Slashdot Mirror
WinXP Keygen Foils Product Activation
Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"
Don't they have some kind of database with all the keys in it.. (after all, a lot of games out there such as anything newer by blizzard works that way)!
Given that the activation code is used to secure XP from unauthorized use -- I guess you could say that this is a security issue.
:-)
Given Microsoft's rather lackluster track-record in the area of security, is it any wonder that their own protection scheme has (allegedly) been cracked so soon?
Maybe they wrote it with the new C++ compiler
But fix the security hole they put in box, as well!
Woohoo! :-D
As far as I can tell, the user still needs to contact the MS server and go through the validation process. At the very least a key that has already been used will be rejected. At worst, MS will log all attempts and check that the key came from the correct geographical region that the boxed product was shipped to, and disable copies that don't match even if the key hasn't been used before. It's a huge hole in the security, but the end users are still going to be bothered. The worst of all possible worlds.
All of the folks looking for a free copy are better off finding a copy of the corporate edition, which doesn't phone home.
You're just jealous 'cuz the voices talk to *me*
That means you probably could get 25000 keys in one hour if distributed.net was setup to do that. Even DES is harder to crack. That should tell you something about the extent of Microsoft's understanding of security issues if they can't even protect their own bread and butter correctly.
then they are grossly mishandling their activation system or they seriously underestimate the intelligence of most Windows users.
Considering M$, I think it's a little of the former and the latter.
i thought you guys said this was obscure!!
MARIJUANA, SHROOMS, X: ONLINE?! - E
Nicely done, Kathleen. He'll appreciate that.
Geek chicks rule !
When will I end this grieving ? When will my future begin ?
The best way is to verify the key on-line if the key is assigned to you, but this is only feasible with small-scale shareware programs, because in that case very few of the possible keys are assigned (so the chance of generating an assigned key by accident is very low), and the author of the program knows of every sold copy (while Microsoft doesn't know of a particular copy of XP is actually installed somewhere, or is lying in some warehouse)
Does anyone expect jack-booted MS employees to come kicking in their doors and arresting them for having a invalid product key?
Let's face it, as much as MS needs to say they will come after people who pirate their software, they aren't going to come after individuals. Unless you are killing a significant portion of their business, they are likely to leave you alone.
They would rather an individual use a pirated copy of their software than someone elses, because it still puts them in your house. They still have a good chance of branding, selling you MS Money, Office or some other product.
Can't say that out loud though. Might loose too much business.
best web host ever
The Register's editors have obviously misspelled "Now that it's made Slashdot's front page, for about 10 more minutes..."
There's no way to make a crackproof piece of software. If a user has access to software, he can crack that software. Period.
:), but these keygens only work for the offline version of the game. As soon as the someone tries to use that game online, they're denied access by the game server because their genned key isn't in the database of valid keys in the field.
However, as the article notes, cracked software can be detected. No matter how good the cracker, there's little that can be done against online verification. If MS keeps a record of all valid keys, then anyone attempting to use online MS services of any kind with a genned key can be detected and denied/disabled.
This is an old trick for online games, etc. Crackers come out with keygens for such games almost simultaneously with the release of the games (or even before
So, this story has little import as far as MS' protection being faulty. I have no doubt they expected it, and I have no doubt that they don't care too much. Using Win XP w/o the ability to update or connect to certain online services safely will probably end up being more than sufficient protection from MS' viewpoint.
I was trying to decode this, but was having trouble with it until I figured out that it is in base64 encoding, not uuencode (as it appeared at first). If your Linux or Unix distribution does not have base64 installed by default, you can get it at http://www.fourmilab.ch/webtools/base64/. Thank you, Fair Use Guy, for promoting this tool.
Loneliness is a power that we possess to give or take away forever
After all, nothing is unbreakable....
The only exception being, of course, Bruce Willis in the movie of the same title...
But I digress...
Jason
He's totally creeping out the Great One, eh...
It all depends whether or not Microsoft keeps a world-wide database of valid product keys for each and every version of Windows XP sold. I used to work for an employer that had a system that registered EACH and EVERY serial number of a product BEFORE it was sent out to distribution. We could track the usage and blacklist any of the "products" we wanted. The system even was smart enough to detect fraud based on a number of criteria (like if two serial numbers showed up at the same time). any serial numbers that existed that weren't in the database were blacklisted automatically.
I have to wonder if Microsoft has done this? I mean, logging every single serial number for every copy of WindowsXP produced everywhere in the world...and then maintaining it. That's a tall order, even for them. I think they'd get more bang for the buck by blacklisting every copy of XP that uses that "FCK" serial that was distributed like crazy.
Time to send the code underground a la decss.
The article makes mention of Microsoft possibly breaking illegally copied versions of XP corporate via patch in the future. They have not done this yet, and I do not think they will. Think of the public relations nightmare that would ensue if MS broke even some legitimate copies (licensed copies with wrong serials).
It has been said before, but the determined "pirate" will not be deterred by inconvenience.
I think they know its not worth their while.
