Technical principles of the new version of Windows Calculator

Source: Internet
Author: User

1. Product ID (productid)
The product ID is composed of five groups of decimal numbers:
AAAAA-BBB-CCCCCCC-DDEEE
If you use productid to search for the Registry, you will find a product ID related to the software you installed. In the Windows Control Panel, you can find the product ID of the Windows operating system.

The meanings of each number group are as follows:
Number | meaning
-------- + -------------------------------------------------
Aaaaa | product no., for example, Windows pro 55661 and home
Bbb | the maximum valid three-digit serial number of the primary product
| (See below)
Ccccccc | minimum valid six-digit number of the initial product serial number and
| Check the sum of digits (see the following section)
Dd | public key index used to verify the product serial number. For example, the Pro version is 22 and the vlk version is 23.
Eee | Random value (different installation IDs are generated during phone activation)
The ccccccc section above consists of one verification digit and six digits. The verification digit is calculated in this way: All digits are added, including one verification digit, which can be divided by seven.

For example, the minimum valid six-digit number of the initial product serial number is 728439.
7 + 2 + 8 + 4 + 3 + 9 = 33
Therefore, the test digit is 2, because
7 + 2 + 8 + 4 + 3 + 9 + 2 = 33 + 2 = 35
The result 35 is divisible by seven. Therefore, the result of ccccccc in the product ID is 7284392.

2. product serial number Composition
The 25-digit serial number is used to differentiate the product serial number of each Microsoft product. The product serial number consists of five strings separated by "-" and composed of letters and numbers. Each string is composed of five strings. As follows:

FFFFF-GGGGG-HHHHH-JJJJJ-KKKKK

Each character is taken from one of the following 24 letters and numbers:
B C E F G H J K m p q r T v w x Y 2 3 4 6 7 8 9
The reason for using these 24 characters is to avoid confusion of similar letters and numbers, such as I and 1, O and 0, and reduce unnecessary troubles.
The product serial number of the 25 characters is encoded by the product serial number of the 114bits in binary format using base-24. The serial numbers of the binary products of 114bits are arranged in the descending order. The bit values are defined as follows:

[X XXXXXXXX xxxxxxxxxxxxxxxx] total 114 bits
| \ 55 bits sign
| \ 28 BITs hash
| \ 30 bits serial \ 31 bits data
\ 1 bits flag

Flag: the flag is unknown. Currently, this digit is always 0 among all types of keys.
Serial: the abbreviation of the product ID, which is in decimal format: aaaabbbbbb:
Retail Edition: XXXXX-Aaa-bbbbbbx-XXXXX
OEM: xxxxx-OEM-0AAAABx-BBBBB
The above 31bits is called data and is the basic part of the product serial number.
Hash: the result of data processing. See the following document.
Sign: Specifies the signature of an elliptic curve with the hash value. See the following document.

3. elliptic curve signatureAlgorithm
The so-called elliptic curve refers to such a kind of curve equation:
Y2 + a1xy + a3y = X3 + a2x2 + a4x + A6
Cryptography uses two special cases, while Microsoft uses the special cases:
Y2 = X3 + ax + B (mod P)
After selecting a, B, and P, you can determine an elliptic curve and then select a generated vertex g (GX, Gy, there is a minimum integer Q to make Q x g = 0. Then, select any integer k <q to obtain the vertex K (kx, KY) = k x g, in this way, all the keys of the elliptic curve signature algorithm are generated:
Public Keys: A, B, P, g (GX, GY), K (kx, KY)
Private Key: Q, K

To sign data:
(1) first select an integer r <q and calculate the vertex R (RX, ry) = r × G;
(2) perform the SHA-1 (4) operation on data, RX, And Ry, and obtain the 28 digits in the result to get the hash;
(3). Calculate Sign = r-Hash × K (mod q );
(4). encode data, hash, and sign together to obtain the 25-digit product serial number.

When verifying the product serial number:
(1) After decoding the 25-bit product serial number, split it into data, hash, and sign;
(2). Calculate the point R (RX, ry) = Sign × G + hash × K (mod P );
(3) perform SHA-1 operations on data, RX, And Ry, and obtain the 28-bit hash in the result ';
(4). If hash = hash, the product serial number is valid.

