ FILES
EXAMPLES
vlmcs kms.example.com
Request activation for Windows Vista using v4 protocol from
kms.example.com. Repeat activation requests until server is
Request activation for Windows Vista using v4 protocol from
kms.example.com. Repeat activation requests until server is
charged for all Windows products.
vlmcs -
Request activation for Windows Vista using v4 protocol from a
Request activation for Windows Vista using v4 protocol from a
KMS server that is published via DNS for the current domain.
vlmcs .example.com
Request activation for Windows Vista using v4 protocol from a
Request activation for Windows Vista using v4 protocol from a
KMS server that is published via DNS for domain example.com.
vlmcs -6 -l Office2013 -v -n 1
Request exactly one activation for Office2013 using v6 protocol
Request exactly one activation for Office2013 using v6 protocol
from localhost. Display verbose results.
vlmcs kms.bigcompany.com -G /etc/vlmcsd.ini
Get ePIDs and HWIDs from kms.bigcompany.com and create/update
Get ePIDs and HWIDs from kms.bigcompany.com and create/update
/etc/vlmcsd.ini accordingly.
BUGS
Some platforms (e.g. Solaris) may have a man(7) system that does not
handle URLs. URLs may be omitted in the documentation on those plat
Some platforms (e.g. Solaris) may have a man(7) system that does not
handle URLs. URLs may be omitted in the documentation on those plat
forms. Cygwin, Linux, FreeBSD and Mac OS X are known to work correctly.
@ -314,7 +323,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, crony12, deagles, DougQaid, eIcn, mikmik38, nos
Thanks to CODYQX4, crony12, deagles, DougQaid, eIcn, mikmik38, nos
ferati87, qad, Ratiborus, vityan666, ...
@ -323,4 +332,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCS(1)
Hotbird64 November 2016 VLMCS(1)

13
man/vlmcs.1.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -208,6 +208,17 @@ the version fields of the request.</p>
KMS protocol. These options are actually shortcuts of <b>-K
4.0</b>, <b>-K 5.0</b> and <b>-K 6.0</b>.</p>
<p style="margin-left:11%;"><b>-j</b> <i>filename</i></p>
<p style="margin-left:22%;">Use KMS data file
<i>filename</i>. By default vlmcs contains product data that
is recent when vlmcs was compiled. You may use a more recent
KMS data file that contains additional products.</p>
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
been compiled to use a default KMS data file, you may use
<b>-j-</b> to ignore the default configuration file.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">

BIN
man/vlmcs.1.pdf
View File

Binary file not shown.

173
man/vlmcs.1.unix.txt
View File

@ -100,24 +100,33 @@ OPTIONS
actually shortcuts of -K 4.0, -K 5.0 and -K 6.0.
-m Let the client pretend to be a virtual machine. Early versions
of Microsoft's KMS server did not increase the client count if
the request came from a virtual machine. Newer versions ignore
-j filename
Use KMS data file filename. By default vlmcs contains product
data that is recent when vlmcs was compiled. You may use a more
recent KMS data file that contains additional products.
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
-m Let the client pretend to be a virtual machine. Early versions
of Microsoft's KMS server did not increase the client count if
the request came from a virtual machine. Newer versions ignore
this flag.
-d Use NetBIOS names instead of DNS names. By default vlmcsd gener
ates some random DNS names for each request. If you prefer Net
BIOS names, you may use -d. A real Microsoft activation client
uses DNS names or NetBIOS depending on the client name configu
ates some random DNS names for each request. If you prefer Net
BIOS names, you may use -d. A real Microsoft activation client
uses DNS names or NetBIOS depending on the client name configu
ration. KMS servers treat the workstation name as a comment that
affects logging only. Clients will be identified by a GUID that
can be specified using -c. -d has no effect if you also specify
affects logging only. Clients will be identified by a GUID that
can be specified using -c. -d has no effect if you also specify
-w.
-a application-guid
Send requests with a specific application-guid. There are cur
Send requests with a specific application-guid. There are cur
rently only three known valid application-guids:
@ -126,91 +135,91 @@ OPTIONS
0ff1ce15-a989-479d-af46-f275c6370663 (Office 2013)
A Microsoft KMS server uses these GUIDs to have seperate coun
ters for the already activated clients. A client that does not
contact the KMS server within 30 days will be deleted from the
A Microsoft KMS server uses these GUIDs to have seperate coun
ters for the already activated clients. A client that does not
contact the KMS server within 30 days will be deleted from the
database. Emulated KMS servers are always fully charged.
-k kms-guid
Send requests with a specific kms-guid. A Microsoft KMS server
uses these GUIDs as a product id to decide whether to grant
activation or not. A list of current kms-guids can be found in
kms.c (table KmsIdList). Emulated KMS servers grant activation
Send requests with a specific kms-guid. A Microsoft KMS server
uses these GUIDs as a product id to decide whether to grant
activation or not. A list of current kms-guids can be found in
kms.c (table KmsIdList). Emulated KMS servers grant activation
unconditionally and do not check the kms-guid.
-s activation-guid
The activation-guid defines the actual product, e.g. "Windows
8.1 Professional WMC KMSCLIENT edition". A activation-guid maps
1:1 to a product key. However, neither a Microsoft KMS server
The activation-guid defines the actual product, e.g. "Windows
8.1 Professional WMC KMSCLIENT edition". A activation-guid maps
1:1 to a product key. However, neither a Microsoft KMS server
nor emulated servers check this id. The activation-guid is use
ful in logging to get a specific product description like "Win
dows 8.1 Professional WMC". A list of current activation-guids
ful in logging to get a specific product description like "Win
dows 8.1 Professional WMC". A list of current activation-guids
can be found in kms.c (table ExtendedProductList).
-n requests
Send requests requests to the server. The default is to send at
Send requests requests to the server. The default is to send at
least one request and enough subsequent requests that the server
is fully charged afterwards for the application-guid you
is fully charged afterwards for the application-guid you
selected (explicitly with -a or implicitly by using -l).
-T Causes to use a new TCP connection for each request if multiple
requests are sent with vlmcsd. This is useful when you want to
test an emulated KMS server whether it suffers from memory
leaks. To test for memory leaks use -n with a large number of
requests (> 100000) and then test twice (with and without -T).
This option may become neccessary for future versions of Micro
soft's KMS server because multiple requests with different
clients-guids for the same kms-id-guid are impossible in a real
-T Causes to use a new TCP connection for each request if multiple
requests are sent with vlmcsd. This is useful when you want to
test an emulated KMS server whether it suffers from memory
leaks. To test for memory leaks use -n with a large number of
requests (> 100000) and then test twice (with and without -T).
This option may become neccessary for future versions of Micro
soft's KMS server because multiple requests with different
clients-guids for the same kms-id-guid are impossible in a real
KMS szenario over the same TCP connection.
-c client-machine-guid
Normally vlmcs generates a random client-machine-guid for each
request. By using this option you can specify a fixed client-
machine-guid This causes a Microsoft KMS not to increment its
client count because it receives multiple requests for the same
client. Thus do not use -c if you want to charge a real KMS
Normally vlmcs generates a random client-machine-guid for each
request. By using this option you can specify a fixed client-
machine-guid This causes a Microsoft KMS not to increment its
client count because it receives multiple requests for the same
client. Thus do not use -c if you want to charge a real KMS
server.
-o previous-client-machine-guid
If the client-machine-guid changes for some reason, the real KMS
client stores a previous-client-machine-guid which is sent to
the KMS server. This happens rarely and usually
00000000-0000-0000-0000-000000000000 is used. You can use -o to
client stores a previous-client-machine-guid which is sent to
the KMS server. This happens rarely and usually
00000000-0000-0000-0000-000000000000 is used. You can use -o to
specify a different previous-client-machine-guid.
-G filename
Grabs ePIDs and HWIDs from a KMS server and writes the informa
tion to filename in format suitable to be used as a configura
Grabs ePIDs and HWIDs from a KMS server and writes the informa
tion to filename in format suitable to be used as a configura
tion file (aka ini file) for vlmcsd(8). This is especially use
ful if you have access to a genuine KMS server and want to use
ful if you have access to a genuine KMS server and want to use
the same data with vlmcsd(8).
If filename does not exist, it will be created. If you specify
an existing filename, it will be updated to use the information
received from the remote KMS server and a backup filename~ will
If filename does not exist, it will be created. If you specify
an existing filename, it will be updated to use the information
received from the remote KMS server and a backup filename~ will
be created.
-G cannot be used with -l, -4, -5, -6, -a, -s, -k, -r and -n
-w workstation-name
Send requests with a specific workstation-name. This disables
the random generator for the workstation name. Since it is a
Send requests with a specific workstation-name. This disables
the random generator for the workstation name. Since it is a
comment only, this option does not have much effect.
-r required-client-count
Also known as the "N count policy". Tells the KMS server that
successful activation requires required-client-count clients.
The default is the required-client-count that the product would
need if the request was a real activation. A Microsoft KMS
Also known as the "N count policy". Tells the KMS server that
successful activation requires required-client-count clients.
The default is the required-client-count that the product would
need if the request was a real activation. A Microsoft KMS
server counts clients up to the double amount what was specified
with -r. This option can be used to "overcharge" a Microsoft KMS
server.
@ -218,57 +227,57 @@ OPTIONS
-t status
Reports a specific license status to the KMS server. status is a
number that can be from 0 to 6. 0=unlicensed, 1=licensed, 2=OOB
grace, 3=OOT grace, 4=Non-genuinue grace, 5=notification,
number that can be from 0 to 6. 0=unlicensed, 1=licensed, 2=OOB
grace, 3=OOT grace, 4=Non-genuinue grace, 5=notification,
6=extended grace. Refer to TechNet ⟨http://
technet.microsoft.com/en-us/library/ff686879.aspx#_Toc257201371⟩
for more information. A Microsoft KMS server collects this
for more information. A Microsoft KMS server collects this
information for statistics only.
-g binding-expiration
This tells the KMS server how long a client will stay in its
current license status. This can be the remaining OOB time (the
grace peroid that is granted between installation of a product
and when activation is actuall required) or the remaining time
when KMS activation must be renewed. binding-expiration is
This tells the KMS server how long a client will stay in its
current license status. This can be the remaining OOB time (the
grace peroid that is granted between installation of a product
and when activation is actuall required) or the remaining time
when KMS activation must be renewed. binding-expiration is
specified in minutes. A Microsoft KMS server apparantly does not
use this information.
-i protocol-version
Force the use of Internet protocol protocol-version. Allowed
values are 4 (IPv4) and 6 (IPv6). This option is useful only if
you specfiy a hostname and not an ip-address on the command
Force the use of Internet protocol protocol-version. Allowed
values are 4 (IPv4) and 6 (IPv6). This option is useful only if
you specfiy a hostname and not an ip-address on the command
line.
-p Do not set the RPC_PF_MULTIPLEX flag in the RPC bind request.
-p Do not set the RPC_PF_MULTIPLEX flag in the RPC bind request.
This can be used to test if the KMS server uses the same setting
of this flag in the RPC bind respone. Some KMS emulators don't
of this flag in the RPC bind respone. Some KMS emulators don't
set this correctly.
-N0 and -N1
Disables (-N0) or enables (-N1) the NDR64 transfer syntax in the
RPC protocol. Disable NDR64 only in case of problems. If NDR64
RPC protocol. Disable NDR64 only in case of problems. If NDR64
is not used, vlmcs cannot detect many RPC protocol errors in KMS
emulators. If you want to test whether a KMS emulator fully sup
ports NDR64, you must use the -n option to send at least two
requests. This is because Microsoft's client always sends the
first request using NDR32 syntax and subsequent requests using
ports NDR64, you must use the -n option to send at least two
requests. This is because Microsoft's client always sends the
first request using NDR32 syntax and subsequent requests using
NDR64 syntax.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. Disable BTFN only in case of prob
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. Disable BTFN only in case of prob
lems. If BTFN is not used, vlmcs cannot detect many RPC protocol
errors in KMS emulators.
Options that do not require an argument can be specified together with
a single dash, e.g. vlmcs -6mvT. If you specify an option more than
Options that do not require an argument can be specified together with
a single dash, e.g. vlmcs -6mvT. If you specify an option more than
once, the last occurence will be in effect.
@ -278,34 +287,34 @@ FILES
EXAMPLES
vlmcs kms.example.com
Request activation for Windows Vista using v4 protocol from
kms.example.com. Repeat activation requests until server is
Request activation for Windows Vista using v4 protocol from
kms.example.com. Repeat activation requests until server is
charged for all Windows products.
vlmcs -
Request activation for Windows Vista using v4 protocol from a
Request activation for Windows Vista using v4 protocol from a
KMS server that is published via DNS for the current domain.
vlmcs .example.com
Request activation for Windows Vista using v4 protocol from a
Request activation for Windows Vista using v4 protocol from a
KMS server that is published via DNS for domain example.com.
vlmcs -6 -l Office2013 -v -n 1
Request exactly one activation for Office2013 using v6 protocol
Request exactly one activation for Office2013 using v6 protocol
from localhost. Display verbose results.
vlmcs kms.bigcompany.com -G /etc/vlmcsd.ini
Get ePIDs and HWIDs from kms.bigcompany.com and create/update
Get ePIDs and HWIDs from kms.bigcompany.com and create/update
/etc/vlmcsd.ini accordingly.
BUGS
Some platforms (e.g. Solaris) may have a man(7) system that does not
handle URLs. URLs may be omitted in the documentation on those plat
Some platforms (e.g. Solaris) may have a man(7) system that does not
handle URLs. URLs may be omitted in the documentation on those plat
forms. Cygwin, Linux, FreeBSD and Mac OS X are known to work correctly.
@ -314,7 +323,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, crony12, deagles, DougQaid, eIcn, mikmik38, nos
Thanks to CODYQX4, crony12, deagles, DougQaid, eIcn, mikmik38, nos
ferati87, qad, Ratiborus, vityan666, ...
@ -323,4 +332,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCS(1)
Hotbird64 November 2016 VLMCS(1)

