Microsoft Genuine Advantage Cracked

piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."

Text

[krray]

Indian cracks Microsoft's anti-piracy program

Alok Sharma | June 21, 2005 14:53 IST

An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.

Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.

Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.

WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.

Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.

Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.

Re:Text

[LiquidCoooled]

Did he stick tape over the Windows key during installation?
Or did he perhaps hold down the shift key.

The world must know.

Re:Text

[Slack3r78]

No, he colored over the inner ring of the internet with a Sharpie.

Re:Text

[oahazmatt]

Did he stick tape over the Windows key during installation? Or did he perhaps hold down the shift key.

I share your amusement. Though I am by no means capable enough to perform such a task myself (those shift keys are tricky) it seems that a Microsoft program being cracked or broken or worked-around or otherwise finagled is not necessarily a breakthrough. I suppose the most news-worthy aspect of this particular crack was in response of someone sinking what Microsoft was apparently toting around as the Titanic.

Interesting, yes. Front page? Maybe not other to rub it in Microsoft's face. This isn't the Special Olympics people. Not everyone gets a medal and a hug. :)

Download?

[nightemaster]

So... where can I download this?

That's great microsoft...

[chris09876]

I love how they say it represents very little threat. I guess we can expect them to save face, but someone must be kicking themselves over this one! "Very little threat" probably translates into millions of copies distributed over P2P networks :)

Re:That's great microsoft...

[ashmedai]

Think about which is easier:

1) Accessing a random legitimate install once for a minute or two.

2) Accessing a legitimate install every time a new patch comes out, for however long it takes to download. Must also make arrangements to transport the downloaded files.

That answer your question?

Two quotes come to mind

[1967mustangman]

The first is from George Patton : "Fixed fortifications are monuments to the stupidity of man." The second is from Karl von Clausewitz: "If you entrench yourself behind strong fortifications, you compel the enemy seek a solution elsewhere." I think these speak volumes

Re:Two quotes come to mind

[EggyToast]

Very true. Not to mention that in many cases, those little boring programs just use a basic serial and then say "Hey, crackers, please don't crack or distribute my app. It's just a basic algorithm, but it's how I make a living."

It sometimes amazes me how many crackers do have a conscience about the smaller guys, and how hard it can be to find passwords or cracks to cheap applications.

I almost liken it to the p2p v. itunes thing. When you can find a song for a buck in 30 seconds, compared to attempting to locate one for free over the course of 30 minutes, for many people the $1 method is a lot easier. For lots of people looking for random utilities or programs, when they find something that works, does a job well, and is cheap, they'll plink down the money for it. At least compared to finding a crack over the course of a week that may or may not work.

The smaller guys can also simply change-up the algorithm for the cracked passwords for each release every few weeks, something the big guys can't really do ;D

You'd think this would be obvious

[Dancin_Santa]

Microsoft has the right to restrict product updates to only their paying customers.

However, the installed base is huge and the illegally installed base is also huge. Microsoft, because it is their OS, has a moral responsibility to prevent internet worms and viruses by releasing patches to all users, regardless of the legality of the installation.

Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?

Re:You'd think this would be obvious

[Scoria]

Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?

I'll bite. Microsoft can only repair the vulnerabilities that they have been made aware of. If somebody uses a 0-day exploit to craft a worm, then I don't believe Microsoft can really be held accountable. That is like blaming the manufacturer of a safe for being susceptible to a heretofore undisclosed method of safe cracking.

If it is a vulnerability that they've known about for months, however, not unlike many of those that affect Internet Explorer, then that should probably be considered a different story.

Despite the accusations of trolling that you've received, however, I believe that you were right to distinguish an ethical responsibility from a legal one.

Re:You'd think this would be obvious

[rpozz]

(Mods, that's not a troll, it's a decent point)

You'd probably be quite surprised at the number of legal copies of Windows that are in use. Most people get it whether they like it or not with their new computer. People running 98/ME usually find that their computer is under-spec to run 2K/XP and simply buy a new one. It's mainly people who build their own computer (and thus should know what they are doing) who pirate Windows.

You still raise a very interesting question there though. I would say that they should allow anyone to update, mainly because many updates to Windows are security fixes and zombie machines adversely affect other users, not just the owner.

Re:You'd think this would be obvious

[Scoria]

No, it would still depend on the obviousness of the exploit used.

I'm not a Microsoft apologist. I never deploy Windows. I despise many of their tactics. I prefer a Unix-based operating system.

