Windows XP activation algorithm cracked, keygen now works on Linux

why not write it in javascript ?

Handy for a few ancient games that don't behave elsewhere. I can't think of much that I needed to revert to 98SE for that XP couldn't handle.

Telephone activation does indeed still work. Used it this year when I reinstalled the XP VM that I use to drive my scanner. (Damned if I'm going to chuck a perfectly good scanner just because there are no current drivers.).

Really?

If you want to see a TRULY insecure OS, look no further than Windows 10/11.

At least with XP you KNEW that it was insecure by design and could take precautions. With Mickey$oft's "latest and greatest," they go to extreme lengths to tell you "trust us," while innumerable vulnerabilities are added with every forced update.

there is a fun video on youtube which reverse engineers the algorithm that checks if a Win 95 product key is valid. It's titled "Why 111-1111111 is a valid Windows 95 key".

Nothing to see?

This would be more useful if the article- or even the blog it linked to- made clearer where the utility that supposedly does this can be safely downloaded.

Google turns up mention of "xp_activate32.exe"- mentioned elsewhere in similar repeats of this news at other sites- but no actual link, and the subreddit linked to in turn references another utility that supposedly "updates your certificates" and allows online activation again, but not the entirely offline activation utility mentioned here.

OEM royalty SLP activation has been a work around for activating XP inside a VM for a long while. The XP VM i have on my laptop is activated exactly using this method.

The XP installer basically looks for certain certificates in the BIOS which says it was a OEM installation. And you can add those into your VM config files and then Windows believes it was being installed on a real Dell, Lenovo, HP or whichever code you input.

You do need to install from an OEM ISO (the ones that shipped with their PCs) for it to work, it won't work with VLM or retail copies, although I believe there are way of copying the install files from one of those and making a new ISO file which can work.

That method would also work on most PC if you used a util to add a HP cert to the BIOS it would then activate using a HP XP reinstall CD.

There is a discussion on this website from 2013 about using this method so its definitely something thats worked for 10 years + https://superuser.com/questions/539714/windows-all-oem-activation

Oh and it also works for Vista and Windows 7 using a similar method.

Someone, somewhere …

is shouting "It's alive!!!! Alive, I tell you!!!" and laughing maniacally.

Thanks @Liam Proven for another interesting article - I still run XP for sound hardware which won't run on anything else, using two old Core2Quad 9400 PCs, which also connect to the internet... firewalled and port blocked to hell, and increasingly rarely as new web standards surpass 32-bit Firefox ESR's ability to render websites. It also runs as you know, on my newly upgraded Sony VAIO P (external DAC), which I also use for sound creation, as part of a XP Pro/Windows 7 Pro/MX Linux tri-boot setup. Have you upgraded your VAIO P with an SSD yet? It's the only sensible choice, makes the damn things more usable and useful. I now have 6 screens on my desk. :eek:

One soundcard with awesome hardware DSP reverb only works on Windows 2000 and Windows 98... :( A PII 266 hosts that one.

Too late the hero

Don't ever connect?

I discovered at least one XP machine in the extended family running last week. To date, it hasn't been compromised by anything, or at least anything immediately apparent.

It may well be a lovely node on a botnet, but no ransomware encryption nasties have infected it, and the operators have not had entire lifesavings sucked out their banks, or online accounts hijacked.

Bizarre, but true. You'll be asking "May be part of a botnet? Don't you know - haven't you nuked it from orbit!?" Well, I haven't bothered to look at it any further than a brief perusal out of morbid curiosity. A day, or a week is going to make not a blind bit of difference at this juncture, whether I take it out the back and shoot it, or not - besides I'm meant to be retired from all that nonsense.

Security is hard, and you'll never patch all the holes in anything. My time in IT gave me PTSD, and the understanding that the advice is: 'never connect anything to the internet' - never mind WinXP. It's naive to think 'Hey I'm all patched up today - no vulns for me"

Hell, even an airgapped machine will get royally screwed the minute a grunt gets a hold of it - there is absolutely, unequivocally, zero defence against stupidity.

Best you can ever do is have backups, and go home for a pint. Some survive the battle for a while, in the same way a dandelion survives the mower - dumb chance. You can swerve around all you want, heroically running from the treeline every day, if you feel it helps. 'He killed 15 zero-days single handed...30, if you like'

Yeah, that XP machine has to die, of course it does, though some twisted part of me wants to leave it operational, and to snoop the bejeezus out it, just to see what myriad nasties are operating in there - and if there are none - how in the seven hells there aren't.

Plan B.

A simple web translation layer should be able to alter any web page to be used on any system. From the most basic option of turning it into an image file to acting as a 'translator' between specific user-side behaviours and more modern web page scripts and options. It would be a good way to test cut-down web interfaces on limited systems and would allow safe/secure surfing on all systems, not just retro, by filtering out all malign capability. You'd think there would be enough coders with enough spare time on the planet, to knock one out. The user could configure the range of options their system could or wished to deal with, and the software would intervene between the net connection and the browser.

