Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the Hash in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.<extension>\UserChoice?

With Windows 8, the user's choice for which application to open for a given document type seems to be kept in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\<extension>\UserChoice

For PDFs on my machine, this contains:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
"Hash"="xh8KhPWlZL0="
"ProgId"="AcroExch.Document"

Yet on another machine the hash is different. What's being hashed, and is there any way to create a .reg file which can be applied to another machine to set this preference?

like image 979
Adrian Taylor Avatar asked Jul 30 '13 11:07

Adrian Taylor


2 Answers

Someone reverse engineered the hash and wrote a CLI tool to set file associations:

http://kolbi.cz/blog/?p=346

extension = “.txt”; the file extension
sid = “S-1-5-21-463486358-3398762107-1964875780-1001” ; the SID of the current user
progid = “txtfile”; the ProgId of the desired association
regdate = “01d3442a29887400”; timestamp of the UserChoice registry key
experience = “a microsoft secret string”; a static string (this is a dummy example, not the real string
hash = Base64(MicrosoftHash(MD5(toLower(extension, sid, progid, regdate, experience))))

Not all details are revealed but probably enough to reverse engineer the rest.

like image 155
regnarg Avatar answered Oct 20 '22 06:10

regnarg


Microsoft decided in Windows 8 (probably for security reasons) that users should be able to set default programs only via the built in GUI. I.e. by design, you are not supposed to be able to set default handlers in a script or programmatically.

The Hash value is used to prove that the UserChoice ProgId value was set by the user, and not by any other means. This works as long as Microsoft keeps the algorithm which generates the Hash, and the mechanism for verifying the ProgId using the Hash, a secret.

In theory you could figure out the secret to set the Hash (and possibly other hidden OS settings), but you would have no guarantee of it's reliability; the next Windows Update might break your method, for example. You probably just need to adapt to the change, and live with using the new methods Microsoft built in to the OS.

like image 29
user3642607 Avatar answered Oct 20 '22 04:10

user3642607