That said, let's face it: A 0-day exploit can affect any operating system, no matter how secure we might consider it. That includes every clone and variant of Unix available today.

As a programmer, you can take every precaution and still encounter a blatantly obvious -- to your critics, at least -- compromise. Although it really isn't a valid comparison, I'll cite the design problem that was eventually fixed in our beloved PHP interpreter. The end-user was once allowed to manipulate server-side variables, and that was sometimes an absolute nightmare to work around.

If such an obvious vulnerability were present in an ASP interpreter, we'd chuckle together and continue bashing the developers (developers, developers!) at Microsoft. I'll admit that it's often very funny to do so, but I'm ultimately afraid that people in glass houses shouldn't throw stones -- even if our glass house is reinforced. ;-)

Re:You'd think this would be obvious

[linguae]

Microsoft, because it is their OS, has a moral responsibility to prevent internet worms and viruses by releasing patches to all users, regardless of the legality of the installation.

Microsoft has the right to refuse patches of their operating system to users who have illegally obtained the software. Why should Microsoft, or any other corporation, use its money and waste its time providing patches and other OS updates to people who have illegally obtained the OS? OS patches are a privilege, not a right.

Don't get me wrong; I do not support MS's annoying activation and registration policies. However, why should people who have pirated Windows be able to expect support from Microsoft at all? And Microsoft can't do anything about Internet worms and viruses at all. Even though Windows isn't very secure (and its long overdue for a complete rewrite), Microsoft has no control over what other software people make. Windows, or any other operating system, can't prevent worms and viruses. Only users can prevent worms and viruses. In order to avoid Internet nasties, you either need to use a more secure operating system, a less popular operating system, or stick with Windows and become educated about viruses/worms/malware/etc.

1992 called ...

[w98]

... they want their copy protection scheme back.

Re:1992 called ...

[slashdot_commentator]

I'm not sure if the year 1992 has any significance. But in the early age of consumer computing, software used to be built with schemes to make it "impossible" to copy/install/use the software without validating that you had purchased the product.

Usually, this was done by being forced to physically lookup a phrase in the physical documentation and then feed it back to program before it would start/continue work.

This was annoying as hell, particularly to the paying customers. "crackers" would usually located the protection routine in the binary code, and patch it to skip the check. The practice was discontinued because the "protection" scheme would not protect non-purchased use of its product, (the savvier users would merely apply the publicised crack) and would reduce its marketshare by annoying its purchasing customers. Ultimately, software companies just factored piracy rates into its pricing structure.

The post was meant to be humorous, but you may have started using computers after the practice stopped, and thus your question.

Funny that you asked

http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip

MOD PARENT INSIGHTFUL

[Spy+der+Mann]

Genuine Advantage is a pain in the arse for both registered and unregistered users. If reinstalling windows was a nightmare, imagine now with having to actually activate your windows. And now for updates? Come on!

Somebody has to put an end to this.

Re:MOD PARENT INSIGHTFUL

[superpeach]

I had to activate windows over the phone the other day, because installing SP2 on it broke everything (well, it just didn't like the SIGNED graphics card driver).

It kept hanging while it was starting up so I took all the expansion cards out, including the graphics card and used the onboard. Worked fine, apart from popping up a message saying the hardware had changed dramatically and windows needed to be reactivated. Didn't have time to play with it so I left it a few days. Next time I turned it on I couldn't do anything unleses I activated windows. Ok, I will just activate it over the internet - or I would if it was configured for the network it was connected to. Cancel activation so I can set up the network, nope, can't change network settings unleses I activate windows (even in safe mode). So, do I configure a DHCP server on another machine, or use the activate by phone option? It was a free call, but if I knew how long it was going to take for the auto responder to read out really really long numbers for me to type then I would have just set up a DHCP server.

Re:MOD PARENT INSIGHTFUL

[yotto]

Genuine Advantage (What kind of name is that? What does it mean? It's not to my advantage to have to prove I paid for Windows every time I need to reinstall) and the like is one of the main reasons I switched to linux for everything but Grand Theft Auto. I refuse to pay ~$100 and then be treated like a theif. I will never pay for windows, in any capacity, again. If that forces me to build my own comptuer every time I upgrade, so be it.
Luckily, these days linux is pretty nice, what with Ubuntu and all. You barely need to think any more when installing, and no annoying registration screens!

Re:MOD PARENT INSIGHTFUL

[thrift24]

The worst has to be for setting up Microsoft Learning classes that use Virtual PC. You recieve about 2-10 virtual machine images that you have to activate by phone for every class(internet activation doesn't work).

