8/12/2019 MSKey4in1 Read Me

1/3

MSKey Readme

Abstract

Microsoft Windows Server 2003 VLK requires a VLK key to install. Commonly for ille!al users

t"is key is a leaked key and t"ousands of #iracy users use t"e same key to install t"eir Windows.

$"e #ro%lem is t"at t"e #iracy users can use t"e #roduct now %ut not forever %ecause Microsoft

would #ro%a%ly include t"e leaked key list in t"e furt"er service #acks &e.!. Microsoft #ro"i%ited

several Windows '( VLK keys in service #ack )*. So it is necessary to install Windows wit"different keys for different ille!al users.

+y tracin! Windows #roduct key verification #ro!ram , successfully e-tracted t"e al!orit"m MS

uses &some (u%lic Key ,nfrastructure* and %roke t"e #rivate key uses to !enerate #roduct keys.

Validation Process

1. Decode

$"e followin! com#utations are %ased on t"is #roduct key

JCF8T-2MG8G-Q6BBK-MQKGT-X3GBB

$"e c"aracter / / does not contain any information so t"e MS #roduct key is com#osed of 21

di!it c"aracter. Microsoft only uses /+C 456KM(78$VW'923:;? to encode #roduct

key in order to avoid am%i!uous c"aracters &e.!. /,? and /)? /0? and /@?*. $"e quantity of

information t"at a #roduct key contain is at most bits)):2:lo! 212 . $o convert a 21 di!it key

to %inary data we need toa. convert / JCF8T2MG8GQ6BBKMQKGTX3GBB to /; ) 3 22 ....../ w"ere A+B 0 ACB )

A B 2 D we call t"e array /; ) 3 22D? base24[]

%. com#ute decoded =

2:

0

2: EF2:2:i

i ibase t"e result is 00 C5 31 !8 "D B! 3 2C

55 " 35 BD 8D 01 00 &little endian*

c. $"e decoded result can %e divided into )2%it G 3)%it G ;2%it G >%it and we call t"eses : #arts

)2%it OS Family 3)%it Hash ;2%it Signature and >%it Prefix .

8/12/2019 MSKey4in1 Read Me

2/3

2. #e$%&y

,f you want to understand w"at , am talkin! a%out in t"is section #lease refer to some Hlli#tic

Curve Cry#to!ra#"y materials.

+efore verifyin! a #roduct key we need to com#ute t"e : #arts mentioned a%ove OS Family

Hash Signature and Prefix .

Microsoft (roduct key ,dentification #ro!ram uses a #u%lic key stored in (, 4HI. LLBs +,IK

resource w"ic" is an Hlli#tic Curve Cry#to!ra#"y #u%lic key w"ic" is com#osed of

p a b construct an elli#tic curve *&mod32 pbax x y ++=

G x!y" re#resents a #oint on t"e curve and t"is #oint is so called /!enerator?

# x!y" re#resents a #oint on t"e curve and t"is #oint is t"e #roduct of inte!er $ and t"e !eneratorG.

Wit"out knowin! t"e #rivate key $ we cannot #roduce a valid key %ut we can validate a key usin!

#u%lic key J p a b G #

). com#ute H S5 )&1 OS Family!Hash prefix 00 00* t"e total len!t" is )) %yte. 5 is );0 %it

lon! and we only need t"e first 2 words. 8i!"t lift 5Bs second word %y 2 %its. H.!. if S5 )&*

returns H C + >= = ) >1 0C 0:.

2. com#ute % rx!ry" Signature &Signature G G H # * &mod #*

3. com#ute S5 )& OS Family rx ry* t"e total in#ut len!t" )G2G;: 2 )3) %ytes. nd

com#are Hash and result and if identical t"e key is valid.

Producing A Valid Key!

We assume t"e #rivate key $ is known &sure Microsoft wonBt #u%lic t"is value so we "ave to

%reak it %y ourselves*.

$"e equation in t"e #roduct key validation system is as %elow

Hash S5 & Signature &Signature GGS5 & Hash * # * &mod p**

W"at we need is to calculate a Signature w"ic" satisfies t"e a%ove equation.

). 8andomly c"oose an inte!er r and com#ute % rx!ry" r G

2. Com#ute Hash S5 )& OS Family rx ry* t"e total in#ut len!t" )G2G;: 2 )3) %ytes

and we !et t"e first ;2%it result.

3. com#ute H S5 )&1 OS Family!Hash prefix 00 00* t"e total len!t" is )) %yte and we

8/12/2019 MSKey4in1 Read Me

3/3

need first 2 words and ri!"t lift 5Bs second word %y 2 %its.

nd now we !et an equation as %elow

Signature &Signature GG H # * r G &mod p*

+y re#lacin! # wit" $ G we !et t"e ne-t equation

Signature &Signature GG H $&G* r G &mod p*

*&mod02 nr Signature$ H Signature =+ w"ere n is t"e order of #oint G on t"e curve

*&mod2

:*& 2n

r $ H $ H Signature

+=

Iote not every num%er "as a square root so may%e we need to !o %ack to ste# ) for several

times.

Get Private-key From Public Key

,Bve mentioned t"at t"e #rivate key $ is not included in t"e +,IK resource so we need to %reak it

out %y ourselves.

,n t"e #u%lic key

# x!y" $ G we only know t"e !enerator G and t"e #roduct # %ut it is "ard to !et $ .

$"e effective met"od of !ettin! $ from # x!y" $ G is (ollardBs 8"o &or its variation* met"od

w"ose com#le-ity is merely *& nO w"ere n is t"e order of G. &n is not included in #u%lic key

resource so we need to !et n %y Sc"oofBs al!orit"m*

+ecause a user cannot suffer a too lon! #roduct key t"e Signature must %e s"ort enou!" to %e

convenient. nd Microsoft c"ooses ;2 %it as t"e len!t" of signature "ence n is merely ;2 %it

lon!. $"erefore t"e com#le-ity of com#utin! t"e #rivate key $ is @&2N3)*.