Installing Windows 7 – Part 3

Note : This post is for Educational and Informative purposes only.

Scenario : An objective look at SLP and Loaders.

Solution : Microsoft tightened up Windows product activation scheme due to prevalent usage of the less stringently protected corporate version. It requires users to activate the operating system by inputting a key and then verifying it with Microsoft either automatically over the internet or over the telephone. Large OEMs like Dell, IBM, Asus, and others need an efficient way to mass activate their computers so buyers don’t have to deal with the hassle of verifying their copy of Windows. So, Ultimately a method called System-Locked Pre-installation (SLP) was devised.

There are three different versions of SLP: 2.1, 2.0, and 1.0. SLP uses a special area in a computer’s BIOS to host a set of identification data. In SLP 1.0 it was simply the name of the OEM in the BIOS with a set of less than half a dozen files on the hard drive to verify the OEM listed in the BIOS. SLP 2.0 and 2.1, involves an ACPI_SLIC table (Software Licensing Description Table) that the OS checks upon starting to verify its activation status and also the presence of a matching OEM-supplied key and OEM-specific certificate file in addition to the OEM-specific ACPI_SLIC table before it can activate. In short, for OEM activation to work and able to authenticate licensing for Windows, three components or criteria must exist and fulfill:

1. Full SLIC table in BIOS
2. OEM certificate (xrm-ms) which corresponds with OEMID and OEMTableID (known as Windows Marker) in SLIC table.
3. OEM-SLP product key

This is what makes using Loaders or bios mods easy, because if you can recreate the files before the OS loads, you can fool the OS and achieve instant offline activation on system boot up. It’s possible to modify the BIOS  to include the SLIC , known as a hardmod or biosmod,  or use a OEM-BIOS emulator which is commonly known as Loader (softmod) to emulate a SLIC on boot up (not modifying the BIOS).

Note :It doesn’t matter if you have RTM retail version or OEM version.

Making a hardmod is risky because an improperly modified BIOS could render the computer unable to start. Of the softmods available today, the most popular is the one created by daz found here

Details :

Windows Loader v1.9.2 by DAZ

This is the loader application well known for passing Microsoft’s WAT. The application itself injects a SLIC (Software Licensing Description Table) into your system before Windows boots, this is what fools Windows into thinking it’s genuine. Features

• Can be run as a standalone application
• Works well with all system languages
• Argument support for silent installs
• Can be used for pre-activation
• Application integrity checking
• Custom error handling
• Support for hidden partitions and complex setups
• Can work alongside Linux’s GRUB or any other boot manager
• Works with TrueCrypt and many other types of hard drive encryption applications
• Add your own certificates and serials externally
• Offers certificate and serial installation only for users with an existing SLIC 2.1
• Automated system profiling (The application matches everything up for you)

The great benefit of this method is that Microsoft will have a harder time coordinating a surgical strike against faked BIOS ACPI_SLIC tables since they would likely harm legitimately bought computers. Therefore the risk of being caught is less than Microsoft trying to detect software-based BIOS modification.