Slashdot Mirror
Deciphering Windows Product Activation
Stephen Lau writes: "Fully Licensed GmbH seems to have deciphered and analyzed the WPA code that Microsoft plans to use to protect from privacy in future products. They've got source and executables up on their site..." As well as an interesting paper which purports to describe the activation process but does not provide details on how these guys reverse-engineered it.
You are assuming that MS would actually be able to successfully prosecute these guys for reverse engineering. Here's a newsflash: reverse engineering is legal. Europe has neither DMCA nor UCITA. The world is bigger than US.
___
___
If you think big enough, you'll never have to do it.
When you re-activate, naturally you'll have to generate a new Installation Key and they'll be able to see exactly what components you changed out. Fun, huh?
Oh my yes! Of course, they won't necessarily know who YOU are, since product REGISTRATION is separate from product ACTIVATION -- and not required to use WinXP.
"And like that
I am a thinking person, and can form my own opinion.
Reboot macht Frei.
After a thick perusal of the paper, I'm still at a loss: can xpdec actually *crack* anything? I've used it on my Product Key, and it does produce a proper Product ID, but has anyone actually used this to try to crack one of the RC1 copies?
Registration by phone line, you'd think most people are/will be still stuck doing this.
Caller ID, plus a reverse phone number lookup and what more do you need to know?
Can a MAC adress be linked to your IP by going to a site or server (windows update active X controls?)?
Lookup a name and get a street adress, use public records to see who owns the home and it's value. you know they'll get the IP and know all about the computer, partner with doubleclick(or whoever) for tracking surfing habits..
it's not the information that's transmitted, it's what they can do to link it to you
who owns your data?
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
At the usual place. Click on my sig, go into the windows_product_activation directory.
-----
What is the phone number? If all they want is someone to read off 32 digits to them, I'm more than happy to play from time to time.
how does it hurt MS when a home user borrows their friend's Win95 CD? The more times Win95 is installed, the more people are using it and the more likely that person is to become a valuable Windows-using consumer. Buying Windows software, perhaps purchasing a new computer with Win98 preinstalled. Requiring a Windows PC at work. Purchasing upgrades.
... and then you think that person is likely to want to pay $XXX for an upgrade later on? Not likely. They'll split the cost with one or more friends, or just out-and-out steal it one way or the other ("borrowing" a CD from work, downloading it off warez, whatever).
So you're saying someone installs windows by borrowing a friend's CD
Now Microsoft institutes a plan that makes these practices more difficult. They don't try to make it uncrackable, because that's impossible, but they prevent your average user from borrowing the disk from a friend or from work. I bet you'd be surprised how much money we're talking about.
Your idea that Microsoft's OS monopoly gains from piracy only has merit so long as you acknowledge that one day Microsoft must one day squeeze those pirates for their long overdue gold.
Today is that day...
"And like that
Mod this guy down (or the replies up), since clearly his main point has been shown to be false, yet it's getting more 'weight' than the truth of the matter, i.e. that you can cancel out of the MacOS registration and further it does not require a serial number like Windows does.
I'm sure that these guys probably do know how the key is done. If they were able to figure out some of the obscure techniques that was used here i'm sure that they took it 1 step further and using known wpa codes and keys provided by microsoft developed an algorithm.
:)
Well then...maybe not
Today we lost 4366.99 from people copying our software without us knowing.
In case you can't figure it out, there is no way for them to know. They know how many boxes they sold, because they can count them. Not so with unlicensed copies.
"Any connection between your reality and mine is purely coincidental." -Slashdot
Here is an account of what network connections Windows XP RC1 make when it is installing itself.
It does all this without prompting the user.
The box was isolated at 192.168.1.3 and had ALL outgoing traffic denied and logged, these are the highlights.
device eth0 entered promiscuous mode
device eth1 entered promiscuous mode
Packet log: input DENY eth1 PROTO=17 192.168.1.3:123 207.46.228.33:123 L=76 S=0x00 I=5 F=0x0000 T=128 (#5)
time.windows.com (207.46.228.33)
This one is rather obvious, it sets the operating system clock, but don't try using netdate on it, it's proprietary to Windows only (whoops!)
Packet log: input DENY eth1 PROTO=6 192.168.1.3:1027 207.46.197.100:80 L=48 S=0x00 I=88 F=0x4000 T=128 SYN (#5)
(microsoft.com, www.domestic.microsoft.com, and microsoft.net address pool)
Packet log: input DENY eth1 PROTO=6 192.168.1.3:1043 207.46.227.40:80 L=48 S=0x00 I=770 F=0x4000 T=128 SYN (#5)
(wpa.one.microsoft.com try https to it and see the certificate yourself!)
This is the Product Activation certificate, it attempted to connect to this server an incredibly large number of times.
Packet log: input DENY eth1 PROTO=17 192.168.1.3:1039 192.168.0.1:2869 L=48 S=0x00 I=673 F=0x0000 T=128 (#5)
Not sure what it did here, 192.168.0.1 is the gateway I don't have the packet data at all, I'll do that in the near future. MAD props to brewt for some of the info!
I'm sure one of you guys could do it. For the Fun of it of course. It would only be a tool for learning of course.
Someone want to prove me wrong?
Pete
The sole purpose of the Internet is to get porn and bomb making plans into the hands of children.
Apparently not. According the article you need to change 4 things, not just fuck around with the RAM.
This is a first, a businessman taking credit for something a politician did...
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Now, call me stupid if you want, but I really don't think we can set too much store by your experiences with a release candidate version of an OS.
Wait until you've got the real thing, then start telling people about how much better it is than they feared.
It would be so easy to check the build number, and if it contains "RC", say "Thanks for choosing Microsoft!" and set the system death timer ticking (they are time limited, after all...), else show compulsory "life history" registration form...
Cheers,
Tim
It's official. Most of you are morons.
That doesn't look like it was done in the the name of "interoperability" at all ...
But of course it was:
"My copy of Windows XP didn't work any more after I changed my hardware, so I took it apart to find out why! Oh, and by the way, here's what I found out..."
Living better through chemicals
I think the problem with many of the replies here is that many argue "all you have to do is press CMD-Q". Like the registration process for XP, Apple seems to neglect giving you that information as well. People are comparing apples and oranges when really they're comparing apples and apples.
