Slashdot Mirror
Microsoft Genuine Advantage Cracked
piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."
Indian cracks Microsoft's anti-piracy program
Alok Sharma | June 21, 2005 14:53 IST
An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.
Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.
Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.
WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.
Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.
Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.
So... where can I download this?
I love how they say it represents very little threat. I guess we can expect them to save face, but someone must be kicking themselves over this one! "Very little threat" probably translates into millions of copies distributed over P2P networks :)
I store my recipes online (the way nature intended)
The first is from George Patton : "Fixed fortifications are monuments to the stupidity of man." The second is from Karl von Clausewitz: "If you entrench yourself behind strong fortifications, you compel the enemy seek a solution elsewhere." I think these speak volumes
Madre de Dios! Es El Pollo Diablo! -- Captain Blondebeard
Microsoft has the right to restrict product updates to only their paying customers.
However, the installed base is huge and the illegally installed base is also huge. Microsoft, because it is their OS, has a moral responsibility to prevent internet worms and viruses by releasing patches to all users, regardless of the legality of the installation.
Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?
... they want their copy protection scheme back.
my geeklog
http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip
http://inhome.rediff.com.nyud.net:8090/money/2005/ jun/21ms.htm
Genuine Advantage is a pain in the arse for both registered and unregistered users. If reinstalling windows was a nightmare, imagine now with having to actually activate your windows. And now for updates? Come on!
Somebody has to put an end to this.
This was discovered by multiple people months ago, as evidenced by this full-disclosure thread, with a followup by another discoverer of the same exploit.
DVD Jon has been out-sourced to India!
I mean, I'm fairly certain they would try and hack it (it's there, after all...) but would they, in general, give the info to MS, or would they (out of altruism for future consumers, or just out of spite) keep their hacks to themselves so that they could be used effectively against the product.
It just seems that these things are always cracked relatively quickly - couldn't microsoft somehow incorporate this into their pre-release coding cycle? I guess, though, they don't want to release their programs before they, er, release them.
Physicist, consultant, science communicator
ive used the program and put the little token into their site and it still wouldnt let me download something (cant remember what it was right now) so even with this crack or if youre legit you might still be out of luck :D
From the doc linked to:
>6. After downloading "GenuineCheck.exe", run it on the machine running a genuine copy of Windows XP.
> It will generate a code which is used for WGA validation. Copy the code and use the same code to
>validate a pirated copy of Windows XP and bypass the WGA.
But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.
But sadly this will only make it easier for people unwilling to pay for windows to continue to use it. It would be better if they had to find a cheeper (legal) solution.
This sort of thing should be fatal for the argument that "if anyone can see the source, anyone can find exploits", but for now at least, Microsoft has the stronger orbital mind-control ray.
Where does that "impenetrable" quote come from? MS has pretty openly stated that they know that protection mechanisms like Activation can, and will, be cracked. They have been pretty clear that these mechanisms are in place more for the hobbyist or mom-and-pop user, than the people that would actively seek out cracks/pirate software.
Anyway, what's the point of doing this? You can still download things from Microsoft's site if you don't validate. You just have to pick the "Don't validate" option. Oooh, great, some guy made it so you don't have to click the annoying "No, thanks" button every time you want to download Microsoft Anti-Spyware!
The *real* challenge is to crack the activation algorithm. (which I belive that has some form of the RSA algorithm in it). People, WGA != activation. Activation is the one that's a bitch. If you happen to mess with your hardware in your Windows box a lot, you'll know what I mean. And since I can never use the Internet activation because I "Already used that code too many times" (Swapping IDE hard drives once in a while for backups with Windows is out of the question now?), I end up having to call Miss Microsoft Robot all the time, who always tells me it's very important to use Windows Update to protect my computer from viruses before she gives me my activation code.
Bored? Browse Slashdot with a +6 modifier for Troll comme
Today, it would be possible to build a damn-near invincible fortress - use granite blocks of a similar size as those for the large stones in Stonehenge as bricks, have them interlock so that shockwaves can be carried non-destructively, and build it as a gigantic geodesic dome so that impacts are tangental and not perpendicular.
