Cracking a Borked, Unpatched Windows XP

August 6, 2024

On this day in 2014, I was using my mother's Fujitsu computer as usual. Windows XP went into a sudden BSOD and immediately revoked the product activation, effectively locking us out entirely due to the original Recovery Disc having disappeared (we either lost it or one of my uncles, who did the initial setup but has a habit of never returning anything he borrows, kept it).

While I did try multiple things to recover this machine, nothing worked. Safe Mode was useless and the Recovery Disc I found on ebay turned out to be in Turkish. Because XP already was EOL at the time this happened and always lacked an internet connection, there was no way to reactivate it and so it ended up in our yard for a few years until I gave it another shot in 2021, only to fail again. I settled with plain data rescue via my ancient Hyrican machine that came pre-installed with Windows Vista and its old ATA connector, which the CD-ROM drive depends on (but not the machine's original SATA-HDD).

Last year a new XP crack was gaining attention for relying on recent discoveries made about the algorithm behind XP's Product Activation. I forgot about it shortly after but came across it again just a few days ago. And it worked... but not without a bunch of issues.

Direct Crack with Original Product Key

I pulled a few different installation discs from various archives and tested them in VirtualBox. All were successfully activated with the telephone activation tool, so I got my old Hyrican, “mastered” the affected HDD and entered the generated Confirmation ID. XP considered it “invalid”.

Different Product Key

I tried various leaked product keys and expected most OEM ones to work due to this version being entirely unpatched and thus unaware of all the keys that became invalid with later versions of XP. Only one was accepted, however the generated ID once again was considered “invalid”. That's when I began to notice that the Installation ID generated by this borked XP install was slightly longer than any ID generated by my VM's and included an extra -XX at the end. I still don't know why this ID is different from the rest and why this install even refused product keys specifically for Fujitsu OEM installs, yet at this point I needed to come up with something different.

Test Crack on the Turkish Install

Surprisingly, I was able to crack the Turkish version of Home Edition SP1, which I installed as a dumb 16 years old girl with no experiences regarding system administration or anything beyond the bare essentials of plain computer usage.

This stupidity actually would come in handy at a later point, though.

Install/Repair XP with a German Installation Disc

I came up with several plans in case one of those should fail as well. Copy all data via LAN or other means to one of my VM's, copy all data to my Vista HDD first and do some checks first before moving them to my VM's – all of those plans involved my virtual machines until I decided to just try the same thing I did back then and use a different installation/recovery disc but this time choosing one of the ISO's I tested in VBox. I chose the SP1 one but instantly was confronted with the issue of burning it to a CD or USB drive.

Out of curiousity, I used my Ventoy USB that already hosted some 32-bit Linux distributions and discovered the WIMBOOT feature. After everything loaded, the system restarted and caused a BSOD. The same thing happened after loading SP2.

The CD's I burned and the Rufus USB all were unbootable. I checked the latter's contents via the Turkish XP and tried my luck by executing setup. All contents were loaded into Windows Boot Manager and WBM finally was back in my native language.

Selecting Windows Setup provided me two options, namely an installation and a repair environment relying on CMD. Because I'm largely unfamiliar with Windows' commands, I chose the install option, where I was greeted by another repair option that spefically searches for older versions of XP. It detected my borked install and did not only repair all system files but upgraded the whole system to SP2.

Now with the first boot option being the borked but upgraded install, XP's product activation was reset and I finally was able to activate it.

Remaining Minor Issues

Because the Fujitsu tower dated back to 2001, the Hyrican tower, which I received in 2007, naturally had to be “too recent” even for SP2, which was released in 2002. Out of all hardware components, only the motherboard (ASUSTeK with a version of American Megatrends from 2002), my old Philips monitor and, after some delay, the USB keyboard were detected; I had to grab an old and largely-broken PS/2 mouse just to set a proper screen resolution.

