Slashdot Mirror
Microsoft Genuine Advantage Cracked
piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."
Indian cracks Microsoft's anti-piracy program
Alok Sharma | June 21, 2005 14:53 IST
An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.
Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.
Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.
WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.
Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.
Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.
So... where can I download this?
since MSFT is trying to expand into there and hasn't yet been able to get China to even crack down on IP enforcement on their own government ministries, let alone the military factories.
-- Tigger warning: This post may contain tiggers! --
torrent?
Phew! I thought they meant the other one.
Like, the one that writes dialogue that actors get credit for.
I love how they say it represents very little threat. I guess we can expect them to save face, but someone must be kicking themselves over this one! "Very little threat" probably translates into millions of copies distributed over P2P networks :)
I store my recipes online (the way nature intended)
A lot of people on that security forum that are going to post about this in their blogs, and boom, everyone's going to be able to upgrade XP without worries. It poses very little threat to Microsoft, whatever. Once again, people will have the ability to forego M$'s BS and do what they've always wanted to do.
Microsoft? Secure? Those words don't belong in the same PAGE.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The first is from George Patton : "Fixed fortifications are monuments to the stupidity of man." The second is from Karl von Clausewitz: "If you entrench yourself behind strong fortifications, you compel the enemy seek a solution elsewhere." I think these speak volumes
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
So now we'll have all these news reports mentioning the Genuine Advantage of Microsoft products. They could hardly have made a better marketing campaign themselves.
Funny to see the word's "genuine" and "microsoft" in the same story. I love the smell of irony in the evening.
"It's difficult to meditate on amphetamines." - Joe Walsh
Microsoft has the right to restrict product updates to only their paying customers.
However, the installed base is huge and the illegally installed base is also huge. Microsoft, because it is their OS, has a moral responsibility to prevent internet worms and viruses by releasing patches to all users, regardless of the legality of the installation.
Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?
... they want their copy protection scheme back.
my geeklog
Genuine Advantage. Oh, My!
Pumbaa! I don't wonder; I know.
http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip
If MS blocks updates to only legit windows users, all the pirates are going to be forced switch to a more secure OS. It'll be the only way they can protect their PCs from their own viruses! If you ask me, MS is shooting themselves in the foot. Their precious "market share" is going to drop due to the pirates switching to something else. Not a good thing to be doing when Apple just announced they'll be compatible with Intel chips.
http://inhome.rediff.com.nyud.net:8090/money/2005/ jun/21ms.htm
This smacks of vaporware. Which "high profile security mailing list" ? What was the exploit ? When and where did Microsoft "confirm" the findings ?
Genuine Advantage is a pain in the arse for both registered and unregistered users. If reinstalling windows was a nightmare, imagine now with having to actually activate your windows. And now for updates? Come on!
Somebody has to put an end to this.
Is this the same exploit that was reported last month?
This was discovered by multiple people months ago, as evidenced by this full-disclosure thread, with a followup by another discoverer of the same exploit.
DVD Jon has been out-sourced to India!
I mean, I'm fairly certain they would try and hack it (it's there, after all...) but would they, in general, give the info to MS, or would they (out of altruism for future consumers, or just out of spite) keep their hacks to themselves so that they could be used effectively against the product.
It just seems that these things are always cracked relatively quickly - couldn't microsoft somehow incorporate this into their pre-release coding cycle? I guess, though, they don't want to release their programs before they, er, release them.
Physicist, consultant, science communicator
Camera opens to a busy office site with meetings meeting, conferences conferencing, and engineers engineering, all with the air of determination to keep this secret from ever seeing the light of day.
/. and has a few minutes to kill before the wife servers dinner...
Next scene; a bored indian software engineer reading
By the way, where could a disinterested person download a copy of the source so as to "verify" the authentiscity of the minor discovery?
ive used the program and put the little token into their site and it still wouldnt let me download something (cant remember what it was right now) so even with this crack or if youre legit you might still be out of luck :D
From the doc linked to:
>6. After downloading "GenuineCheck.exe", run it on the machine running a genuine copy of Windows XP.
> It will generate a code which is used for WGA validation. Copy the code and use the same code to
>validate a pirated copy of Windows XP and bypass the WGA.
But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.
But sadly this will only make it easier for people unwilling to pay for windows to continue to use it. It would be better if they had to find a cheeper (legal) solution.
This sort of thing should be fatal for the argument that "if anyone can see the source, anyone can find exploits", but for now at least, Microsoft has the stronger orbital mind-control ray.
http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8 &q=genuinecheck.Exe
It has been exploited before.. it's nothing new... and you don't need that if you use a proper keygen and pirated windows version so this is pretty useless... who cares?
that i'd like to quote any one of the number of people who asked "and we are surprised by this why?" in today's earlier story about microsoft stopping unix/linux antivirus software
vodka, straight up, thank you!
Someone call Microsoft. We found someone who isn't already using the corp version of XP with a "legitimate" key... er, not that it works of course... ahem.
Where does that "impenetrable" quote come from? MS has pretty openly stated that they know that protection mechanisms like Activation can, and will, be cracked. They have been pretty clear that these mechanisms are in place more for the hobbyist or mom-and-pop user, than the people that would actively seek out cracks/pirate software.
