JSI Tip 5679. Technical Details of SP1 changes to Microsoft Product Activation for Windows XP.

Microsoft® Product Activation for Windows® XP                       

Technical Market Bulletin                                     ·  August 2002    

 

 

Technical Details on SP1 Changes to Microsoft Product Activation for Windows XP

 

 

Software piracy continues to be a worldwide problem and Microsoft is committed to a long-term strategy of protecting intellectual property through innovative technologies.  Microsoft introduced product activation in Windows XP as one solution to reducing a form of piracy known as casual copying.  Casual copying is estimated to account for as much as half of the industry’s losses to piracy and is defined as the sharing and installation of software on multiple PCs in violation of the software’s end user license agreement (EULA).

 

The introduction of technical measures to thwart piracy has kicked-off a cat-and-mouse game between software publishers and those who pirate software. Specifically, software pirates have been busy engineering exploits and circumventions to digital rights technologies including Microsoft’s product activation. With Service Pack 1 for Windows XP, Microsoft will introduce additional technological measures aimed at ensuring licensed customers receive full benefits and to make it more difficult for those who pirate software to steal these same benefits. These changes are:

1.      Ensuring licensed customers receive full benefits

a.      Eligibility for Windows XP Service Pack 1 and Windows Update

b.      Additional grace periods for hardware out-of-tolerance situations

c.      Volume license key (VLK) encryption

2.      Raising the bar on pirates

a.      Product key inclusion in Installation ID for activation

b.      Repair of activation circumventions

 

In order to help customers and partners better understand the technologies included or updated in SP1, this bulletin will outline the changes relative to product activation, how they work, and why we made them.  We will also outline what to do if you suspect you have pirated, counterfeit, or hard-disk loaded copies of Microsoft software.

 

For a more general overview on the basics of product activation and the answers to the most frequently asked questions, please see http://www.microsoft.com/piracy/basics/activation/.

 

Technologies in Product Activation added or updated with Service Pack 1 for Windows XP

Ensuring Licensed Customers Receive Full Benefits

Eligibility for Product Updates and Access to Windows Update (http://windowsupdate.microsoft.com

)

Software updates are intended for use by legally licensed users of Microsoft products.  Microsoft is striving to ensure that licensed users continue to get updates uninterrupted by software pirates. Users of pirated software impact licensed users by taking bandwidth from download servers and software updates intended for the licensed user. 

 

Microsoft has determined through investigations that most pirated installations are made with either of two volume license product keys. Volume license product keys are used by corporate or other volume license customers to install Windows XP on their PCs.  These two particular volume license product keys however were never in use by a customer in a production deployment.  Product keys are 25-character alphanumeric codes arranged in 5 groups of 5 characters each and used during setup to install the product. The product key produces the product ID found in My Computer / Properties after setup has completed.

 

Service Pack 1 of Windows XP ships with a list of the two product IDs that are created by the pirated product volume license product keys. To determine eligibility for the update, Service Pack 1 compares the Windows XP product ID on the system to this list. The comparison and the list reside locally on the users PC and no information is sent to Microsoft as part of this process. Service Pack 1 for Windows XP will fail to install on installations of Windows with one of the following product IDs:

 

XXXXX-640-0000356-23XXX

XXXXX-640-2001765-23XXX

 

The below message will be displayed if installation fails for this reason:

 

Service Pack 1 Setup Error

The product key used to install Windows is invalid.  Please contact your system administrator or retailer immediately to obtain a valid product key.  You may also contact Microsoft Corporation’s Anti-Piracy Team by emailing [email protected] if you think you have purchased pirated Microsoft software.  Please be assured that any personal information you send to the Microsoft Anti-Piracy team will be kept in strict confidence.

 

You can find the product ID of your installation by right clicking on My Computer and choose Properties, then viewing the General tab.  You can also find the product key in the registry at:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProductId

 

Access to Windows Update is likewise reserved for licensed users.  Eligibility for access to Windows update will be determined by checking that the product key used to install Windows XP is valid and was manufactured by Microsoft.  Two pieces of information will be sent to Windows Update when accessing the Windows Update web site; a hash of the product key used to install Windows XP and the Product ID (a hash value is a one-way mathematical transformation).  Windows Update will compare the product key hash and Product ID to a list created from valid, Microsoft-manufactured product keys. The check must be done on the Microsoft side because the list the information is validated against is very large (approximately one billion values).  Once the product key hash and Product Id are verified, they are both discarded.  Neither the product key hash nor the product ID are stored by Windows Update.  A hash value is used in lieu of the entire product key to ensure privacy and security. No personally identifiable information is required to access Windows Update.

Additional grace periods for hardware out-of-tolerance situations

Microsoft will add a three-day grace period for users who are asked to re-activate due to changes in their hardware configuration.  Previous to SP1, a user was required to reactivate immediately upon boot if a significant hardware changes had occurred. With SP1, users will have three days to complete this re-activation. This will allow users to get through a possibly difficult situation of no internet or telephone connectivity during or just after a hardware upgrade.  For security reasons, there are a total of twelve (12) of these 3-day grace periods built into an installation of Windows XP with SP1.  A re-install of the operating system will reset this counter.

Volume License Key (VLK) Encryption

An encryption feature is added to unattended setups of Windows XP with Service Pack 1.  This feature is applicable to customers with volume licensing agreements with Microsoft such as Microsoft Select, Microsoft Enterprise Agreement, and Microsoft Open License. Customers who place their VLK in an unattended setup file (unattend.txt) will be able to encrypt the VLK such that it will be time limited (in day increments from to 60 days) and not visible as plain text.  While this feature is not a panacea for obfuscating the VLK, it will provide another layer of protection for customers.

