- Back to Home »
- hacking »
- How Windows Product Activation (WPA) Works?
Posted by : kuch
March 15, 2014
How Windows Product Activation (WPA) Works?
Windows Product Activation or WPA
is a license validation procedure introduced by Microsoft Corporation
in all versions of its Windows operating system. WPA was first
introduced in Windows XP and continues to exist in Windows Server 2003,
Windows Vista, Windows Server 2008 and Windows 7 as well.
WPA enforces each end user to activate
his/her copy of Windows so as to prevent unauthorized usage beyond the
specific period of time until it is verified as genuine by Microsoft.
How WPA really works was a closely guarded secret until GmbH analyzed
WPA using a copy of Windows XP RC1 and published a paper on their
findings.
In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.
Why activation?
Microsoft’s intention behind the
activation is to limit the usage of its Windows operating system to only
one machine for which the retail license is issued. Any other computer
which runs on the same license must be disallowed from using the
software. Hence, WPA demands for activation of the product within 30
days of its installation so as to ensure that it is genuine.
What does “Genuine Windows” means?
The copy of Windows is said to be
genuine only if the product key used during the installation is genuine.
It means that a given product key (retail license) must be used to
install Windows only on one computer for which the license was
purchased. Thus, if the same key is used for the installation on another
computer, then it is said to be a pirated copy.
Exactly what information is transmitted during the activation?
When you activate your copy of Windows, you are transmitting an Installation ID
code to Microsoft either by phone or Internet depending on the method
you choose to activate. Based on this, the Microsoft’s licensing system
can determine whether or not the installed OS is genuine. If it is said
to be genuine, then the system will receive the Activation ID
which completes the activation process. If the activation is done
through a telephone, the Activation ID needs to be entered manually to
complete the activation process.
What information does the Installation ID contain?
This Installation ID is a 50-digit number which is derived from the following two data.
1. Product ID – It is
actually derived from the 25-digit product key (the alphanumeric value
that is printed on the sticker over the Windows CD/DVD case) that is
entered during the installation of the operating system. The Product
ID is used to uniquely identify your copy of Windows.
2. Hardware ID – This value is derived based on the hardware configuration of your computer.
The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:
- Display Adapter
- SCSI Adapter
- IDE Adapter (effectively the motherboard)
- Network Adapter (NIC) and its MAC Address
- RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
- Processor Type
- Processor Serial Number
- Hard Drive Device
- Hard Drive Volume Serial Number (VSN)
- CD-ROM / CD-RW / DVD-ROM
How is the Installation ID validated?
The Installation ID needs to be
validated to confirm the authenticity of the installed copy of
Windows. So, after the Installation ID is received by Microsoft, it is
decoded back so as to obtain the actual product key and the hardware
details of the computer involved in the activation process.
The Microsoft’s system will now look to
see if this is the first time the product key is being used for the
activation. This happens when the user is trying to activate his Windows
for the first time after purchase. If so, the Installation ID is
instantly validated and the corresponding Activation ID is issued which
completes the activation process.
However, Microsoft system will
now associate this product key with the hardware ID of the computer
and stores this information on their servers. In simple words, during
the first use of the product key, it is paired together with
the Hardware ID and this information is stored up on the Microsoft
servers.
What if a computer running a counterfeit copy of Windows attempts to activate?
The activation fails whenever the copy
of Windows installed is not said to be genuine. This usually
happens when the product key used for the installation is said to have
been used earlier on a different computer. This is determined during the
activation process as follows:
During the validation of the
Installation ID, the Microsoft’s system checks to see if the same
product key was used in any of the previous activation processes. If so,
then it looks to see the Hardware ID associated with it. The computer
running a counterfeit copy of Windows will obviously have a
different hardware configuration and hence the Hardware ID will
mismatch. In this case the activation process will fail.
Therefore, for a successful activation, either of the following two cases must be satisfied:
- The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
- If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.
What about formatting the hard disk?
Each time the hard disk is reformatted
and the Windows is re-installed, it needs to be re-activated. However,
the activation process will be completed smoothly since the same
computer is attempting for subsequent activation. In this case, both the
product key and the Hardware ID will match and hence the activation
becomes successful.
What if I upgrade or make changes to my hardware?
In the above mentioned 10 categories of
hardware, at least 7 should be the same. Thus you are allowed to make
changes to not more than 3 categories of hardware. If you make too many
changes then your activation will fail. In this case, it is necessary to
contact the customer service representative via phone and explain about
your problem. If he is convinced he may re-issue a new product key for
your computer using which you can re-activate your Windows.
Some things WPA does not do:
- WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
- If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
- WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
- WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.
I have tried my best to uncover the
secret behind the WPA. For further details and more
technical information you can read the actual paper by Fully Licensed
GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt. I hope you like this post. Pass your comments.