Technical Principles of serial number generation and verification at Microsoft!

Source: Internet
Author: User

1. Product ID (productid)
The product ID is composed of five groups of decimal numbers:
Aaaaa BBB ccccccc dd eee
52273 005 6861993 09 146

If you use productid to search for the Registry, you will find a product ID related to the software you installed. In the Windows Control Panel, you can find the product ID of the Windows operating system.

The meanings of each number group are as follows:
Digital meaning
Aaaaa product no., for example, 55661 is Windows pro 55660 is home
Maximum valid three-digit BBB initial product serial number (see below)
The lowest valid six-digit number of the ccccccc initial product serial number and the sum of the verification digits (see below)
Dd is used to verify the public key index of the product serial number. For example, the Pro version is 22, and the vlk version is 23.
Eee random value (for phone activation, different installation IDs are generated)
The ccccccc section above consists of one verification digit and six digits. The verification digit is calculated in this way: All digits are added, including one verification digit, which can be divided by seven.

For example, the minimum valid six-digit number of the initial product serial number is 728439.
7 + 2 + 8 + 4 + 3 + 9 = 33
Therefore, the test digit is 2, because
7 + 2 + 8 + 4 + 3 + 9 + 2 = 33 + 2 = 35
The result 35 is divisible by seven. Therefore, the result of ccccccc in the product ID is 7284392.

2. product serial number Composition
The 25-digit serial number is used to differentiate the product serial number of each Microsoft product. The product serial number consists of five strings separated by "-" and composed of letters and numbers. Each string is composed of five strings. As follows:
FFFFF-GGGGG-HHHHH-JJJJJ-KKKKK
Each character is taken from one of the following 24 letters and numbers:
B C E F G H J K m p q r T v w x Y 2 3 4 6 7 8 9
The reason for using these 24 characters is to avoid confusion of similar letters and numbers, such as I and 1, O and 0, and reduce unnecessary troubles.
The product serial number of the 25 characters is encoded by the product serial number of the 114bits in binary format using base-24. The serial numbers of the binary products of 114bits are arranged in the descending order. The bit values are defined as follows:
[X XXXXXXXX xxxxxxxxxxxxxxxx] total 114 bits |/55 bits sign |/28 BITs hash |/30 bits serial/31 bits data/1 bits flag

Flag: the flag is unknown. Currently, this digit is always 0 among all types of keys. Serial: Product ID abbreviation, to the decimal expression for aaaabbbbbb, corresponding display: Retail Edition: XXXXX-Aaa-bbbbbbx-xxxxx oem edition: xxxxx-OEM-0AAAABx-BBBBB above 31bits is called data, is the basic part of the product serial number. Hash: the result of data processing. See the following document. Sign: Specifies the signature of an elliptic curve with the hash value. See the following document.

3. elliptic curve signature algorithm
The so-called elliptic curve refers to such a kind of curve equation:
Y2 + a1xy + a3y = X3 + a2x2 + a4x + A6
Cryptography uses two special cases, while Microsoft uses the special cases:
Y2 = X3 + ax + B (mod P)
After selecting a, B, and P, you can determine an elliptic curve and then select a generated vertex g (GX, Gy, there is a minimum integer Q to make Q x g = 0. Then, select any integer k <q to obtain the vertex K (kx, KY) = k x g, in this way, all the keys of the elliptic curve signature algorithm are generated:
Public Keys: A, B, P, g (GX, GY), K (kx, KY)
Private Key: Q, K

To sign data:
(1) first select an integer r <q and calculate the vertex R (RX, ry) = r × G;
(2) perform the SHA-1 (4) operation on data, RX, And Ry, and obtain the 28 digits in the result to get the hash;
(3). Calculate Sign = r-Hash × K (mod q );
(4). encode data, hash, and sign together to obtain the 25-digit product serial number.

When verifying the product serial number:
(1) After decoding the 25-bit product serial number, split it into data, hash, and sign;
(2). Calculate the point R (RX, ry) = Sign × G + hash × K (mod P );
(3) perform SHA-1 operations on data, RX, And Ry, and obtain the 28-bit hash in the result ';
(4). If hash = hash, the product serial number is valid. ---- [NOTE 1]

4. Public Key
As we can see from the previous article, to verify the product serial number, Microsoft must publish the public key in the elliptic curve signature algorithm. We can find it from the Bink resource of the file pidgen. dll in the Windows XP installation CD (other products, such as office, are packaged in *. MSI ). There are also two groups. According to the currently known key combinations, the first group of public keys is for the retail version, and the second group is for the OEM version. Whether the keys of the two products are common lies in whether the corresponding public keys are the same. For example, the second group of keys for Pro/srv/advsrv of Windows 2000 in Chinese version are also the same, that is, the key of an OEM version of the Chinese Windows 2000 pro, which can be used by the OEM version of the Chinese Windows 2000 srv/adv.
  
5. Cracking and its difficulty
To crack the product serial number generation algorithm, you must find the corresponding private key from the key published by Microsoft, that is, you only need to find Q and K. According to the Public Key in Bink, P is a prime number of 384 bits. It seems that the calculation workload is at least O (2 ^ 168), but Microsoft has a serious defect in its design, reduce the actual workload to only O (2 ^ 28. Why is the difference so far? Look back. 2. (3) formula: Sign = r-Hash * K (mod q) Q can usually be a large value, so the sign should be large, however, to reduce the number of product serial numbers entered by users, Microsoft restricts the value of sign to 55 bits. Therefore, it is natural that Q cannot exceed 56 bits at most. And so on, because K
Conclusion:

I guess the serial number generation algorithms for all Microsoft products are the same. the Public Key is different from the private key. As long as we find the private key Q and K, it is much easier to generate the serial number. the author of the new version is to find the private key Q and K of each version.

Workflow for the new version of the calculator:
Enter the range of the primary product ID in the new version of the calculator to randomly determine the product ID. the first three digits in the primary product ID. Based on the successful activation experience and the result of counting the genuine serial number, each version has a specific number. for example, in pro 010,011, the activation success rate is very high, and in home 005,006, the activation rate is very high. one of the last seven digits is the verification digit, and the other six digits are randomly specified. Therefore, you only need to enter six digits. then the program will automatically generate a random number, that is, the R. finally, the product serial number is obtained based on the above algorithm. different random numbers are used to calculate the same product ID. The obtained serial numbers are different! Friends who have studied mathematics can see that this algorithm is not very complex and can be quickly computed using the current computer. This is the root cause of the astonishing speed and high accuracy of the new version of the computer!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.