unofficial blog

Remarkable features of Skype

Download AES-256 for Windows XP

Scripts and instructions listed below include AES-256 support for Windows XP, which, among other things, will allow Internet Explorer 8 browser to open sites that use HTTPS protocol with 256-bit encryption…
«More about AES-256 for Windows XP»

(7 votes)

File size:

3.2 KB

File name:

AES256_for_WindowsXP.vbs

File date:

Total downloads:

783

26 comments

  1. 0 0 0
    Dave,
    Correct me if I'm wrong, but I think it might be a good idea to suggest that users change the files in \dllcache\ first. I followed your instructions and rebooted, and nothing changed. I think that Windows File Protection immediately repaired \system32\ with the originals from \dllcache\ (before I replaced them).

    As a side note: I did not have a %windir%\ServicePackFiles\i386\ directory. I think this is because I never installed a service pack -- SP3 was slipstreamed onto my installation disc. This was fine, and did not affect the process.

    I should mention that after my second reboot this did in fact work for me, beautifully. I've been looking for a solution to Windows XP HTTPS issues for almost a year now. Skype immediately began showing link previews again, which it had not done in a couple of weeks, and gave me a banner ad (which I don't even remember the last time I saw). I'm looking forward to seeing if all of the HTTPS errors I've been getting in Opera and Chrome will go away now, but unfortunately I cannot remember any of the sites it had been happening on.

    Last but not least, I think your spam filter is filtering Opera 12. :'D
    1. 0 0 0
      Administrator,
      Hi Dave! Thank you for your notices. I am very pleased that I was able to help you. In truth, most people believe that IE8 on Windows XP cannot support AES256. Until recently, I also thought so. However, some days ago, thanks to one visitor, I found out that it can be enabled if you “convert” Windows XP to Windows Embedded POSReady 2009, install some updates and change some registry parameters. Investigating this information thoroughly, I found and developed this simple solution.

      I myself tested this solution manually and never had problems. Nevertheless, I will update the instruction, as this is indeed a correct remark. And you are right about ServicePackFiles folder — it exists only if Windows was upgraded to SP3.

      The only question: what do you mean by “your spam filter is filtering Opera 12”? Can you explain please?
      1. 0 0 0
        Dave,
        Sorry, I was mistaken! I've encountered comment form spam filters in the past that seemed to filter Opera 12 for some reason. That's not actually the case here. The error was actually a result of me running NoScript (disabling JavaScript, essentially) -- your form submits via AJAX, and if scripting is turned off, it submits incorrectly and fails with an error message of "An Error Was Encountered. The action you have requested is not allowed.".

        By the way, do you know if there is any method that tricks TLS 1.1 and 1.2 into working in IE8 on XP? Even with this change, the checkboxes for them do not appear. (I swear I've seen them in the past, though...)
        1. 0 0 0
          Administrator,
          I apologize, but, unfortunately, I did not investigate this question on how to enable TLS 1.1 and 1.2. If you can find the answer, I will be grateful for any hints.

          In the meantime, I updated the article, added new scripts, and thanks to kb80 upgraded DLLs to a more secure patch.
  2. 2 +2 0
    kb80,
    Btw, the security update KB3081320 supersedes KB3055973 and contains the most current version of the dlls, so if you apply them from KB3081320 instead, the system also will be protected from the MiTM vulnerability, according to the article.

    You can download it from http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3081320
    1. 1 +1 0
      Administrator,
      Yeah! That’s cool! Thank you very much! I updated the article and added some new things.
      1. 0 0 0
        Dave,
        Have you considered posting a new article linking back to this one, mentioning that you fixed a security flaw? Some folks (such as myself) may have installed it already, and are unaware that it's been updated, and will only find out if they happen to visit again for some reason.
        1. 0 0 0
          Administrator,
          As far as I know, all people interested in such articles always subscribe to notifications or regularly visit it. And you are a living example :)
  3. 1 +1 0
    Rumo,
    I have discovered that once the PosReady key is introduced in the system registry it will never more be deleted or changed (so that PosReady_Disable.reg has no effect). All subkeys under the WPA key (like that one) are protected by DRM — or something like that. This can be most of time harmless, but one or another rogue program can refuse to install in what they identify as a PosReady system.

