What happens during retail activation?

Discussion in 'Windows 7' started by Stannieman, Jun 15, 2010.

  1. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,800
    90
    OK, al lot of questions in 1 post.

    ONLINE ACTIVATION
    When you're activating a retail copy you enter your key, and what happens then? I guess the key and machine id are, either encoded or not, send to MS, the server does "process X" with it and sends a package back to activate windows? Does anyone know what exactly happens?


    OFLINE PHONE ACTIVATION
    So no internet connection, you enter your key and windows generates another longer key. I guess this longer key is also generated based on pkey and hardware id?
    Then you enter the long key in you phone, MS does "process Y" with it to check the validness, and if it's valid it sends another long key back.

    Now the main questions:
    Is the info your pc sends to MS with online activation the same as you type in your phone with phone activation? So does online activation just sends exactly the same longer key to MS as windows gives you with phone activation? The same with the return key, is the key that you get from your phone the same as what comes back from activation server?

    If yes, then is process X exactly the same as process Y?

    Can this be exploited in any way? With phone activation windows generates a key and another key comes back, but windows also checks the return key.
    So windows must either encode the key you entered in the phone to the key that should return, and check if the actual return key matches (otherwise you probably made a typo). Or windows encodes the return key and checks whether it's the same as the key you entered in your phone.

    Is it possible that, with the info we have (pkey, hardware id , the key to enter in phone and the windows component to check if phone enter key matches return key) a valid return key could be generated?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. IH8Activation

    IH8Activation MDL Novice

    Mar 10, 2010
    5
    0
    0
    Theoretically, yes, but the encryption is strong which is why it hasn't been cracked yet, to my knowledge.

    Otherwise, there would be fake activation servers available, much like there is for KMS which uses a weaker encryption.
     
  3. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,800
    90
    OK thanks, already thought it wasn't (yet) possible, but you never know so that's why I asked it.
    I came to the idea because a keygen isn't possible, at least it isn't possible to let the server accept the key it (or you have to wait 5 years for the keygen to find one), but it is possible to generate a key windows accepts. So I thought: don't send the keygen key to the server then but do that on your own pc, kinda kms keygen, this will always accept good keys the server won't. As long as wat doesn't send the keygen key to ms to do a real key check it'd be ok.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. blackranger

    blackranger MDL Senior Member

    Dec 28, 2009
    453
    30
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. blackranger

    blackranger MDL Senior Member

    Dec 28, 2009
    453
    30
    10
    how about a PID checker? It can check if a key is valid, can we utilize the algorithm in it and design a keygen? Is it possible?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,800
    90
    #6 Stannieman, Jun 15, 2010
    Last edited: Jun 15, 2010
    (OP)
    That's what I mean, I thought someone told some time it's possible to generate good keys that windows will accept. Look at the office 2007 enterprise keygen (the one with msn search look), it's not just a list of keys like most keygens, it really generates keys that will be accepted by office.
    The problem is that you can't activate windows with these keys cause when they are send to the server the server will see it's not a genuine key, because the server's key check is far more powerfull than the key check of windows. There are a couple of rules for keys: eigher o's or 0's are never in a key, some other letters are never in a key, the sum of all numbers has to be correct etc, that's what windows checks. The server however will really check the genuineness of the key.
    A keygen is possible to generate lot's of keys that apply to the rules, but almost no keygen key will pass the server check.

    I'm not shure what pid checker exactly does, but I thought it just sends the entered key to the MS server and waits for the server answer to see if it's genuine. Sending the key to server and waiting takes quite a while, and now imagine the keygen generated 1 billion keys and only one will pass the server's check, it will take an enormous long time to get a valid key.

    If, and only if, the key used to generate the phone enter key is valid, the the phone enter key will pass the server check and the server will give you a valid key back which is generated from the phone enter key by some algorythm. If we can reproduce this algorythm we can really activate windows with every key generated by the keygen, because the big server check isn't there.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. WinFLP

    WinFLP MDL Senior Member

    Nov 18, 2009
    499
    281
    10
    When you insert a key into a product, or use a PID checker, it is a local DLL that checks if it's a valid key for the product. It's presumably designed to be slow to prevent brute forcing product keys.

    We need a back to the basics discussion as there's confusion in this thread. There's three things we need to look at:
    -Product Keys
    -Activation
    -Genuine validation.

    -A product key is both for a specific version (eg: professional), and then a certain activation method (or stream): OEM-SLP, MAK, retail, KMS. A product will accept a product key without having to communicate with Microsoft, but it is checked by a local DLL to see if it's a valid key. These are the DLLs that PID checkers use.

    -Activation is the process that must be completed in the first 30 days. A product may accept a key during installation, and be unable to activate it: depleted MAK key, rejected retail key, generated key. Retail activation works mostly like the original post. Product ID and a hash of the machine is sent to MS, either by internet or phone, they give back a response which the local computer will take and activate. Microsoft can use it to track if the key was activated before, if it's the same machine, etc. There's of course other methods of activation like OEM:SLP or KMS that activate by completely different methods.

    -Genuine Validation: Not required component to run Windows, but is for some downloads, it functions separately from the above two processes. It generally seems to check the validity of the product key, and if all licencing components are in tact. For example, in WinXP and office 2003, 2007, it was possible to offline activate the product with a generated Volume licence key. However they fail at genuine advantage. Windows 7 will accept the leaked Lenovo Ultimate key, will activate via OEM:SLP, but will fail genuine advantage. Likewise if you can generate a product key, somehow generate the response for telephone activation, it will activate, but fail genuine advantage.
     
  8. Rosco

    Rosco MDL Addicted

    Oct 29, 2007
    633
    45
    30
    Ask Ric Richardson from Byron Bay - as the owner of Uniloc he invented the system M$ stole as "activation"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,800
    90
    #9 Stannieman, Jun 16, 2010
    Last edited: Jun 16, 2010
    (OP)
    I'm not thinking about genuine validation à la WAT yet, just the response you're talking about in the quote above, would be nice if that can be made without server interaction. WAT pass indeed seems a bit impossible.
    And MSDN and Technet are MS forums, I can't just start a tread "How to retail activate windows without activation server?" there, can I?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. frwil

    frwil MDL Addicted

    Sep 22, 2008
    520
    159
    30
    But you can safely ask your "main question":