Slashdot Mirror
WinXP Keygen Foils Product Activation
Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"
Don't they have some kind of database with all the keys in it.. (after all, a lot of games out there such as anything newer by blizzard works that way)!
But fix the security hole they put in box, as well!
Woohoo! :-D
That means you probably could get 25000 keys in one hour if distributed.net was setup to do that. Even DES is harder to crack. That should tell you something about the extent of Microsoft's understanding of security issues if they can't even protect their own bread and butter correctly.
then they are grossly mishandling their activation system or they seriously underestimate the intelligence of most Windows users.
Considering M$, I think it's a little of the former and the latter.
Nicely done, Kathleen. He'll appreciate that.
Geek chicks rule !
When will I end this grieving ? When will my future begin ?
The Register's editors have obviously misspelled "Now that it's made Slashdot's front page, for about 10 more minutes..."
There's no way to make a crackproof piece of software. If a user has access to software, he can crack that software. Period.
:), but these keygens only work for the offline version of the game. As soon as the someone tries to use that game online, they're denied access by the game server because their genned key isn't in the database of valid keys in the field.
However, as the article notes, cracked software can be detected. No matter how good the cracker, there's little that can be done against online verification. If MS keeps a record of all valid keys, then anyone attempting to use online MS services of any kind with a genned key can be detected and denied/disabled.
This is an old trick for online games, etc. Crackers come out with keygens for such games almost simultaneously with the release of the games (or even before
So, this story has little import as far as MS' protection being faulty. I have no doubt they expected it, and I have no doubt that they don't care too much. Using Win XP w/o the ability to update or connect to certain online services safely will probably end up being more than sufficient protection from MS' viewpoint.
I was trying to decode this, but was having trouble with it until I figured out that it is in base64 encoding, not uuencode (as it appeared at first). If your Linux or Unix distribution does not have base64 installed by default, you can get it at http://www.fourmilab.ch/webtools/base64/. Thank you, Fair Use Guy, for promoting this tool.
Loneliness is a power that we possess to give or take away forever
After all, nothing is unbreakable....
The only exception being, of course, Bruce Willis in the movie of the same title...
But I digress...
Jason
He's totally creeping out the Great One, eh...
It all depends whether or not Microsoft keeps a world-wide database of valid product keys for each and every version of Windows XP sold. I used to work for an employer that had a system that registered EACH and EVERY serial number of a product BEFORE it was sent out to distribution. We could track the usage and blacklist any of the "products" we wanted. The system even was smart enough to detect fraud based on a number of criteria (like if two serial numbers showed up at the same time). any serial numbers that existed that weren't in the database were blacklisted automatically.
I have to wonder if Microsoft has done this? I mean, logging every single serial number for every copy of WindowsXP produced everywhere in the world...and then maintaining it. That's a tall order, even for them. I think they'd get more bang for the buck by blacklisting every copy of XP that uses that "FCK" serial that was distributed like crazy.
The article makes mention of Microsoft possibly breaking illegally copied versions of XP corporate via patch in the future. They have not done this yet, and I do not think they will. Think of the public relations nightmare that would ensue if MS broke even some legitimate copies (licensed copies with wrong serials).
It has been said before, but the determined "pirate" will not be deterred by inconvenience.
I think they know its not worth their while.
By allowing me to decline their license and give me the refund they promise if I do so, I don't see why I should accept it and activate periodically.
ncftp -u xpkey -p xpkey -P 6473 24.22.15.128
#!/usr/bin/perl
.= $_; $x =~ s/[\r\n\t ]//g; } print decode_base64($x); exit 0;
use MIME::Base64; $x = ""; while(<>) { $x
Just find a copy of the license pack edition - it requires no activation. I use this at work - you can even change a whole motherboard out and it doesn't say a thing. Perfect for ghost (which is what we use it for)
If not, this generation of WPA is now surely toast. If so, I guess they'll have to change the name to "Product Cracktivation" :-D Sorry, I couldn't resist.
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
I was wondering about this after I heard the story somewhere else first, ( hoho ).
Most people not paying for XP are either going to be using the crack on the "trial" version or downloading the corporate version from their fave p2p network.
Thinking about the 2nd scenario, the corporate version requires a key, but doesn't need activation. The key is printed on the back of the cd case and every corporate version.rar I have seen has the same key- starting, (amusingly) "FCK..."