I agree.
Another interesting tidbit: Business are required to list losses on their financial statements, but they never list Piracy as one. Go figure.
In MacOS 9.1 you can just force quit the registration and rebood. If you try that in MacOS X though it just restarts it.
-- 2 + 2 = 5, for very large values of 2
Isn't everything?
~~~
The key they removed (from the source) is:
...stuff deleted...
...more stuff deleted...
/. doesn't allow <pre>'s)
void KeyedHash(unsigned char *Data, unsigned char *Result)
{
SHA_CTX Context;
unsigned char Digest[20];
static unsigned char Key[4] =
{
#error The key has been removed from the source code. Please obtain the executable.
};
SHA1_Init(&Context);
SHA1_Update(&Context, Data, 8);
SHA1_Update(&Context, Key, 4);
SHA1_Final(Digest, &Context);
memcpy(Result, Digest, 8);
}
Doing a quick disassembly of the code:
00401590 KeyedHash proc near ; CODE XREF: sub_4015F0+19p
00401590
00401590 var_74 = dword ptr -74h
00401590 var_70 = dword ptr -70h
00401590 var_60 = byte ptr -60h
00401590 arg_0 = dword ptr 4
00401590 arg_4 = dword ptr 8
00401590
004015AE push 4
004015B0 lea eax, [esp+88h+var_60]
004015B4 push offset dword_40A034 ; ********** MAGIC!
004015B9 push eax
004015BA call sub_402170
004015E8 retn
004015E8 KeyedHash endp
And the location they referenced:
0040A034 dword_40A034 dd 0D45EC86Ah
Thusly, the key should be 0xD45EC86A.
More than one can play this game.
Enjoy! (Sorry for the formatting,
I haven't seen any of the license agreements concerning Windows installs that have WPA, but I assume that there's something against reverse engineering.
What if there is? Anything in an EULA which against the law is automatically void. Germany still appears to have laws protecting free speach in the area of software examination.
You know what happens when you press that button? It doesn't send the info and moves along its way...
Burn Hollywood Burn
I was actually looking forward to the day when I could say, "Well, Grandma, I could change your busted hard drive for you, but that would mean that nice Gates man would want another $300. Maybe you should just buy another computer..."
"Buy another computer?! What's wrong with you, boy? I'll just shop around for a cheaper copy of Windows! Someone'll will have it on sale..."
I was so looking forward to listening to Grandma on MS tech support demanding another activation code, and chewing them out when they inevitably refuse to give it to her...
XP activation was going to be the wake-up call for Joe EndUser. Now that it's been publicly hacked, I'm really rather torn...
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
I think people really are missing this point. It's the same with the Comet cursor and Amazon monitoring where you go. Who cares if you can't tell who's who and it's not a privacy issue. IT IS a privacy issue for the GROUP of us users as a whole - and I don't think Microsoft has a right to know what hardware we have just because we use XP.
----- rL
Okay, so the Ethernet card would be reported as changed in hardware database stored on your computer. What other hardware do you expect to change on a daily bases? Remember, you only have reactivate your copy of Windows when morethen three pieces of hardware change. Also, it seems that MS is more lenient towards laptop users.
Sig goes here
And then there's the user base argument. When people are pirating your software, they're strengthening your monopoly.
Well, now that Microsoft's monopoly position has become so strongly entrenched, the marginal value of piracy to them has been reduced. However, their stock price is now embarrassingly low, so pirate users represent a good untapped resource to help reinflate their stock bubble. (Doubling costs to businesses is another good strategy.)
In fact, this is urgently important to Microsoft, since it hasn't actually turned a profit on software sales in a while ("The Bank of Microsoft" is solely responsible for Microsoft's good looking bottom line), and since it can't use its stock price as currency like it used to. In many ways, Microsoft looks like a falling empire, which it likely is, and pumping up its stock price is a good defence.
Now be good c1t1z3n5 and pay your Microsoft tax! (Or use something else...)
On a similar note, check out a Salon article on MS's bullying tactics on poor schools: http://www.salon.com/tech/feature/2001/07/10/micro soft_school/print.html
In contrast to many critics of Windows Product Activation, we think that WPA does not prevent typical hardware modifications and, moreover, respects the user's right to privacy.
Typical hardware modifications....
If you change more than three things, you have to go through whatever hoops Microsoft wants to put you through to use something you've already paid for...
I don't know about you (or the guys who did this), but the last time I upgraded a machine, I increased the memory (1 change), added a hard drive (2 changes), replaced both the modem and the video card (3 and 4 changes)... Whoops... Went too far, must now cope with Mr. Bill and the XP nonesense...
I like you, Stuart. You're not like everyone else, here, at Slashdot.
Sure you only have to call in to get a new id when you install three or more items, but what does this say about Microsoft's bet on the stability/longevity of XP? Is Microsoft betting that most people won't have to replace/re-install XP before they replace hardware (in which case they'll have to call anyway)? Or they'll just wait until Windows 2005 comes out while their fragmented hard disk slugs around? Come on ...
...
<troll-material>If Win98 is an indication, the 32-bit (kinda) MS OSes benefitted from a re-install every year or so</troll-material>. If I had XP the last two years, I would have had to call them 3 times already!
But seriously, is the amount of Microsoft investing in over-friendly tech support people that dole out ids going to be worth it for all of this hassel to them and consumers? I could see the XP reg. tech. support staff getting quite large
----- rL
It'll take about five minutes for someone (probably many) to figure out that all you have to do to avoid M$ (re)activation hassles is let it figure out your "new" hardware configuration key, then replace the saved "original" with that, and you're nearly done - just cycle through all the possible combinations of a couple of "random" bytes, and all their fancy cryptography is finally toast - as it should be.
Asia will be cloning millions of copies of WinXP the morning after its released, and M$ won't be getting any product activation calls.
WinXP and OfficeXP CD's will cost about $1 each in Asia (and that's more than they're really worth). M$ code is just a commodity.
I have used the same CD/key of Office 2K on 4 different computers. Each time it has required activation. It has never required dialing the 800 number. On my primary computer I have added ram changed CD drives changed harddrives multiple times(adding etc.) changed video cards rtemoved modems added lan cards...blah blah blah... Mine was the educational version so your milage may vary..
