A few months back, I wrote about how Windows Vista product activation works for volume license customers.Â Â Last night I was searching to find out what the grace period is before activation is required and I stumbled across some interesting articles.Â You see, it turns out that there are three main problems with product activation:
- Corporate IT departments want to produce customised Windows builds.Â These builds mustÂ be validÂ when deployed to client PCs (i.e. the product activation period must not have expired!)Â and, as the product activation timer is ticking awayÂ during the customisation process, there needs to be a method to “rearm”Â product activation.
- OEMs want to ship pre-activated versions of the operating system (an arrangementÂ with which I’m sure Microsoft are happy to comply asÂ they need OEMs to preload their operating system and not an alternative, like, let’s say… Ubuntu Linux!), so MicrosoftÂ provides these so-called Royalty OEMs withÂ special product keys which require no further activation, under as scheme known as system-locked pre-installation (SLP) or OEM activation (OA) 2.0.
- Anti-piracy measures like product activationÂ is that they are to hackersÂ like a red rag is to a bull.
The net result, it seems, is twoÂ methods to avoid product activation.Â The first method, can be used to simply delay productÂ activation, as described by Brian Livingston at Windows Secrets. It uses an operating system command (
slmgr.vbs -rearm),Â to reset the grace period for product activation back to a full 30 days.Â Â The Windows Secrets article also describes a registry keyÂ (HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL\SkipRearm) and claims that itÂ can be set to
00000001 before rearming, allowing the rearm to take place multiple times (this registry key is reset by the rearm command, which is also available by running
rundll32 slc.dll,SLReArmWindows); however, Microsoft claims that the SkipRearm key is ineffective for the purpose of extending the grace period as it actually just stops
sysprep /generate (another command used during the imaging process) from rearmingÂ activation (something which can only be done three times) and does not actually reset the grace period (this is confirmed in the Windows Vista Technical Library documentation).Â Â Regardless of that fact, the rearm process can still be run three times, giving up to 120 days of unactivated use (30 days, plus three more rearms, each oneÂ providing an additional 30 days).Â That sounds veryÂ useful for both product evaluation and for corporate deployments – thank you very much Microsoft.Â According to Gregg Keizer at Computer World/PC World Magazine, aÂ Microsoft spokesperson has even confirmed that it’s not evenÂ a violation of the EULA.Â That is good.
So that’s the legal method; however some enterprising hackers have a second method, which avoids activation full stop.Â Basically it tricks the operating system into thinking that its running on a certain OEM’s machine, before installing the relevant certificate and product keyÂ to activate that copy of Windows.Â The early (paradox) version involved making hex edits to the BIOS (hmm… buy a copy of Windows or turn my PC into a doorstop, I know which I’ll choose) but the latest (vstaldr) version even has an installer for various OEMs, and if that doesn’t work then there is a list ofÂ product keys which can be installed and activated using two operating system commands:
slmgr.vbs -ipk productkey
I couldn’t possibly confirm or deny whether or not that method works… but Microsoft’s reaction to the OEM BIOS hacksÂ would suggest that this is not a hoax.Â Microsoft’s Senior Product Manager forÂ Windows Genuine Advantage (WGA),Â Alex Kochis, describes the paradox method as:
“It is a pretty labor-intensive [sic] process and quite risky.”
(as I indicated above).Â Commenting on the vstaldr method, he said:
“While this method is easier to implement for the end user, it’s also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard”
Before continuing to hint at how Microsoft may respond:
“We focus on hacks that pose threats to our customers, partners and products.Â It’s worth noting we also prioritize our responses, because not every attempt deserves the same level of response. Our goal isn’t to stop every ‘mad scientist’ that’s on a mission to hack Windows.Â Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims.Â Â This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers.”
Which I will paraphrase as “it may work today, but don’t count on it always being that way”.
Note that I’m not encouraging anybody to run an improperly licensed copy of Windows.Â That would be very, very naughty.Â I’m merely pointing out thatÂ measures like product activation (as for any form of DRM) are more of an inconvenience to genuine users than they are a countermeasure against software piracy.
This post is forÂ informational purposes only. Please support genuine software.