By allowing me to decline their license and give me the refund they promise if I do so, I don't see why I should accept it and activate periodically.
ncftp -u xpkey -p xpkey -P 6473 24.22.15.128
#!/usr/bin/perl
.= $_; $x =~ s/[\r\n\t ]//g; } print decode_base64($x); exit 0;
use MIME::Base64; $x = ""; while(<>) { $x
Who here doesn't know of at least 1 person who has a corp code. I'm in a shop full of geeks so it was only a matter of time before someone somewhere got a hold of a decent CD key.
Add to that the number of times people will reload there machines to get it "just right". Everyone and thier brothers are using any code they can get so that they don't have to bother Microsoft in order to just play.
So now a new hack that will do it for you. To late as far as most are concerned.
..which just shows that the human brain is ill-adapted for thinking and was probably designed for cooling the blood-T P
If their licence agreement says you have to register with them. Guess what, you have to register with them. You don't like that policy, don't buy the product!
Free Mac Mini
Released on 1/07/2002 was a "Universal Activation Crack" by a major warez group. I would confirm that it works, however in fear of the FBI raiding my house (a la Hackers the movie) I will say that I haven't tried it.
the byproduct of years of oppression by the white man
Just find a copy of the license pack edition - it requires no activation. I use this at work - you can even change a whole motherboard out and it doesn't say a thing. Perfect for ghost (which is what we use it for)
Evidently the generation of keys takes a lot of crunching and may take awhile to generate one useable key. If you want to hack out more keys or at a faster rate you must throw more hardware at it or parallelize it.
Not knowing the details of how they think keys are generated (which is probably a wise thing to keep tight lipped about it) one wonders if you can break the key generation into idependant parts. It may not be possible because it breaks the crypographic nature of the key but that isn't for certain either since MS doesn't want to make key generation the slow part in its production.
If this is true then WPA is done(as in stick a fork in it). How many thousands of people outside of the US(and heck inside of the US) who would contribute CPU to generate thousands and thousands of keys?
If not, this generation of WPA is now surely toast. If so, I guess they'll have to change the name to "Product Cracktivation" :-D Sorry, I couldn't resist.
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
I was wondering about this after I heard the story somewhere else first, ( hoho ).
Most people not paying for XP are either going to be using the crack on the "trial" version or downloading the corporate version from their fave p2p network.
Thinking about the 2nd scenario, the corporate version requires a key, but doesn't need activation. The key is printed on the back of the cd case and every corporate version.rar I have seen has the same key- starting, (amusingly) "FCK..."
Anyway- the corporate versions of Win2000 didn't need a key- they filled it in for you (unless I am getting mixed-up with other MS software of the same period).
So, the big question is: Why does the corporate version need a key? MS knows it is damn easy to write it down, so there's no security there, but if MS wants to check the key when the system connects to the internet, checking against a database (oh look, 3 million people all using the same key!), then isn't this a similar hassle to product activation, only done sneakily with no dialogs ?
Presumably if you install the corporate version with the "FCK..." key and never connect to the internet then it will never hassle you or expire or need to be activated, but if you do connect to the net then it *could* be sort of activating itself by checking the key with microsoft. If this turns out to be the case then you could always block it with your favourite firewall, since as this would be a sneaky check they could hardly deactivate your machine if they couldn't connect...
Then again, we all know that MS loves home piracy and the product activation is just to stop small and medium businesses from using one cd on their whole lan.
graspee
Assuming that license agreements are valid, which is far from certain.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
If you already are using Windows 2000, just say, "I'm not going to spend $199 to upgrade to Windows XP when there are virtually no new features except for UI enhancements." Really, you can do anything on Win2000 that you can on WinXP.
Of course if you are running Linux you have already foiled product activation.
I Heart Sorting Networks
If I can't see the "license" before I purchase the software and actually sign a contract, then there is no "license," IMO. The only rights retained by MS are copyright...meaning I can't distribute copies of the software to third parties...period.
If I treated my clients this way, I'd be out of business. The fact that MS has tons of money and lawyers to strongarm people into complying with their wishes does not make them right by any means.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
What if someone using this keygen generates my key that has already been activated? It will look to Microsoft like the key-in-question is being installed on a different computer with different hardware. Then the next time I go to re-install XP my legitimate key won't work.
No, I don't want to explore the Recycle Bin.
If their licence agreement says you have to register with them. Guess what, you have to register with them. You don't like that policy, don't buy the product!
I handed the clerk money, she gave me the box, that's what called a sale. Now I own the box and contents, and can do whatever I want with them. I signed no contract, I'm not obliged to follow any contract.
If you buy a car, and once you get it home you see a little paper attached which says you can't get it serviced at a Ford dealer, and that opening the hood means you consented to the contract, does that mean anything? No.
Here is the translated link from the register:
Crack and Keymaker activate Windows XP
In the Internet circulate two different programs,
which can activate Windows XP also without
Microsofts benediction completely.
The Patch of the group of Sad team consists only
one 700 KByte of a large EXE File, which contains
a Installer.