This becomes annoying when upgrading machines or replacing them.
I had a $5 academic license for Office. When the new computer got built I couldn't install it since this copy was already registered. Even after a call to them, they said I had no way to prove I owned the license.
I think I got brushed off because I only paid $5 for it. The sick thing is, someone else paid big bucks for me to get it that cheap in the first place. Fuck 'em.
I just installed an older version, and really haven't used it since I started using star office and the like.
I actually backed up wma files and not realized that is was pointless since I could no longer play them. No one told me that a file I encoded needed a license to play it. Of course trying to play it got my information send to MS, along with the song name etc. Windows Media Player does this automatically.
I simple don't let that app access the internet anymore. With more MS software that wants to access the internet, the smaller that partition gets.
XP, not for me. Even if it's 'more stable', it's not going to touch my PC. The first time a window pops up saying I'll need XP, all of windows is gone. Adios Red Alert, adios Kazaa, I'll miss you.
Get your Unix fortune now!
Exactly!
The hash function can be extremely complex, but given a small range of inputs M (only 2 double words), a hash table of possible values can be pre-calculated. The actual number of possible values for M will be very small, on the order of a few thousand, up to possibly 25,000. The input M to the RC5 hash will be a known, limited number of drive IDs, video card IDs, CD-ROM IDs, etc. micr~1.oft is in the position to have a list of every drive manufacturer and video card identification string, and could use those lists to obtain the original string from the hash.
This is what password cracking programs do, instead of trying to reverse the hash, pre-compute dictionaries and compare the outputs.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
An often ignored concept ... is that most pirated copies would NOT have been purchased anyways.
While this may be true about the latest cool game, a computer without an operating system is a very expensive paperweight.
Microsoft's anti-trust punishment should be a compulsory and immediate donation of $5-billion to the Free Software Foundation. This would shortly spell the end of Microsoft's tyranny.
My god, think of how much those metrics alone are worth... A snapshot on DVD adoption, SCSI cards, % of laptops out there? Almost seems like the anti-copy stuff is just a smokescreen.
+++ UGUCAUCGUAUUUCU
I have one thing to add and it may or may not be relevant.. the thing is microsoft arent the only company who do it and the XP asks for less info than the others.
Install PC anywhere or most virus scanners and they ask for more info, or as one poster pointed out try installing on a mac.
The fact is that WPA isnt the evil nemesis it is pointed out to be.... yet
the thing that worries me is not what might be in the product now but what they may have up their sleeve for later.. why not a product that wont work unless you enter a valid credit card (for ID purposes only) or a drivers license number, or a product that is only installable once without you going back and getting another software key (can be done easily you know)... what about a product that appends an invisible piece of code in a watermark that indicates the details of the machine and copy that made it (this is already being done or has been tried)
these are the things that make me worried - we should be fighting this not beacuse its MS or because it mayb a way to make money, we should be fighting it because it may be the last chance we can.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Although judging by the techincal contact of their domain registration, they have some connection to America. Maybe M$ will bring pressure to bear on their ISP? Then again, given that the registration information was updated yesterday, maybe they already prepared for such an event?
Interesting that they removed the key in their source, but included it in the binaries.
Kinda like: "Here are the plans to build a nuclear bomb, but we took out the part about where to get plutonium. But if you want one pre-made with plutonium ready to go, we can hook you up with that, too."
Isn't this whole thing just a matter of time and programmer determination anyway?
"Gesellschaft mit beschraenkter Haftung"
Those nutty Germans! Always with the lots of words, when a single word would do!
Literally, it translates to "Society with More Limited Adhesion." I'm not sure if that's "more-limited adhesion" or "more limited-adhesion," mind you, but either way sounds like a run-in with a UHU glue stick...
--
--
Don't like it? Respond with words, not karma.
What if he had already made three previous hardware changes to his laptop since he last installed Office XP? Unbeknownst to him, his copy of Office XP would be due to become deactivated with just one more change.
So, he goes on the road, upgrades his RAM, and boom, Office no longer works.
I don't have a problem with Microsoft requiring that he call a toll-free number or use the Internet to reactivate application; however, I do have a problem when they require that he reenter the serial number to do it. What's the purpose of that? The solution, of course, is to always keep a list of your Microsoft serial numbers on both your computer and in paper form just such a situation happens to you.
Sig goes here
No matter how many bits you chance, Metallica will never forgive you.
"Of course, they won't necessarily know who YOU are since product REGISTRATION is separate from product ACTIVATION"
And you completely trust MS to never cross-reference this information? We know how well that worked out with the ad agencies *cough*.
Anyway, even if they don't know WHO you are, they still can track what modifications and upgrades you've done to your system, and all the serial numbers of your equipment. That itself is alarming. I bet it's not that hard to find out from equipment manufacturers, where their products ended up, especially if those parts are individually registered.
It's 10 PM. Do you know if you're un-American?
You do realize that it said simply re-installing XP would necessitate re-activation. I'm one of the unfortunate few that has been stuck with Windows ever since 286's became obsolete, and I'll say that for some strange reason (maybe cosmic rays!) Windows becomes unstable after ~5 months of regular usage and needs a full HD format & reinstall in order to run properly
This brings up another point about Microsoft's licensing schemes: 'Upgrade' CDs. As many of you know, MS offers upgrade CDs in retail stores that upgrade you to the latest flavor of Win9x, and they offer them for less than the full version of the same flavor. While this is fine, of course, the install program checks your hard drive to see if you have a previous flavor of Win9x installed. If you don't, then you don't get the new flavor.
Here's where the problem comes into play -- what if a particular user has, through some sort of magically lucky stability, upgrade versions (and only upgrade versions) of everything up to, say, WinME? I.e. Win 3.1 upgraded to Win95 upgraded to Win98 upgraded to WinME. Or, in a more likely scenario (this one has happened to me personally), what if they have a full version of Win95 and upgrades up the rest of the chain? If they need to reinstall WinME, are they to start all over again by installing Win 3.1, and working their way up the chain? And, what if -- oops -- they lose their Win95 CD? Then, although they are legally entitled to install and use Win98/WinME, they cannot do so. I know of people this has happened to, and needless to say it was incredibly frustrating for them not to be able to install an OS they had a legal copy of.
---
I pledge allegiance to the flag...
of the Corporate States of America...
An often ignored concept (that George Broussard from 3D Realms seems to have understood) is that most pirated copies would NOT have been purchased anyways. There are lots of users that will not use the software unless they can get it for free. So in effect, they can either not pay for the software and use it, or not use it at all. Note that such users dont give ANYTHING to the company anyway; it is just a question of whether or not they will use the sotrware. In this case, the software company enjoys a larger installed base.
This is most of the reason why I see the Y Company lost $X to piracy as a BS argument. I've always noticed that lots of people won't pay for software at all; if they had to pay they would do without. IN that case, the Y Company is losing $X in potential sales because their price is too high/marketing not good enough/etc... How different is that from any other company in the tangible good and services industries that loses sales because consumers dont want to pay that much for the product? Why, then, should we treat software companies any differently from those that have poor sales policies?
Now, it's not only the name of the law that will send Jenna Bush to jail if she looks cross-eyed at a cop, it's the new slogan for Windows! Cool.
Wow, you've taken uneducated comments to a whole new level. lol
I haven't seen any of the license agreements concerning Windows installs that have WPA, but I assume that there's something against reverse engineering. Not only have these people reverse engineered (part of) the WPA process, but they've published the source code. While they didn't put the cryptographic key in the source, they did put it in the executable, and even clearly proclaim this, almost a wink wink nudge nudge to the people out there who are sure to take the executable appart, get the key, put it back into the source code, and then re-publish the complete, non-crippled source.
Given all this, it seems like their really asking for MS to sue them. Is something like this covered under an "academic research" clause that allows reverse engineering for research purposes?
Suppose you were an idiot. And suppose that you were a member of Congress. But I repeat myself.
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
What it does say is that someone knows Microsoft's code well enough to develop a "cracked" version of Windows that would either bypass the check entirely or always generate the same hardware ID number. This hardware ID could be an ID that someone previously had used to activate their copy of Windows. Therefore, if you used his serial number and the activation code that he was given, you could unlock your cracked copy of Windows without ever contacting Microsoft.
Sig goes here
I'm so surprised, copy protection that annoys the honest users, and doesn't do anything to stop piracy. Who could've seen it coming?
--
This is ridiculous. Out of all the so-called "mirrors" here, only one link actually bothered to copy more than one page.
If you're going to "mirror" something, do the whole thing, otherwise when MS forces them to bring their site down, you'll have more than just a page of broken links.
since they are a GERMAN company, and (contrary to the DVD CCAs assumptions in that california lawsuit) germany is not an american state, they are pretty much immune from DMCA-like bullshitting.
there are two things that could make things ugly for Fully Licensed GmbH. one is a license agreement, but so far, the validity of click-through, shrink-wrap or similiar licenses is highly doubted in germany. AFAIK, none has ever been enforced in a court.
second, there is a provision against reverse-engineering in the german copyright law. however, it also allows for a number of exceptions.
one way or the other, since they are a GmbH, the worst that can happen is that they'll be sued out of business, but with no loss to their private capital. so they'll immediatly start a new company under a similiar name and harvest all the free publicity advantages.
because lastly, sueing them would be the equivalent of saying "yes, we feel guilty. yes, we've done wrong. and no, we can't stand that you found us with the hand in the cookie jar." - a pretty dumb publicity stunt, even for M$ standards.
Assorted stuff I do sometimes: Lemuria.org
Need I say more?
"Research is what I am doing when I don't know what I am doing." -- Wernher von Braun
But also, imagine how useful it would be to have a database of the precise hardware used by each of your competitors' systems. Or the startups you were potentially interested in acquiring?
It sounds like script kiddie heaven- when any security vulnerability becomes known you have a nice map of the hundreds, thousands, millions of systems having the vulnerability.
I'm sure Microsoft is so ethical they would never use a black ops team to take advantage of such information.... ;)
--LP
Nightmare essay question for Bill Gates: Explain why new economy rules don't apply to software dot-coms, but do apply to software anti-trust enforcement. Describe what a hypothetical software monopoly's obligations would be under the Sherman Anti-trust Act, as you interpret it. Defend your interpretation with Supreme Court citations.
It's always the same story : security through obscurity doesn't work. We already saw that with DeCSS.
When people need to close sources and algorithms of a crypto system, it's almost always because it's flacky. They don't trust their own algorithms. They don't want other people know how they are working, because they know the algorithms can easily be broken when you know their mechanics.
-- Pure FTP server - Upgrade your FTP server to something simple and secure.
{{.sig}}
do you block caller id?
What does it matter? I'm already connected to the internet when I activate XP. Even people with dialup connections can just establish their connection first, and then start the activation process. Those without an internet account but with a modem can call Microsoft if they are really paranoid enough to think that Microsoft is going to track caller ID.
"And like that
- A.P.
--
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
--
When all you have is a hammer, everything looks like a skull.
Or they might not. VMWare is in bed pretty deep with MS--maybe they have to be, since it'd be pretty easy for MS to make the EULA invalid in a VM (legal or not, no corporation would run it in a VM if the EULA denied that right). Or MS could take technical countermeasures (see also DR-DOS and Windows 3.1) to keep XP from running in a VM, essentially putting VMWare out of business.
One thing I noted is that about a year ago, there was an announcement with much fanfare that VMWare would sell bundles of MS licenses with VMWare. At roughly the same time, OS/2 support, which had been worked on and tested for some time, was suddenly dropped. Can I prove cause and effect? No. Are there lots of other reasons support can have been removed? Sure. But the timing's awfully suspect.
Also, VMWare is hard coded to use a certain OUI (Organizational Unit Identifier) for VM network card NIC addresses--meaning they'll always start with a known prefix. VMWare provides no way to change this, meaning that MS or any other organization with access to the NIC address (or even a hash, probably) will know one is running a VM. (Imagine a typical Georgia network nazi reaction to seeing that with a sniffer.)
I'm not confident VMWare's going to be allowing anyone to change hardware serial numbers in VMs--I'll bet they randomize them just to avoid jepoardizing their "strategic relationship" with Microsoft.
CEE5210S The signal SIGHUP was received.