4. Public Key
As we can see from the previous article, to verify the product serial number, Microsoft must publish the public key in the elliptic curve signature algorithm. We can find it from the Bink resource of the file pidgen. dll in the Windows XP installation CD (other products, such as office, are packaged in *. MSI ). There are also two groups. According to the currently known key combinations, the first group of public keys is for the retail version, and the second group is for the OEM version. Whether the keys of the two products are common lies in whether the corresponding public keys are the same. For example, the second group of keys for Pro/srv/advsrv of Windows 2000 in Chinese version are also the same, that is, the key of an OEM version of the Chinese Windows 2000 pro, which can be used by the OEM version of the Chinese Windows 2000 srv/adv.

5. Cracking and its difficulty
To crack the product serial number generation algorithm, you must find the corresponding private key from the key published by Microsoft, that is, you only need to find Q and K. According to the Public Key in Bink, P is a prime number of 384 bits. It seems that the calculation workload is at least O (2168), but Microsoft has a serious defect in its design, reduce the actual workload to only O (228. Why is the difference so far? Look back. 2. (3) formula: Sign = r-Hash * K (mod q) Q can usually be a large value, so the sign should be large, however, to reduce the number of product serial numbers entered by users, Microsoft restricts the value of sign to 55 bits. Therefore, it is natural that Q cannot exceed 56 bits at most. Because k <q, K cannot exceed 56 bits. That is to say, we are only dealing with up to 256 of data. After finding Q and K, you can compile all the counters that Microsoft uses this technology product based on the algorithm described above!

Conclusion:

It is estimated that the serial number generation algorithm for all Microsoft products is the same. the Public Key is different from the private key. As long as we find the private key Q and K, it is much easier to generate the serial number. the author of the new version is to find the private key Q and K of each version.

Workflow for the new version of the calculator:
Enter the range of the primary product ID in the new version of the calculator to randomly determine the product ID. the first three digits in the primary product ID. Based on the successful activation experience and the result of counting the genuine serial number, each version has a specific number. for example, in pro 010,011, the activation success rate is very high, and in home 005,006, the activation rate is very high. one of the last seven digits is the verification digit, and the other six digits are randomly specified. Therefore, you only need to enter six digits. nextProgramA random number is automatically generated, that is, the R. finally, the product serial number is obtained based on the above algorithm. different random numbers are used to calculate the same product ID. The obtained serial numbers are different! Friends who have studied mathematics can see that this algorithm is not very complex and can be quickly computed using the current computer. This is the root cause of the astonishing speed and high accuracy of the new version of the computer!

Perfect number calculator!
We have been arguing about the issue of number activation. The most important issue is the issue of XP activation. XP cannot be activated after SP is installed, because Microsoft has added the serial number detection mechanism, that is, during the activation process, the serial number itself needs to be sent to the activation server of Microsoft for verification. I estimate that the verification mechanism may adopt one of the two methods: first, Microsoft has a serial number factory database. if the serial number used by the system to be activated does not have a factory record, it indicates that the serial number is generated by the calculator and is not activated. I guess this method is unlikely! Second, there is a detection mechanism for the serial number itself! That is to say, the serial number calculated by the number calculator can be activated only when it complies with certain rules. This mechanism is only available to Microsoft, if this mechanism is cracked, it is possible to generate a number generator that can calculate the genuine serial number. In other words, it is the perfect number generator that can be activated when SPX is installed !!! The biggest hope of cracking this detection mechanism is the R mentioned above! If a specific product ID is used, only the serial number calculated with a specific R is the genuine serial number! To crack this detection mechanism, we need to collect a large number of genuine serial numbers and analyze the relationship between product IDs and R, so we can create the perfect calculator! So I guess the perfect calculator will be available soon!

In fact, it is not difficult to compile the number generator. You only need to find the private key Q and K of each version (this takes some time), and then use the above algorithm to create the nin1 number generator, this requires a certain amount of mathematical knowledge and programming skills!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.