This isn't "fool-proof" (fools are way too ingenious) but it would offer a formidable target that would be hard to punch through.
Can you create something analogous in software, where the design is such that the "impact" of an attack is less likely to break through?
Yes. The standard network "firewall" is just an electronic castle, permitting traffic only through controlled gates. A portcullis arrangement (two back-to-back firewalls with a NIDS system in the middle) would provide a stronger fortification, if historic warfare is any guide.
The dome arrangement, where impacts are distributed so that no one component ever takes the brunt of the sttack, would be analogous to using a highly distributed security model, where different components in the model have to validate for the communication to be accepted. That way, exploits in any one component are of no value, unless absolutely identical flaws exist in ALL the components.
Ok, so we've got a system that offers some semblance of security. Can it still do anything, without that security being compromised? After all, anyone can make a 100% secure computer by turning it off.
Depends on how secure you want something. Let's take the key validation that Microsoft wants. What you want is non-duplicatable information. Easy enough - print a 1024-bit "public key" on the packet, which matches a private key on the validating server. Use the key to generate a unique ID, which is copied onto the computer. Any subsequent communication has to match the unique ID and the public key.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Both generals were talking about some kind of conventional warfare. Microsoft vs the hackers isn't conventional warfare. It is a lot closer to guerilla warfare. Against guerillas, a fortress is good protection. Of course, as Mao pointed out, the guerillas may be able to let their enemy rot in their fortified cities. That may be closer to what's happening here. Microsoft may be like the conventional army which alienates the population. When that happens, the war is as good as lost.
Like the IRA said to Margaret Thatcher: "You have to be lucky always, we only have to be lucky once." Microsoft is in the same situation. The battle is ultimately for the hearts and minds of computer users everywhere. If Microsoft makes a pain of itself in its attempts to defend its territory, their customers will eventually defect to the other side.
btw: Things have changed in Northern Ireland. The population is becoming VERY disenchanted with the IRA. Many Catholics now hate them more than they hate the Brits and regard them as little better than organized criminals. Similarly, with many years of hard work, Microsoft could regain its good name (but I'm not holding my breath).
Go here and download here.
The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.
it's a cat and mouse game, and frankly the hackers crack the encryption for the challenge of doing it, because frankly not everyone should have to pay the highway robbery price of windows... even bill gates can be quoted as saying 'software should be free' from back in the day when geeks traded puch tapes of code in the back of vans and copied them ;)
;)
;) linux has enough interesting games for the casual user, and firefox can be set up so web sites with games can be played too, which is what most casual users think of when they think of online gaming, they think og site like pogo or yahoo! games ;)
;) so really you're helping microsoft stay number 1 in install base, while eroding thier bottom line, by pirating windows. frankly right now their bottom line isn't hurting that bad... they're worried about it though, because they know the only thing that microsoft does is add value to the basic principals of writing an OS. if anyone can do this better than them (apple comes to mind, at least for retail prepackaged machines) but they can't touch the white box field, because it cost too much money and headaches to polish a piece of software as complex as windows that will run on almost any configuration of standard PC hardware. linux can only make so many inroads because frankly it's being written by geeks in thier spare time, and a few who work for companies and are told to 'maintain' linux for cred etc...
copy protection is worthless, imo, windows would be better off just trying to convince people that piracy is bad, like the mpaa is trying to do with the ads at the front of dvds that can't be skipped... they'd be better off having an advertisment on the windows load screen and/or as the default screen saver than to put tons and tons of protection that will eventually be cracked for the challenge of it
Piracy is bad, but most of the people who resort to it, are desperate, a few are criminal, but most people aren't that bad. the worst are the crack addicts selling dvds/software on street corners to buy thier next hit... and frankly you don't have to be a crack addict to try that, if you need to have that 10 grand configuration of the dual g-5 2.7gh with 30" apple cinema display, and dual 400 GB hds, and 4 GB of ram... and don't have a job what better way than to sell pirated dvds/software on the street to score the cash without feeling really bad about yourself...
