Slashdot Mirror
WinXP Keygen Foils Product Activation
Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"
I don't know entirely how WPA works, but I know with most games you *can* use a keygen for most of the codes. If they are 'well-formed' and comply with their format then the game will accept it. However, only a select number of the 'possible' working keyset is actually *valid*, meaning it exists in their large database.
I would suspect that would be the case here; the question is whether or not that false key once accepted by the program is transmitted back to Microsoft for validation.
Thanks,
--
Matt
Does anyone expect jack-booted MS employees to come kicking in their doors and arresting them for having a invalid product key?
Let's face it, as much as MS needs to say they will come after people who pirate their software, they aren't going to come after individuals. Unless you are killing a significant portion of their business, they are likely to leave you alone.
They would rather an individual use a pirated copy of their software than someone elses, because it still puts them in your house. They still have a good chance of branding, selling you MS Money, Office or some other product.
Can't say that out loud though. Might loose too much business.
best web host ever
There's no way to make a crackproof piece of software. If a user has access to software, he can crack that software. Period.
:), but these keygens only work for the offline version of the game. As soon as the someone tries to use that game online, they're denied access by the game server because their genned key isn't in the database of valid keys in the field.
However, as the article notes, cracked software can be detected. No matter how good the cracker, there's little that can be done against online verification. If MS keeps a record of all valid keys, then anyone attempting to use online MS services of any kind with a genned key can be detected and denied/disabled.
This is an old trick for online games, etc. Crackers come out with keygens for such games almost simultaneously with the release of the games (or even before
So, this story has little import as far as MS' protection being faulty. I have no doubt they expected it, and I have no doubt that they don't care too much. Using Win XP w/o the ability to update or connect to certain online services safely will probably end up being more than sufficient protection from MS' viewpoint.
Time to send the code underground a la decss.
The article makes mention of Microsoft possibly breaking illegally copied versions of XP corporate via patch in the future. They have not done this yet, and I do not think they will. Think of the public relations nightmare that would ensue if MS broke even some legitimate copies (licensed copies with wrong serials).
It has been said before, but the determined "pirate" will not be deterred by inconvenience.
I think they know its not worth their while.
Who here doesn't know of at least 1 person who has a corp code. I'm in a shop full of geeks so it was only a matter of time before someone somewhere got a hold of a decent CD key.
Add to that the number of times people will reload there machines to get it "just right". Everyone and thier brothers are using any code they can get so that they don't have to bother Microsoft in order to just play.
So now a new hack that will do it for you. To late as far as most are concerned.
..which just shows that the human brain is ill-adapted for thinking and was probably designed for cooling the blood-T P
If their licence agreement says you have to register with them. Guess what, you have to register with them. You don't like that policy, don't buy the product!
Free Mac Mini
Assuming that license agreements are valid, which is far from certain.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
If I can't see the "license" before I purchase the software and actually sign a contract, then there is no "license," IMO. The only rights retained by MS are copyright...meaning I can't distribute copies of the software to third parties...period.
If I treated my clients this way, I'd be out of business. The fact that MS has tons of money and lawyers to strongarm people into complying with their wishes does not make them right by any means.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
one note: this method assumes that the auth key will actually make it to the auth server. it is entirely possible for someone to write their own version of the auth server and then, through creative /etc/hosts entries, DNS entries, or whatever, have the game verify auth from a locally running server (that takes anything and simply says "VALID").
i don't know if you could really get away with this since blizzard's stuff is more centralized, but i think this is a problem that id has had to face.
Now there's two copies of WinXP out there with the key, one of them bad. Simple solution, right? First guy to use the key is legal, second guy is the pirate. But wait - suppose Joe Script-Kiddie gets the key and installs a pirated WinXP before Joe Sixpack gets home from Best Buy. Now the situation is reversed, since the first guy is the pirate. And I doubt that any serial number database MS would set up would have something so obtuse as where each individual copy of Windows is sold - it would defy logic to think that the serial number of every copy of Windows is tracked with that copy's physical location. So you can't really sort out who bought Windows legally, and who's installing with a bogus key. Sounds like a tough nut for MS to crack - well, tough shit.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Are you sure posting this is a good idea? Now Slashdot is a distribution channel for illegal circumvention devices, which is a terrorist act.
They'll be coming after YOU next.
Welcome to the 21st century.
That specific software you are mentioning was older versions of CDRWIN. Jeff Arnold the owner of Goldenhawk wrote a nice little feature into his app that would generate hidden files until your hard drive was full, if a keygen generated key was used to install.
A real asswipe. Writes an app designed to dump raw bits from CD's but doesn't want his software copied.
Then again.. it was a few years ago.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
"Please do not use it if you have not paid for Windows XP."
If you have paid for a copy of Windows XP, it would have come with the product key, defeating the need for a keygen. I imagine that your intent is so users may install XP on more than one of their own, personal machines, but what would the ratio of them to users who just need a key to pirate the software be? I'm going with many more pirates to more legit (not totally legal as you are not complying with the EULA [which is a whole other issue in itself]) users.
Please do not think that I am against Fair Use, but Slashdot is not the place to publish this type of software. Newsgroups, personal websites, etc. would be a better place for this type of code. Just to keep Slashdot out of any legal trouble that may come of it.
Amigori
"The quality of life is determined by its activites."--Aristotle
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
But in bigger companies the Windows boxes don't sit on bookshelves either (at least they shouldn't be) because software gets installed over the network or at least in some sort of centralized manner, so people couldn't bring the boxes home. But there are plenty of small (4-10 people) companies where software boxes are just on the secretary's bookshelf, everybody can borrow them and do whatever they want. WPA was created to discourage this behavior.
When men used to be men
It would be a marvelous feat, to craft a program capable of stealing random numbers. Imagine the cryptanalysis breakthrough it would represent if I could steal your random private PGP key out of the blue... :)
Seriously, the keyspace for Activation Keys is huge beyond your wildest dreams. The probability of generating a duplicate key in the lifetime of the Sun is very small.
it came back with a message that I was using a pirated CD key ... I got in touch with Sierra and they had me fax them a photocopy of the store receipt and the back of the case clearly showing the CD key
if you can prove ownership, they'll unblock your key
You know, if a company wanted me to PROVE that I was innocent of "piracy" before I could use a product I'd paid for, I'd tell them to shove it up their ass - I'd then take it back to the store and return it as defective (which it provably is.)
We're the CUSTOMER dammnit, they exist to serve us - not the other way around.
This is why I'll never buy another iD product (after the Return to Castle Wolfenstein CD-Key debacle.)
The first is in the client software. The second is in the server software. Of the many keys that would successfully pass the client's validation only a few would succesfully pass the servers validation.
For example, the client tests for even numbers - and the server tests for multiples of 4 (so even if you reverse engineer the client you'll only be right half the time).
--Giving to trolls for the benefit of us all
I've always thought systems where entering a pirate regcode make the program malfunction are stupid, because they make the program look like it doesn't work and will most likely simply cause the user to go look elsewhere. Now if it would do something like burn your CD, but 5 minutes into it start saying "This CD was burned on an illegal copy of Program ABCD", that might actually be a little more effective. But hey, I don't write software, so what do I know?
> We've got your MAC address
How in the name of TCP/IP gods would them have someone's MAC addy, unless they ethernet-wire their machines INSIDE M$s ethernet network?
The mind boggles...
``If a program can't rewrite its own code, what good is it?'' - Mel
... Steve Jobs saying something to the effect of: " We believe that pirating (music) is a cultural issue, not a technology issue. " No matter how hard they try, people will always find a way past these things. I hate MS, but as a suggestion to them, make it less -desirable- to have your products pirated. Uhm... actually, you are doing that already.
So basically, if you purchase his software and mis-type the code, the programmer decides it's ok to damage your real-world property? What a cockhead. I'd buy it mis-type the code and sue to prove a point.
Send lawyers, guns, and money!
But how is this a problem? Make it so when a client logs in with a certain key, any existing sessions under that key are terminated.
I know it's blasphemous to mention on /. but, last time I checked, CDRWin wasn't (and indeed, never was) open-source software. This guy wrote the app, and he's free to do whatever he wants to prevent it from being stolen and/or used illegally. CDRWin is a great friggin app, and one that I got more than my money's worth from. A program like that, or nero, is one I am happy to fork money over for. Something like EZ-CD Creator on the other hand, if I were desperate, I would steal in two seconds. And I would delete it as fast as is physically possible. But that's why I never bought (or installed) a copy of it.
I start to have problems with paying for programs when I'm paying more for the software than my computer cost me when it was new, though. I still haven't paid for anything like that...so no one is perfect. But I don't blow sunshine up my ass and pretend I have a "right" to the software. I know I'm still stealing it.
Linux: The world's best text-adventure game.
Initiating karma burn in 3...2...1...
:)
Minimum wage is supposed to be a learning wage, not a living wage...
You're an arrogant little cock, aren't you? Pardon me while I feel bad that you're paying an extra dime or two for a fucking hamburger while somebody else slaves away earning billions for somebody else, while they themselves earn only enough to pay for maybe half of their living costs. There's some half-witted retard two posts down or so that thinks that without welfare, we wouldn't have a recession - this, despite the wage-slaves at the local Mickey D's probably aren't on fucking welfare...they have jobs, after all and you, who apparently doesn't think that everybody in this country deserves a livable wage. Isn't that why people came to America, to get out from under the thumbs of the ruling class and find a way to make a living, despite (horrors!) maybe being somewhat behind the curve? Equality of all humans means jack shit to you, does it?
--Begin wanton flamage--
I guess it's just not good enough for you, Oh Mighty Fast-Food Devotee. But we all see right through you, you fucking prick: all the "hard work" and "education" you do (and that your mommy and daddy probably pay for anyways) will never allow you to grow up enough to help out somebody who's on the skids, or is just trying to make their way through this fucked-up world. Your own life is so pathetic that you have nothing better to say about those "below" you than gripe about their existence on subsidence wages in this, the greatest country in the world. Well fuck you and the horse you rode in on, dickhead.
--End wanton flamage--
Besides, numb-nuts, you're not subsidizing the guy for whom a house and car is "enough" (like not being a bitch of consumerism is a bad thing...) - you're subsidizing the three-piece suit who runs the chain. Remember that, next time you feel self-righteous when purchasing fast food. Jackass.
Karma burn complete...
Eh, what the hell, it was worth it.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
hey guys, guess what - MS doesn't think in terms of months or even years, but decades. they could probably give a flying fuck if people crack XP activation... think of XP as the "Beta" for activation - they're just data collecting at this point to see what works and what doesn't, how fast the kiddyz can crack various algorithms, and whatnot. also, XP activation is intentionally weak so as to get the populace used to the concept before making it a real nightmare. when they have a good system and start actually enforcing it three, four versions from now, the issue will be long dead.