Anyway, what's the point of doing this? You can still download things from Microsoft's site if you don't validate. You just have to pick the "Don't validate" option. Oooh, great, some guy made it so you don't have to click the annoying "No, thanks" button every time you want to download Microsoft Anti-Spyware!
The *real* challenge is to crack the activation algorithm. (which I belive that has some form of the RSA algorithm in it). People, WGA != activation. Activation is the one that's a bitch. If you happen to mess with your hardware in your Windows box a lot, you'll know what I mean. And since I can never use the Internet activation because I "Already used that code too many times" (Swapping IDE hard drives once in a while for backups with Windows is out of the question now?), I end up having to call Miss Microsoft Robot all the time, who always tells me it's very important to use Windows Update to protect my computer from viruses before she gives me my activation code.
Bored? Browse Slashdot with a +6 modifier for Troll comme
Just remember, anyone who pirates Microsoft software is raising your prices! Turn them in to the BSA today!
Lacking <sarcasm> tags,
we're now outsourcing hackers/crackers?
I have moved all 5 of my home computers, and 3 of my work computers, to Linux because Windows is, among other deficiencies, too much trouble. I have friends who are currently doing the same thing.
The only trouble I have with Linux is that it is not as widely accepted as Windows, but I see that changing more and more lately.
How much user base is Microsoft going to have to lose before they "get a clue"? Never cause your users an inconvenience.
Today, it would be possible to build a damn-near invincible fortress - use granite blocks of a similar size as those for the large stones in Stonehenge as bricks, have them interlock so that shockwaves can be carried non-destructively, and build it as a gigantic geodesic dome so that impacts are tangental and not perpendicular.
This isn't "fool-proof" (fools are way too ingenious) but it would offer a formidable target that would be hard to punch through.
Can you create something analogous in software, where the design is such that the "impact" of an attack is less likely to break through?
Yes. The standard network "firewall" is just an electronic castle, permitting traffic only through controlled gates. A portcullis arrangement (two back-to-back firewalls with a NIDS system in the middle) would provide a stronger fortification, if historic warfare is any guide.
The dome arrangement, where impacts are distributed so that no one component ever takes the brunt of the sttack, would be analogous to using a highly distributed security model, where different components in the model have to validate for the communication to be accepted. That way, exploits in any one component are of no value, unless absolutely identical flaws exist in ALL the components.
Ok, so we've got a system that offers some semblance of security. Can it still do anything, without that security being compromised? After all, anyone can make a 100% secure computer by turning it off.
Depends on how secure you want something. Let's take the key validation that Microsoft wants. What you want is non-duplicatable information. Easy enough - print a 1024-bit "public key" on the packet, which matches a private key on the validating server. Use the key to generate a unique ID, which is copied onto the computer. Any subsequent communication has to match the unique ID and the public key.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Both generals were talking about some kind of conventional warfare. Microsoft vs the hackers isn't conventional warfare. It is a lot closer to guerilla warfare. Against guerillas, a fortress is good protection. Of course, as Mao pointed out, the guerillas may be able to let their enemy rot in their fortified cities. That may be closer to what's happening here. Microsoft may be like the conventional army which alienates the population. When that happens, the war is as good as lost.
Like the IRA said to Margaret Thatcher: "You have to be lucky always, we only have to be lucky once." Microsoft is in the same situation. The battle is ultimately for the hearts and minds of computer users everywhere. If Microsoft makes a pain of itself in its attempts to defend its territory, their customers will eventually defect to the other side.
btw: Things have changed in Northern Ireland. The population is becoming VERY disenchanted with the IRA. Many Catholics now hate them more than they hate the Brits and regard them as little better than organized criminals. Similarly, with many years of hard work, Microsoft could regain its good name (but I'm not holding my breath).
Go here and download here.
The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.
It rejected the XP Home OEM key that came with my eMachine, purchased from CostCo.
I wrote a essay like that in my 'History of War' class with just quotes like that. You need to explain why you choose these quotes.
Microsoft has already fixed it by removing the link to GenuineCheck.exe from there website. A hack would be decompiling GenuineCheck.exe and turning it into a keygen.
... you still haven't done it, and never will.
And this was back on May 24th, Slash-losers.
Keep looking for ways to bring the great Bill Gates down
Haha.
That would be my guess. It's not like the original site is even slow or anything.