"...always keep a list of your Microsoft serial numbers on both your computer..."
right, i'll just open up the spreadsheet that they are in...
wait, no.
no problem, i'll just open the word docum...
that's all right, i've got another copy in an access datab...
hang on, it's sitting in a folder in outl...
hmm.
---
And you completely trust MS to never cross-reference this information? We know how well that worked out with the ad agencies *cough*.
... registration is not required to activate the software.
I don't need to trust Microsoft -- I just won't register XP. That's the point
Anyway, even if they don't know WHO you are, they still can track what modifications and upgrades you've done to your system, and all the serial numbers of your equipment.
I don't think so. They just get a huge number that is generated from hashing the various ID's of your hardware. There is a big difference. They would not be able to tell the hardware installed, but rather, whether or not the hardware that is installed has changed since the last time you activated.
"And like that
MSFT looses $X Billion to piracy each year
Sort of a tangential point, but to fill in the $X: According to the SPA, software piracy has saved consumers worldwide over $59.2 billion in the last five years, and $12 billion last year alone. The linked document also details which regions saved the most.
They won't have to be attacked directly. All MSoft needs to do is court a powerful ally in Germany, stuff them full of company perks/exclusive deals/whatever and then lean on them to silence their noisome neighbors. Wait 'n see, and I'll bet you that if these guys get spanked, they'll get spanked by one of their own.
**>>BELCH
After reading the article, which half the time lost me, all I can say is "damn, those guys know their shit" and "how many different levels of encryption and checking does MS need to do?"
.Net and subscription based systems, with all data handled by MS, and suddenly you realize your are totally fucked, but it is a bit too late.
Really, checking the amount of RAM in a system? Of course, no one EVER adds RAM, right?
MS has perfected the art of "incremental monopoly." Each step is not too bad, and after 10 steps, you are used to the last 3 steps, so it still seems ok. Eventually, you have
Vote monkeys into Congress. They are cheaper and more trustworthy.
"How many bits of 'Metallica - Unforgiven.mp3' can you change out with identical bits before it isn't 'Metallica - Unforgiven.mp3' anymore?"
I thought M$ only cared about money...isn't this supposed to be about piracy not privacy?
They don't need you to give them your name. With Caller ID and other software, if you called from home, they've got your name and address. Doh!
----------------------------------
"We're sorry, but the website you're trying to reach has been disconnected."
Onstensibly, the paper's purpose is to analyze the privacy impact of the registraction procedure; i.e. how much information about YOU Microsoft can glean from the hashed system info.
;)
In this light, the paper itself is relatively benign; enough so that Microsoft shouldn't be overly worried about it.
The fact that it can be used to spoof WAP isn't even mentioned in the paper
I am guessing this is entirely intentional.
I know how to pick locks, but I'm not a theif. I know how to hack, but I'm not a cracker. I can decrypt DVD's with DeCSS, but I don't pirate films. Same thing here. No security system should rely on common (the same for all users) secrets to maintain strength.
twb
-twb
That is different.
You can't take the hash and generate the original hashed string.
You can take strings and try them until you find the right hash.
For such a small hash, there are going to be a lot of possible matches.
--
Two witches watched two watches.
--
Two witches watched two watches.
Which witch watched which watch?
Nope, I'm the only one on my network, plus I actually do read all the other comments before posting.
It's easier to do through social engineering. See my previous comment.
Insert obligatory reminder from Free Software advocates that "piracy" is a corruption of the language.
Insert obligatory rebuttal that those very same advocates often refer to Windows users as slaves, thus corrupting the language in the same fashion.
Insert obligatory cry for moderation and civility in public discourse.
Go AFK to ponder futility.
Return like you always do.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
If I run WTS or Citrix on a server somewhere deep in the network and Jane sysadmin unplugs one of the SCSI drives for maintenance or because it broke and now I need to run XP-ish office apps off the network for 30+ people who log onto that server, then what?
When you re-activate, naturally you'll have to generate a new Installation Key and they'll be able to see exactly what components you changed out. Fun, huh?
::TV ad starts:: "Hello, Mr. Thompson. We at ATI have noticed that you have not upgraded your display adapter to the latest in video technology as you did the last two times we released a new card. Please take this opportunity to review a special deal we've created just for you. Oh, looks like The Big Breakfast is coming back on. I'll be back at the next commercial break with more deals for you."
Just imagine the marketing research power of this knowledge. Microsoft could sell this information to hardware manufacturers so they can then specifically target markets worldwide. Here's an example: Analysis determines that people in the southeastern United States upgrade memory on average twice as much as people in the midwestern United States. Where is Kingston going to focus their ads? They are going to advertise the latest technology to the southerners and are going to preach the necessities of a memory upgrade to the midwesterners. Say WD learns that people in Scotland like to upgrade HDs by buying a second drive while the Germans prefer to upgrade HDs and CPU at the same time. The potential for targeted ads is staggering. Now combine this with cable boxes that send viewer information back to the cable company and Amazon's individual pricing and you get individually targeted computer ads.
Scary
---
http://www.flyingbuttmonkeys.com/mirrors/www.licen turion.com/xp/
- - - - -
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I think that this is not entirely true. Think about PGP. For an encryption algorithm to be secure, its source need not be kept locked away. Think about blowfish, CAST and IDEA. Their algorithms are available. And do we distrust their security because of this? Unlikely.
On the other hand, the NSA (I think) published their own 'consumer level cipher method' a while back... of course they expected everyone to trust and use it... although they never explained or published how it works...
Hmmm... which do you trust? A cipher does not have to hide its methods to be secure. It ujst has to be well designed.
So even if M$ did publish exactly how their registration methods work, this would be no problem to them if they actually designed a cryptographically secure scheme. If they did not do that, then it's their own problem. It will be cracked. It's their own fault.
That's quite an in-depth explanation. It surprises me that they could figure it out. How many hours did they sit there going: "Hmm... maybe if we added those numbers together and then added the odd ones again... no wait... lets do the even ones. And to finish it off lets to the sum % 3. Oh wait... that should be sum % 7... Yeah, that gives us the check digit!" -Sean
Will they change the algorithm before the next build? Probably not, their lawyers need the money.
Fight Spammers!
The Major Linux vendors today announced similar privacy invading tactics as Microsoft. Their reverse engineered configuration mining code was found to be...
/proc/cpuinfo | mail licensing@linux.com
cat
--
This is funny too...
http://linuxpr.com/releases/3925.html
As the game publishing companies have discovered a long ago any security system can be cracked given enough time. It is time Microsoft learned this fact as well. No amounts of law suits can put the genie back into the bottle once it is released which the MPAA has learned the hard way and at extreme cost. If any portion of the system is located on the users system, it will be able to be hacked. While I do not agree with software piracy, I also do not believe in copy protection whose sole purpose is to complicate the situation for the end users that buy software and expect specific uses from it.
:P
--
When I'm good I'm very good, when I'm bad I'm better, But when I'm evil you better run
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
I beg to differ. There are countless articles written on how to pick locks. Here is one that is written on the level of the layman:
How Stuff Works: Lock Picking.
There are methods for doing many untasteful things(i.e. building bombs, cooking methamphetamine, etc) freely available, but this does not mean that everyone is blowing up buildings. I don't think it causes harm to simply have the information available. Security by obscurity is no securtity at all.
Enigma
Enigma
Processor serial number
I wonder where they keep the processor-serial number -> your name, address, email, and penis length data? IM thinking select *
from person, register_info
where person.serial = register_info.serial
Voila - you may not give your name && number when registering windows now, but who cares - they can retrieve your processor_serial_number now (in future - whenever).
People are really putting their head in the sand if they dont think this registration isnt a (another) nail in the coffin of private computing.
Who knows when/how they retrieve the serials of apps installed on PCs, how much email-traffic you have (rolling counters stored... ummm somewhere), maybe the percentage of your disk that are occupied w/ JPGs (in your c:/pr0n dir), whatever.
The point is, with this binary only model - how the *uck can you trust they aren't keeping this data - and managing it all somewhere. I know you can sniff the network traffic, but we all know that with a little obfuscation and some encryption - you can hide anything you want very well.
I have no interest in giving M$ any information about me or my computer - now or ever. I will not run WinXP or anything else Windows on the internet, i just cant trust that they havent trojaned all (some/most/whatever) of the applications.
P.S. I thought Intel disabled the unique-processor-serial...????!?
What is the purpose of the MS CD/product keys anyways? Are they individually serialized for individual copy of the product? If they are the same on the product level (not unique for distinct copies), then what is the point in preventing piracy with them?
There's 10 types of people in this world, those who understand binary and those who don't.
Yeah, but they did it, didn't they?
Why bring their effort down? At least now no one else has to do it.
Think about focusing development efforts on mainstream hardware.
... I think all of this Microsoft babble (see: XBOX) is melting your brain. *grin* .. (just kiddin')
"Mainstream hardware." BWAHAHAHA
----- rL
Registration by phone line, you'd think most people are/will be still stuck doing this. Caller ID, plus a reverse phone number lookup and what more do you need to know?
That I'm activating my notebook computer's copy of Windows XP from a pay phone. This is the real reason the Amish don't own phones: because they value their privacy.
Will I retire or break 10K?
Man, is anyone really surprised that someone cracked this? It was bound to happen anyways... everyone goes out after M$. I'd be interested to know how they did it, however.
It looks like something someone wrote without looking through an algorithms book. The encryption is just a random algorithm of the same general type as DES, but almost certainly weak (your average similar algorithm is not secure). The checksum thing is also error-prone; it doesn't notice if you transpose a 1 with an 8 or replace a 2 with a 9, for instance.
What is really interesting is that now that Windows has copy-protection, why haven't they lowered the price? Although it's not hack-proof (nothing is), it's still strong enough to curb the majority of casual "piracy".
I guess that line about Microsoft having to overcharge the honest user to subsidize the pirates was just a line of shit.
Various strings are run through a hashing function and are stored in the key you read to the Microsoft rep over the phone (the Installation key). They are:
- Your network card's MAC address
- Amount of RAM installed
- Processor model
- Processor serial number
- Volume serial number
- Hardware ID strings from
- Your CD-ROM drive
- Your hard drive
- Your video card
- Your SCSI host adapter
- Your IDE controller
These values are thrown together (along with some other values) into a huge bit field. Also, a three-digit random number is thrown into the mix. Because the end result that you read to the phone rep is encrypted, this three digit number causes your code to be entirely different on each install.Here's the real fun part: The OS also stores a snapshot of your hardware configuration. If you change more than three of these hardware components out? It's time to call Microsoft and re-activate your license.
When you re-activate, naturally you'll have to generate a new Installation Key and they'll be able to see exactly what components you changed out. Fun, huh?
In contrast to many critics of Windows Product Activation, we think that WPA does not prevent typical hardware modifications and, moreover, respects the user's right to privacy.
Typical hardware modifications....
If you change more than three things, you have to go through whatever hoops Microsoft wants to put you through to use something you've already paid for...
I don't know about you (or the guys who did this), but the last time I upgraded a machine, I increased the memory (1 change), added a hard drive (2 changes), replaced both the modem and the video card (3 and 4 changes)... Whoops... Went too far, must now cope with Mr. Bill and the XP nonesense...
and you cannot use this to get an activation key.
"Those nutty Germans! Always with the lots of words, when a single word would do!"
German has a lot of long words which translate into multiple small words in English!
Bothered by filling out that Apple registration form? Lie.
Conversation at my wife's company:
"Heh. I hate filling out those forms that ask you all sorts of personal information, so I told 'em I have eight kids."
"But you do have eight kids!"
"That's the beauty of it. They'll never believe me."
Stupid job ads, weird spam, occasional insight at
"Rub her feet." -- L.L.
Many commercial software developers like to list piracy as a reason for high costs. Microsoft included.
:-) .
But when did Microsoft ever sell, say Win95 for $35 ? So, how has piracy raised the price? It's always been sold for one price (~$80) and hasn't gone up or down depending on how many copies are purchased.
And then there's the user base argument. When people are pirating your software, they're strengthening your monopoly. Just as it's good for FreeSoftware everytime a Linux/*BSD CD is given to someone new, how does it hurt MS when a home user borrows their friend's Win95 CD? The more times Win95 is installed, the more people are using it and the more likely that person is to become a valuable Windows-using consumer. Buying Windows software, perhaps purchasing a new computer with Win98 preinstalled. Requiring a Windows PC at work. Purchasing upgrades.
