Slashdot Mirror
Download From Microsoft Without a WGA Check
Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."
But I just tryed this with an invalid version of Windows, and no dice. I think the article is misleading, and this isn't even newsworthy. I don't believe this is a way to "skip" authentication, but simply a way of manually entering your key into the URL, essentially what you would've done anyway, except in a form text area. No?
All recent files on there check once more for "authentic" installs once you run the downloaded file.
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;
And how long before this gets worked around by bunches of Microsoft drones who suddenly somehow know about it?
I got it! This was a plant by management at Microsoft to see how many of their staff come up to them saying that they read "somewhere" about a WGA hole!
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
Is this not old news?
Isn't the WGA a form of content protection? Only a pirate and this is a serious felony. Publishing this will convince the children that theft is allowed.
We must get homeland security involved.
Fight Spammers!
Doesn't an email address defeat the purpose of being an anonymous coward?
Well you could use DOS 6.22.... I'm sure that isn't checked.
On each download page, add &Hash=6VJPCR9 to the url and you can download without the check.
The code changes regularly, at which time you need mgadiag.exe to find the new code.
The server at www.ghacks.net is taking too long to respond.
Maybe they should ghack into some other servers and steal some bandwidth! Pfffft.
...the future crusty old bastards are already drinking the Kool-Aid.
http://www.kernel.org/
Politics is Treachery, Religion is Brainwashing
mirror for the lazy:6 04b34dc63bb/index.html
http://mirrordot.org/stories/3627c5be2ac21048d6da
Some people just don't like to be frisked every time they want to download or install a piece of software. For me it is the equivalent of getting a cavity search every time I go to the airport. I really just don't enjoy my holes being probed at every turn. My copies of XP are valid and I could really do without WGA.
You don't even need some silly executable to find the daily hashes to append to the url. Microsoft provides a ready community where the latest codes are reported!
Nice kneejerk reaction, but the real reason to do this is if you have a legitimate copy of Windows, but don't want Microsoft's phone-home crap on your PC.
As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.
The short description, XP decided it needed to Activate (could NOT log in without activating it), but I hadn't finished installing drivers; forcing me to phone up their support instead of doing it online.
Then, because I had not yet installed the rest of the hardware (which; without the drivers installed were causing the machine to reboot, or bluescreen before windows even started). the Windows Activation bitched at me again when I was done. At least this time it gave me a 3 day window before it would deactivate; this gave me an opportunity to install the rest of the drivers, etc.
This second time it forced me to call Microsoft again, even though the network connection was now working fine, because the machine had changed too much, and been activated too many times.
Then it lead me to believe I could just use the automated method (the voice recognition is actually pretty good), but after reading a billion digits to the computer it decided I wasn't allowed to do it that way and passed me off to an operator.
And you think I want to trust WGA if I need a hot-fix to add security patches, etc?
The only people not having problems with Windows XP Activation and WGA are the damn pirates.
That building's connection is provided by a company on the top floor that NATs everything but the server rooms. There are something like 1500 users on that outgoing IP, including the open wireless network in the coffee shop on the first floor (and boy does it cause some interesting problems sometimes.) And a 7 digit alphanumeric hash of a 25 digit alphanumeric product key means there are roughly 8x10^19 collisions for each hash. (Less that that because not all the keys are valid, of course, but still.)
Not worried.
Download everything from Microsoft without WGA Check
Monday, September 4th, 2006 | Translate to: German flag Spanish flag French flag Italian flag Portuguese flag Dutch flag Greek flag Japanese flag South Korean flag Russian flag Chinese flag
When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.
All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the "Download Center Code", this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.
A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.
&Hash="download center code"
Replace the "download center code" with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.
To sum it up for the lazy ones:
1. download mgadiag.exe
2. start mgadiag.exe and look at the download center code
3. visit a download page at microsoft.com
4. append &Hash="download center code" to the url (example &Hash=6VJPCR9), no quotation marks needed
5. Hit enter
Microsoft is probably going to fix this soon, it is working nevertheless at the moment.