Advantage: India
--
make install -not war
Hmm, being that an Indian found this, me thinks it was cracked by an Indian working there for Microsoft. After all with outsourcing and such.
it's a cat and mouse game, and frankly the hackers crack the encryption for the challenge of doing it, because frankly not everyone should have to pay the highway robbery price of windows... even bill gates can be quoted as saying 'software should be free' from back in the day when geeks traded puch tapes of code in the back of vans and copied them ;)
;)
;) linux has enough interesting games for the casual user, and firefox can be set up so web sites with games can be played too, which is what most casual users think of when they think of online gaming, they think og site like pogo or yahoo! games ;)
;) so really you're helping microsoft stay number 1 in install base, while eroding thier bottom line, by pirating windows. frankly right now their bottom line isn't hurting that bad... they're worried about it though, because they know the only thing that microsoft does is add value to the basic principals of writing an OS. if anyone can do this better than them (apple comes to mind, at least for retail prepackaged machines) but they can't touch the white box field, because it cost too much money and headaches to polish a piece of software as complex as windows that will run on almost any configuration of standard PC hardware. linux can only make so many inroads because frankly it's being written by geeks in thier spare time, and a few who work for companies and are told to 'maintain' linux for cred etc...
copy protection is worthless, imo, windows would be better off just trying to convince people that piracy is bad, like the mpaa is trying to do with the ads at the front of dvds that can't be skipped... they'd be better off having an advertisment on the windows load screen and/or as the default screen saver than to put tons and tons of protection that will eventually be cracked for the challenge of it
Piracy is bad, but most of the people who resort to it, are desperate, a few are criminal, but most people aren't that bad. the worst are the crack addicts selling dvds/software on street corners to buy thier next hit... and frankly you don't have to be a crack addict to try that, if you need to have that 10 grand configuration of the dual g-5 2.7gh with 30" apple cinema display, and dual 400 GB hds, and 4 GB of ram... and don't have a job what better way than to sell pirated dvds/software on the street to score the cash without feeling really bad about yourself...
Note: the rest of this post is rambling, and may be inchoerant, feel free to skip it, i only included it for the people who like reading my comments..
Windows has a high price point, because they make a lot more money that way, eventually this will change, because really, you're paying for the 'value added' with commercially packaged software.. So really all microsoft is trying to do is protect the value they added to the basic functions of an os, but reguardless, all they need to do is make it hard enough, they don't need to stop everyone... they just need to be able to contain the flow of illegal copies because unlike apple, they're not a hardware company, all they do is write a complex piece of stoftware that is intended to run on virtually every POS baddly designed motherboard and chipset out there... apple, doesn't do that, they just write one for thier own hardware, which makes it a lot easier. but really, pirated copies of windows that are 'reasonably' difficult to get are no worse for windows than linux. If windows becomes too hard for some system builders to pirate, they will just install linux, and explain 'it's less prone to viruses than windows' they will be forced to switch to linux, and linux certified hardware, the better windows copy protection gets, the better it is for linux, frankly. not everyone needs a true gaming rig, and frankly a lot fo the people who have one probabbly are sleeping on a mattress someone threw away in the trash
okay i'm rambling sorry, but making the cracks too easy to get just helps windows market share... cracking the encryption to be the guy/gal who did it is fine, but if you want to help the case for linux you simply shouldn't make them easy to get
https://www.gnu.org/philosophy/free-sw.html
For those of us who want to see the article, but don't have the ability to open Word documents,
http://www.css-auth.com/gen_adv/
Although this being called a "crack" is laughable.
Ads? What ads?
Period.
Think about it, who would risk being *known* if you were a hacker (good or bad)?
As far as those that would do it for *fame*, well, I think that would fall more in the model of *script-kiddies* would run and boast at their middle-schools, not the army that is attempting to bring the dragon down.
Remember, ms is *good* at being bad..
So if they did devise a scheme to *act cool* and invite everyone to try owning their systems, it would only be to try and get info on who the dangerous hackers are out there, and what they are capable of. :)
I will gladly loose all of life's battles.. in order to win the war..
When it's being advertised as a hack-challenge, the incentive to disclose is greater, since there is a greater assumption that someone else is going to figure it out:
If you disclose first, you receive praise and recognition. If you discover a hack but only disclose after someone else, you are deprived of this praise and recognition.
If someone honestly believes no-one will figure out their clever hack before the product is released, there might be some incentive to holding onto it, for later malicious exploitation.
The value of each hack is decreased for advertised challenges since there is an avenue of disclosure with reward, so the likelihood of a hack remaining exclusive to people who don't disclose is decreased.
Just food for thought.
This should be easy for Microsoft to fix. Like all problems the solution lies with legislation.
Outlaw India - problem solved.
air and light and time and space
I don't use windows. What's a "Microsoft Genuine Advantage"?
The article says it's an "anti-piracy program". That isn't very specific.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Comment removed based on user account deletion
"Fixed fortifications are monuments to the stupidity of man."
One word... Leningrad... Patton was a great general and one of the few Allied commanders the Germans geuinely respected but he was also an arrogant bastard (and he probably would have enjoyed being called that). Although he unfairly dismissed the value of fortifications he did have a point. The Romans for example preferred to besiege an enemy that was prepared to give battle. The reasoning being that it was cheaper in lives and money to starve him out. In this case one might actually argue that it is Micro$oft who is trying to starve out the pirate consumers by denying them access to updates rather than that Micro$oft is throwing up fortifications to hide behind. So let's not underestimate Micro$oft. Clamping down on OS piracy will certainly play into the hands of Linux and especially OS.X to some degree but alot of people will still cough up the money for one of those so-called "Student and Teacher" versions of XP.
Only to idiots, are orders laws.