2
man/vlmcsd-floppy.7.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

BIN
man/vlmcsd-floppy.7.pdf
View File

Binary file not shown.

2
man/vlmcsd.7.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

BIN
man/vlmcsd.7.pdf
View File

Binary file not shown.

22
man/vlmcsd.8
View File

@ -1,5 +1,5 @@
.mso www.tmac
.TH VLMCSD 8 "October 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD 8 "November 2016" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -17,7 +17,17 @@ vlmcsd \- a fully Microsoft compatible KMS server
.PP
Although \fBvlmcsd\fR does neither require an activation key nor a payment to anyone, it is not meant to run illegal copies of Windows. Its purpose is to ensure that owners of legal copies can use their software without restrictions, e.g. if you buy a new computer or motherboard and your key will be refused activation from Microsoft servers due to hardware changes.
.PP
\fBvlmcsd\fR may be started via an internet superserver like \fBinetd\fR(8) or \fBxinetd\fR(8) as well as an advanced init system like \fBsystemd\fR(8) or \fBlaunchd\fR(8) using socket based activation. If \fBvlmcsd\fR detects that \fBstdin\fR(3) is a socket, it assumes that there is already a connected client on stdin that wants to be activated. All options that control setting up listening sockets will be ignored when in inetd mode.
\fBvlmcsd\fR may be started via an internet superserver like \fBinetd\fR(8) or \fBxinetd\fR(8) as well as an advanced init system like \fBsystemd\fR(8) or \fBlaunchd\fR(8) using socket based activation. If \fBvlmcsd\fR detects that \fBstdin\fR(3) is a socket, it assumes that there is already a connected client on stdin that wants to be activated.
All options that control setting up listening sockets will be ignored when in inetd mode. The sockets will be set up by your internet superserver. You also cannot limit the number of simultanous clients (option \fB-m\fR). You need to configure the limit in your internet superserver.
The followong features that require that vlmcsd is permanently loaded will not work if started from an internet superserver:
.IP
You cannot maintain a client list (option \fB-M1\fR)
.IP
EPID Randomization Level 1 (option \fB-r1\fR) works like Level 2 (\fB-r2\fR). You may want to use Level 0 (\fB-r0\fR) or custom EPIDs (options \fB-w\fR, \fB-0\fR, \fB-3\fR and \fB-6\fR) instead.
.SH OPTIONS
Since vlmcsd can be configured at compile time, some options may not be available on your system.
@ -156,6 +166,11 @@ Use configuration file (aka ini file) \fIfilename\fR. Most configuration paramet
If vlmcsd has been compiled to use a default configuration file (often /etc/vlmcsd.ini), you may use \fB-i-\fR to ignore the default configuration file.
.IP "\fB-j\fR \fIfilename\fR"
Use KMS data file \fIfilename\fR. By default vlmcsd only contains the minimum product data that is required to perform all operations correctly. You may use a more complete KMS data file that contains all detailed product names. This is especially useful if you are logging KMS requests. If you don't log, there is no need to load an external KMS data file.
If vlmcsd has been compiled to use a default KMS data file, you may use \fB-j-\fR to ignore the default configuration file.
.IP "\fB-r0\fR, \fB-r1\fR (default) and \fB-r2\fR"
These options determine how ePIDs are generated if
@ -300,9 +315,6 @@ Installs \fBvlmcsd\fR as a Windows service with low privileges and logs everythi
.SH BUGS
An ePID specified in an ini file must not contain spaces.
.SH INTENTIONAL BUGS
vlmcsd always reports enough active clients to satisfy the N count policy of the request.
.SH AUTHOR
Written by crony12, Hotbird64 and vityan666.
With contributions from DougQaid.

538
man/vlmcsd.8.dos.txt
View File

@ -33,18 +33,33 @@ DESCRIPTION
xinetd(8) as well as an advanced init system like systemd(8) or
launchd(8) using socket based activation. If vlmcsd detects that
stdin(3) is a socket, it assumes that there is already a connected
client on stdin that wants to be activated. All options that control
setting up listening sockets will be ignored when in inetd mode.
client on stdin that wants to be activated.
All options that control setting up listening sockets will be ignored
when in inetd mode. The sockets will be set up by your internet super
server. You also cannot limit the number of simultanous clients (option
-m). You need to configure the limit in your internet superserver.
The followong features that require that vlmcsd is permanently loaded
will not work if started from an internet superserver:
You cannot maintain a client list (option -M1)
EPID Randomization Level 1 (option -r1) works like Level 2
(-r2). You may want to use Level 0 (-r0) or custom EPIDs
(options -w, -0, -3 and -6) instead.
OPTIONS
Since vlmcsd can be configured at compile time, some options may not be
available on your system.
All options that do no require an argument may be combined with a sin
All options that do no require an argument may be combined with a sin
gle dash, for instance "vlmcsd -D -e" is identical to "vlmcsd -De". For
all options that require an argument a space between the option and the
option argument is optional. Thus "vlmcsd -r 2" and "vlmcsd -r2" are
option argument is optional. Thus "vlmcsd -r 2" and "vlmcsd -r2" are
identical too.
@ -52,154 +67,154 @@ OPTIONS
Displays help.
-V Displays extended version information. This includes the com
piler used to build vlmcsd, the intended platform and flags
(compile time options) to build vlmcsd. If you have the source
-V Displays extended version information. This includes the com
piler used to build vlmcsd, the intended platform and flags
(compile time options) to build vlmcsd. If you have the source
code of vlmcsd, you can type make help (or gmake help on systems
that do not use the GNU version of make(1) by default) to see
that do not use the GNU version of make(1) by default) to see
the meaning of those flags.
-L ipaddress[:port]
Instructs vlmcsd to listen on ipaddress with optional port
(default 1688). You can use this option more than once. If you
Instructs vlmcsd to listen on ipaddress with optional port
(default 1688). You can use this option more than once. If you
do not specify -L at least once, IP addresses 0.0.0.0 (IPv4) and
:: (IPv6) are used. If the IP address contains colons (IPv6) you
must enclose the IP address in brackets if you specify the
must enclose the IP address in brackets if you specify the
optional port, e.g. [2001:db8::dead:beef]:1688.
If no port is specified, vlmcsd uses the default port according
to a preceding -P option. If you specify a port, it can be a
number (1-65535) or a name (usually found in /etc/services if
If no port is specified, vlmcsd uses the default port according
to a preceding -P option. If you specify a port, it can be a
number (1-65535) or a name (usually found in /etc/services if
not provided via LDAP, NIS+ or another name service).
If you specify a link local IPv6 address (fe80::/10, usually
If you specify a link local IPv6 address (fe80::/10, usually
starting with fe80::), it must be followed by a percent sign (%)
and a scope id (=network interface name or number) on most
unixoid OSses including Linux, Android, MacOS X and iOS, e.g.
and a scope id (=network interface name or number) on most
unixoid OSses including Linux, Android, MacOS X and iOS, e.g.
fe80::1234:56ff:fe78:9abc%eth0 or
[fe80::1234:56ff:fe78:9abc%2]:1688. Windows (including cygwin)
does not require a scope id unless the same link local address
is used on more than one network interface. Windows does not
[fe80::1234:56ff:fe78:9abc%2]:1688. Windows (including cygwin)
does not require a scope id unless the same link local address
is used on more than one network interface. Windows does not
accept a name and the scope id must be a number.
-o level
Sets the level of protection against activations from public IP
Sets the level of protection against activations from public IP
addresses. The default is -o0 for no protection.
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
range (see RFC6598) are not treated as private since they can be
reached from other users of your ISP. Private IPv4 addresses are
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
2000::/3 as private addresses.
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
used.
Using -o1 does not protect you if you enable NAT port forwarding
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
What -o1 does for you, is automatically enumerating your private
IP addresses.
-o2 does not affect the interfaces, vlmcsd is listening on. When
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
able to establish a TCP connection but it will be closed without
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
the client sees that the KMS TCP port (1688 by default) is actu
ally accepting connections.
If vlmcsd is compiled to use MS RPC, -o2 can only offer very
poor protection. Control is passed from MS RPC to vlmcsd after
the KMS protocol has already been negotiated. Thus a client can
always verify that the KMS protocol is available even though it
If vlmcsd is compiled to use MS RPC, -o2 can only offer very
poor protection. Control is passed from MS RPC to vlmcsd after
the KMS protocol has already been negotiated. Thus a client can
always verify that the KMS protocol is available even though it
receives an RPC_S_ACCESS_DENIED error message. vlmcsd will issue
a warning if -o2 is used with MS RPC. For adaequate protection
a warning if -o2 is used with MS RPC. For adaequate protection
do not use a MS RPC build of vlmcsd with -o2.
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
only and if a public client manages to connect anyway due to NAT
port forwarding, it will be immediately dropped.
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
client.
-o1 (and thus -o3) is not (yet) available in some scenarios:
FreeBSD: There is a longtime unfixed bug ⟨https://
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
32-bit ABI of the 64-bit kernel. If you have a 64-bit Free
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD, Dragonfly and Mac OS X) work correctly.
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
sockets, -o1 and -o3 are not available by design.
-P port
Use TCP port for all subsequent -L statements that do not
Use TCP port for all subsequent -L statements that do not
include an optional port. If you use -P and -L, -P must be spec
ified before -L.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -207,135 +222,135 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
-3 ePID
Use ePID as Office 2013 ePID (including Project and Visio). If
Use ePID as Office 2013 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2013.
-6 ePID
Use ePID as Office 2016 ePID (including Project and Visio). If
Use ePID as Office 2016 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2016.
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -344,129 +359,141 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
-j filename
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
you are logging KMS requests. If you don't log, there is no need
to load an external KMS data file.
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
-r0, -r1 (default) and -r2
These options determine how ePIDs are generated if
- you did not sprecify an ePID in the command line and
- you haven't used -i or
- the file specified by -i cannot be opened or
- the file specified by -i does not contain an ePID for the KMS
- the file specified by -i does not contain an ePID for the KMS
request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
almost identically to -r2. The only exception occurs if you send
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
connection request and does not stay in memory after servicing a
KMS request. Consider using -r0 or -w, -0, -3 and -6 when start
ing vlmcsd by an internet superserver.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
very easy emulator detection.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-K0, -K1, -K2 and -K3
Sets the whitelisting level to determine which products vlmcsd
Sets the whitelisting level to determine which products vlmcsd
activates or refuses. The default is -K0.
-K0: activate all products with an unknown, retail or
-K0: activate all products with an unknown, retail or
beta/preview KMS ID.
-K1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
-K2: activate products with an unknown KMS ID but refuse
-K2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
-K3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
new version of vlmcsd is available.
-c0 and -c1
-c1 causes vlmcsd to check if the client time differs no more
-c1 causes vlmcsd to check if the client time differs no more
than four hours from the system time. -c0 (the default) disables
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
four hours from each other. If both requests succeed, the server
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
system time after you started vlmcsd.
-M0 and -M1
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
reports current active clients exactly like a genuine KMS emula
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
reports current active clients as good as possible. If no client
sends an "overcharge request", it is not possible to detect vlm
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
resources use it only if you really need it.
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
tain any state in memory.
@ -474,82 +501,82 @@ OPTIONS
These options are ignored if you do not also specify -M1. If you
use -E0 (the default), vlmcsd starts up as a fully "charged" KMS
server. Clients activate immediately. -E1 lets you start up vlm
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
reached, clients end up in HRESULT 0xC004F038 "The count
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -557,20 +584,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -579,53 +606,53 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (up to 1607),
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Visio 2010, Office 2013, Project 2013, Visio 2013, Office 2016, Project
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
obtained using the -x option of vlmcs(1).
Office, Project and Visio must be volume license versions.
@ -637,24 +664,24 @@ FILES
EXAMPLES
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -663,11 +690,6 @@ BUGS
An ePID specified in an ini file must not contain spaces.
INTENTIONAL BUGS
vlmcsd always reports enough active clients to satisfy the N count pol
icy of the request.
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
@ -683,4 +705,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCSD(8)
Hotbird64 November 2016 VLMCSD(8)