Anyway- the corporate versions of Win2000 didn't need a key- they filled it in for you (unless I am getting mixed-up with other MS software of the same period).
So, the big question is: Why does the corporate version need a key? MS knows it is damn easy to write it down, so there's no security there, but if MS wants to check the key when the system connects to the internet, checking against a database (oh look, 3 million people all using the same key!), then isn't this a similar hassle to product activation, only done sneakily with no dialogs ?
Presumably if you install the corporate version with the "FCK..." key and never connect to the internet then it will never hassle you or expire or need to be activated, but if you do connect to the net then it *could* be sort of activating itself by checking the key with microsoft. If this turns out to be the case then you could always block it with your favourite firewall, since as this would be a sneaky check they could hardly deactivate your machine if they couldn't connect...
Then again, we all know that MS loves home piracy and the product activation is just to stop small and medium businesses from using one cd on their whole lan.
graspee
I couldn't tell from the article, but I assume you would go through the "I don't have internet access so I'm 'talking' on the 'phone' to a 'representative' of 'Microsoft' who has 'provided' me with this 'key'" process.
Otherwise, it'd be pretty useless.
What if someone using this keygen generates my key that has already been activated? It will look to Microsoft like the key-in-question is being installed on a different computer with different hardware. Then the next time I go to re-install XP my legitimate key won't work.
No, I don't want to explore the Recycle Bin.
That isn't a "keygen" per sae.. it is just a program that spits out a random, probably stolen, key.
Thanks for trying, though.
Uh, they havent started doing that with win2k, win98, winme, or any of their other products, why would they start with xp ?
The only thing even vaguely close is the ms office update that refuses to install if its running with a known bad serial number, but that doesnt disable anything.
My theory is that the damage is already done. Messing up the OS isnt going to make the person buy a real copy, it'll just make the person reinstall the same insecure pile of crap they installed in the first place, and then ms will get blamed again because stupid people dont know how to secure their illegal boxes. It's in Microsoft's best interest to let people with stolen versions update their OS, so if nothing else, they dont have software pirates spreading things like Nimda.
Video for Online Dating Profiles
Now there's two copies of WinXP out there with the key, one of them bad. Simple solution, right? First guy to use the key is legal, second guy is the pirate. But wait - suppose Joe Script-Kiddie gets the key and installs a pirated WinXP before Joe Sixpack gets home from Best Buy. Now the situation is reversed, since the first guy is the pirate. And I doubt that any serial number database MS would set up would have something so obtuse as where each individual copy of Windows is sold - it would defy logic to think that the serial number of every copy of Windows is tracked with that copy's physical location. So you can't really sort out who bought Windows legally, and who's installing with a bogus key. Sounds like a tough nut for MS to crack - well, tough shit.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
Are you sure posting this is a good idea? Now Slashdot is a distribution channel for illegal circumvention devices, which is a terrorist act.
They'll be coming after YOU next.
Welcome to the 21st century.
I mean, this was probably done before Microsoft spent 20 business days plugging all their security holes.
waiting for the 4-line Perl version.....
Nice theory. Too bad it runs afoul of one inconvenient fact: the copies of WinXP in use in most companies do not have WPA in them at all. Only the retail versions get the activation, OEM and Enterprise-license copies are essentially pre-activated or don't require activation.
It was cracked. Big deal. Everyone is saying "Now we can use this and won't have to register it with MS!" or "They probably have an archive of keys and can see the fakes, who will then be arrested!"
No. Here's what I say: So what?
Great, it's cracked. You know what? The number of people who will wind up using the crack is probably insignificant to MS.
Newsflash! There have been anti-activaition cracks from day one with more efficiency than this. How about the cracks that allow you to never register? How about buying a version of XP Pro that doesn't require activation (Corporate(expensive) or Academic)? How about pirating one? I looked on hotline the day of XP's release and there were already several servers claiming to have the Corporate Version of XP Pro.
To top this all off, how many people will really use this? I'll give you a hint: proportionately few. The vast majority of people who will upgrade to XP either don't know or care that there is a hack, or are businesses that have to have legitimate software (activation and all). Well, I suppose they don't have to, but most businesses consider it a good idea.
So that's my thoughts. It's cracked. It's a great feat and all, but the number of illegal copies of XP isn't going to suddenly, dramatically surge.
"Please do not use it if you have not paid for Windows XP."
