>was normal for computers to auto-login and have no password
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).
Devils0wn Windows XP Final serial key, yeah baby! Seared into my mind forever after entering it so much:
FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker?
Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.
I killed so many instances of svchost.exe back in the day! Never ran into anything bad that a reboot wouldn't fix. I remember figuring out by trial-and-error which instances were safe to kill by looking at their memory usage.
There was something exciting about stripping Windows XP to its bare essentials, and also it seemed necessary at the time, if you wanted to run it smoothly on an ageing laptop that was basically obsolete when it was new. Especially if you wanted to run such RAM and CPU hogs like The Sims 2! (Not to mention the 40 GiB disk space that just filled up so fast with save games and expansion packs.)
I wonder if Windows 10 still lets you use an alternative to explorer.exe for its desktop shell? I used to write my own little launchers and spotlight-esque programs.
> Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
ARE YOU ME?! I did all of that stuff! Friggin' svchost.exe man...
Very close to the key I had memorised, but now forgotten; although mine had RQ2D3 in the second part and something else at the last part (I think. But am positive about RQ2D3)
At the very least, no tools were ever made widely available, and don't seem to be even to this day.
That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.
The activation process relies on public key cryptography. The private keys, held by Microsoft, are amongst their most well-protected assets. Much more so than their source code, for instance, which is developed with the expectation that it will be leaked in part or in whole.
For everything up to ~XP era MS software, the private key was cracked years ago. Beginning around Vista they started using a longer key, which AFAIK hasn't been (publicly) cracked yet.
Search for "MSKey README" if you want to read more... but as one interesting datapoint, the computational complexity of finding the private key was 2^31.
Given the length of Windows serial keys is not that long, why couldn't one extract the check function and run an iteration attack to generate valid keys?
Edit: @ale42: makes sense, thanks for putting this one to rest. 36^25 is approximately 8 x 10^38 which is a really, really big number.
There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.
This makes me think of a shareware app (I think an icon editor) for Windows 3.1 back in 1994 or so... I could find a valid registration key by entering random numbers by hand in around 2 minutes. And I wasn't lucky as I tried and succeeded several times ;-) But the rule (figured out after I had 10 or so valid keys) was simple maths with the digits, no crypto behind.
> There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.
Kinda depends what is encrypted there. If it is just "magic number + SKU + licence ID" and there is no online check whether that combination is valid then you're "just" trying to hit one that's valid and that cuts few bits off equation as there is spectrum of keys that will be valid but not generated by Microsoft.
Not if their cryptography is done properly. Cryptosystems are designed to maintain their security even if the complete algorithm is known to the adversary. You'll commonly see this phrased as "don't rely on security through obscurity".
Which doesn't mean you shouldn't also use obscurity. NIST recommends it [1], and the industry widely uses it. In practice "don't rely on obscurity" usually means "have enough security besides obscurity to give you a grace period to switch out the obscurity". That's for whole systems, you might get away with people knowing you use standardized primitives like AES.
Everything we know about the subject of this discussion (windows product key validation) comes from reverse engineering the relevant DLLs because none of it has been discussed publicly. I think MS is probably of a similar opinion regarding publishing unnecessary details.
if it's not obscure enough that it will be found, then you are correct.
but what's more secure than a password that you don't know? not knowing there is a password in the first place. if the answer is never found, how can it be insecure? I dub this schrodinger's security.
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).