What's the Hash in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.<extension>\UserChoice?

22.1k views Asked by At

With Windows 8, the user's choice for which application to open for a given document type seems to be kept in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\<extension>\UserChoice

For PDFs on my machine, this contains:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
"Hash"="xh8KhPWlZL0="
"ProgId"="AcroExch.Document"

Yet on another machine the hash is different. What's being hashed, and is there any way to create a .reg file which can be applied to another machine to set this preference?

3

There are 3 answers

1
regnarg On BEST ANSWER

Someone reverse engineered the hash and wrote a CLI tool to set file associations:

http://kolbi.cz/blog/?p=346

extension = “.txt”; the file extension
sid = “S-1-5-21-463486358-3398762107-1964875780-1001” ; the SID of the current user
progid = “txtfile”; the ProgId of the desired association
regdate = “01d3442a29887400”; timestamp of the UserChoice registry key
experience = “a microsoft secret string”; a static string (this is a dummy example, not the real string
hash = Base64(MicrosoftHash(MD5(toLower(extension, sid, progid, regdate, experience))))

Not all details are revealed but probably enough to reverse engineer the rest.

1
user3642607 On

Microsoft decided in Windows 8 (probably for security reasons) that users should be able to set default programs only via the built in GUI. I.e. by design, you are not supposed to be able to set default handlers in a script or programmatically.

The Hash value is used to prove that the UserChoice ProgId value was set by the user, and not by any other means. This works as long as Microsoft keeps the algorithm which generates the Hash, and the mechanism for verifying the ProgId using the Hash, a secret.

In theory you could figure out the secret to set the Hash (and possibly other hidden OS settings), but you would have no guarantee of it's reliability; the next Windows Update might break your method, for example. You probably just need to adapt to the change, and live with using the new methods Microsoft built in to the OS.

0
js2010 On

By the way, these userchoice hashes in a profile become invalid after a sysprep, causing all those "an app default was reset" messages during the first login after sysprep, and many log entries in Microsoft-Windows-Shell-Core/AppDefaults.