Technical Details on Microsoft Product Activation for Windows XP

Software piracy is a worldwide problem which negatively impacts software developers, resellers, support professionals, and most importantly, consumers. One form of piracy, estimated to be as high as 50%, is known as casual copying. Casual copying is the sharing and installation of software on multiple PCs in violation of the software's end user license agreement (EULA). Microsoft has developed product activation as one solution to reduce this form of piracy.

Product activation uses several methods and technologies to help achieve Microsoft's goals of protecting intellectual property rights by making it easy for users to comply with the terms of the EULA and reducing software piracy.

In order to help customers and partners better understand the technologies used by product activation, and their unobtrusive and anonymous nature, we will outline in this bulletin:

  1. How activation works for Windows XP acquired through:

    1. A PC manufacturer (OEM)

    2. A retail store (where customers buy "boxed" software product)

    3. A volume licensing agreement (customers who acquire their licenses through programs such as Microsoft Open, Enterprise, or Select licensing).

  2. How the hardware hash component of the installation ID is created and the scenarios in which a copy of Windows XP may have to be re-activated due to a substantial hardware modification.

For a more general overview on the basics of product activation please see https://www.microsoft.com/piracy/basics/xp_activation.asp. Additionally, this document contains some technical concepts. Pointers to reference material covering certain technical concepts are included in the appendix. Information contained in this document represents product activation in Windows XP as of the document's date of publication.

On This Page

Product Activation and volume licenses
Product Activation and new pre-loaded PCs
Product Activation and retail boxed software product
Modifications to hardware and how they affect the activation status of Windows XP
Conclusions
Appendix A: This bulletin and Microsoft Product Activation for Office XP Family Products
Appendix B: Technologies used in Product Activation

Product Activation and volume licenses

Windows XP upgrade licenses acquired through one of Microsoft's volume licensing agreements, such as Microsoft Open License, Enterprise Agreement, or Select License, will not require activation. Installations of Windows XP made using volume licensing media and volume license product keys (VLKs) will have no activation, hardware checking, or limitations on installation or imaging.

Product Activation and new pre-loaded PCs

The majority of customers acquire Windows with the purchase of a new computer, and most new computers pre-loaded with Windows XP will not require activation at all. Microsoft provides OEMs with the ability to "pre-activate" Windows XP in the factory and estimates that upwards of 80% of all new PCs will be delivered to the customer pre-activated.

"Pre-activation" of Windows XP by the OEMs will be done in one of two different ways depending on the OEM's own configuration options and choices. Some OEMs may protect Windows XP using a mechanism which locks the installation to OEM-specified BIOS information in the PC. This technology works very similar to existing technologies that many OEMs have used over the years with the CDs they ship to reinstall Windows on these computers. We expanded and integrated the existing OEM CD BIOS locking mechanism with product activation, and call this method of protection "System Locked Pre-installation," or SLP.

Successfully implemented, SLP uses information stored in an OEM PC's BIOS to protect the installation from casual piracy. No communication by the end customer to Microsoft is required and no hardware hash is created or necessary. At boot, Windows XP compares the PC's BIOS to the SLP information. If it matches, no activation is required.

Every single piece of hardware could be changed on a PC with SLP and no reactivation would be required — even the motherboard could be replaced as long as the replacement motherboard was original equipment manufactured by the OEM and retained the proper BIOS. In the unlikely scenario that the BIOS information does not match, the PC would need to be activated within 30 days by contacting the Microsoft activation center via the Internet or telephone call — just as in a retail scenario.

OEMs may also activate Windows XP by contacting Microsoft in the same way the consumer would activate. Activation done in this way is the same as activating a retail boxed version of Windows XP. This is discussed in more detail further below.

For OEMs who do not employ either of the above two methods of pre-activation, a new PC acquired with Windows XP preinstalled must be activated by the customer. This activation is completed in the exact same way as would someone who acquired Windows XP by purchasing a boxed version at a retailer.

Product Activation and retail boxed software product

Product activation relies on the submission of the Installation ID. The Installation ID is specifically designed to guarantee anonymity and is only used by Microsoft to deter piracy. The Installation ID is comprised of two different pieces of information — the product ID and a hardware hash (a hash is a numeric value derived through a mathematical formula and based upon some other, original value). The product ID is unique to the installation of Windows and is created from the product key used during installation. Each product key delivered with retail boxed software is unique, and the product ID it creates is unique. Microsoft uses the product ID for other purposes in addition to product activation such as when requesting product support. The product ID can be found by viewing the Properties of My Computer (an example of a product ID is 12345-123-1234567-12345).