In order to de-energise the Home and Professional
versions of Windows XP, the Patch is started in
the secured mode. After a restart Windows is
completely activated.
The second tool is a Keymaker, which generates
valid D-CKeys for Windows XP Home, Professional
and Corporate as well as for Office XP and Visio XP.
In addition the program counts quite a while: In
our test generated the Tool within one night of 25
valid codes for Windows XP Home.
If such a code is indicated for the installation
of Windows XP as Product ID, the copy can be
de-energised completely ' officially ' by
Microsoft by telephone or Internet connection.
Since Windows XP on the market is, a multiplicity
of Crack programs promises to be able to go around
the activation. Most functioned however not;
the only worked method was so far the exchange of
some files on the installation CD against versions
from the corpus width unit version with a total
volume of 13 MByte. ( kav / c't)
That isn't a "keygen" per sae.. it is just a program that spits out a random, probably stolen, key.
Thanks for trying, though.
Uh, they havent started doing that with win2k, win98, winme, or any of their other products, why would they start with xp ?
The only thing even vaguely close is the ms office update that refuses to install if its running with a known bad serial number, but that doesnt disable anything.
My theory is that the damage is already done. Messing up the OS isnt going to make the person buy a real copy, it'll just make the person reinstall the same insecure pile of crap they installed in the first place, and then ms will get blamed again because stupid people dont know how to secure their illegal boxes. It's in Microsoft's best interest to let people with stolen versions update their OS, so if nothing else, they dont have software pirates spreading things like Nimda.
Video for Online Dating Profiles
Now there's two copies of WinXP out there with the key, one of them bad. Simple solution, right? First guy to use the key is legal, second guy is the pirate. But wait - suppose Joe Script-Kiddie gets the key and installs a pirated WinXP before Joe Sixpack gets home from Best Buy. Now the situation is reversed, since the first guy is the pirate. And I doubt that any serial number database MS would set up would have something so obtuse as where each individual copy of Windows is sold - it would defy logic to think that the serial number of every copy of Windows is tracked with that copy's physical location. So you can't really sort out who bought Windows legally, and who's installing with a bogus key. Sounds like a tough nut for MS to crack - well, tough shit.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Are you sure posting this is a good idea? Now Slashdot is a distribution channel for illegal circumvention devices, which is a terrorist act.
They'll be coming after YOU next.
Welcome to the 21st century.
I mean, this was probably done before Microsoft spent 20 business days plugging all their security holes.
Many people here don't perhaps understand what WPA is about. WPA is NOT about making it "impossible" to copy Windows. WPA is NOT about making Windows registration "unhackable". These have NEVER been the design goals of WPA. There are other tools for these goals, they are harder and costlier to implement than the current implementation of WPA and probably more inconvenient for the user. MS was aware of the other possibilities but decided that they were not worth the extra money and effort.
Why? Because the goal of WPA is to keep office workers from bringing home copies of WinXP, installing them on their home machines and giving them to their friends. That was the ONLY goal. This kind of behavior makes up 90% of revenue lost by everyday piracy and MS is pretty happy to get this 90% back by not spending much effort in the process. As about the the guys who use key generators and other ways of getting around the registration process - I'm very sorry to disappoint you but Microsoft doesn't even notice you guys.
When men used to be men
waiting for the 4-line Perl version.....
No worries, the hired goons just visit each of them and ask to see the Windows XP folder with the claimed serial number sticker on the back. Joe Sixpack will meekly hand it over and Joe Script-Kiddie will silently vanish into the Microsoft Dungeons.
"Honey, it's not working out; I think we should make our relationship open-source."
Post links please -- I'm already running a corporate version, but this might be useful for some of my friends.
There's 10 types of people in this world, those who understand binary and those who don't.
Cool. I give it 5 minutes before MS is lawyering up to C&D slashdot again (remember, what was it, the kerberos thing?)
What's that Dilbert quote? That sound you now hear is 500 lawyers buttoning their suit jackets as they prepare to decend upon you (or something like that?)
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
sell a box per OS, and you avoid this nonsense. when was th last time you saw anyone selling pirated macos?
of course you make much less money...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
I handed the clerk money, she gave me the box, that's what called a sale. Now I own the box and contents, and can do whatever I want with them.
Sure, you own *box* and its *physical* contents, but you still don't own the "IP". You can feed the box to your dog if you want, but you cannot copy the information without authorization from you know who.
Problem is, you are reasoning logically and ethically, not legally...
It was cracked. Big deal. Everyone is saying "Now we can use this and won't have to register it with MS!" or "They probably have an archive of keys and can see the fakes, who will then be arrested!"
No. Here's what I say: So what?
Great, it's cracked. You know what? The number of people who will wind up using the crack is probably insignificant to MS.
Newsflash! There have been anti-activaition cracks from day one with more efficiency than this. How about the cracks that allow you to never register? How about buying a version of XP Pro that doesn't require activation (Corporate(expensive) or Academic)? How about pirating one? I looked on hotline the day of XP's release and there were already several servers claiming to have the Corporate Version of XP Pro.
