Inside Windows Product Activation

The current public discussion of Windows Product Activation (WPA) is characterized by uncertainty and speculation. In this paper we supply the technical details of WPA - as implemented in Windows XP - that Microsoft should have published long ago.

Note: This text is based on the white paper "Inside Windows Product Activation" by Fully Licensed GmbH, Rudower Chaussee 29, 12489 Berlin, Germany. The contained positions and opinions do not necessarily correspond to those of the editorial staff.

Introduction

While we strongly believe that every software vendor has the right to enforce the licensing terms governing the use of a piece of licensed software by technical means, we also do believe that each individual has the right to detailed knowledge about the full implications of the employed means and possible limitations imposed by it on software usage.

In this paper we answer what we think are currently the two most important open questions related to Windows Product Activation.

  • Exactly what information is transmitted during activation?

  • How do hardware modifications affect an already activated installation of Windows XP?

Our answers to these questions are based on Windows XP Release Candidate 1 (build 2505). Later builds as well as the final version of Windows XP might differ from build 2505, e.g. in the employed cryptographic keys or the layout of some of the data structures.

However, beyond such minor modifications we expect Microsoft to cling to the general architecture of their activation mechanism. Thus, we are convinced that the answers provided by this paper will still be useful when the final version of Windows XP ships.

This paper supplies in-depth technical information about the inner workings of WPA. Still, the discussion is a little vague at some points in order not to facilitate the task of an attacker attempting to circumvent the license enforcement supplied by the activation mechanism.

XPDec, a command line utility suitable for verifying the presented information, can be obtained from here. It implements the algorithms presented in this paper. Reading its source code, which is available from the same location, is highly recommended.

We have removed an important cryptographic key from the XPDec source code. Recompiling the source code will thus fail to produce a working executable. The XPDec executable on our website, however, contains this key and is fully functional.

So, download the source code to learn about the inner workings of WPA, but obtain the executable to experiment with your installation of Windows XP.

We expect the reader to be familiar with the general procedure of Windows Product Activation.