Windows XP Mode Principle: From Win95, Microsoft's product installation Key is changed from the original 10 digits to 25 characters, which represents MS bid farewell to the simple checks, from this to the elliptic curve method. embrace. From the perspective of cryptography, this is definitely a milestone, because the elliptical curve method is still in the research stage, MS is the first manufacturer of commercial products. So what is it in this 25 characters? 1.Base24 This 25 characters actually 114bits' data for UUCODE with base24, as installing key, this base must absolutely avoid misiability, so MS selects the following 24 characters as uucode: bcdfghjkmpqrtvwxy2346789 If your installation Key has the character other than these 24 characters, you can throw it into the garbage cartridge, you don't have to try it. 2.114 Bits Uudecode obtained 114 bits according to the INTEL high in the format as follows: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Total 114 bits | | | 55 BISH | 30 BITS Serial 31 Bits Data 1 bits flag / flag : Unknown markers, this bit is always 0 in all kinds of Key you have seen. Serial: User serial number, transferred into a decimal representation as aaaabbbbb, corresponding to: Retail Edition: xxxxx-aaa-bbbbbbbX-xxxxx OEM version: XXXXX-OEM-0AAAAabX-BBBBBB 51BITS is always called DATA, is the basic part of CDKey. Hash: DATA is obtained by specific processing, see later. Sign: The ellipse sign of the HASH value, see later. 3. Elliptic curve signing algorithm to indicate that the elliptic curve signing algorithm is not an easy task, interested in using the "elliptic curve" or "Elliptic Curve" to find related information in search engines, here is simple Introduce the Usage of MS. The so-called elliptic curve refers to such a class of curve equations: Y ^ 2 A1 * XY A3 * Y = x ^ 3 A2 * x ^ 2 A4 * x A6 in password learning is its two special cases And MS is more in these two special examples: Y ^ 2 = x ^ 3 a * x b (MOD P) When A, B, P is selected, you can determine an elliptical curve, and then Select a generated point g (GX, GY), so there is a minimum integer Q makes q * g = O, then, then select one integer K
K (kx, ky) = k * g, the key of the elliptical curve signing algorithm is all generated:
Public key is: A, B, P, G (GX, Gy), K (KX, KY)
Private key: A, B, P, G (GX, GY), Q, K
To sign a DATA:
A. First choose an integer R
B. A total of 100 bytes of DATA, RX, RY for SHA-1, and 28 in the results get HASH;
C. Seeking SIGN = R - Hash * K (Mod Q);
D. After the three numbers of Data, Hash, SIGNs get 25-bit CDKey.
Verify CDKey:
A. Remove the 25 cdkey Uudecode and then refer to Data, Hash, Sign; B. See the point R (RX, RY) = Sing * G Hash * K (MOD P);
C. A total of 100 bytes of DATA, RX, RY for SHA-1, and the 28th in the result is obtained by Hash ';
D. If Hash = Hash ', the cdkey is a valid key.
4.bink
As can be seen from the previous description, in order to verify the cdkey, MS must publicly open the public key in the elliptical curve signature algorithm, then where is this public key? The answer is in the BINK resource in Pidgen.dll (other products such as Office is packaged in * .msi), and there are two groups, from the current known Key combination, the first set of keys is used to retail Version, the second group is used for OEM versions. Whether the Key of the two products can be generous is whether the corresponding key is the same, such as the second set of keys of the Chinese version of Windows 2000 Pro / SRV / ADVSRV is also the same, the OEM version of a PWindows 2000 PRO, The OEM version of PWindows 2000 SRV / ADV can be used simultaneously.
5. Crack and its difficulty
To crack the CDKEY generation algorithm, you must find the corresponding private key from the key disclosed in the MS, that is, Q and K are required. From the key disclosed in Bink, P is a number of 384 bits, which looks like to be at least O (2 ^ 168), but a defect in MS design (?) Reduces actual workload to Only O (2 ^ 28) is ok.
Why is the difference?
Looking back at 3.C: Sign = R - Hash * K (Mod Q)
Usually Q can be a large value, so SIGN should be large, but MS is limited to 55 bits in order to reduce the number of cdKey inputs, so it is naturally limited to Q. 56 bits. According to this type, due to K
The author used only 6 hours on a motor II 800 to solve the Q value of a key key. At most, it used 28 hours on one thunderbird 1G to calculate another group of keys. K value, other averages can be obtained around ten hours.
