Efficient registry use



  • Background reading:  Registry Element Size Limits (MSDN)

    While making a software image for Office 2007 at a past job, I ran into an issue with the ancient deployment software that we used (probably its own WTF).  The software assumed that all registry values should be shorter than 64 kilobytes and complained when it encountered anything longer than that.  We could have had the value patched in later on, so this wasn't too much of a problem, but I wanted to clear the value out of the registry before I made the image.  We'd had issues with the deployment software corrupting the registry in the past.  I didn't want to have it happen again.

    It didn't seem likely to me that someone would deliberately write out such a long registry value.  Some of the Windows Installer registry entries can get up to a few kilobytes long, so I checked there first.  I didn't find anything out of the ordinary.  Next, I tried exporting the HKEY_LOCAL_MACHINE registry for Office 2007 to a registry patch to see if it was in there.  I opened up the patch file and found this:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{90120000-0030-0000-0000-0000000FF1CE}]
    "Current"=hex(2):54,00,51,00,42,00,4a,00,41,00,45,00,4d,00,41,00,55,00,67,00,\
      42,00,50,00,41,00,46,00,4d,00,41,00,54,00,77,00,42,00,47,00,41,00,46,00,51,\
      00,41,00,49,00,41,00,42,00,54,00,41,00,45,00,38,00,41,00,52,00,67,00,42,00,\
      55,00,41,00,46,00,63,00,41,00,51,00,51,00,42,00,53,00,41,00,45,00,55,00,41,\

    ...

    I'd obviously found the offending value, but I was also a bit worried.  "Registration?"  I was supposed to be imaging a volume-licensed copy of the software.  What could Office possibly have been doing with hundreds of kilobytes of registration information?  What if it was tying the license to the most minute details of the hardware on the machine that I was imaging?  Would the image work on anything else?  Somewhat unnerved, I deleted the value from the registry and started cleaning out temporary files so that I could make a test image.  Then I took another look at the registry patch.

    Every other byte in the registry value was zero.  Furthermore, all of the non-null bytes were between 0x30 and 0x80.  It appeared to be ordinary text.  I opened regedit again and took a look at the value in question.  It was stored as a REG_EXPAND_SZ and looked like this:

    TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABF ...

    I looked at this and said to myself, "That's Base64, isn't it?"  Out of curiosity, I copied all 174k of it into an online Base64 decoder.  What vital registration information was Office 2007 keeping in the registry?

    MICROSOFT SOFTWARE LICENSE TERMS
    2007 MICROSOFT OFFICE SYSTEM DESKTOP APPLICATION SOFTWARE
    Below are three separate sets of License Terms. Only one set applies to you. To determine which License Terms apply to you check the license designation printed either on your product key, near the product name on your Certificate of Authenticity, or on the download page if you obtained your product key online...



  • Well, you know what to do. Put the key back in with the unicode version of the base 64 of the binary representation of "Micro$oft is teh Loozerzzz", and see where it will come up. (You negleced to say: was the base64 version of 16-bit unicode text, with every second byte null?)



  • Either that, or replace it with a copy of the GPL.

    Version 3.



  • @robbak said:

    You negleced to say: was the base64 version of 16-bit unicode text, with every second byte null?

    Both the EULA itself and the Base64 encode were Unicode.

    Also, as far as I could tell, the registry value wasn't actually used for anything.  I didn't have any trouble running Office without it, at least.
     



  • It's actually used for the "View the Microsoft Software License Terms" link in the About office dialog boxes.  A little bit of futzing with python and I got "aQAgADAAdwBuAHoAIABqADAAMAAhACEAMQAhADEAMQAhADEAMQBvAG4AZQA=\n", which translates into:

    i 0wnz j00!!1!11!11one

    It took a few minutes to figure out where they'd hidden the about box in 2007.  It's "Office button", "$APP Options", Resources, About

     



  • Weird, just exported it and for me its stored as:

     "Current"="TQBJAEMAUgBPAFMATwBGAFQAIABT....



  • Excellent. Note that the GUID they use ends with '0FF1CE'. How l33t.

    Also, it's not just a base64 encoded string, it's a base64 encoded C string, complete with null terminator (the AAAA at the end is a dead giveaway).

    For my Office (2003) the license was split over 6 string entries (instead of the binary entry 2007 uses) named 'Current1' etc, and doesn't have the l33t GUID.

