Windows XP's authentication system has been completely broken and can be activated offline



Windows XP, which was released in 2001, boasts strong popularity even after the end of support in 2014 due to its stable operation and the ability to operate on low-spec PCs,

and 20 years after its launch. At the moment, we still have a market share of about 0.6% . Windows XP has a high demand for pirated versions in proportion to the legitimate demand, and the authentication system has been attacked for many years. tinyapps has summarized the flow until 2022 to be able to break through authentication completely offline in the blog.

Windows XP Activation: GAME OVER
https://tinyapps.org/blog/202304230700_xp_wpa.html



The Windows XP activation process first generates a product ID based on the product key, then calculates an installation ID based on the product ID and hardware hash. Then send the installation ID to Microsoft, get a 'confirmation ID' from Microsoft and enter it in Windows XP at hand, and so on.

As of 2005, the text ' MSKey Readme ' has already appeared, and in this text, the method of calculating the private key used to generate the product key of Windows XP was explained. Since the product key of Windows XP is a public key generated using elliptic curve cryptography , it is possible to deduce the secret key based on the public key by Pollard-Lau prime factorization method etc. can.

In 2019, `` WindowsXPKg '' was released to generate product keys based on text about Windows XP activation . However, with Windows XPKg alone, the activation process could only go as far as generating an installation ID, relying on a third-party server to calculate the confirmation ID.

And in a 2022 Reddit post , a user named retroreviewyt shared 'xp_activate32.exe'. This executable will generate the proper confirmation ID after calculating the installation ID, making it possible to activate Windows XP in a completely offline environment.



Even if Microsoft ends the activation of Windows XP in the future, it will be possible to maintain the old system if there is an activation system that works completely offline. There are people in the world who need to continue to use Windows XP for various reasons , so the blog concluded that it hoped that an official offline activation tool would be prepared for posterity. .

According to a survey, when five years have passed since the end of support for Windows XP, more than 30% of companies are using PCs running Windows XP. Hacker News commented on experiences such as 'Windows XP is required to run a CNC machine using an old and unique card'.

The reality that one-third of companies continue to use Windows XP even in 2019-GIGAZINE



In addition, there are cases where factories and hospitals have custom-made 32-bit applications and cannot pay for porting, and like President Putin, new versions of Windows send a lot of data to Microsoft, so they cannot be trusted. It seems that there are many scenes where Windows XP is unexpectedly active, such as when you are using Windows XP.

Nonetheless, it should be a very dangerous act to connect to the Internet because it is an OS where security updates are completely stopped, but according to access analysis, about 1000 Windows XP users are using GIGAZINE this month as well I was visiting

Related Posts:

in Software, Posted by log1d_ts