-- Henning von Tresckow
Does this crack offer more?
"According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."
Windows XP will be going the end-of-life way of Windows 2000 in the near future. Micros**t is just beta testing another fork-the-user method they're going to stick in Wronghorn before they stick it in users ... again.
3 things about computers: they're alive, they're self-aware, and they hate your guts.
An Indian researcher
Doesn't tell me if he's 14 or 45. It makes a difference in the l33tness of it. It's far more disparaging if some fucking Danish 14 year old cracks your shit, rather than a 60 year old electrical engineer who has patents on the original semiconductor.
Just like in Terminator 1, but with a phone instead of a ghun.
The YEAR?!!?1
these quotes can be interpreted in this context to be very different to what they meant by their authors.
Though certainly the Patton quote seems analogous to the oft-said "Security is a process, not a product" in both intent and substance.
My reaction to the second one however was that it was perhaps the more interesting one. Microsoft is seeking to defend themselves from their users-based and the general tendency for "casual copying" from friend to friend. So not only are they trying to entrench themselves behind strong fortifications but they are defining their users to be the enemy. Hence they are compelling their users to seek solution elsewhere (i.e. Mac, Linux, BSD).
The only problem with this quote is that although it shows that Microsoft is pursuing a strategy that will doom the company as the market leader, we also know how generally inept Microsoft is when it comes to security software. So Microsoft is not doomed yet-- serious piracy will continue to act as an obstacle to wide-spread adoption of Linux in the developing world because Microsoft can't even execute bad business strategy well.
LedgerSMB: Open source Accounting/ERP
You don't generate a validation code.
You put in your serial # when you install, then when you run windows for the first time, it connects to a Microsoft server and sends you computer configuration to MS. MS saves the config, and tells your local copy of Windows to stop asking for registration. And every time you try to get a patch, WIndows phones home to see if you're stilll running that copy of windows on the same setup. If not, you have to call tech support.
I replaced my mobo, and later, when windows had to be reinstalled, I had to get a validation code from TS. I reinstalled again the next day, and didn't need it.
The "Windows Genuine Advantage of Microsoft" program is the best thing that ever happened to Linux and OS X. I know that there are a lot of users out there that are using windows without ever paying for all the licenses they need.
At one now defunct company that I know about they had 20 real licenses for about 150 work stations and servers. In my experience this isn't a very uncommon at all.
Once the real "cost" of running Windows is forced out into the open I'm sure we'll see increased usage of Linux and OS X.
All good things! I don't hate Windows but I would like to see more Linux and OS X computers out there.
This SIG is properly taxed and licensed.
Do you call this an "exploit"? It seems more like a loopwhole to me, something like using a valid cd-key from a genuine wraped up box to install a pirated copy of the same software. I mean, come on! They let you download something that checks for the validity of the installed windows and returns a code, how long would it take for someone to try a valid code on a pirated windows? For what I read, it's goes something like this: there is this building with several diferent apartments: A, B, C, etc... and there is a key in each. But for you to get in, you need to check your key to see if it's valid: "they gave me this key to aparment B, is it valid?" And the system validates your key, then you can get into ANY aparment, because ultimatly the system doesn't check if the key you are using has any conection to the apartment that you are trying to acess: "yes, the key you present is valid, please fell free to try it in any apartment, we don't check to see if its ACTUALLY the key to aparment B, we just check to see if it's a couterfeit" But, hey, maybe this is an exploit afterall, the "hole" is there, but it's in the process, not in the coding or programing itself.
"A sysadmin is a cross between a detective, a police officer, a gardener, a doctor and a fireman"
I was going to cackle at the continued lack of Microsoft security, then I remembered that Red Hat has something similar for updating RHEL.
Anyone want to bet that this (RHEL update) is still unbroken? No takers?
I thought so.
Just my $0.02 worth.
Personally, I don't have a windows computer in my home. I am running several Macs, a Sparc and a Linux machine. The main reason all stems from Microsoft and the way they treat their paying customers like they are stealing something from them.
A friend of mine bought a Gateway computer a couple of years ago with XP Home on it. After installing and uninstalling several pieces of software the system locked and he couldn't get it to "boot." So being the tech savvy friend in the industry he brings the PC to me.
The system is asking for a Microsoft Authentication Code. Ok, whatever. Plug into the switch, get online, enter the Key Code, refuses my request for an Auth Code. *grumble* Call the number provided, get a wonderful automated system that doesn't let me speak to a human. Also refuses to give me an Auth Code. *more grumbling* Call Microsoft Support direct (the first number was given to me by XP when the code gen failed) speak to a human who verifies I have a valid Windows Key Code and then refuses to give me an Auth Code.
Meh?
She proceeds to inform me that as the code is an OEM code from Gateway that I have to call them. *sighs* Ok, I've been dealing with this a couple hours now, with hold times and all, but what the hey. Call Gateway, the representative though friendly, tells me very politely to go screw myself. Seems the system is now out of warranty period, plus since I'm not the actual owner of the system anyway they can not give me any assistance what so ever. Offers the helpful advice to give Microsoft a call.