 

How to use this new feature

 

To protect for 30 days SMS-based, RIS-based, or network file share-based installs using the volume licensing version of Windows XP:

1.   From the command prompt, run:
winnt32/encrypt:"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX:30"/unattend:path_to_destination_unattend_file \[/Q\]

2.   The resultant hash value is written to the specified unattend file, overwriting any existing ProductKey or ProductID entries.
A message box displays whether the process succeeds or fails due to an error.  If the /Q switch is used, information about the success or failure is written to the file %Windir%\Winnt32.log

3.   The product key entry in the unattend.txt file is functional for 30 days after the date of encryption.  A script to re-encrypt the key regularly could be created to ensure that a new encrypted key is always available for the install. The Task Scheduler could also be used to schedule this task to be repeated automatically.

To protect for 5 days a CD-based install using the volume licensing version of Windows XP:

1.   From the command prompt, run:
winnt32/encrypt:"XXXXX-XXXXX-XXXXX-XXXXX-XXXXX:5"/unattend:path_to_destination_unattend_file \[/Q\]

2.   The resultant hash value is written to the specified unattend file, overwriting any existing ProductKey or ProductID entries.
A message box displays whether the process succeeds or fails due to an error.  If the /Q switch is used, information about the success or failure is written to the file %Windir%\Winnt32.log

3.   The product key entry in the unattend.txt file is functional for 5 days after the date of encryption.  The unattend file could then be placed on a floppy disk or burned to a custom CD image to provide a short-lived CD for CD-based installations.

 

Raising the Bar on Pirates

Product Key inclusion in Installation ID for Activation

In order to protect customers and Microsoft against product key cracks by determined software pirates, the product key used to install Windows will be included in the Installation ID for all activations completed after SP1 has been installed.  The product key is the 25-character alphanumeric code used during installation of Windows XP.  The product key creates the product ID viewable on the General tab of My Computer / Properties.  The product ID is already part of the Installation ID created for activation. Internet activations will send the entire product key while telephone activations will send a hash value of the product key in order to limit the increase in size of the telephone Installation ID. The telephone Installation ID will grow from 50 digits to 54 digits due to this change. 

 

Microsoft will compare this product key or product key hash sent during activation to a list of valid, Microsoft-manufactured product keys. If the key used to install Windows XP and subsequently attempt to activate is not valid and manufactured by Microsoft, the activation attempt will fail.

Repair of Activation Circumventions

Service Pack 1 for Windows XP will contain fixes to cracks used by software pirates to circumvent activation.  Installations of Windows XP patched by one of these pirate cracks will require activation after SP1 has been installed.  Windows XP installations that remain un-activated past the 30-day grace period can still be accessed for interactive use by booting to non-networked safe-mode.

Conclusions

Microsoft believes that by continuing to raise the bar with technology meant to deter software piracy, customers can continue to receive the benefits of owning licensed software and the market for intellectual property can continue to thrive.  Product activation deters the casual copier while:

·        Continuing to meet the needs of corporate customers and their unique deployment needs for deployment of volume licenses

·        Maintaining Windows XP’s ease of use

·        Striking a balance in protecting intellectual property clearly in favor of the user

·        Protecting the user’s privacy by utilizing information that is not personally identifiable. At no time is personally identifiable information secretly gathered or submitted to Microsoft as part of activation. 

 

With these changes in SP1, Microsoft is showcasing its desire to provide best-of-class products and services to licensed users while denying those who pirate the software a free ride.


Appendix A: 

Technologies used in Product Activation

 

Details on the technological measures of product activation in Windows XP can be found at http://www.microsoft.com/piracy/basics/activation/windowsproductactivationtechnicalmarketbulletin.doc.

 

Answers to frequently asked questions and other general information about product activation can be found at

http://www.microsoft.com/piracy/basics/activation

Appendix B: 

What to do if you suspect you have pirated, hard disk loaded, our counterfeit Microsoft products

Software piracy is a crime that affects national and international economies and leads to lost wages and lost jobs throughout the world and in your own community. When you encounter or suspect software piracy, please take action.  Details and help in reporting software piracy can be found at http://www.microsoft.com/piracy/reporting/default.asp

 

Appendix C: SP 1 Changes and Volume License Customers

SP1 for Windows XP makes no changes to the fact that Windows XP upgrade licenses acquired through one of Microsoft’s volume licensing agreements, such as Microsoft Open License, Enterprise Agreement, or Select License, will not require activation.  Installations of Windows XP made using volume licensing media and volume license product keys (VLKs) will have no activation, hardware checking, or limitations on installation or imaging.  Additionally, the VLK algorithm is not changing.  The keys already issued to customers will continue to work with Windows XP SP1 integrated product.

 

The VLK encryption functionality will allow volume license customers to better protect their VLK from unscrupulous use.  Volume license customers who created their Windows XP installations with the VLK issued to them by Microsoft will be eligible for product updates and access to Windows Update.  The other changes introduced in SP 1 have no impact volume license customers.

 

© 2002 Microsoft Corporation. All rights reserved. This Market Bulletin is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. The information contained in this Market Bulletin represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other product or company names mentioned herein may be the trademarks of their respective owners. Microsoft Corporation •

One Microsoft Way
Redmond, WA 98052-6399USA 1000

 

#########

 

For more information, press only:

Rapid Response Team, Waggener Edstrom, (503) 443-7000, [email protected]

 

For online product information:

Microsoft Windows XP Web site: http://www.microsoft.com/xp

Microsoft Piracy Web site: http://www.microsoft.com/piracy/

Microsoft Product Activation Web site:

                                    http://www.microsoft.com/piracy/basics/activation

 

For independent information on software piracy:

Business Software Alliance web site: http://www.bsa.org

Software & Information Industry Association web site: http://www.siia.net/piracy



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish