What data is collected?

Discussion in 'Windows 7' started by Dolorous Edd, Mar 4, 2010.

  1. Dolorous Edd

    Dolorous Edd MDL Expert

    Aug 31, 2009
    1,054
    195
    60
    Supposedly the key is hashed before being sent and cannot be used to deduce the actuall key. Therefore if the key is blacklisted that information must have been included with the original signatures. I have not seen any Lenevo keys pass (not saying that none have) and I have seen allot of the Dell ultimate keys fail. I think allot of Dell failures just mean that it was a popular key to use since it was one of the first leaked keys.

    I don't believe that the next signatures will target any other keys. I bet they would sure like to target Daz's loader and remove wat but I am thinking that bios mods that have consistent OEM data will be safe at least for a while, and I an sure that Daz and Hazar will cope with whatever MS does.


    Excerpt from the WGA/WAT privacy statement. This is the information that is supposedly sent to MS by WAT.

    What data is collected?

    To help you validate your software, Genuine Microsoft Software tools must collect a certain amount of configuration and status information from your computer. The tools do not collect your name, address, e-mail address, or any other information that Microsoft will use to identify you or contact you.

    The tools collect information such as:

    * Computer make and model
    * Version information for the operating system and software
    * Region and language settings
    * A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
    * Product Key (hashed) and Product ID
    * BIOS name, revision number, and revision date
    * Hard drive volume serial number (hashed)
    * Whether the installation was successful if one was performed
    * The result of the validation check, including error codes and information about any activation exploits and any related malicious or unauthorized software found or disabled, including:
    o The activation exploit’s identifier
    o The activation exploit's current state, such as cleaned or quarantined
    o Original equipment manufacturer identification
    o The activation exploit’s file name and hash of the file, as well as a hash of related software components that may indicate the presence of an activation exploit
    * The name and a hash of the contents of the computer's start-up instructions file (commonly called the boot file) to help us discover activation exploits that modify this file.

    As standard procedure, your Internet Protocol (IP) address is temporarily logged when your computer connects to a Genuine Microsoft Software website or server. These logs are routinely deleted.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Brainsuck

    Brainsuck MDL Addicted

    Oct 9, 2009
    666
    156
    30
    #2 Brainsuck, Mar 4, 2010
    Last edited: Mar 4, 2010
    This is how a bios modd get caught

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HP 30EF
    FACP HP 30CC
    HPET HP 30D5
    BOOT HP 30D5
    MCFG HP 30D5
    TMOR HP 30CC
    SLIC DELL QA09
    SSDT HP 30D5
    SSDT HP 30D5
    SSDT HP 30D5
    SSDT HP 30D5
    SSDT HP 30D5 hp notebook dell slic
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Dolorous Edd

    Dolorous Edd MDL Expert

    Aug 31, 2009
    1,054
    195
    60
    Yeah, I saw a lenevo with a dell SLIC. Now that more keys and certs are available people will probably be able to do proper mods. Another problem is the computer model and bios information, if MS can consistantly and accuratly compare that information they will be able to spot bios mods. Maybe loaders will eventually be the best option if they can manage to lie to the OS and trick it into thinking it is installed on an actual existing model hiding the fact that it is just a white box computer with a gygabite board. Not sure if it is possible to mimic the SLIC, bios name and revision and so on.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Brainsuck

    Brainsuck MDL Addicted

    Oct 9, 2009
    666
    156
    30
    #4 Brainsuck, Mar 4, 2010
    Last edited: Mar 4, 2010
    <Manufacturer>Gateway</Manufacturer><Model>RS780</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>7B3P081G </Version><SMBIOSVersion major="2" Gateway uses the same model number RS780 in the dx 4300 that has slic 2.1 and the dx 4200 is RS780 also so I dont see anything happen to mine at all


    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table NameOEMID ValueOEMTableID Value
    APICACRSYSAPIC0946
    FACPACRSYSACRPRDCT
    HPETACRSYSOEMHPET
    MCFGACRSYSOEMMCFG
    SLICACRSYSACRPRDCT
    OEMBACRSYSOEMB0946
    ASF!AMD SB600ASF
    SSDTA M I POWERNOW
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. C.S.I.

    C.S.I. MDL Junior Member

    Sep 7, 2009
    91
    1
    0
    One would think that maintaining consistency within the BIOS would be a no brainer.
    If you have Dell BIOS, Mod it with the newer DELL Slic.

    Dont understand why you wouldnt stick to the basics, and give yourself every chance of staying ahead of the game.

    The example above shows modding a HP with a Dell Slic - Begging for trouble I reckon.

    Interesting times ahead......
     
  6. Brainsuck

    Brainsuck MDL Addicted

    Oct 9, 2009
    666
    156
    30
    #6 Brainsuck, Mar 4, 2010
    Last edited: Mar 4, 2010
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    So how does MS flag a hard mod on a whitebox computer with an ODM board like quanta and phoenix bios? unless they make that bios white list?
    Also, theoretically, there should be no collateral damage if MS deactivates machines that report OEM-SLP key and bios date earlier than say 2009?
     
  8. troels

    troels MDL Member

    May 20, 2007
    169
    30
    10
    Also the bios revision no would allow msft to establish whether a 2.1 SLIC should be there.