49
man/vlmcsd.8.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -30,7 +30,6 @@
<a href="#FILES">FILES</a><br>
<a href="#EXAMPLES">EXAMPLES</a><br>
<a href="#BUGS">BUGS</a><br>
<a href="#INTENTIONAL BUGS">INTENTIONAL BUGS</a><br>
<a href="#AUTHOR">AUTHOR</a><br>
<a href="#CREDITS">CREDITS</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>
@ -90,8 +89,27 @@ init system like <b>systemd</b>(8) or <b>launchd</b>(8)
using socket based activation. If <b>vlmcsd</b> detects that
<b>stdin</b>(3) is a socket, it assumes that there is
already a connected client on stdin that wants to be
activated. All options that control setting up listening
sockets will be ignored when in inetd mode.</p>
activated.</p>
<p style="margin-left:11%; margin-top: 1em">All options
that control setting up listening sockets will be ignored
when in inetd mode. The sockets will be set up by your
internet superserver. You also cannot limit the number of
simultanous clients (option <b>-m</b>). You need to
configure the limit in your internet superserver.</p>
<p style="margin-left:11%; margin-top: 1em">The followong
features that require that vlmcsd is permanently loaded will
not work if started from an internet superserver:</p>
<p style="margin-left:22%; margin-top: 1em">You cannot
maintain a client list (option <b>-M1</b>)</p>
<p style="margin-left:22%; margin-top: 1em">EPID
Randomization Level 1 (option <b>-r1</b>) works like Level 2
(<b>-r2</b>). You may want to use Level 0 (<b>-r0</b>) or
custom EPIDs (options <b>-w</b>, <b>-0</b>, <b>-3</b> and
<b>-6</b>) instead.</p>
<h2>OPTIONS
<a name="OPTIONS"></a>
@ -545,6 +563,20 @@ been compiled to use a default configuration file (often
/etc/vlmcsd.ini), you may use <b>-i-</b> to ignore the
default configuration file.</p>
<p style="margin-left:11%;"><b>-j</b> <i>filename</i></p>
<p style="margin-left:22%;">Use KMS data file
<i>filename</i>. By default vlmcsd only contains the minimum
product data that is required to perform all operations
correctly. You may use a more complete KMS data file that
contains all detailed product names. This is especially
useful if you are logging KMS requests. If you don&rsquo;t
log, there is no need to load an external KMS data file.</p>
<p style="margin-left:22%; margin-top: 1em">If vlmcsd has
been compiled to use a default KMS data file, you may use
<b>-j-</b> to ignore the default configuration file.</p>
<p style="margin-left:11%;"><b>-r0</b>, <b>-r1</b>
(default) and <b>-r2</b></p>
@ -1016,15 +1048,6 @@ C:\logs\vlmcsd.log when the service is started with
<p style="margin-left:11%; margin-top: 1em">An ePID
specified in an ini file must not contain spaces.</p>
<h2>INTENTIONAL BUGS
<a name="INTENTIONAL BUGS"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em">vlmcsd always
reports enough active clients to satisfy the N count policy
of the request.</p>
<h2>AUTHOR
<a name="AUTHOR"></a>
</h2>

BIN
man/vlmcsd.8.pdf
View File

Binary file not shown.

