A Different Kind of WGA 'Problem'

Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."

Corporate

[crabpeople]

Its simple. Hes using the corporate VLK. Microsoft would _never_ damage its corporate customers by subjecting them to WGA. I thought it was well known that corporate versions of things (windows, symantec) are vastly superior and thusly are the most heavily pirated. Always go for a pirated corp copy over a real one. Those leet software pirates know how to do the job right, the first time.

Re:Corporate

[hawkbug]

You're wrong I think, I've seen VLK's get flagged as pirated. However, they were :) When a legit key was put in place, the warning goes away.

Re:Corporate

[dtfinch]

The majority of the users WGA identifies as pirate are using corporate volume license keys.

Re:Corporate

Contrary to warez labelling there is no such thing as a "corporate version" of XP (or any other version of windows), it's just XP Pro installed with a VLK. The use of the VLK is what tells XP it's volume licensed and hence disables activation. So yes you have a 'corporate' version, and apparently the key has leaked and been widely used to do unauthorised installs.

Re:Corporate

[Raideen]

VLA, retail, and OEM media are different. Using a VLA key on an installation done with retail media won't work.

Re:Corporate

[ThurstonMoore]

The VLK that are in use by some of my customers will not work on an OEM Windows XP Pro CD, they require a Volume Licence CD.

Re:Corporate

the volume licence version doesnt contain windows activation either

Re:Corporate

[toddestan]

Try using the infamous pre-SP1 vlk that starts with FCKGW

That probably wouldn't work, as that key is blacklisted from even downloading SP1, which means no WGA for you.

Re:Corporate

[Fordiman]

Well, yes and no.

Universities do (generally) use XP Professional, and (generally) they do use VLKs to handle installs/updates. Unfortunately, since they often pass these out to students, they're often the first to be pirated. Which means they're often the first to be blacklisted with this WGA shite.

Fortunately, for compters wired to the University intranet (that don't have remote management shut off), the University IT staff will dynamically update the VLK if theirs becomes blacklisted (Microsoft will notify the owner of a VLK before it becomes invalid and give instructions on performing a mass VLK update). The problem is that when an individual has to reinstall, the IT guys are usually willing to just give out the VLK rather than insisting that they do the reinstall themselves - thus restarting the cycle.

In short: take your laptop to your IT dept and tell 'em your computer thinks it's been pirated; they'll be able to fix it.

That is, if you give a shit.

Many people just use their employeer's key

I know a number of people who 'borrowed' a Windows Support Key from their employeers, and applied the key to their pirated version of Windows. None of them have had a problem with the Windows Validator tool.

A different WGA problem

Not too long after WGA came out I tried using System Restore to revert to a back up from about a week earlier to see if it would solve some issues I was having. After reverting to the backup, WGA was sure I had a pirated copy, but if I then reverted to the state it was in before using system restore, it didn't have problems at all. I haven't checked since then to see if maybe it was just because the backup was from before installing WGA, but it's sort of annoying that they would make one of their more useful features useless if the issue still happens.

There is Anti-WGA cracks...

[Borgschulze]

Microsoft.Windows.XP.Professional.Corporate.SP2.In tegrated.July.2006.MULTI.IMAGE.REPACK-ETH0 That has all the latest updates... and has a WGA crack in it... no wonder he can't get it to recognize it's pirated.

Feh! Windows XP Pirate Edition

[Orion+Blastar]

Obviously the P2P Pirate edition of XP uses the VLK and has modified the legitcontrol.dll, wgatray.exe, and wga*.dll files to not report a WGA violation.

Want to really test the WGA? Use your original copy of Windows XP and search the Internet for a known CD-Key and install with that key that millions of other people have used. Then watch as the retail or OEM version of Windows with unpatched WGA files reports you as a pirate.

Ninja Pirate Hackers and Crackers have modified the WGA files with something called MSIL that is like assembly language. For example if a valid key is found, you might have a comparision done and a JNE to 2000:1345 which calls the part of the code that turns on the "Your copy of Windows is not legit" function. Turn that JNE 2000:1345 into a NOP and the comparison does not match and the program does not jump into the Anti-Pirate code. Or change it to a JE 2000:1345 and if a valid key is found it jumps to the Anti-Pirate code and if an invalid key it does not. Or just take the code at 2000:1345 that turns on the Pirated bit and fill it with NOPs. I am just guessing here, I could be wrong, but I think the pirated version of Windows and those WGA-Fix patches do those sort of things.

