OK, al lot of questions in 1 post. ONLINE ACTIVATION When you're activating a retail copy you enter your key, and what happens then? I guess the key and machine id are, either encoded or not, send to MS, the server does "process X" with it and sends a package back to activate windows? Does anyone know what exactly happens? OFLINE PHONE ACTIVATION So no internet connection, you enter your key and windows generates another longer key. I guess this longer key is also generated based on pkey and hardware id? Then you enter the long key in you phone, MS does "process Y" with it to check the validness, and if it's valid it sends another long key back. Now the main questions: Is the info your pc sends to MS with online activation the same as you type in your phone with phone activation? So does online activation just sends exactly the same longer key to MS as windows gives you with phone activation? The same with the return key, is the key that you get from your phone the same as what comes back from activation server? If yes, then is process X exactly the same as process Y? Can this be exploited in any way? With phone activation windows generates a key and another key comes back, but windows also checks the return key. So windows must either encode the key you entered in the phone to the key that should return, and check if the actual return key matches (otherwise you probably made a typo). Or windows encodes the return key and checks whether it's the same as the key you entered in your phone. Is it possible that, with the info we have (pkey, hardware id , the key to enter in phone and the windows component to check if phone enter key matches return key) a valid return key could be generated?