538
man/vlmcsd.8.unix.txt
View File

@ -33,18 +33,33 @@ DESCRIPTION
xinetd(8) as well as an advanced init system like systemd(8) or
launchd(8) using socket based activation. If vlmcsd detects that
stdin(3) is a socket, it assumes that there is already a connected
client on stdin that wants to be activated. All options that control
setting up listening sockets will be ignored when in inetd mode.
client on stdin that wants to be activated.
All options that control setting up listening sockets will be ignored
when in inetd mode. The sockets will be set up by your internet super
server. You also cannot limit the number of simultanous clients (option
-m). You need to configure the limit in your internet superserver.
The followong features that require that vlmcsd is permanently loaded
will not work if started from an internet superserver:
You cannot maintain a client list (option -M1)
EPID Randomization Level 1 (option -r1) works like Level 2
(-r2). You may want to use Level 0 (-r0) or custom EPIDs
(options -w, -0, -3 and -6) instead.
OPTIONS
Since vlmcsd can be configured at compile time, some options may not be
available on your system.
All options that do no require an argument may be combined with a sin
All options that do no require an argument may be combined with a sin
gle dash, for instance "vlmcsd -D -e" is identical to "vlmcsd -De". For
all options that require an argument a space between the option and the
option argument is optional. Thus "vlmcsd -r 2" and "vlmcsd -r2" are
option argument is optional. Thus "vlmcsd -r 2" and "vlmcsd -r2" are
identical too.
@ -52,154 +67,154 @@ OPTIONS
Displays help.
-V Displays extended version information. This includes the com
piler used to build vlmcsd, the intended platform and flags
(compile time options) to build vlmcsd. If you have the source
-V Displays extended version information. This includes the com
piler used to build vlmcsd, the intended platform and flags
(compile time options) to build vlmcsd. If you have the source
code of vlmcsd, you can type make help (or gmake help on systems
that do not use the GNU version of make(1) by default) to see
that do not use the GNU version of make(1) by default) to see
the meaning of those flags.
-L ipaddress[:port]
Instructs vlmcsd to listen on ipaddress with optional port
(default 1688). You can use this option more than once. If you
Instructs vlmcsd to listen on ipaddress with optional port
(default 1688). You can use this option more than once. If you
do not specify -L at least once, IP addresses 0.0.0.0 (IPv4) and
:: (IPv6) are used. If the IP address contains colons (IPv6) you
must enclose the IP address in brackets if you specify the
must enclose the IP address in brackets if you specify the
optional port, e.g. [2001:db8::dead:beef]:1688.
If no port is specified, vlmcsd uses the default port according
to a preceding -P option. If you specify a port, it can be a
number (1-65535) or a name (usually found in /etc/services if
If no port is specified, vlmcsd uses the default port according
to a preceding -P option. If you specify a port, it can be a
number (1-65535) or a name (usually found in /etc/services if
not provided via LDAP, NIS+ or another name service).
If you specify a link local IPv6 address (fe80::/10, usually
If you specify a link local IPv6 address (fe80::/10, usually
starting with fe80::), it must be followed by a percent sign (%)
and a scope id (=network interface name or number) on most
unixoid OSses including Linux, Android, MacOS X and iOS, e.g.
and a scope id (=network interface name or number) on most
unixoid OSses including Linux, Android, MacOS X and iOS, e.g.
fe80::1234:56ff:fe78:9abc%eth0 or
[fe80::1234:56ff:fe78:9abc%2]:1688. Windows (including cygwin)
does not require a scope id unless the same link local address
is used on more than one network interface. Windows does not
[fe80::1234:56ff:fe78:9abc%2]:1688. Windows (including cygwin)
does not require a scope id unless the same link local address
is used on more than one network interface. Windows does not
accept a name and the scope id must be a number.
-o level
Sets the level of protection against activations from public IP
Sets the level of protection against activations from public IP
addresses. The default is -o0 for no protection.
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
-o1 causes vlmcsd not to listen on all IP addresses but on pri
vate IP addresses only. IPv4 addresses in the 100.64.0.0/10
range (see RFC6598) are not treated as private since they can be
reached from other users of your ISP. Private IPv4 addresses are
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 and
127.0.0.0/8. vlmcsd treats all IPv6 addresses not within
2000::/3 as private addresses.
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
If -o1 is combined with -L, it will listen on all private IP
addresses plus the ones specified by one or more -L statements.
If -o1 is combined with -P, only the last -P statement will be
used.
Using -o1 does not protect you if you enable NAT port forwarding
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
on your router to your vlmcsd machine. It is identical to using
multiple -L statements with all of your private IP addresses.
What -o1 does for you, is automatically enumerating your private
IP addresses.
-o2 does not affect the interfaces, vlmcsd is listening on. When
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
a clients connects, vlmcsd immediately drops the connection if
the client has a public IP address. Unlike -o1 clients will be
able to establish a TCP connection but it will be closed without
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
a single byte sent over the connection. This protects against
clients with public IP addresses even if NAT port forwarding is
used. While -o2 offers a higher level of protection than -o1,
the client sees that the KMS TCP port (1688 by default) is actu
ally accepting connections.
If vlmcsd is compiled to use MS RPC, -o2 can only offer very
poor protection. Control is passed from MS RPC to vlmcsd after
the KMS protocol has already been negotiated. Thus a client can
always verify that the KMS protocol is available even though it
If vlmcsd is compiled to use MS RPC, -o2 can only offer very
poor protection. Control is passed from MS RPC to vlmcsd after
the KMS protocol has already been negotiated. Thus a client can
always verify that the KMS protocol is available even though it
receives an RPC_S_ACCESS_DENIED error message. vlmcsd will issue
a warning if -o2 is used with MS RPC. For adaequate protection
a warning if -o2 is used with MS RPC. For adaequate protection
do not use a MS RPC build of vlmcsd with -o2.
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
-o3 combines -o1 and -o2. vlmcsd listens on private interfaces
only and if a public client manages to connect anyway due to NAT
port forwarding, it will be immediately dropped.
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
If you use any form of TCP level port forwarding (e.g. nc(1),
netcat(1), ssh(1) port forwarding or similar) to redirect KMS
requests to vlmcsd, there will be no protection even if you use
-o2 or -o3. This is due to the simple fact that vlmcsd sees the
IP address of the redirector and not the IP address of the
client.
-o1 (and thus -o3) is not (yet) available in some scenarios:
FreeBSD: There is a longtime unfixed bug ⟨https://
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
bugs.freebsd.org/bugzilla/show_bug.cgi?id=178881⟩ in the
32-bit ABI of the 64-bit kernel. If you have a 64-bit Free
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD kernel, you must run the 64-bit version of vlmcsd if
you use -o1 or -o3. The 32-bit version causes undefined
behavior up to crashing vlmcsd. Other BSDs (NetBSD, Open
BSD, Dragonfly and Mac OS X) work correctly.
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
If vlmcsd was started by an internet superserver or was
compiled to use Microsoft RPC (Windows only) or simple
sockets, -o1 and -o3 are not available by design.
-P port
Use TCP port for all subsequent -L statements that do not
Use TCP port for all subsequent -L statements that do not
include an optional port. If you use -P and -L, -P must be spec
ified before -L.
-F0 and -F1
Allow (-F1) or disallow (-F0) binding to IP addresses that are
Allow (-F1) or disallow (-F0) binding to IP addresses that are
currently not configured on your system. The default is -F0. -F1
allows you to bind to an IP address that may be configured after
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
you started vlmcsd. vlmcsd will listen on that address as soon
as it becomes available. This feature is only available under
Linux (IPv4 and IPv6) and FreeBSD (IPv4 only). FreeBSD allows
this feature only for the root user (more correctly: processes
that have the PRIV_NETINET_BINDANY privilege). Linux does not
require a capability for this.
-t seconds
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
Timeout the TCP connection with the client after seconds sec
onds. After sending an activation request. RPC keeps the TCP
connection for a while. The default is 30 seconds. You may spec
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
ify a shorter period to free ressources on your device faster.
This is useful for devices with limited main memory or if you
used -m to limit the concurrent clients that may request activa
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
tion. Microsoft RPC clients disconnect after 30 seconds by
default. Setting seconds to a greater value does not make much
sense.
-m concurrent-clients
Limit the number of clients that will be handled concurrently.
Limit the number of clients that will be handled concurrently.
This is useful for devices with limited ressources or if you are
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
experiencing DoS attacks that spawn thousands of threads or
forked processes. If additional clients connect to vlmcsd, they
need to wait until another client disconnects. If you set con
current-clients to a small value ( <10 ), you should also select
a reasonable timeout of 2 or 3 seconds with -t. The default is
a reasonable timeout of 2 or 3 seconds with -t. The default is
no limit.
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
-d Disconnect each client after processing one activation request.
This is a direct violation of DCE RPC but may help if you
receive malicous fake RPC requests that block your threads or
forked processes. Some other KMS emulators (e.g. py-kms) behave
this way.
-k Do not disconnect clients after processing an activation
-k Do not disconnect clients after processing an activation
request. This selects the default behavior. -k is useful only if
you used an ini file (see vlmcsd.ini(5) and -i). If the ini file
contains the line "DisconnectClientsImmediately = true", you can
@ -207,135 +222,135 @@ OPTIONS
-N0 and -N1
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
Disables (-N0) or enables (-N1) the use of the NDR64 transfer
syntax in the RPC protocol. Unlike Microsoft vlmcsd supports
NDR64 on 32-bit operating systems. Microsoft introduced NDR64 in
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
Windows Vista but their KMS servers started using it with Win
dows 8. Thus if you choose random ePIDs, vlmcsd will select
ePIDs with build numbers 9200 and 9600 if you enable NDR64 and
build numbers 6002 and 7601 if you disable NDR64. The default is
to enable NDR64.
-B0 and -B1
Disables (-B0) or enables (-B1) bind time feature negotiation
Disables (-B0) or enables (-B1) bind time feature negotiation
(BTFN) in the RPC protocol. All Windows operating systems start
ing with Vista support BTFN and try to negotiate it when initi
ing with Vista support BTFN and try to negotiate it when initi
ating an RPC connection. Thus consider turning it off as a debug
/ troubleshooting feature only. Some older firewalls that selec
tively block or redirect RPC traffic may get confused when they
tively block or redirect RPC traffic may get confused when they
detect NDR64 or BTFN.
-l filename
Use filename as a log file. The log file records all activations
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
with IP address, Windows workstation name (no reverse DNS
lookup), activated product, KMS protocol, time and date. If you
do not specify a log file, no log is created. For a live view of
the log file type tail -f file.
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
If you use the special filename "syslog", vlmcsd uses syslog(3)
for logging. If your system has no syslog service (/dev/log)
installed, logging output will go to /dev/console. Syslog log
ging is not available in the native Windows version. The Cygwin
version does support syslog logging.
-T0 and -T1
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
Disable (-T0) or enable (-T1) the inclusion of date and time in
each line of the log. The default is -T1. -T0 is useful if you
log to stdout(3) which is redirected to another logging mecha
nism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), -T1 is
ignored and date and time will never be included in the output
sent to syslog(3).
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
-D Normally vlmcsd daemonizes and runs in background (except the
native Windows version). If -D is specified, vlmcsd does not
daemonize and runs in foreground. This is useful for testing and
allows you to simply press <Ctrl-C> to exit vlmcsd.
The native Windows version never daemonizes and always behaves
The native Windows version never daemonizes and always behaves
as if -D had been specified. You may want to install vlmcsd as a
service instead. See -s.
-e If specified, vlmcsd ignores -l and writes all logging output to
stdout(3). This is mainly useful for testing and debugging and
stdout(3). This is mainly useful for testing and debugging and
often combined with -D.
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-v Use verbose logging. Logs every parameter of the base request
and the base response. It also logs the HWID of the KMS server
if KMS protocol version 6 is used. This option is mainly for
debugging purposes. It only has an effect if some form of log
ging is used. Thus -v does not make sense if not used with -l,
-e or -f.
-q Do not use verbose logging. This is actually the default behav
-q Do not use verbose logging. This is actually the default behav
ior. It only makes sense if you use vlmcsd with an ini file (see
-i and vlmcsd.ini(5)). If the ini file contains the line
-i and vlmcsd.ini(5)). If the ini file contains the line
"LogVerbose = true" you can use -q to restore the default behav
ior.
-p filename
Create pid file filename. This has nothing to do with KMS ePIDs.
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
A pid file is a file where vlmcsd writes its own process id.
This is used by standard init scripts (typically found in
/etc/init.d). The default is not to write a pid file.
-u user and -g group
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
Causes vlmcsd to run in the specified user and group security
context. The main purpose for this is to drop root privileges
after it has been started from the root account. To use this
feature from cygwin you must run cyglsa-config and the account
from which vlmcsd is started must have the rights "Act as part
of the operating system" and "Replace a process level token".
The native Windows version does not support these options.
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
The actual security context switch is performed after the TCP
sockets have been created. This allows you to use privileged
ports (< 1024) when you start vlmcsd from the root account.
However if you use an ini, pid or log file, you must ensure that
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
the unprivileged user has access to these files. You can always
log to syslog(3) from an unprivileged account on most platforms
(see -l).
-w ePID
Use ePID as Windows ePID. If specified, -r is disregarded for
Use ePID as Windows ePID. If specified, -r is disregarded for
Windows.
-0 ePID
Use ePID as Office 2010 ePID (including Project and Visio). If
Use ePID as Office 2010 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2010.
-3 ePID
Use ePID as Office 2013 ePID (including Project and Visio). If
Use ePID as Office 2013 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2013.
-6 ePID
Use ePID as Office 2016 ePID (including Project and Visio). If
Use ePID as Office 2016 ePID (including Project and Visio). If
specified, -r is disregarded for Office 2016.
-H HwId
Use HwId for all products. All HWIDs in the ini file (see -i)
Use HwId for all products. All HWIDs in the ini file (see -i)
will not be used. In an ini file you can specify a seperate HWID
for each application-guid. This is not possible when entering a
for each application-guid. This is not possible when entering a
HWID from the command line.
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
HwId must be specified as 16 hex digits that are interpreted as
a series of 8 bytes (big endian). Any character that is not a
hex digit will be ignored. This is for better readability. The
following commands are identical:
vlmcsd -H 0123456789ABCDEF
@ -344,129 +359,141 @@ OPTIONS
-i filename
Use configuration file (aka ini file) filename. Most configura
Use configuration file (aka ini file) filename. Most configura
tion parameters can be set either via the command line or an ini
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
file. The command line always has precedence over configuration
items in the ini file. See vlmcsd.ini(5) for the format of the
configuration file.
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
If vlmcsd has been compiled to use a default configuration file
(often /etc/vlmcsd.ini), you may use -i- to ignore the default
configuration file.
-j filename
Use KMS data file filename. By default vlmcsd only contains the
minimum product data that is required to perform all operations
correctly. You may use a more complete KMS data file that con
tains all detailed product names. This is especially useful if
you are logging KMS requests. If you don't log, there is no need
to load an external KMS data file.
If vlmcsd has been compiled to use a default KMS data file, you
may use -j- to ignore the default configuration file.
-r0, -r1 (default) and -r2
These options determine how ePIDs are generated if
- you did not sprecify an ePID in the command line and
- you haven't used -i or
- the file specified by -i cannot be opened or
- the file specified by -i does not contain an ePID for the KMS
- the file specified by -i does not contain an ePID for the KMS
request
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
-r0 means there are no random ePIDs. vlmcsd simply issues
default ePIDs that are built into the binary at compile time.
Pro: behaves like real KMS server that also always issues the
same ePID. Con: Microsoft may start blacklisting again and the
default ePID may not work any longer.
-r1 instructs vlmcsd to generate random ePIDs when the program
-r1 instructs vlmcsd to generate random ePIDs when the program
starts or receives a SIGHUP signal and uses these ePIDs until it
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
is stopped or receives another SIGHUP. Most other KMS emulators
generate a new ePID on every KMS request. This is easily
detectable. Microsoft could just modify sppsvc.exe in a way that
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
it always sends two identical KMS requests in two RPC requests
but over the same TCP connection. If both KMS responses contain
the different ePIDs, the KMS server is not genuine. -r1 is the
default mode. -r1 also ensures that all three ePIDs (Windows,
Office 2010 and Office 2013) use the same OS build number and
LCID (language id).
If vlmcsd has been started by an internet superserver, -r1 works
almost identically to -r2. The only exception occurs if you send
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
more than one activation request over the same TCP connection.
This is simply due to the fact that vlmcsd is started upon a
connection request and does not stay in memory after servicing a
KMS request. Consider using -r0 or -w, -0, -3 and -6 when start
ing vlmcsd by an internet superserver.
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
-r2 behaves like most other KMS server emulators with random
support and generates a new random ePID on every request. -r2
should be treated as debugging option only because it allows
very easy emulator detection.
-C LCID
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
Do not randomize the locale id part of the ePID and use LCID
instead. The LCID must be specified as a decimal number, e.g.
1049 for "Russian - Russia". This option has no effect if the
ePID is not randomized at all, e.g. if it is selected from the
command line or an ini file.
By default vlmcsd generates a valid locale id that is recognized
by .NET Framework 4.0. This may lead to a locale id which is
by .NET Framework 4.0. This may lead to a locale id which is
unlikely to occur in your country, for instance 2155 for "Quecha
- Ecuador". You may want to select the locale id of your country
instead. See MSDN ⟨http://msdn.microsoft.com/en-us/goglobal/
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
bb964664.aspx⟩ for a list of valid LCIDs. Please note that some
of them are not recognized by .NET Framework 4.0.
Most other KMS emulators use a fixed LCID of 1033 (English -
Most other KMS emulators use a fixed LCID of 1033 (English -
US). To achive the same behavior in vlmcsd use -C 1033.
-K0, -K1, -K2 and -K3
Sets the whitelisting level to determine which products vlmcsd
Sets the whitelisting level to determine which products vlmcsd
activates or refuses. The default is -K0.
-K0: activate all products with an unknown, retail or
-K0: activate all products with an unknown, retail or
beta/preview KMS ID.
-K1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
-K2: activate products with an unknown KMS ID but refuse
-K2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
-K3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select -K1 or -K3, vlmcsd also checks the Application ID for
correctness. If Microsoft introduces a new KMS ID for a new
product, you cannot activate it if you used -K1 or -K3 until a
new version of vlmcsd is available.
-c0 and -c1
-c1 causes vlmcsd to check if the client time differs no more
-c1 causes vlmcsd to check if the client time differs no more
than four hours from the system time. -c0 (the default) disables
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
this check. -c1 is useful to prevent emulator detection. A
client that tries to detect an emulator could simply send two
subsequent request with two time stamps that differ more than
four hours from each other. If both requests succeed, the server
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
is an emulator. If you specify -c1 on a system with no reliable
time source, activations will fail. It is ok to set the correct
system time after you started vlmcsd.
-M0 and -M1
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
Disables (-M0) or enables (-M1) maintaining a list of client
machine IDs (CMIDs). The default is -M0. -M1 is useful to pre
vent emulator detection. By maintaing a CMID list, vlmcsd
reports current active clients exactly like a genuine KMS emula
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
tor. This includes bug compatibility to the extent that you can
permanently kill a genuine KMS emulator by sending an "over
charge request" with a required client count of 376 or more and
then request activation for 671 clients. vlmcsd can be reset
from this condition by restarting it. If -M0 is used, vlmcsd
reports current active clients as good as possible. If no client
sends an "overcharge request", it is not possible to detect vlm
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
csd as an emulator with -M0. -M1 requires the allocation of a
buffer that is about 50 kB in size. On hardware with few memory
resources use it only if you really need it.
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
If you start vlmcsd from an internet superserver, -M1 cannot be
used. Since vlmcsd exits after each activation, it cannot main
tain any state in memory.
@ -474,82 +501,82 @@ OPTIONS
These options are ignored if you do not also specify -M1. If you
use -E0 (the default), vlmcsd starts up as a fully "charged" KMS
server. Clients activate immediately. -E1 lets you start up vlm
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
csd with an empty CMID list. Activation will start when the
required minimum clients (25 for Windows Client OSses, 5 for
Windows Server OSses and Office) have registered with the KMS
server. As long as the minimum client count has not been
reached, clients end up in HRESULT 0xC004F038 "The count
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
reported by your Key Management Service (KMS) is insufficient.
Please contact your system administrator". You may use vlmcs(1)
or another KMS client emulator to "charge" vlmcsd. -E1 does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
-R renewal-interval
Instructs clients to renew activation every renewal-interval.
Instructs clients to renew activation every renewal-interval.
The renewal-interval is a number optionally immediately followed
by a letter indicating the unit. Valid unit letters are s (sec
by a letter indicating the unit. Valid unit letters are s (sec
onds), m (minutes), h (hours), d (days) and w (weeks). If you do
not specify a letter, minutes is assumed.
-R3d for instance instructs clients to renew activation every 3
-R3d for instance instructs clients to renew activation every 3
days. The default renewal-interval is 10080 (identical to 7d and
1w).
Due to poor implementation of Microsofts KMS Client it cannot be
guaranteed that activation is renewed on time as specfied by the
-R option. Don't care about that. Renewal will happen well
-R option. Don't care about that. Renewal will happen well
before your activation expires (usually 180 days).
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
Even though you can specify seconds, the granularity of this
option is 1 minute. Seconds are rounded down to the next multi
ple of 60.
-A activation-interval
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
Instructs clients to retry activation every activation-interval
if it was unsuccessful, e.g. because it could not reach the
server. The default is 120 (identical to 2h). activation-inter
val follows the same syntax as renewal-interval in the -R
option.
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
-s Installs vlmcsd as a Windows service. This option only works
with the native Windows version and Cygwin. Combine -s with
other command line options. These will be in effect when you
start the service. The service automatically starts when you
reboot your machine. To start it manually, type "net start vlm
csd".
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
If you use Cygwin, you must include your Cygwin system DLL
directory (usually C:\Cygwin\bin or C:\Cygwin64\bin) into the
PATH environment variable or the service will not start.
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
You can reinstall the service anytime using vlmcsd -s again,
e.g. with a different command line. If the service is running,
it will be restarted with the new command line.
When using -s the command line is checked for basic syntax
When using -s the command line is checked for basic syntax
errors only. For example "vlmcsd -s -L 1.2.3.4" reports no error
but the service will not start if 1.2.3.4 is not an IP address
but the service will not start if 1.2.3.4 is not an IP address
on your system.
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
-S Uninstalls the vlmcsd service. Works only with the native Win
dows version and Cygwin. All other options will be ignored if
you include -S in the command line.
-U [domain\]username
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
Can only be used together with -s. Starts the service as a dif
ferent user than the local SYSTEM account. This is used to run
the service under an account with low privileges. If you omit
the domain, an account from the local computer will be used.
You may use "NT AUTHORITY\NetworkService". This is a pseudo user
with low privileges. You may also use "NT AUTHORITY\LocalSer
with low privileges. You may also use "NT AUTHORITY\LocalSer
vice" which has more privileges but these are of no use for run
ning vlmcsd.
@ -557,20 +584,20 @@ OPTIONS
sion for your executable. "NT AUTHORITY\NetworkService" normally
has no permission to run binaries from your home directory.
For your convenience you can use the special username "/l" as a
For your convenience you can use the special username "/l" as a
shortcut for "NT AUTHORITY\LocalService" and "/n" for "NT
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
AUTHORITY\NetworkService". "vlmcsd -s -U /n" installs the ser
vice to run as "NT AUTHORITY\NetworkService".
-W password
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
Can only be used together with -s. Specifies a password for the
corresponding username you use with -U. SYSTEM, "NT AUTHOR
ITY\NetworkService", "NT AUTHORITY\LocalService" do not require
a password.
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
If you specify a user with even lower privileges than "NT
AUTHORITY\NetworkService", you must specify its password. You
also have to grant the "Log on as a service" right to that user.
@ -579,53 +606,53 @@ SIGNALS
SIGTERM, SIGINT
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
These signals cause vlmcsd to exit gracefully. All global sema
phores and shared memory pages will be released, the pid file
will be unlinked (deleted) and a shutdown message will be
logged.
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
SIGHUP Causes vlmcsd to be restarted completely. This is useful if you
started vlmcsd with an ini file. You can modify the ini file
while vlmcsd is running and then sending SIGHUP, e.g. by typing
"killall -SIGHUP vlmcsd" or "kill -SIGHUP `cat /var/run/vlm
csd.pid`".
The SIGHUP handler has been implemented relatively simple. It is
virtually the same as stopping vlmcsd and starting it again
virtually the same as stopping vlmcsd and starting it again
immediately with the following exceptions:
— The new process does not get a new process id.
— If you used a pid file, it is not deleted and recreated
— If you used a pid file, it is not deleted and recreated
because the process id stays the same.
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
— If you used the 'user' and/or 'group' directive in an ini
file these are ignored. This is because once you switched to
lower privileged users and groups, there is no way back. Any
thing else would be a severe security flaw in the OS.
Signaling is not available in the native Windows version and in the
Signaling is not available in the native Windows version and in the
Cygwin version when it runs as Windows service.
SUPPORTED OPERATING SYSTEMS
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
vlmcsd compiles and runs on Linux, Windows (no Cygwin required but
explicitly supported), Mac OS X, FreeBSD, NetBSD, OpenBSD, Dragonfly
BSD, Minix, Solaris, OpenIndiana, Android and iOS. Other POSIX or
unixoid OSses may work with unmodified sources or may require minor
porting efforts.
SUPPORTED PRODUCTS
vlmcsd can answer activation requests for the following products: Win
vlmcsd can answer activation requests for the following products: Win
dows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (up to 1607),
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Win
dows Server 2012 R2, Windows Server 2016, Office 2010, Project 2010,
Visio 2010, Office 2013, Project 2013, Visio 2013, Office 2016, Project
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
2016, Visio 2016. Newer version may work as long as the KMS protocol
does not change. A complete list of fully supported products can be
obtained using the -x option of vlmcs(1).
Office, Project and Visio must be volume license versions.
@ -637,24 +664,24 @@ FILES
EXAMPLES
vlmcsd -De
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
Starts vlmcsd in foreground. Useful if you use it for the first
time and want to see what's happening when a client requests
activation.
vlmcsd -l /var/log/vlmcsd.log
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
Starts vlmcsd as a daemon and logs everything to /var/log/vlm
csd.log.
vlmcsd -L 192.168.1.17
Starts vlmcsd as a daemon and listens on IP address 192.168.1.17
only. This is useful for routers that have a public and a pri
only. This is useful for routers that have a public and a pri
vate IP address to prevent your KMS server from becoming public.
vlmcsd -s -U /n -l C:\logs\vlmcsd.log
Installs vlmcsd as a Windows service with low privileges and
Installs vlmcsd as a Windows service with low privileges and
logs everything to C:\logs\vlmcsd.log when the service is
started with "net start vlmcsd".
@ -663,11 +690,6 @@ BUGS
An ePID specified in an ini file must not contain spaces.
INTENTIONAL BUGS
vlmcsd always reports enough active clients to satisfy the N count pol
icy of the request.
AUTHOR
Written by crony12, Hotbird64 and vityan666. With contributions from
DougQaid.
@ -683,4 +705,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCSD(8)
Hotbird64 November 2016 VLMCSD(8)