At this point I pull out an education bulk copy of XP Pro I happened to have purchased, and isn't running on anything else and install Pro in place of Home. Good thing about the bulk site keys, there are thousands of users with the same key legally and honestly. Kill the key and lots of very unhappy people.
My Mac? Drop the CD/DVD in, hold down C, click install, and I'm done. Ahh .... simple. Linux? Same thing, boot the disc, walk through the install dialog, and we're happy. Debian based? apt-get upgrade the entire thing without even a CD. Heck, even Solaris installs and assumes it's legit and doesn't mind. (This was before the whole it's free for you and open now too thing)
Yeah, Microsoft is only going to end up really annoying the hell out of it's legit users. Crackers and 1337 W@r3z P1r@t35 will never be more than mildly inconvenienced. If they are taking the time now to write programs that will let them keygen against binaries on the CD, then they are already spending the time trying to rip the thing off. The problem with a cat burglar is, no matter how many locks on the safe, if the Hope Diamond is inside, they are going to take the time they need to open it.
"Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
That's sounds good considering most of the smart XP pirates are running a genuine Corp Edition key code. So how exactly will this stop us even without this new exploit?
Creative Demolition
I wanted to install DirectX 9.0C on my laptop, and got hit by that. They've asked me to type in my product Key (which was UNDER my dhell laptop, attached to it was my external 80gb firewire drive and my 200GB USB2 drive, thank god it's not using a docking station, this would have required me to turn it off and then write it down then reboot than download, then reboot again...
:).
for god's sake what are they thinking? don't they get it? lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them. And beleive me, they lose sales little by little because in the end it's less of a pain in the back to install cracked versions than upgrade with the re-registration, phone confirmation, yadi yada that without mentionning activations problems and all that stuff that people don't want to deal with especially after shelling out hundreds of dollars.
You want people to stop pirating, EDUCATE them, irritating them will only do the exact opposite. When I was a kid, I had a VIC20 and a C64, EVERYTHING was copied because "stores selling games" what not a commodity like today, plus, at 11, you don't have that much money, and face it, piracy is what made the C64 such a hot seller. But later, I was educated once entering a specific field of interest (3d/video editing) by people on mailing lists and also local pros, and today I'm the one pushing people to buy software and support companies, especially when these companies puts out educational pricing or non-commercial licenses at very decent pricing. Its still easy to get pirated software, but when you are educated, you know what happens in the long run, or you know the potential legal implications it might get you into if positive reinforcement is not your thing
Seriously, I just don't get it... if the goal is a clever way to reduce bandwidth costs on their server and outsource the stuff to pirate sites or torrents sites, well, hats off! but I doubt this would be the case.... man how pathetic can it get...
--- Metamoderating abusive downgraders since my 300th post.
Comment removed based on user account deletion
The very same issue was raised in this article over a month ago.
A pirated OS operates exactly the same as the real thing. Your argument sounds like the diamond industry FUD. CZ are indestinguishable from the real thing except for a few 0's. Microsoft is like your wife asking every year if its still real. A complete PITA.
Therefore, if you've happened to stumble upon it, I'll take your word for that.
It doesn't take source code to discover the shatter attack. Any program that has a window open is allowed to remote-control any other program that has a window open on the same machine. In fact, a program running under a limited user can remote-control a program running under administrator (e.g. an antivirus) and escalate privileges that way.
The government takes 30% of my pay, the state gets 6% off the top on most things I buy like cars and appliances. You think I mind paying 10% (~$4/month) of a $1000 computer every two years for a vendor supported OS? Somebody whittle down the 30% and then we will have something to talk about talk.
Can I bum a sig?
How genuine, works perfectly. /sarcasm
--
I'm a troll hear me rawr.
I don't preview or spellcheck.
How many countless people around the globe learned Windows on an illegal copy? You'd think MS would want to distribute Windows to anybody who wanted to use it, learn it, develop on it, etc- I'd be looking at it as a way to increase Windows support- and only be charging corporate users, or those that are making a profit off of Windows capabilities. By limiting its availability to paying customers they are cutting off a huge user base- which will only enhance their competitors position in the market.
OK Mr Doubting Thomas ... the hack was disclosed on Full Disclosure on May 23rd.
p x?displaylang=en
w ga-check.zip
There is lot of hype about WGA (Windows Genuine Advantage) when Microsoft builds functionality in its few of the public beta products to conduct a genuine product check before the product gets installed. MS products or tools with WGA check enabled can only be installed on a valid / genuine copy of MS Windows XP. Incase it is a pirated copy then the product denies to install.
If you are aware of Microsoft WGA validation then you can directly jump in to the PoC section otherwise it is advisable to read on WGA and what it does before reading the PoC.
To know more about WGA, refer to the following Microsoft link: http://www.microsoft.com/genuine/downloads/FAQ.as
Defeating Microsoft WGA Validation Check - Proof of Concept (PoC) This PoC explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running pirated copy of Windows XP. To bypass WGA validation check, one can run "GenuineCheck.exe" file on a machine running a copy of an authentic Windows XP for generating a key code. This key code generated on the machine running genuine copy of Win XP can be used to circumvent the WGA check on the machine running a pirated copy of Win XP.