The hardware hash is an eight byte value that is created by running 10 different pieces of information from the PC's hardware components through a one-way mathematical transformation This means that the resultant hash value cannot be backwards calculated to determine the original values. Further, only a portion of the resulting hash value is used in the hardware hash in order to ensure complete anonymity.

Example A processor serial number is 96 bits in length. When hashed, the resultant one-way hash is 128 bits in length. Microsoft uses only six bits from that resultant hash in activation's hardware hash. Due to the nature of the hashing algorithm, those six bits cannot be backwards calculated to determine anything at all about the original processor serial number.

Moreover, six bits represent 64 (2^6) different values. There were over 100 million PCs sold last year worldwide. From those 100 million PCs sold, only 64 different hardware hash values could be created as part of activation.

Microsoft developed the hardware hash in this way in order to maintain the user's privacy.

Additionally, whether or not the PC can be put into a docking station or accepts PCMCIA cards is also determined (the possibility of a docking station or PCMCIA cards existing means that hardware may disappear or seem changed when those devices are not present). Finally, the hardware hash algorithm has a version number. Together with the general nature of the other values used, two different PCs could actually create the same hardware hash. The 10 different hardware values used to create the hash are outlined in the table below:

Table 1 Hardware hash component values

Component Name

Example Hash Value (#o of bits)

1

Display Adapter

00010 (5)

2

SCSI Adapter

00011 (5)

3

IDE Adapter

0011 (4)

4

Network Adapter MAC Address

1001011000 (10)

5

RAM Amount Range (i.e. 0-64mb, 64-128mb, etc)

101 (3)

6

Processor Type

011 (3)

7

Processor Serial Number

000000 (6)

8

Hard Drive Device

1101100 (7)

9

Hard Drive Volume Serial Number

1001000001 (10)

10

CD—ROM / CD-RW / DVD-ROM

010111 (6)

-

"Dockable"

0 (1)

-

Hardware Hash version (version of algorithm used)

001 (3)

The product ID (nine bytes) and hardware hash (eight bytes) are used by Microsoft to process the activation request. When activation is done over the Internet, these two values form the Installation ID (in a binary format) and are sent along with request header information directly through secure sockets (SSL in HTTP) to the Microsoft activation system in a binary format. There are three communications made to complete Internet activation:

  1. Handshake request: Contains product ID, hardware hash, and request header data such as request ID (for linking the handshake, request, and acknowledgement) and activation technology version. 262 bytes total.

  2. License request: Contains product ID, hardware hash, and customer data structure for holding voluntary registration information if provided. If registration is skipped, this structure is empty. Also contains request header data such as request ID and the PKCS10 digital certificate request structure. The PKCS10 structure can vary slightly based on the inclusion of voluntary registration information; about 2763 to 3000 bytes total.

  3. Acknowledgement request: Contains certificate ID (returned to user's machine after license request), issue date, and error code. 126 bytes total.

If Internet activation is successful, the activation confirmation is sent directly back to the user's PC as a digital certificate. This certificate is digitally signed by Microsoft so that it cannot be altered or counterfeited. The confirmation packet returned as part of Internet activation is approximately 9 kbytes in size (the digital certificate chain accounts for most of the confirmation data packet size).

If activation is done by telephoning a customer service representative, the product ID and hardware hash are automatically displayed to the user as the Installation ID; a 50 digit decimal representation. The encoding encrypts the data so that it cannot be altered and provides check digits to help aid in error handling. Telephone activation is a four step process:

  1. Selecting the country from which the call is being made so that an appropriate phone number can be shown in the product UI.

  2. Dialing the phone number

  3. Providing the Installation ID to the customer service representative

  4. Entering the Confirmation ID provided by the customer service representative.

The confirmation ID is a 42-digit integer containing the activation key and check digits that aid in error handling. Both the installation ID and confirmation ID are displayed to the user in easily understandable segments in the product UI.

Modifications to hardware and how they affect the activation status of Windows XP

Product activation rechecks the hardware it is running only to help reduce illegal hard disk cloning — another prevalent piracy method. Hard disk cloning is where a pirate copies the entire image of a hard disk from one PC to another PC. At each login, Windows XP checks to see that it is running on the same or similar hardware that it was activated on. If it detects that the hardware is "substantially different", reactivation is required. This check is performed after the SLP BIOS check discussed above, if the SLP BIOS check fails. This means that if your PC is pre-activated in the factory using the SLP pre-activation method, all the components in the PC could be swapped, including the motherboard, so long as the replacement motherboard was genuine and from the OEM with the proper BIOS. As noted above, installations of Windows XP made using volume licensing media and volume license product keys (VLKs) will not have any hardware component checking.

