Shoot the breeze, anything goes.
User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-09-18 06:51 »

https://infosecwriteups.com/reversing-m ... 7e825014b6
Do you know that 111–1111111 is a valid Windows95 product key, so is 000–0000007? I didn’t. I was binging YouTube one day when I found it out via stacksmashing’s video [THIS] on the topic, where he discussed why this works and analyses some code too, this made me curious and I decided to do it myself and reverse the library file responsible for product key check.

I did just that, now I want to share the experience with you, as usual, I tried to make sure you can easily reproduce the results so I uploaded all the project files and source files for you to download :)
Source files on MS owned GitHub?! :lol:
As Windows95 is discontinued (Mainstream support ended on December 31, 2000, and Extended support ended on December 31, 2001) and product-key check algorithms and strategies are far more advanced in subsequent versions, we can discuss this topic safely now.
Mod7 Check Function

In short, this is the function that checks if the sum of the next 7-digit number series is divisible by 7 or not. That’s it.

If the number is between 0–8 [Line 13] and if sum of all digits after the — gives 0 (zero) as the remainder when divided by 7 [Line 19] then it is valid.
Example Case 1:

Key = 111-1111111 , This key works because 111 is not in exclusion list and 1+1+1+1+1+1+1=7 ; 7%7 = 0
:thumbup:

User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-09-18 06:55 »

Oh yeah, the vidya being referred to:


User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-09-20 01:17 »

From the vidya:
I thought it would still be interesting to try and reverse engineer the Windows 95 serial check using modern tools - more than 25 years later!
getting-old-hungover.jpg
getting-old-hungover.jpg (24.41 KiB) Viewed 9098 times

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2022-09-26 17:55 »

hahaha i think i knew this 20+ years ago and forgotten about it

User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-10-07 02:51 »

Hehe, I vaguely recall someone telling me that all ones would work, but never even saw a retail edition until years later. There's some weird quirks with 98SE and perhaps plain-old-98 too. A neighbor I had back in the very late 90s showed me. I recall there some keys that will bypass the 'upgrade' check for the 'upgrade' edition(s). I can't recall them right off the top of my head and, unless someone puts a vid up on Youtube or shares them on GitHub, I wouldn't mention them even if I could recall. I guess 98SE will be 25 years old sometime next year... :lol:

User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-10-07 02:52 »

Oops, now that I think of it, that will probably be in 2024.

User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-10-07 03:08 »

For the life of me I can't recall the specific product, whether it was an OS or perhaps some version of Office... Anyway, I vaguely recall a friend showing me that if you pointed the 'upgrade check' back to the install CD (perhaps it was a specific directory), that it would pass the check... I used to just about die laughing at some of this stuff.

User avatar
Steven W
VIP
Posts: 2863
Joined: 2013-08-10 22:40

2022-10-07 03:50 »

Oh lord. I'm remembering stupid shit. I worked at a place that was running XP. My former boss had changed his password and couldn't log in. I guess he'd typed something wrong. Anyway, the computers were set up so that they would log in through the network, but if that didn't work or the computers weren't connected they'd fall back to a local log in. After trying a few things that didn't work, he was on the phone with one of the IT guys, I decided what the hell, I disconnected the ethernet cable, rebooted, typed Administrator at the prompt with no password and the machine logged on. I changed the password on his local account, logged him on, connected the ethernet cable and told him to change his password. I think the IT guy likely shit himself when he realized all the machines were set up with no password on the Administrator account.
:lol:

User avatar
!
30%
Posts: 3259
Joined: 2013-02-25 18:36

2022-10-08 15:27 »

blank administrator password, hahaha...

Post Reply