To top this all off, how many people will really use this? I'll give you a hint: proportionately few. The vast majority of people who will upgrade to XP either don't know or care that there is a hack, or are businesses that have to have legitimate software (activation and all). Well, I suppose they don't have to, but most businesses consider it a good idea.
So that's my thoughts. It's cracked. It's a great feat and all, but the number of illegal copies of XP isn't going to suddenly, dramatically surge.
MS doesn't force you to register Windows XP at all. It's a seperate process from activation, and is completely optional.
Activation sends a hash value, which is one-way encrypted, to the MS servers to keep track which CDs have been "turned on" and associates that with the encrypted hash value.
The ONLY way MS could ever find out who activated it would be to go by IP (if you're worried about this, go by phone), or the MAC address in the hash value. But seriously, why do they care?
"Please do not use it if you have not paid for Windows XP."
If you have paid for a copy of Windows XP, it would have come with the product key, defeating the need for a keygen. I imagine that your intent is so users may install XP on more than one of their own, personal machines, but what would the ratio of them to users who just need a key to pirate the software be? I'm going with many more pirates to more legit (not totally legal as you are not complying with the EULA [which is a whole other issue in itself]) users.
Please do not think that I am against Fair Use, but Slashdot is not the place to publish this type of software. Newsgroups, personal websites, etc. would be a better place for this type of code. Just to keep Slashdot out of any legal trouble that may come of it.
Amigori
"The quality of life is determined by its activites."--Aristotle
and then you can protect the whole shebang under the DMCA.
Right now, it's not illegal for someone to make a key generator, it's just copyright infringement to use it *for a pirated copy*. Presumably it's legal to use the key generator to activate a legitimately purchased copy of XP.
But by including a movie clip and citing DMCA, the mere act of writing a key generator becomes a crime.
The living have better things to do than to continue hating the dead.
GTRacer
- "I'll only shoot him once, OK, Mom?"
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
I bought Sierra's "Tribes 2" game a number of months after it originally came out, and when I went to register and sign into the online portion of the game for the first time, it came back with a message that I was using a pirated CD key! Considering I had just brought the game home from Electronics Boutique and read the key off the back of the shrinkwrapped case, I figured this was unlikely.
Eventually I got in touch with Sierra and they had me fax them a photocopy of the store receipt and the back of the case clearly showing the CD key (which was a bitch since I don't have a copier). Within minutes of doing so I was back in business. I can only assume Microsoft has a similar policy, where if you can prove ownership, they'll unblock your key.
Rock over London, Rock on Chicago. Wheaties: Breakfast of Champions.
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
But in bigger companies the Windows boxes don't sit on bookshelves either (at least they shouldn't be) because software gets installed over the network or at least in some sort of centralized manner, so people couldn't bring the boxes home. But there are plenty of small (4-10 people) companies where software boxes are just on the secretary's bookshelf, everybody can borrow them and do whatever they want. WPA was created to discourage this behavior.
When men used to be men
That's right, you can't copy it without their permission.
Except onto your own computer (and any temporary copies in memory needed for operation), and making one backup (which you can't distribute). If I wanted more rights than that, *then* I'd have to actually agree to the license agreement.
I don't.
It would be a marvelous feat, to craft a program capable of stealing random numbers. Imagine the cryptanalysis breakthrough it would represent if I could steal your random private PGP key out of the blue... :)
Seriously, the keyspace for Activation Keys is huge beyond your wildest dreams. The probability of generating a duplicate key in the lifetime of the Sun is very small.
then, of course, Microsoft's security would be comparable to Samuel L. Jackson in the movie.
There's several key gen's out there, and also several ways to disable activating XP.
:)
Ohh and did I mention there's also an activation code generator?
I can't believe how often the lameness filter has rejected my totally sensible posts, yet, it has no problem with a uuencoded binary!
Good god, who here ever thought WPA was going to stop the pirating of MS software?
*prolonged awkward silence*
Yeah, that's what I thought.
WPA is simply not meant to stop crackers. I mean, there are all kinds of tricks out there you can pull during installation to fool the setup procedure into not installing wpa, et cetera. WPA's main target is the small business who buys one copy of Windows and installs on all 10 of their machines. Now M$ gets ten times the profit out of them. Most people who run small businesses aren't computer savvy enough to know about keygens and cracks, and they'd probably be very worried about getting caught if they used one. Microsoft probably doesn't care very much if everyone at slashdot installs windows without paying (actually, they might be happy do get most *NIX geeks to install windows).
what am I supposed to input into it?
./winxpactkey
echo "moron" |
--
You're Reading Managed Agreement
Sure, you own the CD. But you are not allowed to make the derivitive work of the software on the CD that is commonly known as an "installation." In order to do that, you need to agree to the license.
:( Work o' the devil, I tell ya!
Or, at least, I believe that's how the law works. IANAL, but it makes sense this way.