    Other than that, thanks for the tip. I have replaced the files in \Windows\system32 and \Windows\system32\dllcache from outside Windows XP (in a dual-boot machine), and it solved the problem with Skype. No ill effects so far.

    [Updated ]
    I've submitted a previous comment about a problem with the hack you recommend for installing KB3081320, but apparently it has been removed. I think people should be warned that the change made in their systems by PosReady_Enable.reg is irreversible.

    [Updated ]
    Now that my first comment is back, my subsequent comment has become superfluous — and so this one...

    Thanks.
    1. 0 0 0
      Administrator,
      Hi Rumo! Thank you for your comments and sorry for being late. One of these days I’m going to test it and I will update the article.

      [Updated ]
      Tested it! You are absolutely right. I checked, and found that the value is not deleted if you restart the computer. Therefore, it is important to remove it before restarting the computer.
      1. 0 0 0
        Rumo,
        Hi! I think that it's not possible to remove it even before restarting the computer. Please correct me if I'm wrong.
        1. 0 0 0
          Administrator,
          I did only a few tests and not sure if it always works, but I noticed that if I run PosReady_Disable.reg before restarting computer it is no longer restored. I can repeat tests if you get a different result.
  4. 0 0 0
    Olda,
    Thanks a lot! My favourite mail client Alpine works under Windows XP again. Since our IMAP server was upgraded to Debian 9, which refuse all usual Windows XP ciphers, I had to abandon the mail client which I use for years. Now it is back :-).
  5. 0 0 0
    Alec,
    Hi,
    Thanks a lot for your solution it helped me to run our application on XP again.
  6. 2 +2 0
    Usher,
    @Rumo
    @Administrator
    @Dave
    You can't delete POSReady entry when running Windows - it's a part of registry protected by system. However, you can connect the HDD to another PC and edit inactive registry files from another system, if you really want… but I don't think so.
    If your system is fully updated (including MS Installer 4.5, exFAT drivers and possibly some other needful things), you can stay with POSReady 2009 - it works OK with both Home and Pro versions of Windows XP. Now you will get many other security updates with no additional fiddling. Note that there is already available update for TLS 1.1/1.2! It's KB4019276, that supersedes KB3081320 - it's in optional updates now, but in February it should be promoted to important and installed with IE8 cumulative update.
    1. 0 0 0
      Administrator,
      Hello! Thank you for such good comment. By the way, this is why I suggested the way to enable AES-256 without «converting» XP to POSReady.
      1. 0 0 0
        Usher,
        Note that from the very beginning you are talking about Internet Explorer 8 (and its libs), and updates for IE8 are available in Windows XP Embedded only.
        It's really much easier to stay with POSReady and get all security updates installed automatically than to dig in installers, libs, scripts, etc. manually. The updates are really important, some are even so critical, that Microsoft releases them also for Windows XP (see SMB update in May 2017 for example).

        And last but not least - installing AES-2 only without TLS 1.1/1.2 and IE8 updates is like changing only one bald tire in your old car.
        1. 0 0 0
          Administrator,
          I mentioned IE only because Skype relies on its functions. I doubt that someone is using IE8 on a regular basis.

          As for Windows XP, I published this solution in order to fix the connection issue on Windows XP. I didn't see anyone who would like to switch to such updates (especially it concerns sysadmins, at least who contacted me and had the only task to restore the functionality of Skype).
  7. 0 0 0
    Laszlo,
    unfortunately trying to run http://download.skaip.org/win-kb/WindowsXP-KB3081320-x86-Embedded-ENU.exe on my mothers Windows XP system with the Hungarian version of the language would not work. Is there a fix for that?
    1. 0 0 0
      Administrator,
      Try this URL: http://download.windowsupdate.com/c/msdownload/update/software/secu/2015/10/windowsxp-kb3081320-x86-embedded-hun_3960cc5e18c8154b5bde274b3ec75397af7eaeec.exe
  8. 0 0 0
    aliaksandr,
    I'd like to second Usher's claim and urge you to consider switching to KB4019276 in your manual (please see Microsoft KB article for the list of updated files - apart for dlls there is an updated kernel-mode driver).

    btw, this update does not reanimate Skype - all of my contacts are offline for now (February, 10)
    1. 0 0 0
      Administrator,
      Hi! Of course, keeping OS up-to-date is very important, but people who choose to remain on Windows XP already do not do this. I'm very grateful to Usher for pointing out about this update (I didn't know about it, because I do not follow news about Windows XP). In addition, I am grateful to you for reminding about it. However, to replace KB3081320 by KB4019276, I must again spend a lot of time for testing and updating all scripts. At the moment I cannot afford it. By the way, my main goal was to help users to connect to the Skype on Windows XP. And I did it.

      As for your problem it's something else, and occurs due to this issue.
  9. 0 0 0
    murrkey,
    Hi Great job! I haven't tried this yet but I'm sure it will work.
    I have been looking for this Skype fix for a long time.
    One question re. replacing the 3 dlls manually. Will the machine convert to Embedded POS?
    Or will it remain just XP-SP3 with updated drivers? Or do I need to follow the remaining directions and convert to Embedded POS? oops 3 questions.
    1. 0 0 0
      Administrator,
      Hi! Thanks. I hope that you will succeed. Meanwhile:
      1) Replacing DLLs manually or using a BAT/VBS script will not convert your OS to POS. Just note that if you do this manually, OS protection may restore the original files (this is why, at least you should do it very quickly).

      2) When you will replace these files, nothing else will be changed (neither other files, nor drivers, nor the registry).

      3) I don't recommend to convert OS to POS, because it will be very difficult to return everything back. In addition, perhaps you will get updates for ATM.
      1. 0 0 0
        murrkey,
        Thanks for the quick response... I manually replaced the files and Skype now gets incoming calls!

        The only issue I ran into was difficulty replacing the files in system32. Two of them reported "in-use" and would not let me overwrite. Even in safe mode. I had to use an external maintenance program to insert the new DLLs. I also needed to sign out of Skype and quit... then restart XP and everything worked.
        Thank again
    2. 0 0 0
      Usher,
      > Will the machine convert to Embedded POS?

      No. In general Windows XP Embedded/WEPOS/POSReady is Windows XP SP3 OEM repacked with another installer. It's designed to create a minimal OS installation (some kind of Windows Lite), containing only software and drivers selected by developers while standard OEM installation contains full backup of Windows and all windows software and drivers provided by OEM devs. It means that you won't have any additional updates dedicated for POS/ATM if you don't install any such software on your own.

      There is NO real system conversion - POSReady in XP is only a single registry entry and a single change in installer scripts (*.inf), other files are unchanged, so you can use POSReady trick for both XP Pro and Home. And it's not so difficult to remove the registry entry - you should just use regedit from command prompt after starting 32-bit Windows Vista/7/8/10 DVD/USB disc installer in repair mode. You can use this installer also to replace files in use by system (don't forget to replace files also in c:\WINDOWS\system32\dllcache if needed) or to run chkdsk /b on old HDD.

      The real problem is IE8 update (still with no full TLS 1.x support) - currently it may take a week with 100% single CPU kernel load by wuauclt, so the update should be download manually from Microsoft Update Catalog. There may be similar problems with some MS Office updates, other updates should install much faster.
      Note that there is a naming convention mismatch in MS Update Catalog – older files are described mostly as "Windows XP WEPOS/POSReady" updates and newer ones as "Windows XP Embedded" updates.

Add new comment

Comments are moderated by the administrator and cannot immediately appear on the site.
Name:
Email:
Want to be notified of new comments?
If you activate notifications, you can at any time cancel them.
Before you start receiving notifications, you’ll have to confirm that the email you provided is yours.
Message:
Rate entry: