From: Blue Boar [BlueBoar@thievco.com]
Sent: Friday, June 29, 2001 11:55 AM
To: vuln-dev@securityfocus.com
Subject: [Fwd: WinXP, MediaPlayer etc..]



"Kayne Ian (Softlab)" wrote:
> 
> Hey m8,
>         There was a thread on Vuln dev a bit back about the copy protection
> in XP. I've just had a chat with a former colleague of mine, who gave me the
> info in the msg below. It's up to you whether you want to post this on to
> the list, thought I'd just let you decide.
> 
> L8r
> 
> -Ian
> 
> Blue Boar wrote:
> > Anyway, I let it through because there have been news stories that
> > it has been cracked, and MS denies it.  I was hoping for an answer.
> > Second, I was hoping for a discussion of how the copy protection
> > in XP products works.  Yes, it's a bit off-topic for vuln-dev,
> > and I usually toss such queries.  However, this is going to affect a
> > lot more people, and I think it's also going to touch on privacy
> > issues.
> 
> ---------[ SNIP ]-----------
> 
> Hey,
>         Ok, today I have come across some extremely interesting information,
> which will hopefully add a bit more to the discussions going on about this.
> I was told this by a former colleague who now works for Microsoft doing
> product testing - he's one of the people that makes sure everything works,
> and helps OEM's deliver pre-built systems etc.
> 
> Windows XP, Product Registration:
> 
>         This has been discussed in many places. The official story is as
> follows. XP does require you to perform online activation of your product.
> After installing the O/S, you have 30 days to register your system. If you
> do not register, the O/S locks itself down. This means you have VERY limited
> functionality, only enough to copy data off the machine and register the
> O/S. Registration may be done in 2 different ways:
> 
> In the first instance, you tell the O/S you wish to register, and it will
> generate a key for you. More on this in a second.
> 
> 1. No net connection. In every country, MS have set up a clearinghouse for
> product registration. You will ring MS up, read out the key to them, and
> they will in turn give you an activation key, which you type in
> 
> 2. Net connection. They have a "3 click mechanism" to register your product.
> The key is generated as above, and sent to Microsoft. They then send you
> back the activation key, which registers your product.
> 
> What is the initial key (I'll call this the ID Key, as it id's your system
> to MS) comprised of? Apparently, it contains no personal data whatsoever.
> Thats no name, company, address etc etc. It does however contain serial
> numbers taken from hardware installed in your system. That means processor
> serial number if available, BIOS revision, MAC address on NIC's etc etc etc.
> This is combined with your COA (Certificate of Authority) number, and
> encrypted somehow. This encrypted data is sent to MS, whereupon (I assume)
> they perform some kind of hash on it, and send the resulting key (I'll call
> this the Activation key, note these are names I've made up to try and make
> this easier to follow) back to you.
> 
> The ID key is then used by Microsoft to track your usage of the system. The
> Activation key is used by the O/S itself to track your usage of the system.
> How does this work?
> 
> Firstly, XP makes an "intelligent" decision about your system. This means
> when you register your copy of XP, and if you never change your hardware,
> you will never have to reregister. Similarly, XP will track minor changes,
> or cumilative changes. This means you can change 1 or 2 components in your
> system (sound card, or a bios upgrade for eg), and XP will not require you
> to re-register. As I said, it does this cumilatively. So, if in January you
> install XP & register, Feb you change your sound card, 1st March you change
> your NIC, 15th March you change your monitor, XP will track these cumilative
> changes, accept that they are "upgrades" to the original system it was
> installed on, and allow you to continue to use the O/S without
> reregistering.
> 
> However, if you install XP, then swap out a large proportion (this point is
> vague for a reason) of your hardware, you WILL be required to re-register.
> That means Ghost will cause headaches for a lot of people.
> 
> I raised the point about number of registrations. MS must have a cut-off
> point to how many times they will allow you to re-register. The answer is
> yes. And it's a little bit of a worrying one. If you change your hardware
> too often, and go to re-register XP online, it is possible that it will
> REJECT YOUR KEY. This could leave you with an O/S in a NON-FUNCTIONAL STATE,
> even if you have a perfectly legal copy of XP and you are using it perfectly
> legally. In the event that this happens, you will have to call the MS
> Clearing house, and explain the situation to them. They will then make an
> educated decision as to whether you are legally or illegally using the
> product, and act appropriately. So, if you ring them up, explain you are a
> s/w engineer and you need to keep reinstalling your o/s say, 15 times a
> month, they will reactivate you - no problem. But, if you ring them up, they
> see you tried to re-activate your product 100 times in the last week, they
> will know something dodgy is going on, and kill your license leaving you
> without an O/S. To me, this is a bit worrying - this means the entire MS
> licensing procedure now relies on human decision making. In the future,
> you'll have to convince some call center guy that you should be allowed to
> continue to use the product you paid for and own, just because you changed
> hardware. 2 examples at either end of the spectrum, but remember, they are
> EXAMPLES -- we don't know what meter MS will use.
> 
> Apparently this functionality has been deployed for nearly 2 years, but not
> used widely as yet. I raised a point about the amount of traffic that
> real-time licensing is going to generate - surely this will require huge
> pipes & terabytes of storage. Apparently not - as this is a 1 time
> registration (ie: each copy of XP sold will only ever have 1 record at
> Microsoft associated with it), the amount of traffic & storage will be
> relatively low. As I said, it seems as though MS have been slowly rolling
> this infrastructure out over the last few years.
> 
> All this change in licensing is to combat piracy (really? hehe). It was
> admitted that MS have no doubt this protection will be cracked immediately,
> but it will show some reduction in piracy. Apparently it has already knocked
> about 20% off piracy figures in pan-pacific region. MS are aiming to stop
> the "can I borrow this copy of the OS from you/my m8/work etc etc".
> 
> Media Player 7 & 8, SDMI
> 
>         There has been a lot of banter about Mediaplayer containing
> functionality to limit bitrates in various formats, in fact I personally
> believed this. I asked the question, and I was told the answer was a
> categorical NO. There is NO hidden functionality or code in WMP7 or 8 to
> limit the features of Media Player.
> 
> Oh, also, the XBox will be shipped with 20 titles.
> 
> well, I hope that answered a few questions and prompted a few more. Maybe it
> was of interest, maybe not...
> 
> Ian Kayne
> Technical Specialist - IT Solutions
> 
> ********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
> they are addressed.
> 
> If you are not the intended recipient or the person responsible for
> delivering to the intended recipient, be advised that you have received
> this email in error and that any use of the information contained within
> this email or attachments is strictly prohibited.
> 
> Internet communications are not secure and Softlab does not accept
> any legal responsibility for the content of this message. Any opinions
> expressed in the email are those of the individual and not necessarily
> those of the Company.
> 
> If you have received this email in error, or if you are concerned with
> the content of this email please notify the IT helpdesk by telephone
> on +44 (0)121 788 5480.
> 
> ********************************************************************