To continute your hypothetical example, it's just as if Ford patented a crucial part to the car that had to fit a certain way--no one else is allowed to make that part while the patent is valid, and so Ford can achieve their monopoly on car parts.
Or, to use an even less popular law: Ford encrypts the car's computer. They lease deconversion machines & software to auto mechanics, and as terms of the lease they need to display that they are "ford certiifed." Hence, you now cannot get your car serviced properly at any service station that is not "ford certified." If someone tries to, they are either doing poor work, or they're violating the DMCA.
(the above example works even better with a leased car, with service included at the dealership you bought the car from... and you aren't allowed to get it serviced anywhere else or you break the lease.)
P.P: I really hate car leases.
You posted the wrong keygen.
about this one they are talking.
here it is:
--snip--
UEsDBAoAAAAAANZ6TiwAAAAAAAAAAAAAAAA5AAAAc29mdHdhc
--snap--
base64-enc, some
greetz,
deucalion
The aforementioned program is NOT the best solution. It only generates CD-Keys, you still need to contact MS, give MS your key (and hope they don't notice it's generated) and get your activation key.
Most people don't want to contact MS in the first place -- perhaps worried they could trace IP-addresses...
The ideal crack would be a program that took a CD-Key as input, and generated a activation key as output, just like Microsoft itself.
Does such a program exist?
There's 10 types of people in this world, those who understand binary and those who don't.
You get the executable, not the source code. Can you trust an .exe when you haven't seen the source? Am i missing something, or would i have to be real trusting to run this? (I mean run the program after decoding. I got it decoded -- that is as far as i went)
I don't even have XP, nor any other XP product (my only windows is the one that came with my IBM thinkpad which is 98), on my desktop I use linux, but I was curious, so I debase64ed this program, virus scanned it and tested it.
It only contains 4 keys.
If you click on about, it says:
"This is the first of many XP keygens to come. As new numbers are being discovered, they will be added to the final version. Email us for more info on this and other keygens! crackware_y2k@hotmail.com"
Anything? Really?
Hey, make a copy for me and 5000 of your other friends while you are at it!
Unfortunately, now that the DMCA is law, there's little distinction in Copyright law between making illegal copies and breaking in using activation keys.
That's why we needed to stop the DMCA before it became law.
Our hopes now lie in the DMCA being struck down as being too broad or ambiguous.
There's near zero chance that Congress would ever seriously review the DMCA as long as the Media Giants like the status quo.
This situation will become much worse if the current version of Campaign Finance Reform that just passed the US Congress becomes law. Under that law, we won't be able to get together and run issue ads against the DMCA around election time, but the Media Giants, through their news organizations, can run endless editorials and stilted "news" stories about how the DMCA is a good thing right up to and including on election day.
There's still a good chance that bans on issue ads wouldn't pass judicial review. See this page for a discussion of the issues. It seems that this ban would run against the 1976 Supreme Court Ruling Buckley vs. Valeo. There can be no ban on spending, only on individual contributions, which the "soft money" ban would effectively do.
In any case, I don't see much hope of getting the DMCA repealed. Even if we could try to drum up support, it would be an extreme uphill battle trying to get people to understand the issues, what's at stake and overcoming the powerful interests on the other side of the issue. There's some hope that it could be ruled unconstitutional. IANAL, but in my opinion, a bright spot is that recent ruling reported on /. where a judge ruled that put software sales back into the domain of "First Sale" like books regardless of whatever EULAs they might have you clicking through.
The program includes its date as 08/06/01, seems it took the press awhile to pick up on this crack.
Obviously, if the software author is German then the guy doesn't have much to worry about yet. But if anyone in the US tries re-distributing this key generator, won't this be a violation of the DCMA?
That reminds me of when a friend of mine got a new computer. They read all of the documentation and licenses. They were so scared by the MS authenticity guarantees and product license (complete with holograms) that they taped the certificate to the monitor. Every time I went over to fix their computer or do something to correct Windows, that darned MS license was sitting there in what looked like a position of most adulatory celebration. I found it quite frustrating.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
We should be supporting Microsoft in their defense of Windows licencing, because it's really good for linux.
Believe with me, my saplings.
D'oh.
:( (Legit as in, already activated, working fine, straight from the shrink-wrap sticker). It liked a pro key I had from a microsoft action pack (IIRC, that key has several licenses attached to it), and it liked the pirated Corp key I found. Odd.
I'm an idiot.
Forgot to use the -d option.
(Well, I guess, this leads credit to the theory that I'm not a pirate. At least, not one familiar with unicoded programs.)
OTOH, the "Test Key" part of the program fails with legit XP Home keys.
So, this really sucks for home users, I'm guessing. I'd try to test the XP home keys it gens, but I would rather avoid ticking off MS and I don't particularily want to take the time it takes to make the keys.
Just my experience.
Ford says, "you bought the car, but you didn't buy the keys". Now you have the right to tow your car to your garage and let it sit there.