Now, I must admit that most people who are going to borrow a Win95 CD will be unlikely to turn 100% legal overnight. But then, when has Microsoft ever been struggling. Well, only when EVERYONE ELSE has been struggling. Back when the economy was booming, Microsoft wasn't struggling to survive due to piracy. Only when everyone else has been struggling has MS even started to feel the pinch.
Like I said, it's the same old cookie-cutter answer to "MSFT looses $X Billion to piracy each year", but it's always a fun argument
kickin' science like no one else can,
my dick is twice as long as my attention span.
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Well, then, I guess my employer is going ot hell after all! He promises customers something he doesnt't have (a functioning network), then pays me peanuts to fix it/install it/etc. without telling me how much the customer is paying him (obviously, more than he pays me).
Funny you mention that. I get the "slow down cowboy" when in fact it was ONE WEEK since my last submission.
WOW. I just finished reading it and was amazed that they figured that out. I also like to see that they did it before xp shipped. Security through obscurity isn't a good idea. Just publish the damn protocal microsoft :)
How long before they have programs where you enter your xp code and it gives you what the ms people would? This'll be interesting.
Unfortunately, if you're calling a toll-free number, there's no way to disable caller ID. In fact, the 800-number caller-id can contain (depending on whether they're willing to pay for it) not only the number you're calling from, but your name as well. All they have to do is suck it into their database. Ever wonder why your new credit card wants you to call an 800 number to activate it? That's so they can harvest the phone number you do it from. I always do it from payphones now, just to be difficult.
MS Rep: "...Yes, sir, please wait a moment while I pull up your system configuration..."
H1 0: 0x119
H1 10: 0x154
H1 20: 0x1a
H1 27: 0xb
H2 0: 0x2
H2 3: 0x32
H2 9: 0x4f
H2 16: 0xa
H2 21: 0xa
H2 25: 0x2
H2 28: 0x0
H2 31: 0x1
MS Rep: "....Uhh...sir..."
It's 10 PM. Do you know if you're un-American?
* enters Dummy Mode *
Duhhh.. huh?
* shakes head violently *
So.. uhh.. I see you've got the new BOFH excuse calendar there.
VMware 'in bed with Microsoft'? Pure hooey.
VMware corp. has products that are enhanced for non-MS operating systems in ways that it isn't for MS operating systems. They've even bundled different distributions (Suse?). It works well, though futzing with the setup each time the kernel changes is a pain.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
CLID - Caller ID - has nothing to with what they use on 1-800 numbers. Has never been. Never will be.
There is no known way of concealing your number when calling a 1-800 number, short of calling from a pay phone or some other poor fux0r'z phone.
I'm sure the submitter meant "piracy" - but maybe not so inaccurate?
sulli
RTFJ.
Am I the only person that smells a rat here?
They happen to work out the process.
They incidently don't include the magic key to get their source code working.
They conclude this MS thing is not a problem, for us not to worry about it.
They conclude that the information sent out is okay.
I would not be surprised if I found out they weren't as.. independant.. as it seems.
So, do you have to enter your serial number in reverse order to register in the Southern Hemisphere?
/.
/. If the government wants us to respect the law, it should set a better example.
While I'm not entirely happy with what Apple has done with their registration system, it's also entirely optional. If you're on broadband, simply unplug your machine from your network while you fill out your registration. It then tells you that you can send it later if you want to once you get online, but it doesn't enforce anything.
Also, may I point out:
--Apple Doesn't Require Serial Numbers For MacOS X!-- (It does for OSX Server, though)
I think that kinda beats out a small annoyance with the registration.
Just my $0.02CDN.
Now, I swap out video cards, CD's, NIC's, and CPU's fairly often. I also use removable HDD chassis to ease swapping drives in my primary box.
This really will be a pain for those who have rigs used for a lot of testing.
+++ UGUCAUCGUAUUUCU
You can quit the setup program by hitting command-Q. The OS won't complain if you do, and you can run the Internet setup assistant separately.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Bothered by filling out that Apple registration form? Lie.
I think that when I registered the iMac a certain company bought to do web compatibility testing, it wound up being used primarily for scientific research. In an elementary school.
They ask you for _your_ email address. But all they require is _an_ email address. Besides, you have a throwaway webmail account for everything that asks for your address where there's a slight chance that they might actually need to use it to achieve something you want, right?
On the other hand, the WinXP product verification collects true information about your computer. Perhaps the one for OS X does also, but they haven't mentioned anything about not being able to install that copy of OS X on another Mac. There are indications that changing your hardware "too much" will invalidate your XP product verification. People have asked Microsoft, "How much is too much?", and they're not telling. That certainly seems worse to me.
I suppose this would bother me more if I were ever going to use one of these operating systems at home, but I'm not. This is one of the main reasons I use free software. If I see an operating system or program that looks useful, I download it and use it. If I like it, I continue to use it. If not, I discard it with no sense of loss. The most invasive thing I've ever encountered was when someone wanted me to send them a postcard for using their software.
Sotto la panca, la capra crepa
WMBC freeform/independent online radio.
At the airport I buy some DIMMs in the duty free (Memory just changed).
I get into Aus and visit the Client's office and find that my net card doesn't work with their system. So I frantically buy a new token-ring PCMCIA card and plug it into my laptop, removing my ethernet card (MAC address just changed - do token ring cards use MAC addresses?).
Did I mention that I normally plug in a parallel port ZIP drive back in Canada, but I didn't bring it on this trip. So the IOmega Parallel2SCSI driver tries to load and fails, so it diables my virtual SCSI address (I don't know if that really happens, but let's assume that it does. My SCSI subsystem has just disappeared).
So there, I'm ready to do my presentation in the Client's office, and XP coughs and demands that I type in my 27 digit code on the back of the CD.
Did I mention that the CDs are on my desk back in Vancouver?
