JavaScript is not needed to get the information

[ghost]

There is no need to run the JavaScript that is on the software-download pages. The API can be used by providing any UUID as Session ID. Doing so also seems to prevent the permaban.

Because I don't know PowerShell, as example I have quickly modified my very old bash script that works with the software-download API.

https://gist.github.com/whatever127/1018f7390e076a23a960d478e12c0d9e

[pbatard]

Wow, you are right!

I just tried using New-Guid instead of the MS generated JS session-id and I was able to get to the download, whereas I was banned before. So it looks like the permaban has to do with the session-id which is interesting (but it would also explain how MS would be able to fingerprint a machine as, depending on the UUID generation algorithm being used, part of the UUID might uniquely identify a machine).

My goal was to get as close as possible as a real-life browser session, so that Microsoft wouldn't be able to tell the difference between someone using an actual browser to navigate or the script, and of course, the point of running the JS was to ensure that, if Microsoft adds measures there to detect scripts, they still wouldn't be able to detect ours.

At any rate, considering how the session-id generation from JS is a pain in the ass, I'll go with New-Guid for the time being as it works a lot better than my current method, and it's also much faster for users.

I'll test some more and publish a new release of the script that uses your suggestion. Many thanks for reporting your findings!