Slashdot Mirror
Microsoft Genuine Advantage Cracked in 24 Hours
jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check.
BoingBoing has the story. "
← Back to Stories (view on slashdot.org)
A simple hack has been found that disables the check.
It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.
____
~ |rip/\/\aster /\/\onkey
Jump through hoops? I was verified in under thirty seconds with two clicks, and every download since has been simple and trouble free. It's fairly typical "I wubb linux" gibberish when you say you've got to "Jump through hoops", to make those two clicks, when you'd spend longer typing apt-get at the command line.
Microsoft is becoming irrelevant, passe. Why would I care if I could pirate Windows? I don't use Microsoft software now, I don't plan to use Microsoft software in the future, it does not matter if they give the stuff away.
People who break authentication so they can pirate software are hurting free and open source software. This behaviour encourages people to pirate the software. If you want to use Microsoft software then don't break the law and don't use pirated copies. That's right, pay for legal use of the software. Use you elite hacking skills to improve free and open source software.
Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:
"This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
java script:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
This bypass also works http://home19.inet.tele.dk/jys05000/ I tested it earlier today, good job MS :D
Erh... Think just a tiny bit before you post inane babble like that - The article was called "Microsoft Genuine Advantage[...]" and in the url it says "microsoft_genuine_ad". - See the resemblance? It's just an autogenerated filename their CMS came up with probably.
And now for something completely different (a comment about the article): I'm pretty sure the one who programmed this check knew that it wasn't bulletproof, and maybe it's just a case of a "proof of concept" project which suddenly becomes a "Gone live" project. - It will be pretty easy for them to fix, but it really is a huge embarassment for them, and you would think that a company with that kind of resources had rules to cover things like that (as in Rule #302742314 "Clientside checking is only okay if followed by a Serverside check").
My <1000 UID is with a hot chick
Since BoingBoing is getting hammered here's the text of the article:
Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:
window.g_sDisableWGACheck='all'
AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
Link (Thanks, AV!)
You say things that offend me and I can deal with it. Can you?
You can also just find a direct link to what you want to download. For instance, go to2 d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywa reInstall.exe
http://download.microsoft.com/download/8/1/5/815d
to get the anti-spyware program.
I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.
I think Automatic Updates ONLY do Critial Updates. Which excludes updates to programs or new features.
Which is fine by me. Patch the security wholes without bugging me, just my style.
MS has been saying that to be safe don't run exe's off the net and disable activeX,
Microsoft has been saying don't run unknown EXEs and ActiveX controls. They do sign all of their controls so for those of us who check before we run something we can validate that they're actually from Microsoft or some other trusted party before we run the app/control.
The original XBox still has no generally applicable software-only crack for it, after several years in the field. Real security.
5 1
What about softmods? There's several of them around, designed for various purposes. Most of them are meant to be used to run XBMC, admittedly, but in theory they could be generalized to run Linux or something.
Check the various tutorials: http://www.xboxscene.net/tutorials.php?p=151%7C#1
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
sounds kind of like everyone who wnats can get windows for free now... 1. Download Windows XP Professional from Bittorrent 2. make CD 3. Print cover on CD. 4. Print paperbox. 5. Fold paperbox. 6. Take picture. 7. Send picture as proof of buy to Microsoft and report you got it from some Thaiguy. 8. Recieve free Windows XP Professional. 9. ??? 10. Profit.
Personally, I wouldn't use the built in validation controls because they don't output DOM compliant javascript. You can download a set of DOM compliant validation controls here: http://www.okane.com.au/matt/PermaLink,guid,c0797a e3-d041-49bb-bd15-0ae551151271.aspx
But if you are using ANY validation control in ASP.NET, you sure as hell better be calling Page.IsValid on the server side instead of relying on the javascript functionality. well, I guess this assumes you knew that the validation controls can be ran from the server side...
If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?
Comment removed based on user account deletion
You can disable the tool from within IE. Just go Tools > Addons > Disable Windows Geniuine Advantage
"Cracked in 24 hours"? I 'cracked' it so long ago (Proof) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0
I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.
Dell does the same, to change your key [to the one on the label] you'll have to deactivate windows
; EN-US;328874
microsoft even has instructions
http://support.microsoft.com/default.aspx?scid=kb
Family and friends??
No, this is to nail 'whitebox' sellers who purportedly sold you a copy of Windows XP but just pocketed the proceeds and left you high and dry.
Russian pirates suggest that you go to IE options->Programs->Add-ons and disable Genuine ActiveX. Then just load the updates from the web site.