Note: the rest of this post is rambling, and may be inchoerant, feel free to skip it, i only included it for the people who like reading my comments..
Windows has a high price point, because they make a lot more money that way, eventually this will change, because really, you're paying for the 'value added' with commercially packaged software.. So really all microsoft is trying to do is protect the value they added to the basic functions of an os, but reguardless, all they need to do is make it hard enough, they don't need to stop everyone... they just need to be able to contain the flow of illegal copies because unlike apple, they're not a hardware company, all they do is write a complex piece of stoftware that is intended to run on virtually every POS baddly designed motherboard and chipset out there... apple, doesn't do that, they just write one for thier own hardware, which makes it a lot easier. but really, pirated copies of windows that are 'reasonably' difficult to get are no worse for windows than linux. If windows becomes too hard for some system builders to pirate, they will just install linux, and explain 'it's less prone to viruses than windows' they will be forced to switch to linux, and linux certified hardware, the better windows copy protection gets, the better it is for linux, frankly. not everyone needs a true gaming rig, and frankly a lot fo the people who have one probabbly are sleeping on a mattress someone threw away in the trash
okay i'm rambling sorry, but making the cracks too easy to get just helps windows market share... cracking the encryption to be the guy/gal who did it is fine, but if you want to help the case for linux you simply shouldn't make them easy to get
https://www.gnu.org/philosophy/free-sw.html
This should be easy for Microsoft to fix. Like all problems the solution lies with legislation.
Outlaw India - problem solved.
air and light and time and space
"Fixed fortifications are monuments to the stupidity of man."
One word... Leningrad... Patton was a great general and one of the few Allied commanders the Germans geuinely respected but he was also an arrogant bastard (and he probably would have enjoyed being called that). Although he unfairly dismissed the value of fortifications he did have a point. The Romans for example preferred to besiege an enemy that was prepared to give battle. The reasoning being that it was cheaper in lives and money to starve him out. In this case one might actually argue that it is Micro$oft who is trying to starve out the pirate consumers by denying them access to updates rather than that Micro$oft is throwing up fortifications to hide behind. So let's not underestimate Micro$oft. Clamping down on OS piracy will certainly play into the hands of Linux and especially OS.X to some degree but alot of people will still cough up the money for one of those so-called "Student and Teacher" versions of XP.
Only to idiots, are orders laws.
-- Henning von Tresckow
Do you call this an "exploit"? It seems more like a loopwhole to me, something like using a valid cd-key from a genuine wraped up box to install a pirated copy of the same software. I mean, come on! They let you download something that checks for the validity of the installed windows and returns a code, how long would it take for someone to try a valid code on a pirated windows? For what I read, it's goes something like this: there is this building with several diferent apartments: A, B, C, etc... and there is a key in each. But for you to get in, you need to check your key to see if it's valid: "they gave me this key to aparment B, is it valid?" And the system validates your key, then you can get into ANY aparment, because ultimatly the system doesn't check if the key you are using has any conection to the apartment that you are trying to acess: "yes, the key you present is valid, please fell free to try it in any apartment, we don't check to see if its ACTUALLY the key to aparment B, we just check to see if it's a couterfeit" But, hey, maybe this is an exploit afterall, the "hole" is there, but it's in the process, not in the coding or programing itself.
"A sysadmin is a cross between a detective, a police officer, a gardener, a doctor and a fireman"
Personally, I don't have a windows computer in my home. I am running several Macs, a Sparc and a Linux machine. The main reason all stems from Microsoft and the way they treat their paying customers like they are stealing something from them.
A friend of mine bought a Gateway computer a couple of years ago with XP Home on it. After installing and uninstalling several pieces of software the system locked and he couldn't get it to "boot." So being the tech savvy friend in the industry he brings the PC to me.
The system is asking for a Microsoft Authentication Code. Ok, whatever. Plug into the switch, get online, enter the Key Code, refuses my request for an Auth Code. *grumble* Call the number provided, get a wonderful automated system that doesn't let me speak to a human. Also refuses to give me an Auth Code. *more grumbling* Call Microsoft Support direct (the first number was given to me by XP when the code gen failed) speak to a human who verifies I have a valid Windows Key Code and then refuses to give me an Auth Code.