If you have paid for a copy of Windows XP, it would have come with the product key, defeating the need for a keygen. I imagine that your intent is so users may install XP on more than one of their own, personal machines, but what would the ratio of them to users who just need a key to pirate the software be? I'm going with many more pirates to more legit (not totally legal as you are not complying with the EULA [which is a whole other issue in itself]) users.
Please do not think that I am against Fair Use, but Slashdot is not the place to publish this type of software. Newsgroups, personal websites, etc. would be a better place for this type of code. Just to keep Slashdot out of any legal trouble that may come of it.
Amigori
"The quality of life is determined by its activites."--Aristotle
and then you can protect the whole shebang under the DMCA.
Right now, it's not illegal for someone to make a key generator, it's just copyright infringement to use it *for a pirated copy*. Presumably it's legal to use the key generator to activate a legitimately purchased copy of XP.
But by including a movie clip and citing DMCA, the mere act of writing a key generator becomes a crime.
The living have better things to do than to continue hating the dead.
I bought Sierra's "Tribes 2" game a number of months after it originally came out, and when I went to register and sign into the online portion of the game for the first time, it came back with a message that I was using a pirated CD key! Considering I had just brought the game home from Electronics Boutique and read the key off the back of the shrinkwrapped case, I figured this was unlikely.
Eventually I got in touch with Sierra and they had me fax them a photocopy of the store receipt and the back of the case clearly showing the CD key (which was a bitch since I don't have a copier). Within minutes of doing so I was back in business. I can only assume Microsoft has a similar policy, where if you can prove ownership, they'll unblock your key.
Rock over London, Rock on Chicago. Wheaties: Breakfast of Champions.
Good god, who here ever thought WPA was going to stop the pirating of MS software?
*prolonged awkward silence*
Yeah, that's what I thought.
You posted the wrong keygen.
about this one they are talking.
here it is:
--snip--
UEsDBAoAAAAAANZ6TiwAAAAAAAAAAAAAAAA5AAAAc29mdHdhc
--snap--
base64-enc, some
greetz,
deucalion
The aforementioned program is NOT the best solution. It only generates CD-Keys, you still need to contact MS, give MS your key (and hope they don't notice it's generated) and get your activation key.
Most people don't want to contact MS in the first place -- perhaps worried they could trace IP-addresses...
The ideal crack would be a program that took a CD-Key as input, and generated a activation key as output, just like Microsoft itself.
Does such a program exist?
There's 10 types of people in this world, those who understand binary and those who don't.
I don't even have XP, nor any other XP product (my only windows is the one that came with my IBM thinkpad which is 98), on my desktop I use linux, but I was curious, so I debase64ed this program, virus scanned it and tested it.
It only contains 4 keys.
If you click on about, it says:
"This is the first of many XP keygens to come. As new numbers are being discovered, they will be added to the final version. Email us for more info on this and other keygens! crackware_y2k@hotmail.com"
Anything? Really?
Hey, make a copy for me and 5000 of your other friends while you are at it!
Unfortunately, now that the DMCA is law, there's little distinction in Copyright law between making illegal copies and breaking in using activation keys.
That's why we needed to stop the DMCA before it became law.
Our hopes now lie in the DMCA being struck down as being too broad or ambiguous.
There's near zero chance that Congress would ever seriously review the DMCA as long as the Media Giants like the status quo.
This situation will become much worse if the current version of Campaign Finance Reform that just passed the US Congress becomes law. Under that law, we won't be able to get together and run issue ads against the DMCA around election time, but the Media Giants, through their news organizations, can run endless editorials and stilted "news" stories about how the DMCA is a good thing right up to and including on election day.
There's still a good chance that bans on issue ads wouldn't pass judicial review. See this page for a discussion of the issues. It seems that this ban would run against the 1976 Supreme Court Ruling Buckley vs. Valeo. There can be no ban on spending, only on individual contributions, which the "soft money" ban would effectively do.
In any case, I don't see much hope of getting the DMCA repealed. Even if we could try to drum up support, it would be an extreme uphill battle trying to get people to understand the issues, what's at stake and overcoming the powerful interests on the other side of the issue. There's some hope that it could be ruled unconstitutional. IANAL, but in my opinion, a bright spot is that recent ruling reported on /. where a judge ruled that put software sales back into the domain of "First Sale" like books regardless of whatever EULAs they might have you clicking through.
