Is That Pirated Software?

underpar writes "According to this ZDNet.com article, Microsoft 'has launched a pilot program in which some visitors to the main Windows download page are being asked to let the software maker check to see whether their copy of the operating system is licensed.' The check is not required, but after the desired 20,000 users go through the program they might change their tune."

Re:Buyer's remorse

[Nyder]

no, you don't do a clean install then go on the net to download the patches. you download the full patches, burn those to disk, or if you are able to follow instructions, you slipstream sp1 & sp2 onto a bootable window xp disk, then you don't have to worry about the firewall or patching it after you do the clean install.

for info on the slipstreaming, check out: http://www.windows-help.net/WindowsXP/winxp-sp2-bo otcd.html I have nothing to do with that web site, I just found it using google http://www.google.com/search?hl=en&ie=UTF-8&q=slip stream+windows+xp+sp2+how+to&btnG=Google+Searc h it was the first link, there are many others.

Also, the utility Nlite http://nuhi.msfn.org/ will slipstream service packs and updates onto a disk image for you. It will also remove stuff off the windows disk, like drivers you don't need, apps you don't need, even Internet Explorer. Personally, I like that you can take MSN Explorer, Messenger, and other non need programs that are security risks. I haven't used the program yet, but it seems like a very nice one. You can also put the cdkey in the install program so you don't have to enter it when your installing. sweet.

Bluescreen is OFF by default in XP

[the_skywise]

You won't generally get a bluescreen in XP because, by default, XP will reboot immediately when it encounters a blue screen condition. (See Control Panel | System | Startup and Recovery -- Automatic Restart).

(I leave my PC on 24/7 and only discovered this when I would return home and my PC was magically back at a fresh reboot state. For a while I thought I had a hardware problem because if Windows had crashed I would've seen a blue screen halt, right?)

While I get fewer blue screens then I did with 98, I get MORE blue screens than I did with Windows 2k.

I don't want to be in their database.

[HBI]

Simple, I don't want to be part of their license tracking system. Win2k didn't require activation but XP does.

The computer is mine, I bought the components and built it with my own hands. Those bastards can get stuffed. I'll run Win2k until it isn't useful as a dual boot solution for playing games. Hopefully by then Cedega will be good enough to play everything i'm interested in playing.

MS-DOS wouldn't have become as popular as it was, and Windows in its turn, if they weren't allowing rampant piracy via lack of copy protection and winking at the pirates. This hypocritical attempt to maximize profits is a bunch of bullshit and will ultimately result in Microsoft's downfall once they piss off the wrong entity. They may have done so already.

Anyone who thinks Microsoft is justified in the measures they are taking at this point is either a total shill or ignorant of history.

FYI

[kc_cyrus]

FYI, I successfully extracted the algorithm MS uses (same VLK Public Key Infrastructure), and broke the private key uses to generate product keys.

Decode
The following computations are based on this product key: JCF8T-2MG8G-Q6BBK-MQKGT-X3GBB The character "-" does not contain any information, so, the MS product key is composed of 25-digit-character. Microsoft only uses "BCDFGHJKMPQRTVWXY2346789" to encode product key, in order to avoid ambiguous characters (e.g. "I" and "1", "0" and "O"). The quantity of information that a product key contain is at most . To convert a 25-digit key to binary data, we need to convert "JCF8T2MG8GQ6BBKMQKGTX3GBB" to "6 1 3 22 ......", where 'B'=0, 'C'=1, 'D'=2 ... we call the array "6 1 3 22..." base24[] compute decoded = , the result is: 00 C5 31 77 E8 4D BE 73 2C 55 47 35 BD 8D 01 00 (little-endian) The decoded result can be divided into 12bit + 31bit + 62bit + 9bit, and we call theses 4 parts 12bit: OS Family, 31bit: Hash, 62bit: Signature, and 9bit: Prefix.

Verify
If you want to understand what I am talking about in this section, please refer to some Elliptic Curve Cryptography materials. Before verifying a product key, we need to compute the 4 parts mentioned above: OS Family, Hash, Signature, and Prefix.

Microsoft Product-key Identification program uses a public key stored in PIDGEN.DLL's BINK resource, which is an Elliptic Curve Cryptography public key, which is composed of: p, a, b construct an elliptic curve G(x,y) represents a point on the curve, and this point is so called "generator" K(x,y) represents a point on the curve, and this point is the product of integer k and the generator G.

Without knowing the private key k, we cannot produce a valid key, but we can validate a key using public key:{p, a, b, G, K}

compute H=SHA-1(5D OS Family,Hash, prefix, 00 00) the total length is 11 byte. H is 160-bit long, and we only need the first 2 words. Right lift H's second word by 2 bits. E.g. if SHA-1() returns FE DC BA 98 76 54 32 10, H= FE DC BA 98 1D 95 0C 04. compute R(rx,ry)= Signature * (Signature*G + H*K) (mod p) compute SHA-1(79 OS Family, rx, ry) the total input length = 1+2+64*2=131 bytes. And compare Hash and result, and if identical, the key is valid.

Producing A Valid Key!
We assume the private key k is known (sure, Microsoft won't public this value, so we have to break it by ourselves). The equation in the product key validation system is as below:
Hash=SHA(Signature*(Signature*G+SHA(Hash)*K) (mod p))
What we need is to calculate a Signature which satisfies the above equation. Randomly choose an integer r, and compute R(rx,ry)=r * G Compute Hash= SHA-1(79 OS Family, rx, ry) the total input length = 1+2+64*2=131 bytes, and we get the first 62bit result. compute H=SHA-1(5D OS Family,Hash, prefix, 00 00) the total length is 11 byte, and we need first 2 words, and right lift H's second word by 2 bits. And now, we get an equation as below:

Signature*(Signature*G+H*K) = r * G (mod p)
By replacing K with k * G, we get the next equation:
Signature*(Signature*G+H*k*G) = r * G (mod p) , where n is the order of point G on the curve

Note: not every number has a square root, so maybe we need to go back to step 1 for several times.

Get Private-key From Public Key
I've mentioned that the private key k is not included in the BINK resource, so we need to break it out by ourselves. In the public key:
K(x,y) = k * G, we only know the generator G, and the product K, but it is hard to get k. The effective method of getting k from K(x,y) = k * G is Pollard's Rho (or its variation) method, whose complexity is merely , where n is the order of G. (n is not included in public key resource, so, we need to get n by Schoof's algorithm) Because a user cannot suffer a too long product key, the Signature must be short enough to be convenient. And Microsoft chooses 62 bit as the length of signature, hence, n is merely 62-bit long. Therefore, the complexity

Re:P2P Updates

[glesga_kiss]

Its bad enough having to troubleshoot something over the phone, without knowing the 50 different paths to get there depending whether the person has chosen to disable the hiding functionality

What are talking about? XP has exactly the same paths as 2000.

disable the "new" control panel (note that in the new control panel, there are icons that you cannot reach from the groups it displays, most notably 3rd party extensions, but a few microsoft things too), etc.

Again, eh? Open control panel, click "switch to classic view". How could you miss it?

XP is just as easy to use, if not more. And with the stuff provided by SP2 (firewall, virus check, update checks), it's the obvious choice for a non-techy user.