Chris123NT's Blog

Where I rant and rave about all things tech

Windows 8 Big Bad Hash Explained

One of the big discussions revolving around Windows 8 lately has been a “hash” that appears on the desktop after the build string.  Many people have speculated on blogs and forums that this hash is used to trace the origins of the build.  Right from the start I had a feeling that this was not the case, at least not in a direct oh this hash is for this employee regard.  So I decided to look into the hash and how it is calculated with a little help from a few friends.  So let’s dive in shall we?

In the screenshot below, you will notice the build string of build 7959, immediately followed by the “hash” that everyone has been talking about:

lol

So now for the huge question, how is this hash calculated?

Well after some looking into it, it was discovered that this hash is calculated by the data located in HKLM\SYSTEM\WPA.  Within this key you will see a GUID key, and inside this you will see 3 binary values.  So I got the idea to play with this key, which required me loading the system hive from outside Windows 8 since WPA is a protected key.  Removing the GUID key resulted in the following:

lol2

Notice that the hash is gone?  So this is proof positive that the hash depends on the data within HKLM\SYSTEM\WPA.  I’m willing to bet that if the values in that key are changed then the hash itself will change as well.

NOTE: Deleting the data in the WPA key, while removing the hash, will cause a BSOD (Black screen of metro loving death Smile with tongue out) after some time of the system running.  There is another way to remove the hash that doesn’t have this side effect, and if I receive enough requests, I’ll think about disclosing that method.

So in a nutshell, the hash is not a means of tracking the origin of the build, as every Microsoft employee that gets a build has the same ISO as whoever else gets that build.  But this hash does however identify the WPA data, and it does have some dependance on the product key used during installation, although it’s hard to test that theory as none of the M3 builds floating around have original installers (which require you to enter a key during setup).

So there you have it, the hash is not a means of tracking you.  Using Windows 8 will not have the Sinofsky secret police knocking on your door, and no leaks will be traceable back to any single employee.  Anything suggesting otherwise is pure speculation.

Tags: , , , , , , , , ,

«
»
  • Janek2012

    I wanna know that second method :D

  • http://twitter.com/freak180 Javier Arroyo

    Well said Chris!

  • Anonymous
  • Torko

    i’m interesting in another method to remove it :)

  • Kingof69ng

    Indeed the second method is needed to protiect the jobs of those who want to share releases before the public beta

  • http://twitter.com/ASV93 ASV93

    Hey, i’m interested in the another method!

  • SkY983

    second method..alternative,whatever…Im in !

  • Sinofsky

    I will catch you all !!! 

 

April 2011
S M T W T F S
    May »
 12
3456789
10111213141516
17181920212223
24252627282930

Categories

Friends

Meta

Powered by Wordpress. Design by Handla Online.