7
man/vlmcsd.ini.5
View File

@ -1,4 +1,4 @@
.TH VLMCSD.INI 5 "October 2016" "Hotbird64" "KMS Activation Manual"
.TH VLMCSD.INI 5 "November 2016" "Hotbird64" "KMS Activation Manual"
.LO 8
.SH NAME
@ -93,6 +93,11 @@ Write a pid file. The \fIargument\fR is the full pathname of a pid file. The pid
.IP "\fBLogFile\fR"
Write a log file. The \fIargument\fR is the full pathname of a log file. On a unixoid OS and with Cygwin you can use the special filename 'syslog' to log to the syslog facility. This is the same as specifying \fB-l\fR on the command line.
.IP "\fBKmsData\fR"
Use a KMS data file. The \fIargument\fR is the full pathname of a KMS data file. By default vlmcsd only contains the minimum product data that is required to perform all operations correctly. You may use a more complete KMS data file that contains all detailed product names. This is especially useful if you are logging KMS requests. If you don't log, there is no need to load an external KMS data file.
You may use \fBKmsData\ =\ \-\fR to prevent the default KMS data file to be loaded.
.IP "\fBLogDateAndTime\fR"
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, logging output does not include date and time. This is useful if you log to \fBstdout\fR(3) which is redirected to another logging mechanism that already includes date and time in its output, for instance \fBsystemd-journald\fR(8). If you log to \fBsyslog\fR(3), \fBLogDateAndTime\fR is ignored and date and time will never be included in the output sent to \fBsyslog\fR(3). Using the command line you control this setting with options \fB-T0\fR and \fB-T1\fR.

177
man/vlmcsd.ini.5.dos.txt
View File

@ -189,182 +189,195 @@ KEYWORDS
same as specifying -l on the command line.
KmsData
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
may use a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging KMS
requests. If you don't log, there is no need to load an external
KMS data file.
You may use KmsData = - to prevent the default KMS data file to
be loaded.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
WhitelistingLevel
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
level to determine which products vlmcsd activates or refuses.
0: activate all products with an unknown, retail or
beta/preview KMS ID.
1: activate products with a retail or beta/preview KMS ID
1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
2: activate products with an unknown KMS ID but refuse
2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
3: activate only products with a known volume license RTM
3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
sion of vlmcsd is available.
CheckClientTime
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
lator detection. A client that tries to detect an emulator could
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
succeed, the server is an emulator. If you set this to TRUE on a
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
csd(8).
MaintainClients
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
(TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
KMS emulator. This includes bug compatibility to the extent that
you can permanently kill a genuine KMS emulator by sending an
you can permanently kill a genuine KMS emulator by sending an
"overcharge request" with a required client count of 376 or more
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
vlmcsd(8) reports current active clients as good as possible. If
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
it only if you really need it.
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
tion, it cannot maintain any state in memory.
StartEmpty
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
an empty CMID list. Activation will start when the required min
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
as the minimum client count has not been reached, clients end up
in HRESULT 0xC004F038 "The count reported by your Key Management
Service (KMS) is insufficient. Please contact your system admin
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
Windows
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
for Windows activitations will be ignored.
Office2010
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
Level for Office 2010 activitations will be ignored.
Office2013
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
Level for Office 2013 activitations will be ignored.
Office2016
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
Level for Office 2016 activitations will be ignored.
VALID EPIDS
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -378,7 +391,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -387,4 +400,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCSD.INI(5)
Hotbird64 November 2016 VLMCSD.INI(5)

17
man/vlmcsd.ini.5.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -317,6 +317,21 @@ unixoid OS and with Cygwin you can use the special filename
&rsquo;syslog&rsquo; to log to the syslog facility. This is
the same as specifying <b>-l</b> on the command line.</p>
<p style="margin-left:11%;"><b>KmsData</b></p>
<p style="margin-left:22%;">Use a KMS data file. The
<i>argument</i> is the full pathname of a KMS data file. By
default vlmcsd only contains the minimum product data that
is required to perform all operations correctly. You may use
a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging
KMS requests. If you don&rsquo;t log, there is no need to
load an external KMS data file.</p>
<p style="margin-left:22%; margin-top: 1em">You may use
<b>KmsData&nbsp;=&nbsp;-</b> to prevent the default KMS data
file to be loaded.</p>
<p style="margin-left:11%;"><b>LogDateAndTime</b></p>
<p style="margin-left:22%;">Can be TRUE or FALSE. The

BIN
man/vlmcsd.ini.5.pdf
View File

Binary file not shown.