A detailed approach can be downloaded from the following link - http://www.hackingspirits.com/vuln-rnd/defeating-
Microsoft in its reply to my mail specified that "The generated code is partly made up of a timestamp, which would prevent use after a short period". However, I checked this on a pirated copy of Windows XP Pro and installed couple of public beta products and tools for testing purpose. They are still up and running since past 1.5 months.
Incase, anyone is going to try this out on their pirated versions of Win XP then do let me know if the installed product make noise after certain time period.
ð Debasis Mohanty ð www.hackingspirits.com
"Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat."
Brings to mind an image of the captain of the "unsinkable" Titanic warning his passengers that the ship has bumped into a very little ice cube.
An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.
:-D
How can he crack an advantage that doesn't actually exist?
Come now... you knew that name would be used as a joked at some point...
I agree, the problem of MS being pirated would be solved through educating customers. But it would be a solution that might leave MS very unhappy.
Because the sad truth is that educated customers buy Macs or install Linux...
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
so you just sap underneath it, collapse the ground and the wall comes tumbling down. this is an age old technnique to attack fortress walls.
There is always a way....
putting the 'B' in LGBTQ+
Anyway, I would like to present my own "Debian Genuine Advantage" program that people can use to verify that their Debian-based systems are not pirated:Adapting this system for using on other flavors of Linux is left as an exercise for the student.
So at some point, Microsoft is going to want (a lot) of money for updates to it's software, as it's business model is 1. provide the shareholders as large a return on investment as possible. 2. Create some kind of product where the cost of production is as low as possible and where the sale of the product is whatever the market will bear so as to satisfy item 1. Apparently the product is computer software or some other such thing. 3. Apply loss leaders to gain market share, in the expectation that eventually the up-front costs (losses) of these leaders can be recovered by eventually gaining a larger market share (and once again, satisfying item 1). 4. Attempting to keep customers satisfied or at least placated about the product by occasionally offering low-cost 'fixes' for possible defects in the product (keeping in mind item 1). 5. Raising concerns about all competing products (quality, stability, or whatever marketing or other tactic available) so as to convince the customer that competing products cannot be useful to them, reguardless of whether those products fit the customers need or not (so as to continue satisfying item 1). So if I were to analyse any advantage Microsoft has, while keeping in mind item 1, I seen Microsoft having no advantage at all.
I am waiting for the time when MSFT has all updates and security patches restricted by their WGA initiative. When the next trojan/virus/worm hits the internet that fouls up the Registry, every business worldwide that is chained to MSFT will come to realize that MSFT has become their "silent partner". The Mafia's "protection rackets" of the 1920's and 1930's will look like child's play in comparison to the disruption of business that MSFT will be responsible for. And by the time that realization comes, it will be too late for many businesses -- they will grudgingly pay MSFT whatever is demanded, just in order to stay in business. And Borg Bill will have swept the "World Domination" Monopoly (TM) game.
I own a license of XP. After upgrading my system a few times and then installing new HDs I said F THIS. I am tired of sitting on the phone and reading my serial number to some person who is going to ask me to repeat it. So I run SP2 Corp version with a keygen. Was it worth it? Hell yes. Hell if I'm going to be treated like a criminal then why not act like one.
... if we want to play any decent number of games... I'm afraid you kind of have to use it, so don't be so high and mighty and say "Well just don't use it", because we have to.
The Indians finally found out about the "don't validate now" check box. Congrats, Indians!
...are there any sites out there that offer Windows updates without having to use the blasted installer? Just curious for, you know... academic reasons.
Condemnant quod non intellegunt.
...and my workstation is set to retreive its patches from it, rather than M$'s site?
.exe files. ...which leads me to another point: Once the updates are in the wild, they WILL get passed around, and there's nothing M$ can do about it.
Currently it contains 1.6GB of what appears to be every M$ update known to man, (including a bunch of crap that I didn't really want, but hey...hard drives are cheap) and they're all
You're using her as bait, Master!
I have experimented and I have passed WGA by using a generated cd-key. the same one that allowed me to use sp1, sp2, and now it seems wga. its just a dumb algorithm that can be fooled quite easily.
No.
Its only useful to somebody who'd STEAL XP.
Like, if somebody's that stupid, he deserves the viruses, worms and other creepy crawlies.
On to other news...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
on c|net...
This is...
O
U
T
R
A
G
E
O
U
S
!
They couldn't accent it correctly. What you're getting is a smooth, meaty paste made from... cloth. Don't get me wrong, expensive cloth, it is! And I'm sure eating it will make you feel secure. Ummmm. Good, right? Can I interest you in a coffee, or a port?
I forget what 8 was for.
Wouldn't it have been easier if you just downloaded the 34MB redistributable executable? I downloaded it fine on my Linux box... even though I can't use it.
I just heard that Microsoft has announced the creation of a new program, called "Consumer Protection Genuine Advantage Validator". In the near future users will have to have their activeX Genuine Advantage software confirmed to be valid and unpirated before it will let them confirm their windows installation as valid and unpirated.
