Close Topic Options

[projectle]

This package addresses several security issues related to how product keys are validated on the system.

As a byproduct, it will utilize a listing of all legitimate key ranges issued by Microsoft to determine whether a system is legitimate, rather than using a pre-existing equation that was created at product launch.

These key ranges will be accessed periodically while the system is online to determine whether Microsoft has black-listed any keys, or opened up new ranges of valid keys.

If a system is detected as being illegitimate, it will be prevented from logging in under any mode with the following error message.

Windows Product Activation
A problem is preventing Windows from accurately checking the license of this computer. Error Code: 0x80004005

This patch is slated to hit Windows Update on January 10, 2006 as a Critical Update.
KB912494

Effected Binaries:
pidgen.dll
dpcdll.dll
winlogon.exe

This post has been edited by projectle: Dec 28 2005, 09:30 AM

[ouch!potato]

The file has been deleted?

[leonleon37]

thanks

[Randy1234]

doesnt sound like microsoft, but ill believe it when i see it.

[normangerman]

Well, we'll just have to see tomorrow.

[ouch!potato]

I have tested a pre release of this patch on a vmware using an illigit key and it didn't do anything - however what it does do is create a way for microsoft block illigit keys in the future without needing to do it at the service pack level. Although quite what they are expecting to happen here is not certain - surely folk using dodgy keys just won't install the patch. I wonder if future updates will become dependent on having this patch installed?

[blunden]

Does it check the key or the PID? Will there be any way to change the key allowing you to login again?

[ouch!potato]

I believe its PID based. As fa as i know microsoft does not keep records of specific keys that have been released, but it does know which PID ranges it has. At the moment it does nothing more than prevent people without a SP2 valid (640 range) key from logging in. However - what it allows microsoft to do is add key ranges to a white list to open up further ranges in future. I can't see how it locks things down any more since SP2 users are currently limited to 640 keys only. It may cause a few headaches for pirates still running SP1 though but there can't be that many of them.

[blunden]

I believe its PID based. As fa as i know microsoft does not keep records of specific keys that have been released, but it does know which PID ranges it has. At the moment it does nothing more than prevent people without a SP2 valid (640 range) key from logging in. However - what it allows microsoft to do is add key ranges to a white list to open up further ranges in future. I can't see how it locks things down any more since SP2 users are currently limited to 640 keys only. It may cause a few headaches for pirates still running SP1 though but there can't be that many of them.

How does it know what keys to allow with WGA? I never understood that.

Also, if I use a key with the same PID (everything except the first and the last group of numbers are the same) as is my school. Will that always be valid or does the entire PID have to be the same?

[ouch!potato]

There is a difernce between your "product key"(the 25 digit alphanumeric that your enter when you install windows) and your "product id". The product id (PID) is generated using your product key and an algorithm.

Prior to windows product activation the only way to tell if a product key was valid was for the operating system installer to run this algorithm and check wether the product key entered resulted in a product id within a certain range (Determined at product launch). If not you would get a message saying you entered an invalid key. This was fine but there was no way to prevent the same product key being used on multiple systems.

With product activation (WPA) the same thing occurs however WPA also forces users to contact microsoft (manually or over the internet) to make sure that the specific product id their key has generated has never been activated before.

This patch does not affect product activation in any way. It simply changes how the operating system decides what ranges of product id are considered valid.[/i]

Windows XP SP1 allowed a large range of product id's to be considered valid. When service pack 2 was released microsoft reduced it to a much smaller range of product id's (The so called 640 set). This was done to prevent people who had used key generators from installing windows as the majority of those generated product keys resulted in pid's outwith that newly restricted range. This range reduction was hard coded into the service pack.

The only difference this update makes is is that windows now periodicly checks a "white list" of valid product id ranges that microsoft can update as and when they need to. Either to open up more valid ranges or to further restrict the current range.