Microsoft defines "substantially different" hardware differently for PCs that are configured to be dockable. Additionally, the network adapter is given a superior "weighting." If the PC is not dockable and a network adapter exists and is not changed, 6 or more of the other above values would have to change before reactivation was required. If a network adapter existed but is changed or never existed at all, 4 or more changes (including the changed network adapter if it previously existed) will result in a requirement to reactivate.

Scenario A:

PC One has the full assortment of hardware components listed in Table 1 above. User swaps the motherboard and CPU chip for an upgraded one, swaps the video adapter, adds a second hard drive for additional storage, doubles the amount of RAM, and swaps the CD ROM drive for a faster one.

Result: Reactivation is NOT required.

Scenario B:

PC Two has the full assortment of hardware components listed in Table 1 except that it has no network adapter. User doubles the amount of RAM, swaps the video card and the SCSI controller.

Result: Reactivation is NOT required.

Dockable PCs are treated slightly more leniently. In a dockable PC, if a network adapter exists and is not changed, 9 or more of the other above values would have to change before reactivation was required. If no network adapter exists or the existing one is changed, 7 or more changes (including the network adapter) will result in a requirement to reactivate.

Scenario C:

Dockable PC Three has the full assortment of hardware components listed in Table 1 except that it has no network adapter. User doubles the amount of RAM, swaps to a bigger hard disk drive, and adds a network adapter.

Result: Reactivation is NOT required.

The change of a single component multiple times (e.g. from video adapter A to video adapter B to video adapter C) is treated as a single change. The addition of components to a PC, such as adding a second hard drive which did not exist during the original activation, would not trigger the need for a reactivation nor would the modification of a component not listed in the above table. Additionally, reinstallation of Windows XP on the same or similar hardware and a subsequent reactivation can be accomplished an infinite number of times. Finally, the Microsoft activation clearinghouse system will automatically allow activation to occur over the Internet four times in one year on substantially different hardware. This last feature was implemented to allow even the most savvy power users to make changes to their systems and, if they must reactivate, do so over the Internet rather than necessitating a telephone call.

Conclusions

Microsoft believes that product activation will be successful at deterring the casual copier, thereby reducing the piracy of Windows XP. Product activation achieves this goal by implementing a technology solution that deters the casual copier while:

  • Continuing to meet the needs of corporate customers and their unique deployment needs for deployment of volume licenses

  • Maintaining Windows XP's ease of use

  • Striking a balance in protecting intellectual property clearly in favor of the user

  • Protecting the user's privacy by utilizing information that is not personally identifiable. At no time is personally identifiable information secretly gathered or submitted to Microsoft as part of activation.

Furthermore, Microsoft believes that product activation be completely unobtrusive to most Windows users. Most users of Windows XP will acquire it with the purchase of a new PC. The vast majority of these users will never see activation, either on first boot or with substantial hardware upgrades. For those users whose new PC requires that Windows XP be activated or who acquire Windows XP through a retail box, activation will most likely be a one-time occurrence that, whether completed via the Internet or by telephoning a Microsoft customer service representative, will be a simple, quick, and straightforward process.

Appendix A: This bulletin and Microsoft Product Activation for Office XP Family Products

Office XP Family products use an underlying activation technology similar to that of Windows XP. Please see the forthcoming Microsoft Technical Market Bulletin on product activation in Office XP Family products for details.

Appendix B: Technologies used in Product Activation

An overview of digital certificate technologies can be found on Microsoft's MSDN website at https://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh/crypto/aboutcrypto_3xdf.asp

A comprehensive overview of cryptography solutions available to Microsoft developers can also be found on Microsoft's MSDN website at https://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh/crypto/aboutcrypto_6fl5.asp

For more information, press only:

Rapid Response Team, Waggener Edstrom, (503) 443-7000, rrt@wagged.com

For online product information:

https://www.microsoft.com/windowsxp/

Microsoft Piracy Web site: https://www.microsoft.com/piracy/

Microsoft Product Activation Web site:

https://www.microsoft.com/piracy/basics/xp_activation.asp

For independent information on software piracy:

Business Software Alliance web site: http://www.bsa.org

Software & Information Industry Association web site: http://www.siia.net/piracy