WGA is really an acronym for Windows Genuine Annoyance, but Microsoft opted for "Advantage" since it sounded better marketing-wise. :D
Any technology distinguishable from magic, is insufficiently advanced.
I figured he found out how to prevent Microsoft from strong-arming OEMs with "preferential" pricing. I mean, that's their "genuine advantage", isn't it?
Fred
"A fool and his freedom are soon parted"
-RMS
Now why would ANYONE want to contact microsoft for
anything? You know all you would get by phone is confirmation that mankind has eminently succeeded in making of the telephone a useless decoration. As for your computer, only a fool would even think about getting his machine in contact with an evil empire like micro$$$$$$$. Who knows what he/she would come up with? Probably digital siff or clap....or maybe spyware, adware, malware, trackware......DRM......ad nauseum. You know, like the 140 MB farce of a DRM kitty called XP SP2!
Blah, blah, blah, very wise. How about this:
Using a Windows on the internet is like being naked in a hailstorm.
or
Using Windows on a network is like visiting a whore house without a condom but can be more expensive.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I don't understand what's the use of this....
Why would anyone want to replicate bad software, by a bad company trying to take over the world by monopilistic attitude.
Use Linux/Apple, pirating M$ is only benefiting M$.
A lot of us know that M$ workings are unethical. So stealing from a thief doesn't help!
This is from back in May... http://netscape.com.com/Bypass+found+for+Windows+p iracy+check/2100-1002_3-5717127.html/
Must be a slow news day. This story was reported a month ago on May 23, 2005. At cnet, no less; not exactly an obscure news source.c y+check/2100-1002_3-5717127.html
h tml
http://news.com.com/Bypass+found+for+Windows+pira
And it was picked up by others, for example:
http://techrepublic.com.com/2100-1009_11-5717127.
Why is this story making the rounds again?
-- "I never gave these stories much credence." - HAL 9000
You keep using that word. I do not think it means what you think it means.
I've been using generated keys to go through the microsoft validation programs since they introduced them a few months ago. Ive never gotten a rejection saying im using an illegal copy.
The only people this will hurt are the consumers that get ripped off by shady computer dealers and repair centers.
I should also point out i have 5 NFR copies of XP Pro sitting on my shelf but I'm too lazy to deal with the activation people every other week when I test new hardware.
Microsoft offers you incredible and GENUINE advantages, such as... um... wasted time and a terrible headache. Isn't is so kind of them?!
Registration, mandatory with Mac OS X.
Activation, no.
And you can even get around the registration if you are a bit crafty.
But either way, Mac OS X won't suddenly decide to stop working on you in the future and make you re-authenticate like Windows can do. (Although this has never happened to me.)
http://lkml.org/lkml/2005/8/20/95
Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat."
Microsoft hired Baghdad Bob. I'm sure of it.
Let's review this nonsense of an operating system that does not cooperate with you. I refuse to run any operating system that pesters me with activation codes etc, if I do something simple like modify the hardware. I'm still running Windows 2000 and refuse to move to any release that includes mechanisms to lock me out of my own system. I don't need the hassle, and I won't PAY for the privilege of being harassed.
There was a widespread incident a few years back where corporate installations of Microsoft Office expired on some date and required a web activation. This resulted in millions of dollars of lost productivity world wide while IT departments scrambled to get valid codes for all those machines with word processors that failed for no particular reason.
Is this the future of computing? Well I'm not putting up with that kind of crap. If I'm running OpenOffice on Linux or FreeBSD, I know my operating system or application vendor isn't going to wake up on the wrong side of the bed one morning and kick my ass out of my system.
I'm sorry but maybe I'm missing the point here... for about 6+ months, there's been a newer key generator floating around the 'net that will generate Windows installation keys which pass the ActiveX WGA check. If WinXP is installed using one of these keys, it will appear genuine anyway. And, there's even a way to change the product key without re-installing the OS. So has this crack really done anything?
I guess it's more useful as a method for those who don't want/know how to find and download a working keygenerator (since all it requires is a valid copy of the OS and downloading a MS-hosted tool)... but this scheme has been broken a long time ago.
The only thing better than winning the Special Olympics is not being retarded. :)
Pulling together is the aim of despotism and tyranny. Free men pull in all kinds of directions. It's the only way to mak
Easy to get around this...
:-) And if you really want to... just buy the damn thing !
Just don't use Windows
Why not spread some of the blame to the hackers, crackers, and script kiddies?
Because there's no control over those hackers, crackers and script kiddies? Duh? However Microsoft does have control over how it does updates to Windows, and trying to deny updates to pirated copies, they hurt their own customers from those vunerable machines that then spread worms/viruses/spam.
I install Debian linux. These days I run Ubuntu.
"Flags are bits of colored cloth that governments use first to shrink-wrap people's brains..."
Meh. Just build it big. A fortress as big as china will be hard to take on even with tactical nukes as you would need to know which bit to tactically nuke. Nuke the whole thing and you will need a lot of canned food till all the crap falls out of the atmosphere.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
Windows Media Center wasn't available as a software package for purchase until the MCE 2005 version, and then only as an OEM Package.
