Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Genuine Advantage Cracked

Posted by ryuzaki0 on from the absolutely-secure dept.

piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."

7 of 427 comments (clear)

  1. Text by krray · · Score: 5, Informative

    Indian cracks Microsoft's anti-piracy program

    Alok Sharma | June 21, 2005 14:53 IST

    An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.

    Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.

    Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.

    WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.

    Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.

    Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.

  2. Funny that you asked by Anonymous Coward · · Score: 5, Informative

    http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip

  3. This was done about two months ago... by __aaahtg7394 · · Score: 4, Informative

    This was discovered by multiple people months ago, as evidenced by this full-disclosure thread, with a followup by another discoverer of the same exploit.

  4. What's the point? by mpontes · · Score: 4, Informative
    I downloaded this out of curiosity, the only thing it contains is a DOC file with instructions.

    Anyway, what's the point of doing this? You can still download things from Microsoft's site if you don't validate. You just have to pick the "Don't validate" option. Oooh, great, some guy made it so you don't have to click the annoying "No, thanks" button every time you want to download Microsoft Anti-Spyware!

    The *real* challenge is to crack the activation algorithm. (which I belive that has some form of the RSA algorithm in it). People, WGA != activation. Activation is the one that's a bitch. If you happen to mess with your hardware in your Windows box a lot, you'll know what I mean. And since I can never use the Internet activation because I "Already used that code too many times" (Swapping IDE hard drives once in a while for backups with Windows is out of the question now?), I end up having to call Miss Microsoft Robot all the time, who always tells me it's very important to use Windows Update to protect my computer from viruses before she gives me my activation code.

    --
    Bored? Browse Slashdot with a +6 modifier for Troll comme
    1. Re:What's the point? by avdp · · Score: 4, Informative

      The "No, thanks" option is supposed to go away at some point in the near future. Also Windows Update will not run without WGA in the near future as well.

  5. Windows Genuine Advantage by Anonymous Coward · · Score: 5, Informative

    The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.

  6. Re:1992 called ... by slashdot_commentator · · Score: 4, Informative


    I'm not sure if the year 1992 has any significance. But in the early age of consumer computing, software used to be built with schemes to make it "impossible" to copy/install/use the software without validating that you had purchased the product.

    Usually, this was done by being forced to physically lookup a phrase in the physical documentation and then feed it back to program before it would start/continue work.

    This was annoying as hell, particularly to the paying customers. "crackers" would usually located the protection routine in the binary code, and patch it to skip the check. The practice was discontinued because the "protection" scheme would not protect non-purchased use of its product, (the savvier users would merely apply the publicised crack) and would reduce its marketshare by annoying its purchasing customers. Ultimately, software companies just factored piracy rates into its pricing structure.

    The post was meant to be humorous, but you may have started using computers after the practice stopped, and thus your question.

    --
    There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon