Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP Keygen Foils Product Activation

Posted by ryuzaki0 on from the next-generation-will-require-dongles dept.

Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"

16 of 461 comments (clear)

  1. Weird by glh · · Score: 5, Interesting

    Don't they have some kind of database with all the keys in it.. (after all, a lot of games out there such as anything newer by blizzard works that way)!

    1. Re:Weird by govtcheez · · Score: 4, Interesting

      > Quite smart, really.

      Except that every Blizzard game I've ever played would be just peachy if a reg-code of all 3's was typed in. Seriously.

    2. Re:Weird by mr3038 · · Score: 3, Interesting
      In Blizzard's games, the routines used by the installer to verify authenticity of a CD key actually checks for compliance to a much more broad algorithm than the keys are actually manufactured by.

      Yeah, but it's only question of time when the first keygen starts bombing multiplayer authentication with generated keys until one is okayed and returns only that to end user. Yeah, perhaps your IP gets logged but you wouldn't run that kind of program on your own computer, would you? Local library or ISPs shell would be just fine.

      Current system could work if keys were big enough so that hitting real key with keygen would be hard but, unfortunately, as long as end user has to type in the code during install you cannot input that many bits into the key anyway.

      --
      _________________________
      Spelling and grammar mistakes left as an exercise for the reader.
    3. Re:Weird by Anonymous Coward · · Score: 4, Interesting

      a good method that i've never seen used for key generation is to not use a "Working/Not Working" states, but instead, have the key actually disable/enable certain parts to the game. It would make finding a valid key even harder. You might think you have a valid one, but get to level 3, and the game suddenly dumps you out unexpectedly. It wouldn't be foolproof as far as stopping piracy, but it might hamper it a little i suppose.

  2. 25 keys in one night with one PC by J.D.+Hogg · · Score: 5, Interesting

    That means you probably could get 25000 keys in one hour if distributed.net was setup to do that. Even DES is harder to crack. That should tell you something about the extent of Microsoft's understanding of security issues if they can't even protect their own bread and butter correctly.

  3. It's not the serial number that's important. by gpinzone · · Score: 3, Interesting

    It all depends whether or not Microsoft keeps a world-wide database of valid product keys for each and every version of Windows XP sold. I used to work for an employer that had a system that registered EACH and EVERY serial number of a product BEFORE it was sent out to distribution. We could track the usage and blacklist any of the "products" we wanted. The system even was smart enough to detect fraud based on a number of criteria (like if two serial numbers showed up at the same time). any serial numbers that existed that weren't in the database were blacklisted automatically.

    I have to wonder if Microsoft has done this? I mean, logging every single serial number for every copy of WindowsXP produced everywhere in the world...and then maintaining it. That's a tall order, even for them. I think they'd get more bang for the buck by blacklisting every copy of XP that uses that "FCK" serial that was distributed like crazy.

  4. Well they won't accept their license agreement... by Nailer · · Score: 5, Interesting

    By allowing me to decline their license and give me the refund they promise if I do so, I don't see why I should accept it and activate periodically.

    ncftp -u xpkey -p xpkey -P 6473 24.22.15.128

  5. keygen by Graspee_Leemoor · · Score: 3, Interesting

    I was wondering about this after I heard the story somewhere else first, ( hoho ).

    Most people not paying for XP are either going to be using the crack on the "trial" version or downloading the corporate version from their fave p2p network.

    Thinking about the 2nd scenario, the corporate version requires a key, but doesn't need activation. The key is printed on the back of the cd case and every corporate version.rar I have seen has the same key- starting, (amusingly) "FCK..."

    Anyway- the corporate versions of Win2000 didn't need a key- they filled it in for you (unless I am getting mixed-up with other MS software of the same period).

    So, the big question is: Why does the corporate version need a key? MS knows it is damn easy to write it down, so there's no security there, but if MS wants to check the key when the system connects to the internet, checking against a database (oh look, 3 million people all using the same key!), then isn't this a similar hassle to product activation, only done sneakily with no dialogs ?

    Presumably if you install the corporate version with the "FCK..." key and never connect to the internet then it will never hassle you or expire or need to be activated, but if you do connect to the net then it *could* be sort of activating itself by checking the key with microsoft. If this turns out to be the case then you could always block it with your favourite firewall, since as this would be a sneaky check they could hardly deactivate your machine if they couldn't connect...

    Then again, we all know that MS loves home piracy and the product activation is just to stop small and medium businesses from using one cd on their whole lan.

    graspee

    1. Re:keygen by Junta · · Score: 3, Interesting

      Well, part of the whole thing about corp edition is to reduce installation time and hassle on large corporate installs on machines that do not have internet connectivity, so in answer to the question about it needing to contact MS anyway, it doesn't *need* to. However, when I first had to roll out an XP install on our corp. edition, I decided to make it into an experiment. I took the host's MAC address and assigned it a static IP in the DHCP server. Then, when I went to install the system, I blocked and logged all traffic from the host trying to get to the outside. And guess what, the install did indeed still try to contact MS server about 3 or 4 times throughout the install (before Windows Update stuff). I think one of the attempts seemed to have something to do with the MEdia player (?), but at least two of them where MS hosts I had no idea what they would do (they were definitely not windows update hosts). With the packets dropped, the install did in fact complete, albeit it slowed down while waiting for responses from MS that never came. Has anyone done a more thorough experiment? I only logged source port, and destination address/port, no payload and since I dropped the packets I didn't see a full dialog as MS would have intended to occur. I didn't even bother to keep the log beyond the standard month, so that is gone too...

      --
      XML is like violence. If it doesn't solve the problem, use more.
  6. Re:This just generates the keys... by Aexia · · Score: 3, Interesting

    I couldn't tell from the article, but I assume you would go through the "I don't have internet access so I'm 'talking' on the 'phone' to a 'representative' of 'Microsoft' who has 'provided' me with this 'key'" process.

    Otherwise, it'd be pretty useless.

  7. Don't ruin MY key by innate · · Score: 4, Interesting

    What if someone using this keygen generates my key that has already been activated? It will look to Microsoft like the key-in-question is being installed on a different computer with different hardware. Then the next time I go to re-install XP my legitimate key won't work.

    --
    No, I don't want to explore the Recycle Bin.
  8. Re:Can we say Service Pack 1? by HMC+CS+Major · · Score: 4, Interesting

    Uh, they havent started doing that with win2k, win98, winme, or any of their other products, why would they start with xp ?

    The only thing even vaguely close is the ms office update that refuses to install if its running with a known bad serial number, but that doesnt disable anything.

    My theory is that the damage is already done. Messing up the OS isnt going to make the person buy a real copy, it'll just make the person reinstall the same insecure pile of crap they installed in the first place, and then ms will get blamed again because stupid people dont know how to secure their illegal boxes. It's in Microsoft's best interest to let people with stolen versions update their OS, so if nothing else, they dont have software pirates spreading things like Nimda.

    --
    Video for Online Dating Profiles
  9. So what? by The_Shadows · · Score: 5, Interesting

    It was cracked. Big deal. Everyone is saying "Now we can use this and won't have to register it with MS!" or "They probably have an archive of keys and can see the fakes, who will then be arrested!"

    No. Here's what I say: So what?
    Great, it's cracked. You know what? The number of people who will wind up using the crack is probably insignificant to MS.

    Newsflash! There have been anti-activaition cracks from day one with more efficiency than this. How about the cracks that allow you to never register? How about buying a version of XP Pro that doesn't require activation (Corporate(expensive) or Academic)? How about pirating one? I looked on hotline the day of XP's release and there were already several servers claiming to have the Corporate Version of XP Pro.

    To top this all off, how many people will really use this? I'll give you a hint: proportionately few. The vast majority of people who will upgrade to XP either don't know or care that there is a hack, or are businesses that have to have legitimate software (activation and all). Well, I suppose they don't have to, but most businesses consider it a good idea.

    So that's my thoughts. It's cracked. It's a great feat and all, but the number of illegal copies of XP isn't going to suddenly, dramatically surge.

  10. Your point is? by sethamin · · Score: 4, Interesting
    This makes no difference to MS whatsoever. The whole point of WPA is not to stop dedicated and knowledagble computer users from finding or using valid keys; it is to stop Mom and Pop from installing someone else's version of Windows. If you told your Mom, "oh, you have to use this little keygen program to get the key", then she'd be a whole hell of a lot less likely to pirate it than if you just said "Use the installation code on the back of the jewel case".

    Good god, who here ever thought WPA was going to stop the pirating of MS software?
    *prolonged awkward silence*
    Yeah, that's what I thought.

  11. Re:Heres another way to foil product activation by ZxCv · · Score: 3, Interesting

    Have you ever used WindowBlinds? It made my otherwise predictable and stable Win2K rather unstable and sometimes downright unusable. I used it for longer than I otherwise would have because when it worked, it really was a cool product. And even at that, I think I had it installed for less than a week before the stability issues just became too much. If you have used WindowBlinds, was your experience anything the same? And if you haven't, why not?

    --

    Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
  12. Re:Well, yes by jerdenn · · Score: 3, Interesting

    Because the MAC address is considered one of the few relatively static numbers easily associated with a particular workstation. It is not a normal event for a workstation to have a NIC changed, or for someone to perform a soft-update upon a NIC card, changing the MAC address. Indeed, MS Word used to embed the MAC address into documents as a (secret) form of identification.

    -jerdenn