Welp, back to Windows 3.0.

(Yes, I did have a 3.0 machine, not just the VM, running this decade.)

Used to run XP for older games

Some of my fave games required me to still use XP... But those have now been made available thanks to work by companies like GOG or even people over at the X-Wing Alliance Upgrade project who have not only updated the game to make it look amazing now. But have made their patches work with those versions of the games available from places like GOG.

So I admit... I bought them again because trying to get my original CD's working, patched and updated to the new versions... was a huge pain in the butt.

"As a result it's possible to generate valid activation codes for Windows XP, without an internet connection, on a modern computer or virtual machine host, even though Microsoft has turned off all the activation servers."

The activation servers are still online, Win XP doesn't support the certificates to access them, Legacy Update adds support. I activated Wix XP over the internet yesterday after running Legacy update https://legacyupdate.net

"This is a community-run resource to help you fix access to the internet and the Windows Update service on earlier versions of Windows.[ supports updating on Win 98 to 8.1]

Since Windows XP was discontinued in 2014, followed by Windows 7 in 2020, Microsoft’s support for their earlier OSes has significantly dwindled. As XP and earlier don’t officially support modern security improvements, such as the SHA256 hash algorithm required by modern SSL and Authenticode certificates as of 2019, much of the internet has become inaccessible to these devices. Adding insult to injury, Microsoft actively removed many downloads for XP and earlier versions in 2020. In effect, working with these OSes is now incredibly difficult.

Windows Update provides many optional and recommended updates, in addition to drivers for your system, but Windows XP and 2000 can only install critical security updates through the built-in Automatic Updates feature. Legacy Update revives the original Windows Update website - the only way to see and install every update available for your system."

Is it really needed?

I'm trying to dust off the memory banks to remember exactly what didn't work in Windows XP if it never was activated...

I know the newer server builds will shut themselves down after some hours, but wouldn't the desktop versions basically just display scary pop-ups explaining why it was important to activate and maybe turn the desktop wallpaper black?

Microsoft should leap at the opportunity to expand on its side of the story. And officially "pardon" so to speak, the release of the WinXP and Win2K source tree a few years back, and treat it and this as part of the "playing with tech" community bundles they got started releasing about a couple of decades ago.

Even going to the Internet with freaking DOS is safer that doing so with XP!

By that way ever heard of Freedos?

https://freedos.org/

And the Web Browser Aracne?

https://www.glennmcc.org/

And....

https://itsfoss.com/install-freedos/

Have fun!

Not only legacy hardware, but software also.

You mention old hardware that won't run more modern Windows than XP, but there are also instances of software that won't run on more modern Windows. The ones I've heard of are industrial control applications that are effectively 'abandonware,' but still necessary to operate industrial equipment (boilers, plywood manufacturing, etc.).

XP great for me

Because I still play and very much enjoy Microsoft Combat Flight Simulator, using a game-port connected Microsoft Force Feedback joystick. None of those is supported by anything later than XP and I have a couple of Asus M5A7L PCs to keep me flying. Of course I have used a NLite to create a slim image and ghosted it, but every so often I rebuild using my genuine copies of XP. So really I don’t need this tool at all. I was just telling you what I do. Cheers.

I don’t understand. What is the difference between this new form of XP activation and just using the “windows XP CD key generator” from back in the day? I always remember the “windows XP cd key generator” crack to work successfully. Am I missing something?

How about this then?

https://github.com/richardg867/WaybackProxy

I see a lot of people using a Raspberry Pi with one of these to act as a proxy for older machines. Heck, the provided screenshot shows Windows 98 and the original it was forked from shows Mac OS 9.2.2!

XP?

I have (expensive) hardware that runs DOS. That I want to keep going.

legacyupdate.net

Legacy Update doesn't work for me -- on XP I only get a SOAP error "failed to parse SOAP' when it tries to do whatever it is trying to do.

It's not about the internet

Everyone always panics when I say "Windows XP." Guys.. NO ONE in this day and age will run XP with an internet connection. Why? Because NOTHING modern runs on XP (not even Firefox). *No* non-technical person would use XP, because using XP in 2024 is really, really difficult.

I use XP to play 90's video games. It's on an 11" Atom netbook from 2007. All internet components have been uninstalled, all networking devices switched off.

Here's the problem: One day when I think "Hey, let's try disabling hyperthreading and smartstep to see if this one game will run better." The moment I boot into XP, the slap to the face arrives: "Your hardware has changed. Please reactivate XP." Reboot into BIOS, re-enable those features, boot back into XP: "Your hardware has changed. Please reactivate XP." This is why reactivation mechanisms are still important. Old games simply don't run on modern systems without emulators, and emulators need INSANE single core performance. I just want an 11" netbook with 5 hours battery life that I can use in place of handheld console.