Meanwhile my legit copy of Windows XP has to have the WGA spyware on it to get updates from Microsoft. Yeah Windows Update and Microsoft Update require that I install WGA in order to use them. If not, no updates from the web. WGA trashed my fast user switching after it got installed. I can see the WGA files eating my system memory, CPU cycles, and using up bandwidth to report back to Microsoft, yes folks it is spyware. I would guess the pirate version of the WGA Fixed files remove the spyware as well.

Not only that I heard that the pirate version of XP has special tweaks and bug fixes that the retail and OEM versions do not have. Yet your chances of malware infections are greater with the pirate version, because you never know who last modified it before you got a copy. So beware.

Re:Feh! Windows XP Pirate Edition

[RobertLTux]

try this go to autopatcher.com and download a full set (you may have to download an older full set and then the upgrade sets to get to august)

However what might be happening

[Sycraft-fu]

Is he might be using a legit corperate key. We have a VLK here (university) and you can just install XP on any system no problem, and it'll report as legit. They don't check vs number of license to make sure it's an exact count. So you could install it unlicensed on a personal laptop, and it'd report as legit no problems. Now however if they found tons of systems outside of the university cropping up, and saw the key on a serials board, they might invalidate it and issue us a new one.

However just installing a copy of corperate unlicensed won't do anything. It doesn't activate and there's not a hard limit check.

To really test WGA you need to do something like get a known pirate key or take a non-volume copy of XP and install it on more systems than you are allowed to.

Re:However what might be happening

[Manitcor]

RTFA, he used a key from a serials site that was marked as 2 years old. MS is apparently not keeping up with its pirateed key list

Re:However what might be happening

[rtb61]

The whole WGA ia not about pursuing pirates it is about pursuing families, with more than one computer. Pirates will continue pirating with out pause, the skilled ones of course, the dumb ones will still get caught as always. Hackers and skilled users who want to cheat will do so as well.

It is only the unskilled trying to install one copy across all the families computers who are really getting caught, it is targeted at unskilled mothers and fathers and their children.

The easiest way around WGA is to download the updates and install them manually and anybody with a reasonable amount of skill can do it quite readily (obviously avoid the WGA one, as well as the other pointless ones). The only reason I bothered with WGA is that I was curious as to what it what do. I prefer manual updates and have automatic updates disabled.

When my browser/toy console (I always treat it as a toy when it boots to windows) breaks I want to know which specific patch caused it, so I can fix it. I treat it like a toy because when it comes to the typical end user customer that's the way microsoft treats it.

Windows NT taught me the folly of relying on or trusting microsoft with a blank check on patches, I still prefer to wait and let the mug punters do the microsoft beta testing of patches before I give it a shot even on my toy machine.

Re:I'm just worried that I'll buy

[Cyberllama]

Mine's legit and WGA rejects it. I attend classes at University which pays microsoft 4 million dollars a year and in exchange all of the students get microsoft products for free (the univeristy charges 5 dollars per disc, or you can download them for free ).

Re:A solution to your problem

[SpaceLifeForm]

You want this.

BSA is for proprietary violations.

Re:Well, shit, I have the opposite problem...

[JPribe]

Do your homework. There is no requirement to buy *any* hardware at all.

Re:What happens if you WANT to get caught?

[lordperditor]

Use sysprep(found on the xp cd in tools/reskit/deploy.cab or just search the cd for deploy.cab) extract sysprep.exe and run sysprep.exe -reseal. when the machine reboots you can enter the COA from your legit copy of XP. (This was from a post last week - forget the posters name)

Re:predictably -mostly the honest are inconvenienc

You don't need WGA to install updates. All you need is Windows Baseline Securty Analyzer - it will scan what updates you need and provide direct links to them. It's a little more tedious than Windows Update but it does the job. Another option would be to set up a WSUS server but that's a little more involved.

Re:What happens if you WANT to get caught?

If the two keys are for the same version of Windows, i.e. one isn't for the corporate XP Pro and one for the retail XP Pro, you might be able to do this with Magical Jelly Bean Keyfinder. It makes it trivially easy to change your key.

Re:Who are the developers

[glowworm]

I _hate_ crap like that. I use DriveCrypt for encryption (from securstar.de), and it has the most horrific license system I've ever had the displeasure to use.

That is why you should support Open Source where possible. Rather than continue with DriveCrypt change to TrueCrypt which can do everything DriveCrypt does PLUS... use a file, say a .gif, as a key, containers compatible between Windows and Linux and also the encrypted containers don't contain DriveCrypt's giveaway signature bytes at the start of the file.