Now imagine the fun that comes Friday after class to try to activate 3 classes worth of these by Monday morning when microsofts activation line is down half the weekend. *joy*

Don't you love Regina? That's what we call the Microsoft activation recording, she's screams numbers out like it's a punishment she's giving you. "5! 1! 2! 7! 5! *pleasant voice* would you like me to repeat that..."

This was done about two months ago...

[__aaahtg7394]

This was discovered by multiple people months ago, as evidenced by this full-disclosure thread, with a followup by another discoverer of the same exploit.

Oh no...

DVD Jon has been out-sourced to India!

legit user

[Demoknight]

ive used the program and put the little token into their site and it still wouldnt let me download something (cant remember what it was right now) so even with this crack or if youre legit you might still be out of luck :D

Not a true crack

[andycal]

From the doc linked to:
>6. After downloading "GenuineCheck.exe", run it on the machine running a genuine copy of Windows XP.
> It will generate a code which is used for WGA validation. Copy the code and use the same code to
>validate a pirated copy of Windows XP and bypass the WGA.

But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.

But sadly this will only make it easier for people unwilling to pay for windows to continue to use it. It would be better if they had to find a cheeper (legal) solution.

Re:Not a true crack

[RonnyJ]

But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.

Agreed. Microsoft could either restrict WGA downloads to only those using IE with ActiveX, or provide an alternative way for browsers to get past WGA. They did, and the simple/most user-friendly way is to get the user to download a program which will generate a key.

There's no way that Microsoft could know that you were running the program on a different machine. It's an inherent weakness of the system, but one Microsoft needed to make to allow non-IE/ActiveX browsers to work with WGA.

impenetrable?

[dioscaido]

Where does that "impenetrable" quote come from? MS has pretty openly stated that they know that protection mechanisms like Activation can, and will, be cracked. They have been pretty clear that these mechanisms are in place more for the hobbyist or mom-and-pop user, than the people that would actively seek out cracks/pirate software.

What's the point?

[mpontes]

I downloaded this out of curiosity, the only thing it contains is a DOC file with instructions.

Anyway, what's the point of doing this? You can still download things from Microsoft's site if you don't validate. You just have to pick the "Don't validate" option. Oooh, great, some guy made it so you don't have to click the annoying "No, thanks" button every time you want to download Microsoft Anti-Spyware!

The *real* challenge is to crack the activation algorithm. (which I belive that has some form of the RSA algorithm in it). People, WGA != activation. Activation is the one that's a bitch. If you happen to mess with your hardware in your Windows box a lot, you'll know what I mean. And since I can never use the Internet activation because I "Already used that code too many times" (Swapping IDE hard drives once in a while for backups with Windows is out of the question now?), I end up having to call Miss Microsoft Robot all the time, who always tells me it's very important to use Windows Update to protect my computer from viruses before she gives me my activation code.

Re:What's the point?

[avdp]

The "No, thanks" option is supposed to go away at some point in the near future. Also Windows Update will not run without WGA in the near future as well.

Fortifications

[jd]

There is a castle, located in the Middle East, that was so well designed that it was virtually impossible for an attacker to break in by force.

Today, it would be possible to build a damn-near invincible fortress - use granite blocks of a similar size as those for the large stones in Stonehenge as bricks, have them interlock so that shockwaves can be carried non-destructively, and build it as a gigantic geodesic dome so that impacts are tangental and not perpendicular.

This isn't "fool-proof" (fools are way too ingenious) but it would offer a formidable target that would be hard to punch through.

Can you create something analogous in software, where the design is such that the "impact" of an attack is less likely to break through?

Yes. The standard network "firewall" is just an electronic castle, permitting traffic only through controlled gates. A portcullis arrangement (two back-to-back firewalls with a NIDS system in the middle) would provide a stronger fortification, if historic warfare is any guide.

The dome arrangement, where impacts are distributed so that no one component ever takes the brunt of the sttack, would be analogous to using a highly distributed security model, where different components in the model have to validate for the communication to be accepted. That way, exploits in any one component are of no value, unless absolutely identical flaws exist in ALL the components.

Ok, so we've got a system that offers some semblance of security. Can it still do anything, without that security being compromised? After all, anyone can make a 100% secure computer by turning it off.

Depends on how secure you want something. Let's take the key validation that Microsoft wants. What you want is non-duplicatable information. Easy enough - print a 1024-bit "public key" on the packet, which matches a private key on the validating server. Use the key to generate a unique ID, which is copied onto the computer. Any subsequent communication has to match the unique ID and the public key.