Meh?
She proceeds to inform me that as the code is an OEM code from Gateway that I have to call them. *sighs* Ok, I've been dealing with this a couple hours now, with hold times and all, but what the hey. Call Gateway, the representative though friendly, tells me very politely to go screw myself. Seems the system is now out of warranty period, plus since I'm not the actual owner of the system anyway they can not give me any assistance what so ever. Offers the helpful advice to give Microsoft a call.
At this point I pull out an education bulk copy of XP Pro I happened to have purchased, and isn't running on anything else and install Pro in place of Home. Good thing about the bulk site keys, there are thousands of users with the same key legally and honestly. Kill the key and lots of very unhappy people.
My Mac? Drop the CD/DVD in, hold down C, click install, and I'm done. Ahh .... simple. Linux? Same thing, boot the disc, walk through the install dialog, and we're happy. Debian based? apt-get upgrade the entire thing without even a CD. Heck, even Solaris installs and assumes it's legit and doesn't mind. (This was before the whole it's free for you and open now too thing)
Yeah, Microsoft is only going to end up really annoying the hell out of it's legit users. Crackers and 1337 W@r3z P1r@t35 will never be more than mildly inconvenienced. If they are taking the time now to write programs that will let them keygen against binaries on the CD, then they are already spending the time trying to rip the thing off. The problem with a cat burglar is, no matter how many locks on the safe, if the Hope Diamond is inside, they are going to take the time they need to open it.
"Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
I wanted to install DirectX 9.0C on my laptop, and got hit by that. They've asked me to type in my product Key (which was UNDER my dhell laptop, attached to it was my external 80gb firewire drive and my 200GB USB2 drive, thank god it's not using a docking station, this would have required me to turn it off and then write it down then reboot than download, then reboot again...
:).
for god's sake what are they thinking? don't they get it? lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them. And beleive me, they lose sales little by little because in the end it's less of a pain in the back to install cracked versions than upgrade with the re-registration, phone confirmation, yadi yada that without mentionning activations problems and all that stuff that people don't want to deal with especially after shelling out hundreds of dollars.
You want people to stop pirating, EDUCATE them, irritating them will only do the exact opposite. When I was a kid, I had a VIC20 and a C64, EVERYTHING was copied because "stores selling games" what not a commodity like today, plus, at 11, you don't have that much money, and face it, piracy is what made the C64 such a hot seller. But later, I was educated once entering a specific field of interest (3d/video editing) by people on mailing lists and also local pros, and today I'm the one pushing people to buy software and support companies, especially when these companies puts out educational pricing or non-commercial licenses at very decent pricing. Its still easy to get pirated software, but when you are educated, you know what happens in the long run, or you know the potential legal implications it might get you into if positive reinforcement is not your thing
Seriously, I just don't get it... if the goal is a clever way to reduce bandwidth costs on their server and outsource the stuff to pirate sites or torrents sites, well, hats off! but I doubt this would be the case.... man how pathetic can it get...
--- Metamoderating abusive downgraders since my 300th post.
Therefore, if you've happened to stumble upon it, I'll take your word for that.
It doesn't take source code to discover the shatter attack. Any program that has a window open is allowed to remote-control any other program that has a window open on the same machine. In fact, a program running under a limited user can remote-control a program running under administrator (e.g. an antivirus) and escalate privileges that way.
How many countless people around the globe learned Windows on an illegal copy? You'd think MS would want to distribute Windows to anybody who wanted to use it, learn it, develop on it, etc- I'd be looking at it as a way to increase Windows support- and only be charging corporate users, or those that are making a profit off of Windows capabilities. By limiting its availability to paying customers they are cutting off a huge user base- which will only enhance their competitors position in the market.
"Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat."
Brings to mind an image of the captain of the "unsinkable" Titanic warning his passengers that the ship has bumped into a very little ice cube.
I agree, the problem of MS being pirated would be solved through educating customers. But it would be a solution that might leave MS very unhappy.
