Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Genuine Advantage Cracked in 24 Hours

Posted by CmdrTaco on from the only-a-matter-of-time dept.

jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check. BoingBoing has the story. "

39 of 522 comments (clear)

  1. I can't believe I was actually worried about this. by TripMaster+Monkey · · Score: 4, Informative


    A simple hack has been found that disables the check.

    It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  2. bwahahah by 1336.5 · · Score: 5, Funny

    Quality programming I tell you. Quality!

    1. Re:bwahahah by MightyMartian · · Score: 5, Funny
      Balmer: "What are you going to do tonight, Brain?"

      Gates: "Same thing we do every night, Stinky. TRY TO TAKE OVER THE WORLD!"

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
  3. It works... for now by gbulmash · · Score: 5, Interesting
    Just tried it and it works (after Microsoft forced me to download the Genuine Advantage update).

    Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update, so I believe this is only a temporary reprieve. I guess it will be a back and forth between MS and and hackers until MS has secured Genuine Advantage.

    I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows.

    Just another reason to keep trying new Linux distros and updates on my testbed system until I find one I like enough to switch (tried so far: Ubuntu, SuSE, CentOS 3.3, Linspire, Knoppix, Mandrake 10). Already using OpenOffice, Firefox, and Thunderbird and have a WAMP (Windows, Apache, MySQL, PHP) set-up for development work. Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI. Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

    - Greg

    --
    Start a happiness pandemic
    1. Re:It works... for now by Alan · · Score: 4, Insightful

      The irony of course is that because of security concerns, MS has been saying that to be safe don't run exe's off the net and disable activeX, and to ensure security, they're making you run exe's off the net and use ActiveX.

      How long before someone creates a phishing site that lets people download a 'genuinewindows.exe' that's not so genuine?

    2. Re:It works... for now by robertjw · · Score: 5, Insightful

      Jump through hoops? I was verified in under thirty seconds with two clicks,

      Just because you are a fast jumper doesn't mean it wasn't a hoop.

      --
      Find coupons in Greeley
    3. Re:It works... for now by Ingolfke · · Score: 4, Informative

      MS has been saying that to be safe don't run exe's off the net and disable activeX,

      Microsoft has been saying don't run unknown EXEs and ActiveX controls. They do sign all of their controls so for those of us who check before we run something we can validate that they're actually from Microsoft or some other trusted party before we run the app/control.

    4. Re:It works... for now by gbulmash · · Score: 4, Insightful
      An interesting view point, which is quite pervasive.

      So why should you get free continued support?

      Now, if you had paid a maintenance fee (quarterly, yearly, ..), then you would of course get updates for the life of the maintenance contract.

      But free?

      It's supposed to be free because that's how Microsoft has done it. If they want to change it, change it. But define that change clearly and prominently at the time of sale.

      Lots of smaller software companies sell you A & B & C packages:

      • A: Software only
      • B: Software + updates for X period
      • C: Software + updates for X period + plus priority/personal support.

      If Microsoft wants to follow that model, fine. Do it... on all new copies of XP they've sold. But for the prior ones, stop adding hoops and checks to make sure I paid. I bought it, I installed it, activated it, I've done enough to qualify for my updates.

      - Greg

      --
      Start a happiness pandemic
    5. Re:It works... for now by QMO · · Score: 5, Insightful

      "You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to provide free fixes for broken software, but they are really not obligated to."

      If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

      If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

      In most industries, anyone who doesn't follow that rule goes out of business very quickly.

      I think that we are just used to software being an exception.

      --
      Exam 4/C again. Maybe I'll do better this time.
    6. Re:It works... for now by mcrbids · · Score: 4, Interesting


      If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

      If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

      In most industries, anyone who doesn't follow that rule goes out of business very quickly.

      I think that we are just used to software being an exception.

      Which is, of course, silly. When's the last time you turned in a stolen car for a recall/repair? When you do, they'll look up the VIN (Vehicle Identification Number) and make sure that you're legally entitled to the free repair.

      Microsoft is doing the same thing, here. Bitch all you want to, but your license number is effectively the "VIN" for your software. Why shouldn't they have some reasonable means to check it?

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  4. Great! by Luscious868 · · Score: 5, Funny

    Let's post it on Slashdot for all to see so Microsoft will find out about it and make it harder to get around!

    1. Re:Great! by silicon+not+in+the+v · · Score: 4, Funny
      Got it? Most of us could probably have found this just as easily if it had not been posted on /., but now it is, so it's that much easier to find, which means it will be brought to MS's attention that much more quickly, which means they will have a fix for this work around that much sooner.
      Ha ha! When I read that I thought, "Oh, you mean like we've been openly, publicly blasting them for all of their programming vulnerabilities and horrible security model, and the incredibly stupid practices of putting ease-of-use over stability or security? Yeah, that has resulted in them jumping right on it and issuing fixes for those things. NOT!"
      --
      We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
    2. Re:Great! by kawika · · Score: 4, Funny

      Sure, but Microsoft is certain to see it tomorrow when it's posted as a dup!

  5. Javascript?? by WebHostingGuy · · Score: 4, Insightful

    Are they serious about security, privacy and piracy yet?

    --
    Quality Hosting e3 Servers
  6. Not for long by zoomba · · Score: 4, Funny

    That one will be fixed pronto in a "critical" security fix.

  7. Get the hack here! by Anonymous Coward · · Score: 4, Funny

    Download the hack here,

    http://www.linux.org/

  8. The pirates be losin' their cuttin' edge, arr. by supersocialist · · Score: 5, Funny

    I mean, seriously, I expected a crack out much sooner. What's it been, six hours?

  9. Shocking stas gathered by program by FerretFrottage · · Score: 5, Funny

    ...after users attempted to update, MS found out that there is actually only 1 registered copy of Windows XP.

    --
    "Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
  10. as always by cryptoz · · Score: 4, Insightful

    MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended), and they have no choice. As part of their business, it's mandatory that they attempt to curtail software piracy. But they know, and we know, that it can't be done. It's like the terrorists (now, seriously guys, I'm NOT making a link between hackers and terrorists, I'm above that). But look at it this way. The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through. That is, Microsoft will have to figure out every possible way that their products can be cracked and provide protection, but the hackers must only find one single weakness. So to speak.

  11. Re:I can't believe I was actually worried about th by Zzesers92 · · Score: 5, Interesting
    the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

    In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack).

  12. Re:Simpsons flashback by Anonymous Coward · · Score: 4, Funny

    most likely...considering that's Nelson's trademark.

  13. More then one way by KasKyt · · Score: 5, Informative

    This bypass also works http://home19.inet.tele.dk/jys05000/ I tested it earlier today, good job MS :D

  14. Re:Article Text by MightyMartian · · Score: 5, Funny

    I love these sorts of vulnerabilities. Maybe we should look for "GiveMeRootPriveleges=NO" and "SendMeTenMillionDollarsInUnmarkedBills=NO". Maybe there's a "FormatEveryHardDriveInRedmondAndInstallRedhat=NO" .

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  15. Re:WTF by TheViciousOverWind · · Score: 4, Informative

    Erh... Think just a tiny bit before you post inane babble like that - The article was called "Microsoft Genuine Advantage[...]" and in the url it says "microsoft_genuine_ad". - See the resemblance? It's just an autogenerated filename their CMS came up with probably.

    And now for something completely different (a comment about the article): I'm pretty sure the one who programmed this check knew that it wasn't bulletproof, and maybe it's just a case of a "proof of concept" project which suddenly becomes a "Gone live" project. - It will be pretty easy for them to fix, but it really is a huge embarassment for them, and you would think that a company with that kind of resources had rules to cover things like that (as in Rule #302742314 "Clientside checking is only okay if followed by a Serverside check").

    --
    My <1000 UID is with a hot chick
  16. Re:Way to go M$ by pla · · Score: 5, Insightful

    I cant wait to see how secure the XBox360 will be

    Fairly.

    Don't mistake MS's "see, we tried" pretend attempts at security, and their "this hurts our bottom line" real security.

    The original XBox still has no generally applicable software-only crack for it, after several years in the field. Real security.

    This new "please don't pirate Windows" joke lasted 24 hours. Why? Microsoft WANTS people to pirate Windows. Very, very few private individuals would pay $300 for an OS plus $300 for an office app suite. However, if "everyone" uses it already, then the sort of customers who do buy, such as businesses and governments, will far more likely go with Microsoft.

    Call me paranoid if you want, but NO modern attempt at secure authentication has any excuse for not using server-side verified, AES-encrypted communication. A pathetic little unverified Javascript toy? Gimme a break.

  17. Different Way to Crack It... by 00Monkey · · Score: 5, Informative

    I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.

  18. Product Activation wouldn't be bad if... by ShatteredDream · · Score: 5, Insightful

    they would actually treat their customers like their legitimate users unless they give them reason to believe otherwise. Here would be a good idea for Microsoft: allow unlimited product activations if you buy a site license for your house and send them a registration notice in the mail. Then product activation is against others who might steal your serial number.