Re:Fortifications

[tomhudson]

Roger Cheswick has made a career for decades in explaining the problems with the castle-wall theory of computer defense. apparently he did so in vain, for there's always some clothpate who doesn't get the word.

There's only one word in that sentence that I don't get, and it sure as hell doesn't involve security. Congratulations, you have invented a word that even Google cannot find.

clothpate

cloth: rag
pate: head

Putting them together is an exercise left for the reader.

Asymmetrical motivation

Both generals were talking about some kind of conventional warfare. Microsoft vs the hackers isn't conventional warfare. It is a lot closer to guerilla warfare. Against guerillas, a fortress is good protection. Of course, as Mao pointed out, the guerillas may be able to let their enemy rot in their fortified cities. That may be closer to what's happening here. Microsoft may be like the conventional army which alienates the population. When that happens, the war is as good as lost.

Like the IRA said to Margaret Thatcher: "You have to be lucky always, we only have to be lucky once." Microsoft is in the same situation. The battle is ultimately for the hearts and minds of computer users everywhere. If Microsoft makes a pain of itself in its attempts to defend its territory, their customers will eventually defect to the other side.

btw: Things have changed in Northern Ireland. The population is becoming VERY disenchanted with the IRA. Many Catholics now hate them more than they hate the Brits and regard them as little better than organized criminals. Similarly, with many years of hard work, Microsoft could regain its good name (but I'm not holding my breath).

Full-disclosure link

[Karamchand]

Go here and download here.

Windows Genuine Advantage

The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.

Re:Windows Genuine Advantage

[kebes]

You're right.. and isn't that the problem? It seems like this vulnerability could be coded into a distribution. Someone illegally distributing Windows CDs can modify the copy so that it (unknown to the user) runs the crack, gets seemingly-legit codes, and uses these to "prove" that it is a genuine copy to the silly purchaser of the illegal product. So basically this undermines the whole point of the Windows Genuine Advantage. The user buys a CD of Windows, and even the windows website agrees that it is a genuine copy... but in fact the user was duped and bought a pirated copy. This lets the "bad guys" make money off of consumers... moreover it means that the "Windows Genuine" seal means nothing... worse, it provides people with a false sense of authentication.

(or maybe there's something I don't understand about the whole process?)

Easy fix.

[PopeAlien]

This should be easy for Microsoft to fix. Like all problems the solution lies with legislation.

Outlaw India - problem solved.

Re:Easy fix.

[Ryosen]

Outlaw India and they'll just come up with another replacement. Rumor has it that projects are already in the works with names like "Malaysia", "Philippines", and "China".

Why I hate XP Key Codes

[ebooher]

Personally, I don't have a windows computer in my home. I am running several Macs, a Sparc and a Linux machine. The main reason all stems from Microsoft and the way they treat their paying customers like they are stealing something from them.

A friend of mine bought a Gateway computer a couple of years ago with XP Home on it. After installing and uninstalling several pieces of software the system locked and he couldn't get it to "boot." So being the tech savvy friend in the industry he brings the PC to me.

The system is asking for a Microsoft Authentication Code. Ok, whatever. Plug into the switch, get online, enter the Key Code, refuses my request for an Auth Code. *grumble* Call the number provided, get a wonderful automated system that doesn't let me speak to a human. Also refuses to give me an Auth Code. *more grumbling* Call Microsoft Support direct (the first number was given to me by XP when the code gen failed) speak to a human who verifies I have a valid Windows Key Code and then refuses to give me an Auth Code.

Meh?

She proceeds to inform me that as the code is an OEM code from Gateway that I have to call them. *sighs* Ok, I've been dealing with this a couple hours now, with hold times and all, but what the hey. Call Gateway, the representative though friendly, tells me very politely to go screw myself. Seems the system is now out of warranty period, plus since I'm not the actual owner of the system anyway they can not give me any assistance what so ever. Offers the helpful advice to give Microsoft a call.

At this point I pull out an education bulk copy of XP Pro I happened to have purchased, and isn't running on anything else and install Pro in place of Home. Good thing about the bulk site keys, there are thousands of users with the same key legally and honestly. Kill the key and lots of very unhappy people.