Have you ever used WindowBlinds? It made my otherwise predictable and stable Win2K rather unstable and sometimes downright unusable. I used it for longer than I otherwise would have because when it worked, it really was a cool product. And even at that, I think I had it installed for less than a week before the stability issues just became too much. If you have used WindowBlinds, was your experience anything the same? And if you haven't, why not?
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
To: Bill Gates, Chief Software Architect, MSFT
From: XP Activation Team
Sir, the XP Activation team would like to sincerely apologize for today's unfortunate occurence. In order for you to better understand exactly why this happened, we would like to outline the following sequence of events:
1) Per the mandate from Sales and Marketing, every single machine on the Redmond campus has been upgraded to XP, including the XP Activation servers. (By the way, we would like to congratulate Procurement on the expedited delivery of ten new servers - while traffic has not substantially increased, our ability to process requests seemed to require additional hardware after the upgrade. Technical Support has informed us that nothing is wrong with the XP system itself, they believe our code is not optimized so we are investigating this issue).
2) In response to the recent posting of a so-called "XP key generator" by the Rebel Alliance, we turned on the "UnauthorizedKeyLockDown.asp" page that you designed, wrote and had us install right into the production Activation servers.
3) Immediately after turning on the module, all valid Activation and Authorization requests were denied while all invalid requests were approved. We are attempting to trace the source of this problem - we currently have it narrowed down to the "UnauthorizedKeyLockDown.asp" page. As this page contains over 10000 lines of code, we have yet to identify the root cause of the problem.
4) Additionally, it appears that once an authorization request is denied, the "UnauthorizedKeyLockDown.asp" page locks up the requesting computer, forcing it to display an animated glove which proceed to make several inappropriate gestures and repeatedly shouts "Die OpenSource scum!!!"
5) Becuase the XP Activation servers actually run on XP, they attempted to authorize themselves - while normally this request is approved, please see item 3 above.
6) The XP Activation servers responded correctly to the UnauthorizedKeyLockDown commands. Nor can they be unlocked until they can access a functioning Activation server. All valid authorization attempts from any client continue to receive the UnauthorizedKeyLockDown commands.
7) Our machines are now among the several thousand computers affected across the campus.
8) While several suggestions have been made on how to remedy this problem, all of them have procedural or policy issues for which we are waiting a response from Legal. For example, can we downgrade the XP Activation Servers to Windows2k? Our license agreement specifically forbids this, so we would need a waiver. The same thing is true for trying to use an invalid key - we have strict no-piracy policies which we have not been able to obtain permission to workaround.
9) At this point, we have no estimated resolution for this issue. Because we already have an open issue with Technical Support (see 1 above), they are unable to provide any further assistance until that issue is closed, which we are unable to currently accomplish (see items 1-8).
Please provide us with some guidance on how to proceed,
Sincerely, the XP Activation Team.
Because the MAC address is considered one of the few relatively static numbers easily associated with a particular workstation. It is not a normal event for a workstation to have a NIC changed, or for someone to perform a soft-update upon a NIC card, changing the MAC address. Indeed, MS Word used to embed the MAC address into documents as a (secret) form of identification.
-jerdenn
Initiating karma burn in 3...2...1...
:)
Minimum wage is supposed to be a learning wage, not a living wage...
You're an arrogant little cock, aren't you? Pardon me while I feel bad that you're paying an extra dime or two for a fucking hamburger while somebody else slaves away earning billions for somebody else, while they themselves earn only enough to pay for maybe half of their living costs. There's some half-witted retard two posts down or so that thinks that without welfare, we wouldn't have a recession - this, despite the wage-slaves at the local Mickey D's probably aren't on fucking welfare...they have jobs, after all and you, who apparently doesn't think that everybody in this country deserves a livable wage. Isn't that why people came to America, to get out from under the thumbs of the ruling class and find a way to make a living, despite (horrors!) maybe being somewhat behind the curve? Equality of all humans means jack shit to you, does it?
--Begin wanton flamage--
I guess it's just not good enough for you, Oh Mighty Fast-Food Devotee. But we all see right through you, you fucking prick: all the "hard work" and "education" you do (and that your mommy and daddy probably pay for anyways) will never allow you to grow up enough to help out somebody who's on the skids, or is just trying to make their way through this fucked-up world. Your own life is so pathetic that you have nothing better to say about those "below" you than gripe about their existence on subsidence wages in this, the greatest country in the world. Well fuck you and the horse you rode in on, dickhead.