    I've replaced my one with TgBvACAATABpAGMAZQBuAHMAZQAgAAAA, which comes out as 'No License'.



  • @robbak said:

    Either that, or replace it with a copy of the GPL.

    Version 3.

    Done: IABDAG8AcAB5AHIAaQBnAGgAdAAgACgAQwApACAAMgAwADAAMwAgACAATQBpAGMAcgBvAHMAbwBmAHQAIAAKAAoAIAAgACAAIABUAGgAaQBzACAAcAByAG8AZwByAGEAbQAgAGkAcwAgAGYAcgBlAGUAIABzAG8AZgB0AHcAYQByAGUAOgAgAHkAbwB1ACAAYwBhAG4AIAByAGUAZABpAHMAdAByAGkAYgB1AHQAZQAgAGkAdAAgAGEAbgBkAC8AbwByACAAbQBvAGQAaQBmAHkACgAgACAAIAAgAGkAdAAgAHUAbgBkAGUAcgAgAHQAaABlACAAdABlAHIAbQBzACAAbwBmACAAdABoAGUAIABHAE4AVQAgAEcAZQBuAGUAcgBhAGwAIABQAHUAYgBsAGkAYwAgAEwAaQBjAGUAbgBzAGUAIABhAHMAIABwAHUAYgBsAGkAcwBoAGUAZAAgAGIAeQAKACAAIAAgACAAdABoAGUAIABGAHIAZQBlACAAUwBvAGYAdAB3AGEAcgBlACAARgBvAHUAbgBkAGEAdABpAG8AbgAsACAAZQBpAHQAaABlAHIAIAB2AGUAcgBzAGkAbwBuACAAMwAgAG8AZgAgAHQAaABlACAATABpAGMAZQBuAHMAZQAsACAAbwByAAoAIAAgACAAIAAoAGEAdAAgAHkAbwB1AHIAIABvAHAAdABpAG8AbgApACAAYQBuAHkAIABsAGEAdABlAHIAIAB2AGUAcgBzAGkAbwBuAC4ACgAKACAAIAAgACAAVABoAGkAcwAgAHAAcgBvAGcAcgBhAG0AIABpAHMAIABkAGkAcwB0AHIAaQBiAHUAdABlAGQAIABpAG4AIAB0AGgAZQAgAGgAbwBwAGUAIAB0AGgAYQB0ACAAaQB0ACAAdwBpAGwAbAAgAGIAZQAgAHUAcwBlAGYAdQBsACwACgAgACAAIAAgAGIAdQB0ACAAVwBJAFQASABPAFUAVAAgAEEATgBZACAAVwBBAFIAUgBBAE4AVABZADsAIAB3AGkAdABoAG8AdQB0ACAAZQB2AGUAbgAgAHQAaABlACAAaQBtAHAAbABpAGUAZAAgAHcAYQByAHIAYQBuAHQAeQAgAG8AZgAKACAAIAAgACAATQBFAFIAQwBIAEEATgBUAEEAQgBJAEwASQBUAFkAIABvAHIAIABGAEkAVABOAEUAUwBTACAARgBPAFIAIABBACAAUABBAFIAVABJAEMAVQBMAEEAUgAgAFAAVQBSAFAATwBTAEUALgAgACAAUwBlAGUAIAB0AGgAZQAKACAAIAAgACAARwBOAFUAIABHAGUAbgBlAHIAYQBsACAAUAB1AGIAbABpAGMAIABMAGkAYwBlAG4AcwBlACAAZgBvAHIAIABtAG8AcgBlACAAZABlAHQAYQBpAGwAcwAuAAoACgAgACAAIAAgAFkAbwB1ACAAcwBoAG8AdQBsAGQAIABoAGEAdgBlACAAcgBlAGMAZQBpAHYAZQBkACAAYQAgAGMAbwBwAHkAIABvAGYAIAB0AGgAZQAgAEcATgBVACAARwBlAG4AZQByAGEAbAAgAFAAdQBiAGwAaQBjACAATABpAGMAZQBuAHMAZQAKACAAIAAgACAAYQBsAG8AbgBnACAAdwBpAHQAaAAgAHQAaABpAHMAIABwAHIAbwBnAHIAYQBtAC4AIAAgAEkAZgAgAG4AbwB0ACwAIABzAGUAZQAgADwAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGcAbgB1AC4AbwByAGcALwBsAGkAYwBlAG4AcwBlAHMALwA+AC4AAAA=



  • License Terms

    Awesome! 


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.