My Mac? Drop the CD/DVD in, hold down C, click install, and I'm done. Ahh .... simple. Linux? Same thing, boot the disc, walk through the install dialog, and we're happy. Debian based? apt-get upgrade the entire thing without even a CD. Heck, even Solaris installs and assumes it's legit and doesn't mind. (This was before the whole it's free for you and open now too thing)

Yeah, Microsoft is only going to end up really annoying the hell out of it's legit users. Crackers and 1337 W@r3z P1r@t35 will never be more than mildly inconvenienced. If they are taking the time now to write programs that will let them keygen against binaries on the CD, then they are already spending the time trying to rip the thing off. The problem with a cat burglar is, no matter how many locks on the safe, if the Hope Diamond is inside, they are going to take the time they need to open it.

Got hit by that "feature" today, VERY annoying.

[tcc]

I wanted to install DirectX 9.0C on my laptop, and got hit by that. They've asked me to type in my product Key (which was UNDER my dhell laptop, attached to it was my external 80gb firewire drive and my 200GB USB2 drive, thank god it's not using a docking station, this would have required me to turn it off and then write it down then reboot than download, then reboot again...

for god's sake what are they thinking? don't they get it? lot of people are buying software and use cracked version EXACTLY because of the fact that all legitimate software puts totally INSANE overhead that only irritates clients and in the end penalize them. And beleive me, they lose sales little by little because in the end it's less of a pain in the back to install cracked versions than upgrade with the re-registration, phone confirmation, yadi yada that without mentionning activations problems and all that stuff that people don't want to deal with especially after shelling out hundreds of dollars.

You want people to stop pirating, EDUCATE them, irritating them will only do the exact opposite. When I was a kid, I had a VIC20 and a C64, EVERYTHING was copied because "stores selling games" what not a commodity like today, plus, at 11, you don't have that much money, and face it, piracy is what made the C64 such a hot seller. But later, I was educated once entering a specific field of interest (3d/video editing) by people on mailing lists and also local pros, and today I'm the one pushing people to buy software and support companies, especially when these companies puts out educational pricing or non-commercial licenses at very decent pricing. Its still easy to get pirated software, but when you are educated, you know what happens in the long run, or you know the potential legal implications it might get you into if positive reinforcement is not your thing :).

Seriously, I just don't get it... if the goal is a clever way to reduce bandwidth costs on their server and outsource the stuff to pirate sites or torrents sites, well, hats off! but I doubt this would be the case.... man how pathetic can it get...

Debian Genuine Advantage still uncracked :)

[Xtifr]

I think a lot of people are missing the point of this. The original purpose, as I understand it, of the "Genuine Advantage" program was to allow users to verify that they had not been ripped off when buying a Winbox, i.e. that they'd actually received a validly licensed copy of Win. Why you would care was never adequately explained, but that's a side issue. But if you do care, then this would seem to be somewhat of an unfortunate development.

Anyway, I would like to present my own "Debian Genuine Advantage" program that people can use to verify that their Debian-based systems are not pirated:

#!/bin/sh
echo "This system is not \"pirated\"."

Adapting this system for using on other flavors of Linux is left as an exercise for the student. :)

Advantage: MSFT

[quarkscat]

I am waiting for the time when MSFT has all updates and security patches restricted by their WGA initiative. When the next trojan/virus/worm hits the internet that fouls up the Registry, every business worldwide that is chained to MSFT will come to realize that MSFT has become their "silent partner". The Mafia's "protection rackets" of the 1920's and 1930's will look like child's play in comparison to the disruption of business that MSFT will be responsible for. And by the time that realization comes, it will be too late for many businesses -- they will grudgingly pay MSFT whatever is demanded, just in order to stay in business. And Borg Bill will have swept the "World Domination" Monopoly (TM) game.

We HAVE to use windows...

[spoco2]

... if we want to play any decent number of games... I'm afraid you kind of have to use it, so don't be so high and mighty and say "Well just don't use it", because we have to.

Breaking news

[Ponzicar]

I just heard that Microsoft has announced the creation of a new program, called "Consumer Protection Genuine Advantage Validator". In the near future users will have to have their activeX Genuine Advantage software confirmed to be valid and unpirated before it will let them confirm their windows installation as valid and unpirated.

The real acronym

[Daath]

WGA is really an acronym for Windows Genuine Annoyance, but Microsoft opted for "Advantage" since it sounded better marketing-wise. :D

activate once, reuse

[steve_l]

If you have virtual PC or vmware you dont need to activate more than once.

I have winXP VMs (domained, undomained), and a win98 vm (historical quirk). Once you get a stable image with msoffice, activate it, snapshot it, and duplicate the VM image. One tip: activate and snapshot before you domain it, as it is a real pain to undomain a win2k-domained image.

Virtualization defeats activation.