Today I installed the missing drivers. GPU and audio finally work now and I even installed the missing drivers for my Ethernet port, even though I never will connect this hot garbage – it is what it is – to the internet. Meanwhile the system also started to recognize my USB mouse.

With that out of the way, the real deal begins. Why did this happen in the first place?

Logged Events

This is where things got quite juicy because the BSOD ten years ago did NOT get logged at all. My attempts at recovering the system via Safe Mode did get recorded, though.

I digged through every section and came across an error where a COM+ Event System failed, followed by another error in which Volume Shadow Copy Service was involved. This would hint at a potential hardware failure.

In-between all the various errors originating from Service Control Manager, only two explicitly list “a non-working device”.

Scrolling all the way back to May, there are 14 identical error messages, all listing the same “bad block” for no longer than a little over a minute and only on 4 May – no similar error messages prior to nor after this.

All logs point towards the HDD and it actually would seem plausible, given its age at that time. Unfortunately, it passed all tests conducted by CHKDSK only a few hours prior to the repair/upgrade via the copied SP2 IMG. No found000 was created, no errors were spit out during the upgrade and no more “bad block” messages or any other errors hinting at the nearing failure of the HDD popped up. Despite now being at least 23 years old and having been stored outside for several years with no protection from hot summers, cold winters and humid periods, this is one of the very few components from this ancient Fujitsu tower that took no damage whatsoever, alongside the floppy drive and the replaced CD-ROM drive. The mainboard and the case have begun to rust and I personally am scared of testing the rest, though the RAM module still appears to be in a good state.

But if it neither was the replaced DR-ROM drive, which I considered to be at least partially responsible due to how strict Windows XP's product activation used to be in its first years, nor the rock-solid Seagate HDD with its massive 40 GB, does this make Windows XP itself the sole culprit?

The Curse of the Major Version?

Windows 95 A, Windows 98 First Edition, Windows Vista prior to SP1 – all those versions pretty much have become known for being unstable or unpleasant to use. In all cases, subsequent patches – Windows 95 B, Windows 98 SE and Windows Vista SP1 and SP2 – fixed those stability and speed issues (for some reason, Vista still remains hated, despite SP2 being an update I highly appreciated back when I finally was granted access to the internet for school stuff and downloaded all the pending OS updates). But does this also apply to Windows XP?

Part of the nostalgia for this particular version may stem from the fact that most people simply never experienced a “vanilla” XP, let alone to its full extent. XP was released in 2001 and many home users still did not have internet access at that time. Besides this, most of them either still were using Windows 98, which came out just four years prior to XP, or suffered through Windows ME released in 1999, as their 98 PC's likely were incompatible with XP's higher hardware demands. For XP, users had to invest in new hardware first.

So by the time XP actually became popular, some time had passed. Shortly after its EOL, Ars Technica highlighted that Windows XP initally was hated among its readers. A lot of experienced users clinged on to Windows 2000, while 17 million copies of XP (OEM and Retail) were sold within a year since its release. In September 2003, XP reached a market share of 29%, whereas Windows 2000 still was in the lead with 42% and Windows 98 claiming 15%. Only a month later, XP's share increasted to 39%, while 2000 dropped to 38% and 98 to a mere 12%, meaning the vast majority of XP users never got to experience the original Windows XP that actually lacked support for USB 2.0. Perhaps if they would have experienced it and even drawn a comparison to Windows 98 SE, they may have hated it just as much as they continue to hate Windows Vista, even though they likely skipped Vista after hearing or reading about the negative reviews.

What now?

So while I check the system a little more to figure out the true cause of XP randomly locking itself, it simply may have been XP itself being fully resposible for this. Although there only are few reports about stability issues, major releases, at least based on my experience, tend to be fairly prone to issues of all kinds. The fully unpatched Windows XP install may have been no exception.

For now, I decide to forget that I listened to some... interesting music as a kid and happened to be a big fan of Lady Gaga.