177
man/vlmcsd.ini.5.unix.txt
View File

@ -189,182 +189,195 @@ KEYWORDS
same as specifying -l on the command line.
KmsData
Use a KMS data file. The argument is the full pathname of a KMS
data file. By default vlmcsd only contains the minimum product
data that is required to perform all operations correctly. You
may use a more complete KMS data file that contains all detailed
product names. This is especially useful if you are logging KMS
requests. If you don't log, there is no need to load an external
KMS data file.
You may use KmsData = - to prevent the default KMS data file to
be loaded.
LogDateAndTime
Can be TRUE or FALSE. The default is TRUE. If set to FALSE, log
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
ging output does not include date and time. This is useful if
you log to stdout(3) which is redirected to another logging
mechanism that already includes date and time in its output, for
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
instance systemd-journald(8). If you log to syslog(3), LogDate
AndTime is ignored and date and time will never be included in
the output sent to syslog(3). Using the command line you control
this setting with options -T0 and -T1.
LogVerbose
Set this to either TRUE or FALSE. The default is FALSE. If set
Set this to either TRUE or FALSE. The default is FALSE. If set
to TRUE, more details of each activation will be logged. You use
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
-v and -q in the command line to control this setting. LogVer
bose has an effect only if you specify a log file or redirect
logging to stdout(3).
WhitelistingLevel
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
Can be 0, 1, 2 or 3. The default is 0. Sets the whitelisting
level to determine which products vlmcsd activates or refuses.
0: activate all products with an unknown, retail or
beta/preview KMS ID.
1: activate products with a retail or beta/preview KMS ID
1: activate products with a retail or beta/preview KMS ID
but refuse to activate products with an unknown KMS ID.
2: activate products with an unknown KMS ID but refuse
2: activate products with an unknown KMS ID but refuse
products with a retail or beta/preview KMS ID.
3: activate only products with a known volume license RTM
3: activate only products with a known volume license RTM
KMS ID and refuse all others.
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
The SKU ID is not checked. Like a genuine KMS server vlmcsd
activates a product that has a random or unknown SKU ID. If you
select 1 or 3, vlmcsd also checks the Application ID for cor
rectness. If Microsoft introduces a new KMS ID for a new prod
uct, you cannot activate it if you used 1 or 3 until a new ver
sion of vlmcsd is available.
CheckClientTime
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
Can be TRUE or FALSE. The default is FALSE. If you set this to
TRUE vlmcsd(8) checks if the client time differs no more than
four hours from the system time. This is useful to prevent emu
lator detection. A client that tries to detect an emulator could
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
simply send two subsequent request with two time stamps that
differ more than four hours from each other. If both requests
succeed, the server is an emulator. If you set this to TRUE on a
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
system with no reliable time source, activations will fail. It
is ok to set the correct system time after you started vlm
csd(8).
MaintainClients
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
Can be TRUE or FALSE (the default). Disables (FALSE) or enables
(TRUE) maintaining a list of client machine IDs (CMIDs). TRUE is
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
useful to prevent emulator detection. By maintaing a CMID list,
vlmcsd(8) reports current active clients exactly like a genuine
KMS emulator. This includes bug compatibility to the extent that
you can permanently kill a genuine KMS emulator by sending an
you can permanently kill a genuine KMS emulator by sending an
"overcharge request" with a required client count of 376 or more
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
and then request activation for 671 clients. vlmcsd(8) can be
reset from this condition by restarting it. If FALSE is used,
vlmcsd(8) reports current active clients as good as possible. If
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
no client sends an "overcharge request", it is not possible to
detect vlmcsd(8) as an emulator with MaintainClients = FALSE.
Maintaining clients requires the allocation of a buffer that is
about 50 kB in size. On hardware with few memory resources use
it only if you really need it.
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
If you start vlmcsd(8) from an internet superserver, this set
ting cannot be used. Since vlmcsd(8) exits after each activa
tion, it cannot maintain any state in memory.
StartEmpty
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
This setting is ignored if you do not also specify Maintain
Clients = TRUE. If you specify FALSE (the default), vlmcsd(8)
starts up as a fully "charged" KMS server. Clients activate
immediately. StartEmpty = TRUE lets you start up vlmcsd(8) with
an empty CMID list. Activation will start when the required min
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
imum clients (25 for Windows Client OSses, 5 for Windows Server
OSses and Office) have registered with the KMS server. As long
as the minimum client count has not been reached, clients end up
in HRESULT 0xC004F038 "The count reported by your Key Management
Service (KMS) is insufficient. Please contact your system admin
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
istrator". You may use vlmcs(1) or another KMS client emulator
to "charge" vlmcsd(8). Setting this parameter to TRUE does not
improve emulator detection prevention. It's primary purpose is
to help developers of KMS clients to test "charging" a KMS
server.
ActivationInterval
This is the same as specifying -A on the command line. See vlm
This is the same as specifying -A on the command line. See vlm
csd(8) for details. The default is 2 hours. Example: Activation
Interval = 1h
RenewalInterval
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
This is the same as specifying -R on the command line. See vlm
csd(8) for details. The default is 7 days. Example: RenewalIn
terval = 3d. Please note that the KMS client decides itself when
to renew activation. Even though vlmcsd sends the renewal inter
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
val you specify, it is no more than some kind of recommendation
to the client. Older KMS clients did follow the recommendation
from a KMS server or emulator. Newer clients do not.
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
User Run vlmcsd as another, preferrably less privileged, user. The
argument can be a user name or a numeric user id. You must have
the required privileges (capabilities on Linux) to change the
security context of a process without providing any credentials
(a password in most cases). On most unixoid OSses 'root' is the
only user who has these privileges in the default configuration.
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
This setting is not available in the native Windows version of
vlmcsd. See -u in vlmcsd(8). This setting cannot be changed on
the fly by sending SIGHUP to vlmcsd.
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
Group Run vlmcsd as another, preferrably less privileged, group. The
argument can be a group name or a numeric group id. You must
have the required privileges (capabilities on Linux) to change
the security context of a process without providing any creden
tials (a password in most cases). On most unixoid OSses 'root'
is the only user who has these privileges in the default config
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
uration. This setting is not available in the native Windows
version of vlmcsd. See -g in vlmcsd(8). This setting cannot be
changed on the fly by sending SIGHUP to vlmcsd.
Windows
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Windows activations. If specified, RandomizationLevel
for Windows activitations will be ignored.
Office2010
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2010 activations. If specified, Randomization
Level for Office 2010 activitations will be ignored.
Office2013
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2013 activations. If specified, Randomization
Level for Office 2013 activitations will be ignored.
Office2016
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
The argument has the form ePID [ / HwId ]. Always use ePID and
HwId for Office 2016 activations. If specified, Randomization
Level for Office 2016 activitations will be ignored.
VALID EPIDS
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
The ePID is currently a comment only. You can specify any string up to
63 bytes. In Windows 7 Microsoft has blacklisted few ( < 10 ) ePIDs
that were used in KMSv5 versions of the "Ratiborus Virtual Machine".
Microsoft has given up on blacklisting when KMS emulators appeared in
the wild.
Even if you can use "Activated by cool hacker guys" as an ePID, you may
wish to use ePIDs that cannot be detected as non-MS ePIDs. If you don't
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
know how these "valid" ePIDs look like exactly, do not use GUIDS in
vlmcsd.ini. vlmcsd provides internal mechanisms to generate valid
ePIDs.
If you use non-ASCII characters in your ePID (you shouldn't do anyway),
these must be in UTF-8 format. This is especially important when you
these must be in UTF-8 format. This is especially important when you
run vlmcsd on Windows or cygwin because UTF-8 is not the default encod
ing for most editors.
If you are specifying an optional HWID it follows the same syntax as in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
the -H option in vlmcsd(8) ecxept that you must not enclose a HWID in
quotes even if it contains spaces.
@ -378,7 +391,7 @@ AUTHOR
CREDITS
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
Thanks to CODYQX4, deagles, eIcn, mikmik38, nosferati87, qad, Rati
borus, ...
@ -387,4 +400,4 @@ SEE ALSO
Hotbird64 October 2016 VLMCSD.INI(5)
Hotbird64 November 2016 VLMCSD.INI(5)

2
man/vlmcsdmulti.1.html
View File

@ -1,5 +1,5 @@
<!-- Creator : groff version 1.22.3 -->
<!-- CreationDate: Fri Nov 4 17:18:01 2016 -->
<!-- CreationDate: Mon Nov 28 01:28:23 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>

BIN
man/vlmcsdmulti.1.pdf
View File

Binary file not shown.