In a post last year on the Windows XP subreddit (Windows XP web activation is finally dead…), retroreviewyt shared xp_activate32.exe4, which calculates the Installation ID then generates and optionally applies the corresponding Confirmation ID to activate Windows XP, all offline. Wiping the system and reinstalling Windows XP results in the same Installation ID being assigned by Windows (assuming no change in hardware or product key), thus the same Confirmation ID obtains even in msoobe’s standard telephone activation window.
Long considered out of reach, this development bodes well for salvaging old systems even after Microsoft has shut down the activation servers.
Incredible team effort spanning several decades. That being said, it’s quite sad that we do not live in a world where Microsoft just releases a simple tool to allow anyone to install XP anywhere without the need for activation.
Is WinXP now official Abandonware?
So can now be published Windows XP ISOs legally?
Can be published the leaked Windows XP source code legally?
Can be published programs, wich activate Windows XP, legally?
Can a cracked modified Windows XP ISO published legally?
Can modified and new compiled Windows XP sources legally published as source code and binary?
Or if not all people are allowed to do the above mentioned thing, is it allowed for people with an official Windows XP license key, which they now can no longer use?
Microsoft published software, which is now useless, if anybody needs a fresh install of the operating system.
What is now allowed for that people to install it again on its old hardware?
theuserbl,
Nope. Copyright law does not require Microsoft to support software for continued copyright protection. It won’t be legal until the copyright term expires (which won’t happen in most of our lifetimes) or microsoft officially release it into public domain.
That said, it’s doubtful they would actually prosecute you especially if you’re not committing mass infringement.
This is much less clear than the others because the author of such software owns the copyright, not microsoft! Such software should be permissible on copyright ownership grounds alone. However since such software can be used to facilitate copyright infringement, there is quite a bit of precedent for legal take down requests to prevent the public from having access to such software.
DeCSS is one such example (although the industry has long given up on blocking it). Here’s a more recent example…
https://en.wikipedia.org/wiki/Youtube-dl
As you can see, these things can face long legal challenges with lots of lawyers involved. In this case, the take down was eventually overturned on the basis that the tool could be used with non-infringing works. However this might be harder to pull off if an activator has no non-infringing use cases.
This is a very good question. Are legitimate owners allowed to crack the DRM preventing their legitimate use. On moral grounds, I think cracking software you have a license for is completely justified…but legally I’m not familiar with any case law that covers this scenario.
The DMCA explicitly prohibits circumvention, however it does provide for exemptions. For one, the library of congress can make exceptions every three years. Maybe they’ve created an exception that you can fit under. It’s such dense legalese and I don’t feel that temporary exceptions are a reliable way to defend our rights, but here is the latest one if you want to read it….
https://www.govinfo.gov/content/pkg/FR-2021-10-28/pdf/2021-23311.pdf
The DMCA does have a section on interoperability, which IMHO could be your best long term defense for circumventing a copyright protection mechanism.
https://www.law.cornell.edu/uscode/text/17/1201
https://en.wikipedia.org/wiki/Abandonware#DMCA
Alfman there is such thing as what would be called Abandonware under DMCA. Since Microsoft has turned off the activation servers the activation method is no longer a technological protection measure so releasing cracks for windows XP online activation now are perfectly legal for archive/fair usage. Notice I said archive/fair usage you cannot go and run a business on cracked copies of XP to run your point of sale. You want to run cracked copied of Xp to run games to see how the game run under XP for fun or demo that would be legal.
DeCSS still exists because of countries like Australia. Under Australian law regional coding is illegal due to fair trading laws of Australia so DeCSS is illegal so any one cracking it is only restoring their legal rights. The 3 regions of bluray are not legal under Australian law.
The issue the part of Australian fair trade law of parallel imports that a person/company should be able to import and sell a product produced for a different region. Australia is not the only countries with these laws but it was the country where those behind the anti DeCSS went all the way to the high court and lost.
More interesting is the Australian ruling that modchips to play backups of games you own are legal or to allow people to play games that are no longer sold.
The copyright laws are not uniform around the world.. Australia still has life+70 years as max copyright term this does not apply to all works. Some works like audio recording and photos only get 70 from data of create, There are shorter one out there. There are still countries with 50years copyright terms. Yes it very possible to publish a work in full in Australia as public domain that is still copy-protected in the USA.
Do note life+70 years max is the EU standard for copyright terms as well. Anonymous work in USA where that 95/120 years is out of alignment with EU Australia and many other countries under the life+70 years max copyright system. Australia/EU… under life+70 years as max Anonymous work is a flat 70 years because the author is classed as becoming dead at the point of creation. Yes ghost writing a book and it proven ghost written the life span of the copyright is only 70 years under the life+70 years. Real authors name has to be on the work under the life+70 years standard countries to get the longer copyright. Yes grave or living author has to be findable from just the information on the work to have you life+70 years in the countries where that is the max.
Some ways it would make thing simpler if the USA came into alignment with the EU and other countries operating under that standard.
oiaohm,
Thank you for providing the link, I do find it informative. However I think we need to be clearer about US copyright law versus the library of congress exemptions.