And, of course, you can't have a locksmith duplicate your keys if you lose them, because locksmithing is illegal under the DMCA. Please, understand this, we need the DMCA to give an incentive to software and entertainment producers to keep churning out their creations. After all, which is more important: having some way to get into your home if you lose your keys, or making sure your kids will have an uninterrupted supply of first-person-shooters?
The first key has been found while I was writing this comment. Wine rules!
To: Bill Gates, Chief Software Architect, MSFT
From: XP Activation Team
Sir, the XP Activation team would like to sincerely apologize for today's unfortunate occurence. In order for you to better understand exactly why this happened, we would like to outline the following sequence of events:
1) Per the mandate from Sales and Marketing, every single machine on the Redmond campus has been upgraded to XP, including the XP Activation servers. (By the way, we would like to congratulate Procurement on the expedited delivery of ten new servers - while traffic has not substantially increased, our ability to process requests seemed to require additional hardware after the upgrade. Technical Support has informed us that nothing is wrong with the XP system itself, they believe our code is not optimized so we are investigating this issue).
2) In response to the recent posting of a so-called "XP key generator" by the Rebel Alliance, we turned on the "UnauthorizedKeyLockDown.asp" page that you designed, wrote and had us install right into the production Activation servers.
3) Immediately after turning on the module, all valid Activation and Authorization requests were denied while all invalid requests were approved. We are attempting to trace the source of this problem - we currently have it narrowed down to the "UnauthorizedKeyLockDown.asp" page. As this page contains over 10000 lines of code, we have yet to identify the root cause of the problem.
4) Additionally, it appears that once an authorization request is denied, the "UnauthorizedKeyLockDown.asp" page locks up the requesting computer, forcing it to display an animated glove which proceed to make several inappropriate gestures and repeatedly shouts "Die OpenSource scum!!!"
5) Becuase the XP Activation servers actually run on XP, they attempted to authorize themselves - while normally this request is approved, please see item 3 above.
6) The XP Activation servers responded correctly to the UnauthorizedKeyLockDown commands. Nor can they be unlocked until they can access a functioning Activation server. All valid authorization attempts from any client continue to receive the UnauthorizedKeyLockDown commands.
7) Our machines are now among the several thousand computers affected across the campus.
8) While several suggestions have been made on how to remedy this problem, all of them have procedural or policy issues for which we are waiting a response from Legal. For example, can we downgrade the XP Activation Servers to Windows2k? Our license agreement specifically forbids this, so we would need a waiver. The same thing is true for trying to use an invalid key - we have strict no-piracy policies which we have not been able to obtain permission to workaround.
9) At this point, we have no estimated resolution for this issue. Because we already have an open issue with Technical Support (see 1 above), they are unable to provide any further assistance until that issue is closed, which we are unable to currently accomplish (see items 1-8).
Please provide us with some guidance on how to proceed,
Sincerely, the XP Activation Team.
From the linked Register article one gathers the keymaker is generating independent keys. To do this one need to have broken the key generation algorithm.
:)
But then again, the code in the parent-most post of this thread may well be doing just what you said. I wouldn't know. I don't have any use for XP AKs in this Mandrake 8.1 box of mine...
As a matter of fact, I am just waiting to test StarOffice 6 and then move my whole office and home LANs to Mandrake or Suse.
As far as I can tell, that doesn't work.
As far as I can tell, it's obvious that the lameness filter is shoving in spaces all over the place that don't belong there. Remove all the spaces first, then you should have the real file. Then you're ready to uuencode or Base-64 or whatever's next.
Exceeding the recommended torque is not recommended.
"Its a braindead language with absoloutely no use"
Either you're lying or the job listings on the internet and in the newspaper are. And, I'm not referring to the braindead part of your comment.
> We've got your MAC address
How in the name of TCP/IP gods would them have someone's MAC addy, unless they ethernet-wire their machines INSIDE M$s ethernet network?
The mind boggles...
``If a program can't rewrite its own code, what good is it?'' - Mel
I can only assume Microsoft has a similar policy, where if you can prove ownership, they'll unblock your key.
:)
Maybe...but I'd say eventually, the number of installations of WinXP will vastly outrank the number of installations of Tribes 2, wouldn't you think? Besides, the cost factor comes into play as well...$50 for the game, $200 for the OS - somebody "3133t" enough to get a keygen will certainly decide it's worth his while to have his pal who works at the local Egghead's print out a bogus receipt. There's also the time-honored technique of dumpster-diving for receipts; combine all this with a photo of a random WinXP box, an overworked MS hack being paid $5.50/hr to listen to Joe Sixpack complain about how his brand new OS doesn't activate, and you still have a huge logistic headache for Microsoft. But that's what you get when you decide that your customers aren't worth your trust.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Crack the program, disabling the product activation code.
Didn't I say in my original posting that any software can be cracked? Doesn't matter if someone figures out a keygen or obviates the actual need for one, they're both cracks. And regardless of which method is used, it still won't get around it if MS' servers verify your XP installation by comparing to a key database or algorithmically comparing.