-AD
You don't have to fill out any of that stuff. Press Command-Q on the form where it asks you all those questions and you can exit out of it and still continue with the installation. (Of course, lying is also a reasonable choice). Yes, it's annoying and there should be an easier way to bypass it, but Apple is not using this information to try to take control of your computer like MS is. To put this in perspective, which company has deliberately crippled MP3 encoding in their products, and which company uses "Rip, Mix, Burn" as a slogan?
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
I was just thinking that one authorization code would work for all VMWare Virtual machines, but that isn't necessarily the case. I don't know anything about VMWare's code internals but something are likely to be different:
- Volume serial number (based on creation date)
- Processor serial number (if enabled, VMWare probably allows these instructions to run natively)
- Amount of RAM (possibly - but is not very unique)
The rest of the IDs should look the same because they are emulated hardware devices.
But, since this is 3 things, you couldn't necessarily use someone else's code (unless you run the cracked copy).
-- Virtual Windows Project
Look at this example of all the hardware they're keeping track of...
dw | |
offset | value | derived from
H1 0 | 0x1C5 | '1234-ABCD'
H1 10 | 0x0A5 | '00C0DF089E44'
H1 20 | 0x37 | 'SCSICDROMPLEXTOR_CD-ROM_PX-32TS__1.01'
H1 27 | 0x15 | 'PCIVEN_102BDEV_0519SUBSYS_00000000REV_01'
H2 0 | 0x1 | (unused, always 0x1)
H2 3 | 0x00 | (CPU serial number not present)
H2 9 | 0x37 | 'SCSIDISKIBM_____DCAS-34330______S65A'
H2 16 | 0x0C | 'PCIVEN_9004&DEV_7178SUBSYS_00000000REV_03'
H2 21 | 0x1 | 'PCIVEN_8086&DEV_7111SUBSYS_00000000REV_01'
H2 25 | 0x1 | 'GenuineIntel Family 6 Model 3'
H2 28 | 0x3 | (system has 128 MB of RAM)
H2 31 | 0x0 | (system is not dockable)
I wonder how often you will have to re-authenticate your license?
And I wonder if they can track stolen systems? I know they only know a hash-type value of your system's components, it's still a "fingerprint". If a subpoena of this information could find a stolen system, that would be an interesting "anonymity test".
I have yet to see anyone citing or discussing this tidbit at the end....
/. crowd...
Looking at the technical details of WPA, we do not think that it is as
problematic as many people have expected. We think so, because WPA is
tolerant with respect to hardware modifications. In addition, it is
likely that more than one hardware component map to a certain value
for a given bit-field. From the above real-world example we know that
the PX-32TS maps to the value 0x37 = 55. But there are probably many
other CD-ROM drives that map to the same value. Hence, it is
impossible to tell from the bit-field value whether it is a PX-32TS
that we are using or one of the other drives that map to the same
value.
In contrast to many critics of Windows Product Activation, we think
that WPA does not prevent typical hardware modifications and,
moreover, respects the user's right to privacy.
No need to wonder why such published opinions are ignored by the
Personally I don't think so. Yeah it'll be a pain for those of us who upgrade regularly, but that's the minor part. The real killer's the fact that you have to reactivate every time you reinstall the OS. Think about it. How often is the "solution" to a Windows problem "Reboot, and if that doesn't solve it get your Windows CD and reinstall."? Joe Sixpack's not gonna like it when he's gotta go through the activation every time something goes sour on that shiny new system he paid good money for dammit.
> When is a computer no longer the same computer, after swapping out parts?
FYI, philosophers have been asking essentially the same question for at least 25 centuries. The original version that we have runs something like "How many planks can you change out on Jason's ship Argos before it isn't the Argos any more?"
--
Sheesh, evil *and* a jerk. -- Jade
When is a computer no longer the same computer, after swapping out parts?
Apparently Microsoft has defined a 'new computer' as three new components. For most of the general public, this is probably the case: think about it, most of the computing populace probably doesn't even know how to open their cases, let alone change out harddisks, memory, etc. However, for the rest of us, this could be an issue. I have a computer that, ever since I set it up about 6 months ago, I have changed out every component except the hard drive. And that hard drive (a puny 1 gb) will be replaced shortly... yet I still think of it as the same computer I originally put together.
Is Microsoft's definition of a 'new computer' sufficient? Will 'power users' who change components often get hassled by Microsoft? I hope not.
Personally, I hope to never have to deal with Microsoft products again :)
-Karl /dos]# file msdos.sys
--------------
[root@kgutwin
[root@kgutwin
msdos.sys: fsav (linux) virus (17518-87)
---
TheGreenReaper (Laurence Parry)
I don't know about the online activation (haven't run a sniffer on it, yet), but I tried the telephone activation today, and there was no personal information exchanged. I called the toll-free number, waited on hold for about 10 minutes (and we're still in the beta stage--just wait until this thing hits mainstream), then finally talked to a patronizing tech support drone. He asked me for the product activation key, a numeric string that makes MS CD keys look sane--32 digits, IIRC. He then read back a 36-digit numeric string to be entered in the activation window. That was it--no e-mail address, no name, phone number/address, etc. I suppose it could have been a hash code containing my name, but that's all it could have contained, as I had not entered any other information to that point. Probably just a hardware ID.
Incidentally, I recommend everybody register every copy of Windows by phone. First of all, you know what you're telling them, at least directly, but more importantly, it costs them more money. Think about it: ten minutes on hold on a toll-free line (their expense), five minutes of techie-time. Even at a modest $10/hr for the techie, that's almost a dollar spent on him, plus the phone charge. Now, imagine ten million copies of Windows being registered by phone. The infrastructure cost alone would be enormous--you know they haven't planned for that many people to call. Just one more example of my favorite form of vengeance: use their own weapons against them.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
Funny, when I called the line for the preview activation I had barely any hold at all, and the call took less than 3 minutes (see my previous comment).
And if you believe that I have some Nazi memerobelia to sell you on eBay.
It was France, not the US, which stopped memorabilia on eBay. Not being former fascist supporters, the US would have no problem with such 'freedom of expression.'
I have a laptop - I switch between ether card and wavelan card all the time (home and work) - I can see if I were using windows I'd be calling MS twice a day .....
All the postcard-ware licenses I've seen simply ask you to send a postcard if you like the software. No registration, no details, just a postcard from where you live. I think it's cool.
"We all say so, so it must be true!"
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."