PCMech Forums - View Single Post - To XP or not XP, (possible repost due to technical difficulties)

boomer4d · 04-15-2002, 01:23 AM

HI Morris thought I would add this if there is anyone that has any questions about how activation works. To the best of my knowledge there is no difference in the process between Home and Pro versions but there is a difference between Home/Pro and Corporate............no activation in Corp Ed.

Anyway this is a portion of a paper I wrote for my MicroSoft class a couple of quarters ago.

When you activate your copy of WinXP your machine takes up to 10 pieces of hardware and assigns bit values to their identification strings and encodes it in a one-way mode that can’t be reverse engineered to figure out your specific hardware configuration. (Myth #1, MS will know exactly what kind of hardware my machine has, is now shot down). Only some of the resulting hash is used thus the important element in this is that Microsoft doesn’t get enough information about your hardware configuration to decode the algorithm, if they could, to know what hardware you are running. Apparently the bit strings are weighted by importance, your NIC and associated Mac Address being the most impotant. These are combined into an 8-byte number and stored in the WPA.DBL file in the \Windows\system32 directory along with the activation status of your particular machine. This resulting number is combined with your Windows Product Activation Code (aka registration code) and the resulting 50 digit number is whisked off to the happy folks in Redmond either over the net or by phone.

For the internet activation to take place there are 3 communications that must take place. They are:

1. Handshake request: Contains product ID, hardware hash, and request header data, such as request ID (for linking the handshake, request, and acknowledgement), and activation technology version--262 bytes total.

2. License request: Contains product ID, hardware hash, and customer data structure for holding voluntary registration information if provided. If registration is skipped, this structure is empty. Also contains request header data such as request ID and the PKCS10 digital certificate request structure. The PKCS10 structure can vary slightly based on the inclusion of voluntary registration information--about 2763 to 3000 bytes total.

3. Acknowledgement request: Contains certificate ID (returned to user's machine after license request), issue date, and error code--126 bytes total.

If Internet activation is successful, the activation confirmation is sent directly back to the user's PC as a digital certificate. This certificate is digitally signed by Microsoft so that it cannot be altered or counterfeited. The confirmation packet returned as part of Internet activation is approximately 9KB in size (the digital certificate chain accounts for most of the confirmation data packet size). The fine people at www.extremetech.com that provided much of the information here ran a packet sniffer while activating a copy of XP and although they couldn’t actually read the encrypted information they were able to see the sizes of the files and they did match closely. Their opinion was that if any other information was being sent it would have been evident in the sizes of the files being transferred.

When you install XP the WPA.DBL file is approximately 2k but after activation grows to around 12k. Every time you boot your machine analyzes your hardware and compares the resulting algorithm to the information stored in this file. If they match it’s no problem. If they don’t look out here come the Microsoft Anti-Piracy Police! Not really, you can change the hardware configuration of your machine up to 6 times in 120 days, as long as you don’t involve your NIC. If you change NICs then you can only change your configuration 4 times. The kicker is that after 120 days the counter is reset and you can start all over again. For instance, you have upgraded 5 times within the first 90 days of having activated your copy of XP (you did activate it didn’t you?). You do nothing for the next 30 days. After day 120 you may upgrade up to 6 times again. For the casual computer owner this shouldn’t pose a problem, for more intense power users however you may be spending some time on the phone with those wonderful people in Redmond that have gotten your money.

The one problem with all this that has surfaced is that the file WPA.DBL is not a protected system file and thus not included in the WinXP system restore feature. Given that if you delete that file you could be faced with some problems if you are near or at your limit in terms of hardware upgrades. It would be a good idea to back the file up and store it seperately from your system.

04-15-2002, 01:23 AM	#7
boomer4d Member (6 bit) Join Date: Jan 2002 Location: Huntsville,AL Posts: 32	HI Morris thought I would add this if there is anyone that has any questions about how activation works. To the best of my knowledge there is no difference in the process between Home and Pro versions but there is a difference between Home/Pro and Corporate............no activation in Corp Ed. Anyway this is a portion of a paper I wrote for my MicroSoft class a couple of quarters ago. When you activate your copy of WinXP your machine takes up to 10 pieces of hardware and assigns bit values to their identification strings and encodes it in a one-way mode that can’t be reverse engineered to figure out your specific hardware configuration. (Myth #1, MS will know exactly what kind of hardware my machine has, is now shot down). Only some of the resulting hash is used thus the important element in this is that Microsoft doesn’t get enough information about your hardware configuration to decode the algorithm, if they could, to know what hardware you are running. Apparently the bit strings are weighted by importance, your NIC and associated Mac Address being the most impotant. These are combined into an 8-byte number and stored in the WPA.DBL file in the \Windows\system32 directory along with the activation status of your particular machine. This resulting number is combined with your Windows Product Activation Code (aka registration code) and the resulting 50 digit number is whisked off to the happy folks in Redmond either over the net or by phone. For the internet activation to take place there are 3 communications that must take place. They are: 1. Handshake request: Contains product ID, hardware hash, and request header data, such as request ID (for linking the handshake, request, and acknowledgement), and activation technology version--262 bytes total. 2. License request: Contains product ID, hardware hash, and customer data structure for holding voluntary registration information if provided. If registration is skipped, this structure is empty. Also contains request header data such as request ID and the PKCS10 digital certificate request structure. The PKCS10 structure can vary slightly based on the inclusion of voluntary registration information--about 2763 to 3000 bytes total. 3. Acknowledgement request: Contains certificate ID (returned to user's machine after license request), issue date, and error code--126 bytes total. If Internet activation is successful, the activation confirmation is sent directly back to the user's PC as a digital certificate. This certificate is digitally signed by Microsoft so that it cannot be altered or counterfeited. The confirmation packet returned as part of Internet activation is approximately 9KB in size (the digital certificate chain accounts for most of the confirmation data packet size). The fine people at www.extremetech.com that provided much of the information here ran a packet sniffer while activating a copy of XP and although they couldn’t actually read the encrypted information they were able to see the sizes of the files and they did match closely. Their opinion was that if any other information was being sent it would have been evident in the sizes of the files being transferred. When you install XP the WPA.DBL file is approximately 2k but after activation grows to around 12k. Every time you boot your machine analyzes your hardware and compares the resulting algorithm to the information stored in this file. If they match it’s no problem. If they don’t look out here come the Microsoft Anti-Piracy Police! Not really, you can change the hardware configuration of your machine up to 6 times in 120 days, as long as you don’t involve your NIC. If you change NICs then you can only change your configuration 4 times. The kicker is that after 120 days the counter is reset and you can start all over again. For instance, you have upgraded 5 times within the first 90 days of having activated your copy of XP (you did activate it didn’t you?). You do nothing for the next 30 days. After day 120 you may upgrade up to 6 times again. For the casual computer owner this shouldn’t pose a problem, for more intense power users however you may be spending some time on the phone with those wonderful people in Redmond that have gotten your money. The one problem with all this that has surfaced is that the file WPA.DBL is not a protected system file and thus not included in the WinXP system restore feature. Given that if you delete that file you could be faced with some problems if you are near or at your limit in terms of hardware upgrades. It would be a good idea to back the file up and store it seperately from your system.