Bzzzzt. The "license" (read EULA) is invalid and nonbinding. Ignore it or not as you see fit.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Suppose MS eventually requires all programs to be signed in order for Windows to execute them. Now only developers who use MS tools could produce executables. (Kinda like a Playstation.) Now, let's further imagine that executables produced include code so that they will deactivate improperly licensed versions.
Even if the "signed code" scenerio (or nightmare) never materializes, various major products (i.e. read "Big Corporations") could still include code to disable improperly licensed versions. Buy a new game for your duaghter, bring it home, install it, your entire system quits working.
I'll see your senator, and I'll raise you two judges.
455fe10422ca29c4933f95052b792ab2
I looked at it, and if you open the file in a text editor, you can see (towards the end of the file, well, more than halfway in atleast) that there's a few hardcoded keys in unicode format. It's definately not generating them on-the-fly. The other poster in this thread however appears to have the real file (the one talked about in this article and The Register's story). Plus the file date is sometime this month, vs. the other files date of sometime last August (2001).
All I know about Bush is I had a good job when Clinton was president.
...unless I don't understand the story, this is a product key generator, not a circumvention of WPA. IE: This thing generates keys for when you have to install the OS; not the response string for when you have to actually ACTIVATE the thing (over the phone, for example).
Something that generated valid install keys AND produced working results for the over-the-phone activation would be much more newsworthy. (If I'm wrong on this though, let me know because maybe I don't understand the way in which MS generates responses to the WPA info/hash it's sent.)
All I know about Bush is I had a good job when Clinton was president.
Wrong key-generator. Thats the older one that spits out one of five keys. The second one posted is the one that does a brute-force search of the keyspace.
This key generator isn't multi-threaded-- if you want to get the most out of this app (ie: generate a ton of keys) run ONE instance for each CPU in your system (so if you're a lucky bastard running a quad boxen, run four copies). Otherwise it'll just peg one of your CPU's and you'll miss out on (conceivably) twice the possible keys (or the same number of keys in half the time). You might also want to run Task Manager (if you're running NT/2000/XP) and change each processes affinity to a single CPU (keeping the code (and cache, presumably) limited to one CPU per instance).
I can see PC review webzines using this thing to benchmark how fast the latest processor is...
All I know about Bush is I had a good job when Clinton was president.
How in the name of TCP/IP gods would them have someone's MAC addy, unless they ethernet-wire their machines INSIDE M$s ethernet network?
The mind boggles...
It's called a GUID. It's the same as a UUID, and was designed for use in DCE.
... but basically, MAC Id's are guaranteed unique, so they're used in lots of places to generate chunks of unique numbers. The rest of the numbers are generated using timestamps and other such info.
Si
Coming soon - pyrogyra
Aint gonna happen, so the version of Windows that'll be pirated will be the corporate version.
Government of the people, by corporate executives, for corporate profits.
The key that you get from MS is generated from a key that is generated by WinXP setup based on your hardware, obviously there will only be so many keys for one hardware configuration. So of course it would spit out the key that you got legally. That's what it's supposed to. The fact that it did proves that it is able to emulate both the process by which setup generates a "first key" and the process by which MS generates a "final key". IE: The fact that it spat out the key you got legally proves that the keygen works perfectly.
We're going to make information free Mr. Anderson, whether you like it, or not.
... Steve Jobs saying something to the effect of: " We believe that pirating (music) is a cultural issue, not a technology issue. " No matter how hard they try, people will always find a way past these things. I hate MS, but as a suggestion to them, make it less -desirable- to have your products pirated. Uhm... actually, you are doing that already.
Because the MAC address is considered one of the few relatively static numbers easily associated with a particular workstation. It is not a normal event for a workstation to have a NIC changed, or for someone to perform a soft-update upon a NIC card, changing the MAC address. Indeed, MS Word used to embed the MAC address into documents as a (secret) form of identification.
-jerdenn
Yup. I think the Register has been smoking something serious:
"If one morally questionable teenie can successfully generate one operational key by leaving their home PC running overnight, then Redmond has quite clearly blundered."
Microsoft made it known long before Windows XP ever came out that the keys were only meant to prevent "casual piracy."
--------
"If you can't find any news, make some up."
Donate background CPU time to fight cancer.
The version of Windows XP Pro making the rounds with Warex is a special corporate version that does not require the registration.
;-)
It's quite handy, if I say so myself
...then even track which store location gets each copy.
