Vulnerability Development mailing list archives
Re: Recovering the activation key from a Win2K installation
From: "Bryan Allerdice" <bryan () professionalhacker com>
Date: Wed, 27 Jun 2001 09:12:27 -0400
I'm running WIN2K Server and see a key called ProductId rather than ProductKey in both HKLM\Software\Microsoft\Windows\CurrentVersion and HKLM\Software\Microsoft\Windows NT\CurrentVersion, and the number there isn't the CDKEY, it's the registration number that pops up in a little window during installation just after you enter a CDKEY, name and business - It's the one you're supposed to write down incase you need support. I don't think that you can find the CDKEY in the registry for WIN2K. Your advice for 95 and 98 is right though - haven't touched ME so I can't confirm your advice there. BRYAN ----- Original Message ----- From: "George Bolton" <george.bolton () digitalcinemaadvertising com> To: <vuln-dev () securityfocus com> Sent: Tuesday, June 26, 2001 11:27 AM Subject: Re: Recovering the activation key from a Win2K installation
Short answer: You're right. Product ID keys can be recovered from the registry quite quickly. I've looked at this directly for Windows 95, 98, ME and 2kPro. Can't speak
with
authority on NT4 as I've not got one to hand. Please excuse the step-by-step here. Not wishing to question your expertise, but is you're not familiar with the registry then it can become quite a minefield. Careless editing of the registry can cause serious problems, so please be careful not to modify things, just look around. From your Start Menu, choose Run, then type REGEDIT in the box and click
OK.
You will see the Registry Editor start, it looks a bit like an Explorer window. On the left are the keys, on the right is the data. The registry can be navigated in much the same way that Explorer can, for example when you see a little + sign next to a folder, click on it and the subfolders will be displayed, select it and the contents of the folder will be shown
in
the right hand pane. For Windows 95, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion and look for
an
entry in the right pane called "ProductId" In Windows 98 and ME, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion and look for
an
entry called "ProductKey" In Windows 2000, there are in fact two entries, both called "ProductKey", one under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion and another in HKEY_LOCAL_MACHINE\Software\Microsoft\WinNT\CurrentVersion. Presumably the reason for the second entry is for backward compatibility, but I'm not sure. A way of introducing a limited form of protection for your key would be to create a Windows policy which prevents access to the registry editor by
all
bar the administrative users. However, you should note that there are a number of quick and easy ways of getting around Windows' Policies. There are many pieces of software on the market that will assist you in this, should you wish to go down that road. I have used "S to Infinity" from Winvista with a great deal of success, but I'm sure that others will be
able
to pass recommendations as well. Regards George Bolton Network & Communications Manager Digital Cinema Advertising Ltd T +44 (0) 7050 697394 F +44 (0) 7050 665295 ----- Original Message ----- From: "Juan M. Courcoul" <courcoul () campus qro itesm mx> To: "Vuln-Dev" <VULN-DEV () SECURITYFOCUS COM> Sent: Monday, June 25, 2001 6:28 PM Subject: Recovering the activation key from a Win2K installationPlease bear with me, as I only pretend to have a limited knowledge of Windows internals enough to survive its use. A discussion arose as to the security of Windows 2000's activation key, aka the CD or Product Key. A colleague who handles Win2K installations insisted that once you have keyed in the 29-character string and activated the OS during a full new install, it is unrecoverable and hence safe to install in student labs, etc., without the risk of compromising the corporate license. She went so far as to claim that even a user with Administrator privileges couldn't get it back. My gut feeling is that this is bull and constitutes a prime example of "assumed security thru ignorance". Would you kind Windows gurus please tell me who's got it right this time
?
J. Courcoul
Current thread:
- Valid characters on one o/s are invalid on another Kayne Ian (Softlab) (Jun 25)
- Re: Valid characters on one o/s are invalid on another Juan M. Courcoul (Jun 26)
- Recovering the activation key from a Win2K installation Juan M. Courcoul (Jun 26)
- Re: Recovering the activation key from a Win2K installation George Bolton (Jun 26)
- RE: Recovering the activation key from a Win2K installation Steven Evans (Jun 27)
- Re: Recovering the activation key from a Win2K installation Bryan Allerdice (Jun 27)
- Re: Recovering the activation key from a Win2K installation meiso (Jun 29)
- Re: Recovering the activation key from a Win2K installation Technical Support (Jun 30)
- Recovering the activation key from a Win2K installation Juan M. Courcoul (Jun 26)
- Re: Recovering the activation key from a Win2K installation Bryan Allerdice (Jun 27)
- Re: Recovering the activation key from a Win2K installation Zow (Jun 27)
- Re: Valid characters on one o/s are invalid on another Juan M. Courcoul (Jun 26)
- Re: Valid characters on one o/s are invalid on another James Robbins (Jun 26)
- Re: Valid characters on one o/s are invalid on another Meritt James (Jun 27)
- Re: Valid characters on one o/s are invalid on another Craig Boston (Jun 27)
- Re: Valid characters on one o/s are invalid on another Juan M. Courcoul (Jun 27)