Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the Hash in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.<extension>\UserChoice?

Tags:

windows

windows-8

registry

sysprep

With Windows 8, the user's choice for which application to open for a given document type seems to be kept in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\<extension>\UserChoice

For PDFs on my machine, this contains:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
"Hash"="xh8KhPWlZL0="
"ProgId"="AcroExch.Document"

Yet on another machine the hash is different. What's being hashed, and is there any way to create a .reg file which can be applied to another machine to set this preference?

like image 979
Adrian Taylor Avatar asked Jul 30 '13 11:07

Adrian Taylor

2 Answers

Someone reverse engineered the hash and wrote a CLI tool to set file associations:

http://kolbi.cz/blog/?p=346

extension = “.txt”; the file extension
sid = “S-1-5-21-463486358-3398762107-1964875780-1001” ; the SID of the current user
progid = “txtfile”; the ProgId of the desired association
regdate = “01d3442a29887400”; timestamp of the UserChoice registry key
experience = “a microsoft secret string”; a static string (this is a dummy example, not the real string
hash = Base64(MicrosoftHash(MD5(toLower(extension, sid, progid, regdate, experience))))

Not all details are revealed but probably enough to reverse engineer the rest.

like image 155
regnarg Avatar answered Oct 20 '22 06:10

regnarg

Microsoft decided in Windows 8 (probably for security reasons) that users should be able to set default programs only via the built in GUI. I.e. by design, you are not supposed to be able to set default handlers in a script or programmatically.

The Hash value is used to prove that the UserChoice ProgId value was set by the user, and not by any other means. This works as long as Microsoft keeps the algorithm which generates the Hash, and the mechanism for verifying the ProgId using the Hash, a secret.

In theory you could figure out the secret to set the Hash (and possibly other hidden OS settings), but you would have no guarantee of it's reliability; the next Windows Update might break your method, for example. You probably just need to adapt to the change, and live with using the new methods Microsoft built in to the OS.

like image 29
user3642607 Avatar answered Oct 20 '22 04:10

user3642607
Sign in to Comment

Related questions

How to enable JMX on tomcat7 running as Windows service?
How to open a file from the command line with a specified program?
How to indent a selection in gVim (Win32)
Find a string in multiple files using grep
Async two-way communication with Windows Named Pipes (.Net)
Unexpected "The system cannot find the drive specified." in batch file
Open utf8 encoded filename in c++ Windows
WinError 5:Access denied PyTesseract
Ruby On Rails with Windows Vista - Best Setup? [closed]
How to test subdomains on a development machine? abc.localhost
Executing cmd.exe commands from Java
I dont want console to appear when i run c++ program
Cannot load modules/mod_ssl.so into server
TensorFlow on Windows: "Couldn't open CUDA library cudnn64_5.dll"
Creating batch file to start cygwin and execute specific command
How do I call Windows DLL functions from Ruby?
Which Windows GUI frameworks are currently worth learning? [closed]
Windows command interpreter: how to obtain exit code of first piped command
Use PowerShell to Create AppPool does not set AppPool Identity
node.js http server as a Windows service

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!