You could only get the same pid as your school if you used their product key for installation. If you did this you would have to be using an volume license version of windows that bypasses windows product activation altogether or it wouldn't activate. In anycase i think microsofts licensing department would have a bone to pick with you if you did that. As far as we know any key that results in a 640 range pid will continue to be valid - however the patch give microsoft the ability to invalidate it whenever they like without needing users to install any further patches.

Hopefully that clears things up for everyone. All that remains is for me to re-iterate winbeta's stance on warez and advise that discussion of circumvention of microsoft's anti-piracy measures are strictly forbidden on the forums. Users doing so will be swiftly removed and beaten with a large trout.

[blunden]

ouch!potato: But what about WGA (Windows Genuine Advantage)? Say I have the following PID: xxxxx-640-6463117-xxxxx (MODS: If this is considered warez, please remove the PID from my post.). Somehow WGA tells it isn't valid. Before WGA was released it was detected as valid by every keychecking system microsoft had, both every single SP and the optional validation on their homepage. Therefore it must be using some other way of validation or something. If we look at the PID, there are 4 groups of numbers. My question is: Wich ones are key specific and wich ones are hardware dependent? Does the whole PID change when you change key? Does it matter that you have changed key before, as all old keys seems to be stored in the registry too?

Ooh, saw while writing this post that they check the product key ranges and not PID ranges now. I'm sure they can cause the pirates some hassle now if they want too. :D And it seems a little more secure than WGA that could simply be disabled. :D Btw. I'm doing this just for the fun of it.

This post has been edited by blunden: Jan 10 2006, 12:08 PM

[maartena]

I think the biggest issue with releasing a patch like this would be that there are quite a few companies who have been using simple diskimaging programs such as Norton Ghost, without changing the product key afterwards.

I actually know a company who used an illegal product key to install 40 PC's in one weekend, just because they had a deadline to meet and someone had planned the delivery of Windows XP licenses poorly. They got the licenses on paper the very next week, but I doubt they actually went in and changed the product keys back to the ones matching the licenses.

If they would do such a patch, they would probably do it in a way that you have 30 days to change the license, OR they would make it so you have to enter a key immidiatly instead of being locked out from the get-go.

Also, such a patch can probably be counter-patched within 48 hours as usual ;)

[blunden]

I think the biggest issue with releasing a patch like this would be that there are quite a few companies who have been using simple diskimaging programs such as Norton Ghost, without changing the product key afterwards.

I actually know a company who used an illegal product key to install 40 PC's in one weekend, just because they had a deadline to meet and someone had planned the delivery of Windows XP licenses poorly. They got the licenses on paper the very next week, but I doubt they actually went in and changed the product keys back to the ones matching the licenses.

If they would do such a patch, they would probably do it in a way that you have 30 days to change the license, OR they would make it so you have to enter a key immidiatly instead of being locked out from the get-go.

Also, such a patch can probably be counter-patched within 48 hours as usual ;)

Yes I'm sure. Though it's interesting to read about their new anti-piracy
stuff. I got a lot of interesting reading when they had the new protection in the betas of SP2.

[ouch!potato]

Can you provide a link? As far as i know product keys are just a means of creating product id's from a pseudo random string - there is no record of active keys or key ranges. But i may be wrong about this (although i doubt it)

As far as WGA goes i'm not sure how it checks but from what you've said it seems like you are using a generated key and we do not support such behaviour. If you have a ligitimate copy of windows you should contact microsoft who will issue you with a new valid key. From the WGA faq this following information is gathered by the WGA plugin

* OEM product key
* PC Manufacturer
* OS version
* PID/SID
* BIOS info (make, version, date)
* BIOS MD5 Checksum
* User Locale (language setting for displaying Windows)
* System Local (language version of the operating system)

(I would guess that microsoft will keep a record of volume license keys they have issued because they are only issued to customers who hold special agreements with microsoft. However I doubt OEM/Retails keys are recorded. It is possible if WGA detects a volume license version of windows it checks the specific key against a list of issued ones - but this is merely supposition)

[trust]

As far as what I saw at windows update, patch KB912494 was not available.