Prior to that, the ONLY way to get Windows Media Center was to buy an entire PC with the Software pre-installed.
Maybe the headline should mention this.
Nice troll. The OEM copies of Windows XP don't run the same activation system as the retail versions. The OEM copies are bound to the OEM's BIOS. And nothing for XP's activation scheme is called the "Microsoft Authentication Code." There's only a product key and an activation code.
One year ago or so some XP serial number generating numbers that apparently cannot be dissociated from legit ones appeared. There is at least one .exe, called mskey4in1.exe or something like that, that can generate serial numbers that are recognized as legal by WGA.
Why would a pirate take the pain to use a temporary hack based on a legit copy of XP when he can directly generate a S/N that is recognized as legit and hence directly passes the WGA test?
If you have virtual PC or vmware you dont need to activate more than once.
I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.
Virtualization defeats activation.
And please don't talk to me about firewalls & Windows Security Centre in XP SP2 - the money you spend upgrading to XP would be better spent on a broadband router which makes software firewalling redundant anyhow.
Gentoo Linux - another day, another USE flag.
Just becaues something is bigger doesn't mean it is stronger. The bigger you make something, the heavier it becomes, and the weight has to be carried by the structure itself in the case of a fortress.
Or of course you could just wait a while until China died out due to lack of sunlight, and air.
-Reid
Even if you think that 99% of the users out there are legit, that still leaves over two million people who are running illegal copies. (If you think that its less than 99%, the problems are scaled proportionally.)
At $200 per box (a figure quoted here) that comes to $200,000,000.00 worth. That pays the salaries of a lot of lawyers wo figure out way to collect, not nicely, just to collect from legit users.
All that you need to do is be able to identify them all.
Good luck since getting some mom-n-pop box builder in "Po'nuf town" somewhere to pay you the tithe can often means that they don't eat this week.
Activation codes means that the software is designed to run on any hardware, any number of times WITH NOTHING TIEING A COPY TO A MACHINE.
This is NOT a problem for Linux which is free but its a big problem for Microsoft which is not.
OS X doesn't have this problem since it only runs and is installable on Mac hardware. And Appple CAN tie a piece of hardware that they sold to any given user and not give a fig about any copy of the OS. (You want SoftwareUpdate to work? GOT'CHA!)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them.
Fifteen years ago, when I was a kid and didn't have any money, I pirated software to have something useful to do with my computer. With the advent of Linux and having a job, I don't steal software any more. (And oddly, I find the software I do buy to be 21st century versions of the same software I used to steal.)
The one "exception" is the only game I have on my Mac. I bought Civilization III for the Mac because I had loved the previous two's complex strategic systems. But Civ III, to avoid software piracy I suppose, required the CD to always be in the computer. Worse, it would often spin the disc constantly.
On my laptop, this meant hardware strain on an expensive to replace unit and lower battery life.
So I downloaded the ISO and just mount it when I want to play. No overhead of spinning discs and low battery life!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
You refuse to be treated like a thief, yet you continue to use Windows so that you can play one.
He ment the activation code, the code that you have to put in if you don't have Internet access and are activating. And some OEM copies are not bound, it depends on the manufacturer. Many computer companies don't take the time to bind XP to their BIOS. Don't think this is true? Take for example the OEM copies you can buy with mobos/HDs/whatever off the internet-not bound to anything, but still have an OEM key and you still have to ACTIVATE. You clearly don't know what you are talking about. Nice microsoft fanboy...
Dell 400sc: $400
memory upgrade: $100
last year's best video card: $125
quality sound card: $40
Plus PC games are just way, way prettier at high resolutions. Try making 400yd ironsight kills in a first-person shooter on a TV screen. You can't even identify targets, they're just blobs.
I AM NOT A ROBOT
Hackers Vs MS isn't exactly guerrilla warfare. The opponents (either through business or practice) of MS include everything from rival businesses to script-kiddies to pro-hackers.
You have your script-kiddies which are like the guerrillas, opposing companies which are like standing armies, and the hackers which are at times like ninjas or snipers...
this is nothing special AT ALL. Its similiar to entering someone else's serial number on a warez download.
arrrg what a waste of time
... if we want to make a decent amount of money...
What?
Hmm, if 52-48% are still using Windows 2000, and half of Windows XP versions are just illegal copies, I guess MS really only has 25% market penetration with new software, and this is near the END of the Windows XP life cycle. Longhorn will be less?
Modify the setupp.ini (in i386 folder on any XP CD) file to accept OEM keys, then you can install it from the fresh copy of XP home.
However, beware of HPs, even after you change the strings in setupp.ini it still won't work. You'll need to clone the "ExtraData" settings.
I patented screwing your mom. But it got revoked for "prior art."
If I could mod you up I would. I and probably a lot of other geeks do just what you did. I will not be presumed guilty by MS and have to keep proving my innocence over and over.
I don't use TurboTax any more either.
air gap the network connection
...and Gateway is one of the ones that does take the time. Nice try. You'd have a case with a generic OEM copy 30 DAYS after install, but not with a new Gateway system.