WPA Details Revealed
I have talked about this in several earlier issues. The new
Product Activation feature (WPA) in Windows XP is a hot topic
but MS has been not really forthcoming with how they are doing
it, for obvious reasons. However a few techies in Berlin have taken
the time to reverse engineer the whole WPA scheme and made it
public. (This in itself is not illegal by the way, despite what
you might think).
Our Sunbelt Chief Web Developer, has gone through
the whole thing and from a tech/programmer's point of view, it's
all valid and makes sense. The link to the German site was posted
I went over the German site (link below) and they have an FAQ:
I pulled two questions that seem to catch the crux of the matter:
"5. Why did you release details on Windows Product Activation?
We felt that there is a need for facts in the debate about Windows
Product Activation. Many people suspected that WPA could be abused to
spy on end-users. Our paper, however, shows that insensitive
information is transmitted during product activation. From this, it
can be seen that the facts that we provide really are a necessary
contribution to the ongoing discussion about WPA.
We think that license enforcement mechanisms will be an important part
of the future of software distribution via the Internet. Thus, we do
think that public discussion of technology of this kind must be free
from bias and it must be based on facts and openness.
We hope that the information that we provide positively affects the
current debate. The debate is necessary, but it should be based on
facts and full disclosure of information relevant to the privacy
"6. Do you know how to circumvent Windows Product Activation?
No. We provide insight into which information is transmitted to
Microsoft during activation. Our paper is important to help people
understand the impact of WPA on their work and their privacy. We do
not believe that our paper helps in any way to circumvent the license
enforcement provided by WPA".
Now, of course they have to say that. I'm assuming their lawyer told
them that this would be the most prudent way to go. But there is a
lot of stuff on that site, like the complete technical explanation,
and a command line utility suitable for verifying the presented
information called XPDec, that implements the algorithms presented
in their paper.
They even provide the source code of it, but they have removed an
important cryptographic key from the XPDec source code. That means
the source code if you recompile it will not get you a functioning
executable. But some one already posted that key on slashdot.org.
The XPDec executable on the German website contains the key and will
It boils down to the fact you can download the source code to learn
about the inner workings of WPA, and can use their compiled code
to experiment with your installation of Windows XP. Or, if you are
a programmer, recompile the source with the 'secret' key. Now, it
has happened three times in so many weeks that when we publish a site
in W2Knews, the traffic increase pretty much killed that site. So,
if this link does not work, it's not our fault. Please try later?