Shoot the breeze, anything goes.
Steven W
VIP
Posts: 2466
Joined: 2013-08-10 22:40

2022-09-18 06:51 »

https://infosecwriteups.com/reversing-m ... 7e825014b6
Do you know that 111–1111111 is a valid Windows95 product key, so is 000–0000007? I didn’t. I was binging YouTube one day when I found it out via stacksmashing’s video [THIS] on the topic, where he discussed why this works and analyses some code too, this made me curious and I decided to do it myself and reverse the library file responsible for product key check.

I did just that, now I want to share the experience with you, as usual, I tried to make sure you can easily reproduce the results so I uploaded all the project files and source files for you to download :)
Source files on MS owned GitHub?! :lol:
As Windows95 is discontinued (Mainstream support ended on December 31, 2000, and Extended support ended on December 31, 2001) and product-key check algorithms and strategies are far more advanced in subsequent versions, we can discuss this topic safely now.
Mod7 Check Function

In short, this is the function that checks if the sum of the next 7-digit number series is divisible by 7 or not. That’s it.

If the number is between 0–8 [Line 13] and if sum of all digits after the — gives 0 (zero) as the remainder when divided by 7 [Line 19] then it is valid.
Example Case 1:

Key = 111-1111111 , This key works because 111 is not in exclusion list and 1+1+1+1+1+1+1=7 ; 7%7 = 0
:thumbup:

Steven W
VIP
Posts: 2466
Joined: 2013-08-10 22:40

2022-09-18 06:55 »

Oh yeah, the vidya being referred to:


Steven W
VIP
Posts: 2466
Joined: 2013-08-10 22:40

2022-09-20 01:17 »

From the vidya:
I thought it would still be interesting to try and reverse engineer the Windows 95 serial check using modern tools - more than 25 years later!
getting-old-hungover.jpg
getting-old-hungover.jpg (24.41 KiB) Viewed 56 times

User avatar
!
30%
Posts: 3138
Joined: 2013-02-25 18:36

2022-09-26 17:55 »

hahaha i think i knew this 20+ years ago and forgotten about it

Post Reply