I've just read Orig's article about MS's new "algorithm" for Corp keys and some of the other scarey stuff they might activate in SP1 Final. I don't know if anyone else agrees, but this news seems unnecessarily alarmist. Let's take the major themes:

"Microsoft is in the works of completely rewriting the algorithm for the way Windows XP Corporate keys are generated"

Translation: MS will tweak PIDGEN.DLL yet again. They did this ad infinitum in the last few iterations of XP beta.

"The new algorithm feature has been switched off in SP1 upgrades"

Translation: PIDGEN.DLL won't get replaced in upgrade mode. So this means the old PIDGEN.DLL will still work after SP1 and therefore pre-SP1 Corp keys can still be made to work.

"Windows also checks for the DLL files version numbers and if they don?t match, errors will be created during install"

Translation: Fine, so you'll replace PIDGEN.DLL and any other requisite files after install.

"Microsoft is also planning to warn those with corporate editions of Windows XP to not let the CD-keys slip into the mainstream"

Translation: So business as usual. Given what a Corp key is worth in the warez world, you can guarantee that at least one new-style Corp key will leak from China, India or possibly Redmond itself. It always does, and we'll have it within a week of RTW (Release To World).

"Another rumor that is running rounds at Redmond is that Microsoft may actually include a type of ?Phone home? feature in the corporate versions of Windows XP only"

Translation: B.S.

"a feature that makes sure the Corporate edition of Windows XP is not installed on more computers than it?s contract is made out for"

Translation: But since we aren't the licence holders anyway, we don't give a rat's arse about that side of things.

My guess is that MS will change the PID generation algorithm as a direct response to the Blue List Keygen. If it weren't for that innovation, they would just blacklist the old FCKGW- key. If the worst comes to the worst, we'll run a late SP1 beta for a bit. But most likely, any PID changes in SP1 Final will be quickly worked around. When a new Corp key emerges, all this angst will be quickly forgotten.

Epyx

Now, thats clear enough. Thank u.

Would simply replacing PIDGEN.DLL with the original corp one make the old keys work or does SP1 validate the checksum for PIDGEN to keep this from happening?

And thanks for posting, these are interesting points. I wonder what Orig would say :)



Last edited by PliotronX at Jul 22 2002, 01:53 AM

Well, I'm a bit rusty on this stuff since the times of XP beta, but it was farily simple to switch the PID algorithm by swapping PIDGEN.DLL and one or two other files. This was commonplace in the final days of the beta phase.

I guess the point is not to get too worried yet about a "new algorithm". It's not earth-shattering news if it's true. We handled the bump with OXP SP1 and we'll all do the same with WinXP SP1.

Epyx

Over on the wxperience site there's a thread describing a method that M$ is rumored to be releasing with SP1. That is, after a combination of a specific date AND a specific number of cold starts AND one other variable are met, any unauthorized version will be stopped cold. In other words, installing SP1 on a test system, then setting the clock ahead a year or two as the test will be meaningless as XP will perform as normal - even though it's "booby trapped". They didn't say what the 3rd variable was but probably a check to see if the Blue List generator produced the key. Evidently the Blue List generator results in a key sequence that M$ claims now to be able to detect, or at least narrow down the field considerably.

Sounds like the smartest move will be to try to get only those pieces of SP1 that have any real value to you - which isn't much. However, for those people that use all the M$ internals (I.E., Outlook Xpress, etc) will wind up just plain screwed sooner or later - translated that means they'll probably wind up paying for a legit copy and getting their very own Authorization code. Surely a very special, heart warming feeling.

The "call home" rumors are sort of meaningless (unless you rely on XP's firewall solely). The concern here is that from the inside of your machine, after market firewalls are easy to disable. I had this happen on my daughters machine when she downloaded some software that after installation would disabled Norton, ZoneAlarm, etc then hid itself. Found it and killed it, but what a hassle. And, of course, once you download SP1 it's on the inside looking out!!

Lastly, there seems to be a lot of M$'s friends recently (or people that seem to be) on a lot of Forum's trying to gather as much info as they can regarding current SP1 hacking plans. At least there's a lot of probing to try and find out who's doing what to neuter SP1. Maybe they get a special Christmas present from Gates or Monkey Boy (Balmer) for faithfully reporting what's happening, who knows. Who cares. They're just plain jerks anyway.

Regardless, M$ has obviously put a lot of effort into trying to reduce the number of illegitimate Corp XP Pro's that have made a big dent in their profits - and reputation.

Guys,

I am confident that once the new PID algorithm is finalized in SP1, that a modified version of the infamous key generator can be made. It will create new corporate keys that are just as reliable that those generated today. I haven't heard anything in this news that makes me think that SP1 is going to be a show stopper. Worrying before SP1 goes final is a supreme waste of time. I recommend sitting back with a cold tall glass of your favorite soda (Dr Pepper!) and let Redmond do the worrying. I give their new scheme only 2 months at most before they are history. The main reason for cracking WPA is to make M$ realize what a monumental amount of money they squandered on an ineffective and worthless CP scheme. With any luck, they whole WPA team will get canned. Well thats my 2 cents worth.

