Windows 8 970 Published by

Within Windows takes a look behind the Windows 8 build hash



After installing the leaked Windows 8 7955 build, in plain sight are the characters a1b6210f837a32cf. Digging through shell32.dll, housing code to paint the desktop watermark, I found code that sources from HKLM\SYSTEM\WPA\478C035F-04BC-48C7-B324-2462D786DAD7-5P-9. More specifically, the Default value, comprising of 128 bytes, is read and run through a XOR-based function producing a 64-bit (8 byte) hash. I’ve included a rough translation of the algorithm (from assembly to C++) for review. (If this is an implementation of a well-known algorithm, I’d love to know.)
  Behind the Windows 8 build hash