    I have enough PCs that I'd pay $300 for a "home site license." Microsoft could create such a thing without any hassle because for many households, it'd be worth it. All they'd have to do is make you send a copy of your driver's license or something in the mail and then if someone tries using your serial number that doesn't share the data on your driver's license, they go after them for infringement. That way, product activation doesn't harass law-abiding users.

    I'd love to use Longhorn because it looks like a good release, but damned if I'm going to buy it and get 2 "harassment-free" installs. If I buy it, you can bet that I'll only buy it after I've either gotten a cracked CD or found a site license serial that actually works like the ones that XP uses. Every windows license I have is valid, though I use cracked CDs just to get around the PA. Seesh, why am I forced to behave like a common criminal? I can't wait to be able to switch back to OS X at this rate...

    --
    Click here or a puppy gets stomped!
  19. Re:only for the geeks by mark-t · · Score: 5, Interesting
    I bought my copy too... an OEM version of Windows XP Home edition that came bundled with my Toshiba laptop. The certificate of authenticity label is attached to my laptop, and I have all the original manuals and CD's.

    But for some inexplicable reason, Microsoft is unable to authenticate my info. Which leaves me with no alternative but to use the crack if I want to continue to use XP on that system.

    --
    File under 'M' for 'Manic ranting'
  20. But by QMO · · Score: 4, Funny

    If they come from Microsoft, they're OK. Microsoft is trustworthy.

    --
    Exam 4/C again. Maybe I'll do better this time.
  21. Re:I can't believe I was actually worried about th by DrEldarion · · Score: 5, Funny

    If you want to get all conspiracy theorist, you could say that they did this on purpose, and it's not a backdoor so much as a honeypot. All of you are now flagged as hackers, enjoy!

  22. Re:I can't believe I was actually worried about th by EnVisiCrypt · · Score: 4, Interesting

    I know this was tongue-in-cheek, but since it's all client side, they have no way of flagging anybody as far as I can tell.

    Anybody know differently?

    --


    *everything* is Orwellian to cats.
  23. Re:I can't believe I was actually worried about th by aicrules · · Score: 5, Insightful

    You are quite correct. They're not targetting the people who download it off of a warez site. They're hoping to get the people who bought a copy that looked real with a manual and all that.

  24. Microsoft's channelling Dennis Farina... by RoadWarriorX · · Score: 4, Funny

    "Hey, it's OK. We're authorized."

    --

    Coderz 4 Life
  25. Re:I can't believe I was actually worried about th by shark72 · · Score: 4, Interesting

    "In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack)."

    Thank you for pointing that out -- it's a concept that's lost on many people. It's a bit like the locks that come on your car: they probably won't hinder that professional thief who wants your car, but they'll stop the amateurs.

    --
    Sitting in my day care, the art is decopainted.
  26. Re:I can't believe I was actually worried about th by Anonymous Coward · · Score: 5, Insightful

    They aren't actually punishing those people either. In the case where you unknowingly purchased an unlicensed copy of XP, they're giving you a free one if you can provide documentation. From a previous article posted here:

    "Customers who discover they have a counterfeit copy of Windows will either be given a free version of the operating system or can purchase it for a discounted price, he said.

    To get the free version of Windows, a customer must fill out a counterfeit report identifying the source of the software, provide a proof of purchase and send in a counterfeit CD of the software. If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said."

    So looks like even if you dealt in a shady off-the-truck operation, you would still be eliglble for OEM pricing.

  27. Re:I can't believe I was actually worried about th by InvalidError · · Score: 4, Interesting

    This is probably one of the more briliant ideas from M$ in a long time: consumers who get/got screwed by their OEM can trade evidence that their OEM is shifting fraudulent copies of M$ software for legit copies.

    1) Let OEMs shift fraudulent copies
    2) Get the customers to seek relief from said fraud
    3) Collect evidence against OEM
    4) Go after said OEM's pockets
    5) Profit (fraud + copyright infringement + etc. = most likely more than enough to cover legal costs)

  28. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  29. I cracked it nearly 6 months ago ;) by Anonymous Coward · · Score: 5, Informative

    "Cracked in 24 hours"? I 'cracked' it so long ago (Proof) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0

    I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.

  30. Re:I can't believe I was actually worried about th by ChuckleBug · · Score: 4, Insightful

    There's another reason for locks and alarms: To make your car (or whatever) more of a pain to steal than the next guy's. It's like the joke about the campers who hear a grizzly bear coming. One starts putting on his running shoes. The other says, "What are you doing? You can't outrun a bear!" The reply: "I don't have to outrun the bear. I just have to outrun you."