The only way to stop the re-emergence of copy protection schemes (as were the craze in the mid 1980's with things like pro-lock) is to stop buying their products, instead relying on open source whereever the task at hand allows. DriveCrypt is one of things that you can easily get rid of. WGA is a little harder, but it's day will come.

Re:MORON!

[obeythefist]

Why is this flamebait? The license terms and conditions for an MS OEM license specifically states you cannot transfer the license!

When the grandparent violated the terms of his license and installed Windows on a machine that is not covered by his license agreement with Microsoft, that installation of Windows became effectively "pirated".

I'm not saying that Microsofts OEM licensing scheme is a legitimate or morally correct form of business, but from a (IANAL) legal perspective, the guy violated his license agreement and then was completely astounded when WGA told him that he had violated his license agreement... (jokes about Microsoft software actually working well enough to do what it should aside...)

Who needs updates anyway?

[b0s0z0ku]

Stick it behind a firewall. Put good antivirus software on there (which can be free like Avast or AVG Free). Scan for other spyware periodically. Use Firefox to surf sites whenever possible, and don't surf obviously sketchy sites. And don't run executables that you don't know about.

I still have an unpatched Windows 2k SP3 box which has been running behind a firewall for the last 2 1/2 years. Still relatively fast and shows no evidence of malware infestation.

I can see updates being necessary on Server 2003, which is often quite buggy and needs patches for stuff to work, but an XP or 2k box doesn't desperately need the updates if it's used in a reasonably sane manner.

-b.

Re:predictably -mostly the honest are inconvenienc

[b0s0z0ku]

But I will be trying this again since I have several more machines sitting around -I guess I'd better write down the key# the next time they give me one over the phone again. Does anyone know if the activation #s they give over the phone are 1-time codes or if they will work multiple times?

Once you have a working machine - activated and all - go to C:\windows\system32 and copy the files wpa.dbl and wpa.bak to secure off-computer location(s) like a USB key or even a floppy. When you need to reinstall XP due to HDD death or whatever, reinstall as normal with the key you used on the previous install (if you don't know the key, download Magical Jelly Bean Keyfinder, run it, and write down the key). After you install, boot into Safe Mode (hold down F8 at boot and select from the menu). Copy the old wpa... files back into your C:\windows\system32 directory.

-b.

Re:Who are the developers

[zerocool^]

Right, and people don't realize - no matter how complex the security lockout on the door, the pirates go in throught the window.

Which of these is harder to pirate?

Scenario 1:

10 Start game
20 Check to see if key is legit
30 if key = legit, goto 50
40 echo "key is not legit"; stop
50 Play game

Scenario 2:

10 Start game
20 Really complicated check to see if game is legit, key is activated, disc is inserted
30 - 800 (really complicated and annoying security checks)
810 if key = legit, goto 830
820 echo "key is not legit, and we have contacted the FBI"; stop
830 Play game

The Pirates simply take out all the crap between "Start game" and "Play game", using decompilers and jump tracers and a bunch of crap that I don't know how it works, but get the general idea. They don't "defeat" the security. They just sidestep it. But the rest of us still have to deal with "you're not connected to the interweb tubes, you can't play this game".

~Wx

PS Yes, starforce supposedly is impossible to break. Except that it gets its grubby hands in to your computer and causes massive problems, including hardware failures, system instability, and blue screens.

Re:Who are the developers

[Pfhreakaz0id]

I agree. our IT guy was giving a security talk a while back and saying that they were going to get PGP desktop or some other "mount an encrypted volume" software and I pointed him to trueCrypt. I put this on our laptop to have our Quicken stuff on, in case it got stolen. It's simple enough for my wife to use, and comes with a large variety of encryption key options. Very nice and simple to use. It even has support for complex things like a secret encrypted volume inside the encrypted volume so you can put some innocuous stuff on the fake volume in case you were forced to reveal it you could say "see, that's all there is". I don't use all that stuff, but I like it, it's free and Open Source.

Re:Astounding logic

[ThinkFr33ly]

Every computer accused of piracy is unable to recieve security updates, making it that much more likely to be hit with malware and therefore become a transmitter of such. The more transmitters, the faster the virus spreads.

This is false. Machines that fail WGA cannot download OPTIONAL/NON-SECURITY RELATED updates. Security updates have been, and always will be, available for download by ANY machine regardless of its legal state.

Despite the fact that your claim has been echoed by many, many others, it remains false.

Re:MORON!

[khallow]

Why is this flamebait?

Probably due to the excessive and inappropriate use of the term "moron". Also, saying "you can't do that" without saying why is pretty unhelpful. I think the modding is appropriate.