--End wanton flamage--
Besides, numb-nuts, you're not subsidizing the guy for whom a house and car is "enough" (like not being a bitch of consumerism is a bad thing...) - you're subsidizing the three-piece suit who runs the chain. Remember that, next time you feel self-righteous when purchasing fast food. Jackass.
Karma burn complete...
Eh, what the hell, it was worth it.
But what does my opinion matter, I just vote here. It's not like I have any money or anything.
That's true, but it doesn't prove your point. By itself, superficially, all that it is an argument against economic regulation of any form. It's certainly a superficial argument against taxation, of which the minimum wage is functionally equivalent. In fact, not only does something like taxation only transfer wealth, it almost always generates an economic "friction" that reduces wealth creation.
So that shows that all taxation is bad, right? Wrong.
In the most obvious example, taxation allows the funding of a law enforcement agency that protects citizens from violence. If an armed gang can roam the marketplace at will, stealing anything they like, the marketplace will fail and wealth creation will dramatically plumment. Therefore, taxation which allows for funding of a police force pays for itself, in spite of the fact that it creates an economic inefficiency, because it protects the very existence of the market. This is an example of why it's boneheaded to claim that all regulation of markets is bad -- some regulation ensures the proper functioning of the market. Financial disclosure and, in general, accounting transparency regulations play an important role in safeguarding the market for securities in public corporations. I mention this to allude to the current Enron scandal.
Beyond regulation of economic activity to protect against "violent" acts, there is also beneficial regulation that supports and protects the infrastructure of the market. Roads and highways, and public education are good examples of this.
With that in mind, it's important to consider that the legal minimum wage certainly acts as a public good, in that it very well may be the case that were those earning minimum wage to earn what they're "really" worth, that amount would be far, far lower than anything approaching a "living wage" -- and that the resulting poverty would generate any number of secondary costs to the economy as a result. There would undoubtedly be more violent crime, as for the very least skilled it would be economically more "rational" for them to wield a gun and take their chances with the law than it would to work at a job that they were "worth". To combat that, we'd have to pay for additional much more highly skilled public workers (police officers) at inflated rates to compensate for their physical jeopardy. In just this limited sense, the extra twenty cents for your burger may very well be offsetting what otherwise would have been an extra thirty cents in direct taxation to pay for police protection.
I think it should be pointed out that even in a recession, the American economy has a very low level of unemployment. Those who have argued against minimum wage laws have always predicted that the resulting economic inefficiency would destroy jobs. The problem is that the difference between the current unemployment rate and any sort of realistic "full emplyment" is very small -- it is now understood that the last one or two percent is intractable. Even the complete abolition of a minimum wage wouldn't eliminate that last bit. In fact, there's good reason to believe that trying to achieve a literal full employment either by regulation or deregulation is a losing proposition in that the harder the rest of us push for the last two percent to work, the more expensive, one way or another, they'll make it for us to do so. They'll either be unbelievably unproductive workers or criminals. Neither come cheap.
I'm all for rational economic analysis. Unfortunately for the ideological conservative, such rational analysis does not always lead to the conclusions that they favor. Some taxation and regulation is undeniably economically advanatageous.
and you, who apparently doesn't think that everybody in this country deserves a livable wage
:) )
There's where you're wrong: I do think everyone in this country deserves a livable wage. I simply don't think McDonalds was ever supposed to qualify, and forcing it to do so actually puts the workers at a disadvantage. The more money you can make flipping burgers, the less incentive you have to find yourself a real job where you can make real money. This is especially true when you start talking about couples working minimum wage jobs together - the higher it goes, the more they make, and the happier they are. It's a pity that people like this may never find their real talent (everyone is talented in some way, and everyone can be successful) because they're lured into a false sense of wealth.
The federal minimum wage is perfect. It's enough money to barely scrape by on - and I do mean barely. When you're living such a meager existence, you've got all sorts of incentive to research more options. When minimum wage is $7 an hour on up, between two people you're making $30k a year and that's not half bad. If you don't believe in yourself, why would you ever believe you could do better? (If you're making $5.25 an hour, you're almost forced to do better)
See this post for a longer explanation. And thank you for the compliment - I'm glad you enjoyed my other posts. It's too bad this one was so misunderstood. (Personally, I also enjoyed your post - the part about fucking the horse I rode in on was especially funny.
-Ryan, with the unoriginal sig