From your wikipedia link…
The DMCA requires the library of congress to come up with exemptions for the law every three years, but unless the library of congress reaffirms previous exemptions, they are only temporary (and their documents are explicit about this).
The Wikipedia article does confirm what you say…
However wikipedia’s claims are NOT backed by the library of congress document they cited, which only lists four classes of exemptions as follows:
https://www.copyright.gov/1201/docs/fedreg-notice-final.pdf
Maybe the library of congress has made such exemptions at some point, I don’t know and frankly it’s painful go through their legalese to find answers. But I did search for “obsolete” and “abandon” but the terms don’t show up in the currently applicable list of copyright exemptions.
https://www.govinfo.gov/content/pkg/FR-2021-10-28/pdf/2021-23311.pdf
The current exemptions no longer lists “dongles”, which I only mention to highlight the volatility of relying on the temporary rights granted through the library of congress process as a long term solution.
–Section 1201(a)(1) provides in pertinent part that “[n]o person shall circumvent a technological measure that effectively controls access to a work protected under [title 17].” Under the statute, to “circumvent a technological measure” means “to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.” –
This is from the DCMA. Key word is effectively. Once you take down the activation servers the code is no longer effectively controlling the work instead can be blocking true owner from using what they bought. Congress and USA court did a ruling on that and not exemption, Case was CAD software USA MIL used.
https://www.federalregister.gov/documents/2021/10/28/2021-23311/exemption-to-prohibition-on-circumvention-of-copyright-protection-systems-for-access-control
I should have pointed this out the USA legal system does not call it abandonware you are looking for Software Preservation/Preservation the difference here is Preservation does not allow you to use preservation software for profit. Playing preservation games and doing demos is fine. Using software in preservation such games/software for running business totally illegal also selling such software is of course illegal.
“obsolete” and “abandon” << does not find anything because they are the wrong term and both are too broad.
Abandonware is a broader term that says you can do what ever you like with the software. Author can declare their work Abandonware and that effectively make it public domain use how you want.
obsolete is another thing author can declare but it is just like saying old version of software/item does not mean unsupported or not buy-able.
Preservation is halfway between Abandonware(or public domain) and obsolete legally.
oiaohm,
That’s pretty genius and I’m curious to see if it would work in court. However it’s not very plausible that’s what congress actually meant.
“[n]o person shall circumvent a technological measure that effectively controls access to a work protected under [title 17]”
Effective is meant to apply to whether a mechanism “controls access” and not whether the DRM is currently effective. Using your interpretation, anyone who manages to break DRM would logically render it ineffective and therefor not be subject to DMCA’s restrictions. Haha, that’s clever but obviously not the intention. Still, I am genuinely impressed you found an interpretive loophole like that!
I find their document so tedious that I didn’t feel like reading it. Thank you for doing the research and finding the right keyword to search. I went through the exemptions and these two might apply to windows xp activation.
This one seems encouraging for ripping the DRM out of video games…
I’m still not keen on rights that rely on temporary exemptions that expire every three years, but that’s the system we have.
There is no such thing as “abandonware”. It’s a term coined for software that is both old and unremarkable enough for the rights holders to bother suing anyone over copyright violations, but there’s no real guarantees that it still wouldn’t happen.
Microsoft is certainly going to engage into litigation if you tried sharing Windows XP disk images and cracking tools on your personal website. Heck, they would probably still do that for even in case of Windows 3.1.
At least for archiving and preservation purposes, abandonware has de facto and, to a point, de jure recognition:
https://en.wikipedia.org/wiki/Abandonware#Archives
I am pretty sure selling these software, or even making money off ads could bring trouble. So would not adhering to direct requests from rightsholders.
However, in practice many companies ignore these archives. Especially when they don’t need to actively defend the IP, unlike trademarks (one can lose trademarks if not enforced).
Otherwise, we would not have this as the first result:
https://github.com/felixrieseberg/windows95
when searching “windows 95 javascript” (hint: github is owned by Microsoft)
If and when Microsoft decides to take action, then we will all know about it.
That Microsoft is the owner of Github, doens’t mean there isn’t code, which violate Microsoft rights.
Here are some examples
https://github.com/ufwt/windows-XP-SP1
https://github.com/Paolo-Maffei/OpenNT
https://github.com/msfwaifu/MinNT5
https://github.com/smartmaster/opennt
https://github.com/ataceyhun/old-src
https://github.com/metoo10987/OpenNT-4.5
https://github.com/Aloxaf/NT4_CMD
https://github.com/huangqinjin/ucrt
I have Microsoft contacted multiple times about that GitHub sides the last three years, but nothing happend.
Because this sides are dangerous for OpenSource projects. If people don’t realize, that the code there is illegal, it could be possible that they bringing it in OpenSource projects.
And here the VCRuntime as binary, but with MIT-license published:
https://github.com/heemskerkerik/vcruntime140
And the Universal C/C++ Runtime (UCRT) with mentioned MIT license:
https://github.com/825126369/UCRT
And as I said, they put only the MIT to it. It isn’t really licensed under the MIT license.
And here an example, where it is REALLY legal.