Right - that much is a given, but once Best Buy has the box o' software, I doubt very much that they track who buys the software, which is ultimately what MS would need. If in doubt, try buying WinXP with cash, and see if they take down any personal information. I think they probably won't. Besides, there's nothing that says that I can't buy WinXP in another part of the country (say on a business trip or something) and then take it back to where I live - that would mess up the 'system' too. It's tough luck for MS, tougher luck for their customers, and toughest luck of all for the sundering of the business-client trust relationship. And I just don't think that even MS, juggernaut though they may be, can bludgeon through this - so the Windows XP activation will remain a nuisance to those unlucky souls who happen to buy an MS product whose key has already been distributed. D'oh.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
So that's why they have those darned plastic boxes...you learn something new every day! I thought it was similar to a child-proof cap on a bottle of pills - you know, something to make you think to yourself "hmm, opening up a Microsoft product, do I really want to open this box?" :) Product safety and some such, you know? :D
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Why anyone would bother on the subject of key generation for XP anything is beyond me. The analysis of Blizzard, who has a very singular and controlled audience and their activation key scheme, has no correlation to MS in all practical pirating sense. Blizzard has one particular audience...the end user. MS has numerous and some very demanding audiences. Of great importance to them are their corporate and developer networks. In these instances, MS has lessened (bulk licenses), and in some instances, eliminated the restrictions (read, no key). A developer would not tolerate having to call MS central each time one of their engineers reinstalled Windows XP...particularly after spending $2K buying the MSDN packages. The simple fact is that no matter what Uncle Bill releases, he will - unlike Blizzard - gladly, and by contract release an identical, but less restricted copy to the MSDN and corporate license holders. These versions of the product are not constrained to the same activation key/call-Uncle Bill-for-permission-each-time schemes that the comparable the off-the-shelf versions are restricted to. Anyone who bothers with a pirated retail version of any MS product only begs for any associated hassle...particularly when a perfect good and unrestricted developer version is out there somewhere. Of course, thats just my opinion...I could be wrong
Uh, you missed the point. If I use whatever-that-crack-is to generate a valid product key and activation key, I never need to register with Microsoft. So I could have 1000 copies of XP running, and Microsoft would never know. The only time they might possibly know is if I connected to the net to download updates or something, and I don't need to do that on a cracked copy of XP.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
Or just click here !
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
In the very big companies, you'd be right. But volume licenses for MS OSes go down to 20-30 seats. That was one of the things that nearly caused a customer revolt, when MS tried eliminating the low-volume corporate licenses. And in a company in the sub-100-employee range, they likely manually install the OSes. I worked for one of the bigger commercial truck-stop companies, and I had CDs for most of the software on my desktop computer in my desk drawer (which I considered a mixed blessing). Under those circumstances I'd be suprised if copies of the no-activation CDs didn't wander from time to time. You won't see those keys circulated, though, because the people who're using them aren't comfortable handing them out to the world. There may be no difference, but they consider what they're doing different from handing the keys out to all and sundry. And the company may be liable, but what would MS do? Without activation there's no way for them to detect the illegitimate copies easily, and if they came down too hard on the small companies then those companies would switch to Macs because they can't afford the liability, and MS isn't going to write off that large a chunk of their customer base, sabre-rattling to the contrary.
"This is the Unix philosophy. Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface." - Doug MacIlroy, the inventor of pipes.
You have to pipe your Base64 data through it (or similar one) like this:
(it's one line, $ is the shell prompt) or like this: (also one line) or you can omit the "<" so you don't write the inputfile content to filter's standard input, but give the "inputfile" file name as the fist command-line argument. Every good filter should work like this. That way you can use input divided into parts which has the same effect as but internally works totally different, which is however transparent in Perl, thanks to the magical <> diamond operator.~shiny
WILL HACK FOR $$$
Unfortunately for whoever the bozo who writes CDRWin is, if his access control scheme damages or disables anything besides his own program, he could be liable for some serious penalties. That kind of "copy protection" was tried back in the early 1980s, and after a few lawsuits it was established that doing anything destructive to the other guy's property is illegal and opens you up to some serious liability--even if they did illicitly copy and use your software.
Thanks for publicizing that this guy writes malware, though. I'll know to avoid any product of his, and recommend that my friends do the same.
---dragoness
I have the *cough, pirated, cough* copy of Xp Pro corporate, and was playing around with it last night. On exlorer (i think, not internet but the file one) if you click help, theres an option : "Is this copy of Windos legal?"... i almost died laughing. When you click on it, it takes you to an asp script on microsofts server... thank god I don't have a net connection or I might have been in some trouble.
can't sleep slashdot will eat me
If I use whatever-that-crack-is to generate a valid product key and activation key, I never need to register with Microsoft.
:) and you'll be up the creek, sans paddle.
Assuming, of course, you never intend to allow those machines to connect to the Internet. On the one copy of Windows XP I've installed, the first thing it did was check authentication keys with Microsoft - on the internet. Maybe there's another way to install Windows XP that I'm not aware of - some method to install WinXP without needing a 'net connection, but as soon as you decide to take your pirated copies of Windows online, they'll undoubtedly check with MS (say, for "upgrade information" or other "helpful features" from your favorite meddling^H^H^H^H^H^H^H^Hhelpful OS corp
But maybe I'm wrong about that...care to show me how?
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
the job listings on the internet and in the newspaper are [lying]
You claim ALL those listings lie?
Seriously now, when taking partial sentences you can twist some words rather nicely.
I said it was useless except for creating crappy GUI's, which is what most companies use it for and what's its in the paper for.