Because the sad truth is that educated customers buy Macs or install Linux...
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Anyway, I would like to present my own "Debian Genuine Advantage" program that people can use to verify that their Debian-based systems are not pirated:Adapting this system for using on other flavors of Linux is left as an exercise for the student.
I am waiting for the time when MSFT has all updates and security patches restricted by their WGA initiative. When the next trojan/virus/worm hits the internet that fouls up the Registry, every business worldwide that is chained to MSFT will come to realize that MSFT has become their "silent partner". The Mafia's "protection rackets" of the 1920's and 1930's will look like child's play in comparison to the disruption of business that MSFT will be responsible for. And by the time that realization comes, it will be too late for many businesses -- they will grudgingly pay MSFT whatever is demanded, just in order to stay in business. And Borg Bill will have swept the "World Domination" Monopoly (TM) game.
... if we want to play any decent number of games... I'm afraid you kind of have to use it, so don't be so high and mighty and say "Well just don't use it", because we have to.
...and my workstation is set to retreive its patches from it, rather than M$'s site?
.exe files. ...which leads me to another point: Once the updates are in the wild, they WILL get passed around, and there's nothing M$ can do about it.
Currently it contains 1.6GB of what appears to be every M$ update known to man, (including a bunch of crap that I didn't really want, but hey...hard drives are cheap) and they're all
You're using her as bait, Master!
I just heard that Microsoft has announced the creation of a new program, called "Consumer Protection Genuine Advantage Validator". In the near future users will have to have their activeX Genuine Advantage software confirmed to be valid and unpirated before it will let them confirm their windows installation as valid and unpirated.
WGA is really an acronym for Windows Genuine Annoyance, but Microsoft opted for "Advantage" since it sounded better marketing-wise. :D
Any technology distinguishable from magic, is insufficiently advanced.
Must be a slow news day. This story was reported a month ago on May 23, 2005. At cnet, no less; not exactly an obscure news source.c y+check/2100-1002_3-5717127.html
h tml
http://news.com.com/Bypass+found+for+Windows+pira
And it was picked up by others, for example:
http://techrepublic.com.com/2100-1009_11-5717127.
Why is this story making the rounds again?
-- "I never gave these stories much credence." - HAL 9000
Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat."
Microsoft hired Baghdad Bob. I'm sure of it.
I'm sorry but maybe I'm missing the point here... for about 6+ months, there's been a newer key generator floating around the 'net that will generate Windows installation keys which pass the ActiveX WGA check. If WinXP is installed using one of these keys, it will appear genuine anyway. And, there's even a way to change the product key without re-installing the OS. So has this crack really done anything?
I guess it's more useful as a method for those who don't want/know how to find and download a working keygenerator (since all it requires is a valid copy of the OS and downloading a MS-hosted tool)... but this scheme has been broken a long time ago.
If you have virtual PC or vmware you dont need to activate more than once.
I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.
Virtualization defeats activation.
lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them.
Fifteen years ago, when I was a kid and didn't have any money, I pirated software to have something useful to do with my computer. With the advent of Linux and having a job, I don't steal software any more. (And oddly, I find the software I do buy to be 21st century versions of the same software I used to steal.)
The one "exception" is the only game I have on my Mac. I bought Civilization III for the Mac because I had loved the previous two's complex strategic systems. But Civ III, to avoid software piracy I suppose, required the CD to always be in the computer. Worse, it would often spin the disc constantly.
On my laptop, this meant hardware strain on an expensive to replace unit and lower battery life.
So I downloaded the ISO and just mount it when I want to play. No overhead of spinning discs and low battery life!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
He ment the activation code, the code that you have to put in if you don't have Internet access and are activating. And some OEM copies are not bound, it depends on the manufacturer. Many computer companies don't take the time to bind XP to their BIOS. Don't think this is true? Take for example the OEM copies you can buy with mobos/HDs/whatever off the internet-not bound to anything, but still have an OEM key and you still have to ACTIVATE. You clearly don't know what you are talking about. Nice microsoft fanboy...