Microsoft publiched itself its STL under the MIT license:
https://github.com/microsoft/STL
I still have my XP SP3 CD from my university.
It doesn’t need activation and I love it 😀
Thom Holwerda,
It makes me wonder what a court would say, or if anyone would even care that you’re using the software without permission. IMHO the copyright period is insane, especially for software.
https://www.copyright.gov/help/faq/faq-duration.html
This is becoming a bigger problem as over the years software, games, even devices are becoming increasingly tethered with cryptographic locks that require remote server keys to access. Personally I feel this oversteps what ought be allowed by copyright law, but then many companies/publishers feel they are entitled to do it and what do they care about future accessibility? With online-only SaaS “cloud” software it’s even worse; we pay for a license without the benefit of being able to keep a copy. This creates an inevitable apocalypse for software archives. Even after the ridiculously long copyright terms have passed and software is legally public domain there’s going to be major gaps in what can be done to preserve works for the future.
Thankfully at least when it comes to movies, DRM and HDCP have already been cracked, It’s a bigger problem for software.
We are living through a technological dark age. With the increasing reliance on encryption, always-on servers for activation/authorisation, and increased use of cloud services, there is now a distinct risk of software and data being lost to the mists of time. Even web archiving via sites like archive.org is becoming increasingly difficult, due to the reliance of web logins to access content.
It’s a sad state of affairs when something like an Altair 8080 may be much better documented and preserved, than say, a Dell Latitude 7410, purely because the software and hardware required to keep it going is much better preserved (drivers, manuals etc), and has no reliance on cloud services for activation.
In 100 years time, the technology of the 50’s-90’s will be much better preserved than 2000’s-today
The123king,
Yeah. I agree today’s proprietary software & services are facing larger gaps in the record. A lot of people post software & product reviews on youtube, these might end up being the best record of our software, but it brings up another question: how long will this content on platforms like youtube be preserved before being deleted due to lack of commercial value?
Agreed, some of the most useful specialized engineering software is incredibly locked down and has been forever. Hardware dongles that run on ISA cards were pretty common. When the internet became a thing then online activation, per seat monitoring, etc. I’m guessing that many of those would be easier to crack than Win XP, but they also have a lot less attention than winxp has. For all intents and purposes the older versions are just not usable anymore.
You can download DAZ loader and keep activating any number of xp, xp64, vista, vista64, w7 and w7x64 just as before.
NaGERST,
Yeah cracked/warez versions of popular software may end up outliving official versions for obvious reasons.
It is still a legal serial, and updates still work if you fix the SHA2 problem on those systems (don’t know if you can fix it on xp32 but on all the others it works fine with official binaries. The modded bits in the boot loader that DAZ alters just bypasses the activation process, intended for a product you have already bought a license for.
Just use the VLK edition which doesn’t need or use any online activation.
The OS has been dead for ages now in terms of Internet access: it doesn’t support TLS (workarounds exist), it cannot update online, no modern web browsers support it and the old ones which support it are full of security holes.
And God forbid you make its network ports open to the Internet. It has a CIFS stack full of remotely exploitable vulnerabilities, and its RDP/MSTC is no different.
If you need to run it, you do so in a VM or on a PC which is not connected to LAN (you can never know if all your devices are secure/malware free) or WAN.
Windows Vista is no different.
Windows 7 will soon follow – out of the box Windows 7 is terribly insecure and it cannot fetch updates as well. You need to download and install updates offline.
Windows 8.1 sort of works but it’s no longer supported.
I was going to say exactly this!
Running XP connected to the internet will mean it’s a node in a botnet in no time. Considering what some of those botnets are used for, you could argue it’s actually irresistible to run XP.
I’m sure you meant “irresponsible” 🙂
Or was it a botnet that hacked my post…? Guess we’ll never know..
P.s. yes, I did
Ah, I think it was more interesting as originally stated: you could argue it’s actually irresistible to run XP, like some kind of drug 🙂
Will XP ever be useful to run on the Internet in the future? There are plenty of OS that are so obscure now that there surely isn’t anyone targeting them? I don’t know, something with TCP/IP, like OS/2 2x/3x 🙂
Isn’t it enough to disable built-in remote network services and block the ports?
bubi,
It’s a fair question.
Are there known & unpatched vulnerabilities in winxp’s firewall? I’m not sure, but an external firewall would be pretty safe. You can easily mitigate inbound threats this way, but outbound connections could theoretically be vulnerable too. And given that you won’t be able to run an up-to-date software, you’d likely be vulnerable to some known faults.
I see this is “disputed”, but it’s an example of something that could happen particularly with older software.
https://www.tomshardware.com/news/7-zip-zero-day-exploit
The biggest threat of all probably hasn’t changed much, where users download and run malicious code through the front door while granting it admin privileges, haha.
Funny how 7-zip is still supported and runs on XP but I get your point. Microsoft really screwed up embedding as much as possible into the OS and not letting 3rd parties worry about networking etc
It would be awfully nice if the source was available for this random, useful binary.
Multiple Windows XP components are in Windows 10/11.
That’s not happening any time soon. Microsoft hasn’t even released the Win32s source code.
SPAM