Tomboy

Some snippets from The Register's response to Orig's article:
http://www.theregister.co.uk/content/4/26301.html

MS planning to tackle leaked WinXP keys with SP1?
By John Lettice

"The procedure BetaONE envisages (and it's about the only one we can see would have an effect) is that all corporate customers will be issued with new keys that are recognised by the new code in SP1. So if that's correct, all current corporate keys are dead, the luckless corporate techies will likely get somewhat irritated about having to reactivate, but hey, activation with a corporate key is supposed to be trivially easy, right?

The new key generation system may be more difficult to get round than the last one; indeed, if it isn't, there isn't a lot of point in Microsoft implementing it. That, however, is not the problem. Microsoft's difficulties arise not from people actually cracking the key system but from corporate keys leaking, so no matter how good the system, if a key is leakable, it gets circumvented.

...Inexorably, one is drawn to phoning home as the real shoe two. The EULAs are being amended so that Microsoft reserves the right to check the validity of machines' licences, which means the company will be able to check online for leaked keys, and take what it deems appropriate action. Checking via Windows Update would allow the identification of corporate keys that had leaked out of the corporate market, and this could be followed up with the owner of the key...."

This is really a non-issue. Simply say NO to SP1. I have been using XP on my main machine for a year now and have never Blue screened or been hacked and it runs everything I throw at it. The main rule in mechanics and engineering is:If it aint broke, dont fix it. I use my computer in a production environment and would never do anything to disturb the status of my machine.

Zo

*PHONING HOME*

it cant happen if one takes a few simple procedures to prevent outbound traffic



Last edited by zonko at Jul 22 2002, 09:35 AM

I'm with you, zonko!! The only items that I can see that might be worth anything (to me, anyway), is the USB 2.0 software and the "over 1700 bug fixes" they advise. The problem with the "1700 bug fixes" is that more than likely some of the bug fixes have to do with halting your XP until you enter that brand new key that your Corporation (based on your current Product ID) received in the mail a couple weeks ago. You did receive that Key, didn't you? After all, you're part of that licensed Corpoartion - your Product ID says so, remember.

As for USB 2.0 - I'll be using an aftermarket card for the 2.0 devices so will go with the software provided by the card manufacturer. Don't need the M$ version.

Again, only those people that rely on M$ software (I.E., Outlook Express, etc) seem to be at risk. Sooner or later, they'll be dumped to the M$ update site and then it's "gotcha" time. Remember, there's nothing to prevent a M$ friendly internet site to redirect you to M$'s handy-dandy fixer-upper site to "help" you update before you know it.

Jeez, this cloak and dagger stuff is exciting, in't it?

Hi guys, I don't know a lot of thing in computing and just wanted you to "light" me on this corporate SP1 problem.

But just prior to that, Zonko and Woogieman, I agree that SP1 is perhaps not a necessity for all of us but it seems that you won't be able to update via WindowsUpdate after SP1 has been released, is it true (even if you don't install SP1)? So Microsoft would like to force people to install SP1 so that they can check if they are eligible to use windows update?

Now concerning the corporate: I've read that the problem occur if you slipstream XP to SP1 but not if you upgrade! Could you please explain me what's slipstreaming? Why is it different to "upgrade". Because, if I have XP and I install SP1 after (this means upgarding), I won't have any problem no? So what's the purpose of slipstreaming?

In summary, If I have a fine install of XP and I applied the SP1 over it, my system will be upgraded to SP1 without all those key probs etc, true or false? OK the old FCKGW...key won't work anymore but any other corporate key should work?

@azizcha
The *fckgw* key WILL always work. if SP1 is not used. slipstreaming is the task of applying a service pack as you are installing the OS. Windows update is the same as SP1, except SP1 is all the updates combined into 1 package. windows update is not really necessary if your computer is running fine and you take other steps (hardware specific updates) to keep current. Make sure you turn OFF automatic update (control panel/system/auto updates)

Zo

Don't worry Zonko, everything is turned off on my computer :) I don't like Microsoft to do what I can actually do myself...

Well, I don't understand the prob so for warez people. Why should they need to slipstream XP? This is only for "true corporate" but not for all people no?
So if someone has an XP running with the FCKGW key, will he be able to upgrade to SP1 without problems and get all the winupdate he wants?
I've read that SP1 at least recognize the FCKGW key and desactivate it, that's why people have found how to change the product key without reinstalling windows to set a new corporate key. So by simply doing that, SP1 upgrade should work, am I wrong?

Of course, changing the product key should be done BEFORE installing SP1. But as SP1 has this new algorithm feature, it should also recognize that the key replacing the old FCKGW key has been generated by the also "old" algorithm so it should block XP too.............
Things are a bit complicated for me :)

@azizcha

This is not complicated at all. In your case can u name any reasons at all to install SP1 other than it is there? It seems to be like a seductive elixir to some people, that is laced with poison, yet they must drink anyway. A while back here, when SP1 BETAs hit the street, peeps were having all sorts of problems with their computers after applying it. Run a firewall, virus checker, and scan your ports for trojans occasionaly and you will be fine.

Zo
*edit*
You just joined today Aziz..secret agent? lmaoraotflau



Last edited by zonko at Jul 22 2002, 12:25 PM

I agree Zonko. I don't actually know if I need nor will install SP1 when it'll be released but it's just to know that if I do, I would better have to ghost my system before just in case everything would lock up.

It's just that a lot of people are talking about SP1 and it's problem with corp keys and it's interseting to know.

So if you know or "smell it", could you just summary me what will occur if I install SP1 over a corp XP whose FCKGW key has been changed to another corp key with the old algorithm method? Does it works or not?

Ha you think I'm a Microsoft secret agent that try to leak some infos from you???
Well, yes I've joined today just because I was seeking infos on this SP1 subject. How could I prove you that I'm not a secret agent but only a bad boy that is frightened for his tweaked XP system? I don't know. I can only give you my "parole":)

@ azizcha
To answer one of your Q's :
If you have a FCKGW installation of WinXP, and replace the key with a "generated"
one, you will *at this current time* be able to install SP1 beta, and to use Windows update.

How long this will work, is another Q :)

FYI : Using the fckgw or a generated key, is NOT approved by MS, or BetaONE.

Ok thanks!
But regarding the article of Betaone concerning the new algorithm, will it be possible to install SP1 (final release) as an upgrade with a generated key? Or does the new algorithm only affect slipstreamed installations?
Thanks for the help :)

I have a original Corp-CD (from an University) with a fix integrated Corp-Key!

Is this eventually a problem with the SP1 ???

I run all my WinXP Pro installs on the FCKGW key, but I heard that a 'cracked' SP1 is already out... BS or..?

There will be a new keygen which can generate new keys out very soon after the release of WXPSP1. It wont be the next day but it wont be as long as it took the first time.

All this great warez and reverse engineering talk for people to read when they link here from neowin or The Register or whereever from 0rigs pasted story.

its spelled with an o not a 0

so it simply means that SP1 beta is shit....

I am very well aware of that

shit dudes,,, now im more confused then before..

Q1 , if i install my spanish corp version,, with a key generated with "xp-keygenerator1 ( i say 1 becuse i sopose it going to be 2 version) could i install the xpsp1_esp_final , in my computer ??

Q2, will Bill Gates be more rich with this?? ( i mean this kind of project must cost millions of $)

Q3 , will i be more secure ,,when i agre that microsoft can control/spy my computer ?? ( i mean what about the corupt people that leak things from them, imagine what they could do with my computer if i agree),

thank's for your time,, and let the force be with you,,

The force will be behind you, and watch for both of Bill Gates hands on you shoulders.

ok... thank you for answer the quiz..

let the force be with you too

shit, ppl are actually worried about this?

like Tomboy said, grab a glass of soda,
sit back, relax, and all this will be hacked within a week of gold ;-)

You know sometimes it feels good to have a legit version of XP don't have to put up with all this hassle.

But as has been stated, there are other keys that are bound to work when installing, and we know how to change the key anyway. But I guess when SP2 comes round ... then there will probably be more 'black listed' keys ...

Don't know if anyone subscribes to Woody's Windows Watch ... well there is an article on my site (see sig) that goes into a bit of detail, even mentions BetaONE about the rumours!



Last edited by Flanderz at Jul 24 2002, 01:01 PM

You know, if MS charged a reasonable price for Windows XP, and let you put it on all of your home computers without extra charge, I am sure many more of us would just go and buy a copy, but they are being way to greedy and the price is way to high and the idea that you have to buy multiple copies just to run a copy on your 6 year old childs computer or home Network is mind bogling to me. With this kind of crap, MS deserves to be warezed and cracked til the end of time just for the principal of the matter!!!

That clears up all that mumble jumble for me.

Thanks.

Thanks those translations are great, I feel a little more informed now. Can't wait to try it out B)

And me thinking about sinking the Modem into deep acid pools...

:huh:

I was moderately worried.

Please explain why the FCKGW key is banned if they are in fact changing the key algorithm.

SuperTech

The rumors are nut true !!!!

see this: h##p://www.wininformant.com/Articles/Index.cfm?ArticleID=26051

I think the writers of the article need to write a retract statement, don't you think?

SuperTech :angry:

I don't believe a word of it. They are trying to put everyone of guard.

I don't believe a word of it. They are trying to put everyone of guard.[/b][/quote]
http://www.iexbeta.com/docs/vlkrumors.txt

:P

SuperTech

I think Allen Niemen sums up everything you would want to know but are afraid to ask!!:wub:



Last edited by mustangpc at Jul 28 2002, 03:16 PM