Decrypting Microsoft

Problem: My teacher had a hard drive from a computer that needed windows re-installed, but the owner no longer had the CD-key that had come with his computer. We needed to find a way to get the XP CD-key off the hard drive without running Windows from that hard drive.

Research: A bit of Googling revealed that while in Windows 95-based operating systems the CD-key was in cleartext in the registry, Windows NT-based versions (including XP) had the key encrypted in the registry. Our task, then, was two-fold.

• Open the registry files from the old hard disk and find the key.
  
• Decrypt the CD-key once extracted from the registry.

Part 1a: Open the Registry
There are several registry files on every computer. Each user has an NTUSER.DAT file in their documents, which is hidden under normal circumstances, but with the proper settings in the file explorer (Tools -> Folder Options -> View tab -> Show protected and system files, Show hidden files) it is displayed. The problem then is viewing the data in this file. This can be accomplished with a tool called loadhive. When you run this, it prompts you for a file to load. Navigate to the hive file mentioned and select it. After clicking Open Hive, it will display a window with some information. Do not close this window! This is telling you where it loaded the hive into the registry, and this hive file will only be loaded while this screen is displayed. Only after you have retrieved your key can you close this window, to unmount the hive file. Note that this will mount the hive file in a non-standard branch of the registry, so it doesn't overwrite your real registry.

Part 1b: Find the Key
Now that you have the hive mounted, go to Start -> Run, type regedit, then press enter or click Okay. Navigate in the registry to the part that was desribed in the loadhive window, for me it was HK_LOCAL_MACHINE\NTUSER. Inside of this, find the Software\Windows NT\Currentversion folder and click on it. In the right pane will be displayed a binary registry key labeled DigitalProductID. Double-click on this key. This will display the encrypted key with it's corresponding hexadecimal values. Don't worry if you don't understand it. The key is stored in sections 34 through 42. Here is a map to help you find your key.

0000  00 00 00 00 00 00 00 00  ..
0008  00 00 00 00 00 00 00 00  ..
0010  00 00 00 00 00 00 00 00  ..
0018  00 00 00 00 00 00 00 00  ..
0020  00 00 00 00 00 00 00 00  ..
0028  00 00 00 00 00 00 00 00  ..
0030  00 00 00 00 11 11 11 11  ..
0038  11 11 11 11 11 11 11 11  ..
0040  11 11 11 00 00 00 00 00  ..
0048  00 00 00 00 00 00 00 00  ..

The spots marked 11 indicate the sections where your key is stored. Congratulations, you have found your key!

Troubleshoooting Note:
If the "DigitalProductID" key isn't there or if your key seems to consist of only 00's, your key may not be in the NTUSER.DAT file. In this case, instead open the Windows\System32\Config directory and locate the Software file. It has no extension. Load this into your registry with the method described above and note that this will be loaded into a different area in the registry. Just read the loadhive window to find out where. Then follow the rest of the instructions to find the key normally.

Part 2: Decrypting the Key
This is the easiest part. Just go to this site, enter those pairs of numbers into the entry area (don't worry about spaces or capitalization) and press Decrypt Code. It now displays your 20-digit product key.

Lazy Logic

    When the logical processor was first created, it was valued for its ability to think analytically and come out with cold, hard facts that were exactly the same every time. 2 + 2 = 4. This is the way computers think, in either right or wrong. If a logical processor was grading your math homework, it could tell you if you were right or wrong, but not if you were "close", because the logical processor has no concept of "close". It can see only in black or white, one or zero, true or false. This was not seen as a fault – it was valued for its precision.

    Now enter the concept of Fuzzy Logic, by which the logical processor becomes a fuzzy processor. Logical facts are made into "fuzzy" facts, applied to rules, and then "defuzzified" back into logical facts, all in the effort to enable the logical processor to do what it could never do before – think like a human (Prophet, 2004). Why were people going through all this effort to turn a cold, calculating machine into a "fuzzy" machine that can think like us? My theory is this – Laziness.

    Using newer variations of fuzzy logic, it is now possible for a computer to be able to analyze statement paradoxes such as "This sentence is false" and come up with a definitive answer, whereas using a pure logical processor would have resulted in an endless loop (This headline is (half) false.2003). This enables computers to be presented with a question that does not have a strictly right or wrong answer, and be able to derive from it the same answer a human would. In short, fuzzy logic and its continually developing branches are designed to enable computers to be able to not only do our math homework for us, but to be able to decide for us what clothes to buy and wear, what movie to watch – or even what we should write our paper about.

 

 

References

Prophet, G. (2004). Whatever happened to fuzzy logic? EDN Europe, 49(4), 23-28. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=12713880&site=ehost-live&scope=site

This headline is (half) false.(2003). Economist, 369(8344), 77-77. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=11005575&site=ehost-live&scope=site

 

Turning On a Stubborn Network Discovery

On my Server 2008 virtual machine, there were some exercises that required Network Discovery to be on. However, whenever I tried to turn Network Discovery on in the Network Settings page, it simply wouldn't turn on. I could check the radio button and click apply, it would process that for a bit, then close the submenu as if it had turned it on, but the light would be gray, not green. I searched the internet for hours, turning on services, opening ports, disabling the firewall (this turned on network discovery, but besides being a security risk also made other configuration problems) but nothing I tried worked. I was at my wit's end.

Then I stumbled across this obscure thread on Microsoft's Technet, in which the last poster described a stupidly simple way to fix this. I tried it, and it worked like magic.

Other members of the class having the same problem tried it, and it worked only after turning on several services mentioned in other threads, notably, DNS Client, Workstation, Server, SSDP Service, and Remote Procedure Call.

Edit: After doing this, I was unable to turn on printer sharing. It was acting the same way as Network Discovery had been. I discovered that somehow, I had lost access to the printer! When I right clicked on the printer and selected Properties, it displayed the warning "You do not have access to this printer. Only the Security tab will be displayed." As I was logged in as Administrator, which was the account that had added the printer, I was a bit confused how that came about. I finally got around it by granting "Everyone" full control to the printer. Since that was insecure, I then deleted it and re-added the printer. I was then able to enable printer sharing in the Network and Sharing Center.