Update: I created two images to show you the difference that the &hash= entry makes:
mgadiag.exe still 'phones home' to verify your windows and to obtain the download code (being a diagnostic tool, it also displays some additional license information).
it's no different than running the manual verification using the 'alternate tool' (i.e. the method, still available, that firefox users had to use before microsoft released a netscape/firefox plugin version of the activex checker). http://go.microsoft.com/fwlink/?LinkId=50344 (genuinecheck.exe at microsoft.com)
the only thing this will bypass is the installation of the verification activex (or plugin)... so you're still being subject to the 'body cavity search' -- the only difference is that you get to choose when you drop your drawers...
Many of us know firsthand that activating a Microsoft product can often be an onerous task, but this seems a little suspicious. Assuming that:
1. someone owns a valid Windows license and
2. they're pretty organized and didn't misplace their key and
3. they believe that Microsoft does not collect private information using WGA
then why would circumventing WGA be of use to them? In that situation, is patching a pirated copy of Windows the only realistic use for this trick? Could somebody chime in and suggest *another* use for it?
The only real reason to go around WGA is if you're using a pirated copy of Windows.
Incorrect. I, personally, have Windows machines, but I'm not foolish enough to let machines running Windows to have close connection to the Internet. So if I wanted to download updates I would want to do it from this NetBSD machine, which is what I customarily use for online things (and which is routed to the Internet).
My Windows machines are authentic, and I have all the 'paperwork' and media to prove it. I'm just not gonna hang them out on the net.
And it makes perfect sense that people who want to apply all the patches to secure a Windows system are going to want to get those updates first on an already secured system. Am I supposed to connect my machine with a freshly installed Day Zero copy of Windows 2000 (I pre-registered to pre-order Windows 2000 before it came out, so I have first release media with all the exploits, etc.) online to download security patches? Do I seem like I'm nuts?
As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.
I feel your pain. I provide all our company's in house tech support. If a machine goes down and needs a hard drive replaced, I don't fudge around calling up Microsoft when the WPA thing starts bitching. I have a utility that patches an operating system file, and bam, no more WPA or WGA bullshit. If they want to accuse me of being a pirate, they can come on in and look at the product key hologram stickers on every box I do this to. Its not that I'm pirating it, I just don't have time to jump through all their hoops. Alot of my users do all their work on the computer, and if its down for more than 2 hours or so I start to get flak.
Check out the cave on the east side of lake Hylia. Strange and wonderful things live in it.
in addition to the other (entirely valid) reasons noted by folks for wanting to get around the horridly flawed idea of WGA authentication: i run windows inside emulation, generally without a direct real-world network connection. it's much nicer to be able to download bits in my native environment and move them over at my leisure.
i speak for myself and those who like what i say.
Why not charge more? The more legit users they can get to pirate software, the more reason they have to implement DRM and other wasteful technologies to combat piracy, etc.
They're making work for themselves, basically, and charging honest people a hell of a lot of money to stay honest.
Good luck to them. I've finally collected the last pieces of the puzzle for Linux at home, and will be removing the last Windows machine (wife's PC) off of my network in a matter of weeks.
No more fucking MS bullshit. Adios.
If anything, I think it was editorial laziness rather than ethics that resulted in that article not having a link.
I prefer this method: go to AutoPatcher and choose your OS (Win2K, XP, 64, or 2k3). Benefit here is that they do have some nice registry tweaks and/or installers (TweakUI for example) all rolled in for you. Wonderful to bring a new install "up to speed" in as few clicks as possible and keep the file size requirements to a minimum.
:)
:) -- they cover the same Windows families, but to get one you have to download it ALL. This is, of course, good for multi-flavored environments...
Don't trust somebody other than Microsoft themselves? (I can even write that with a straight face
Go to: Microsoft Downloads and Search in the Windows sub-section. Search for "iso-9660". Be amazed. Problem with this is these downloads are huge (not that I mind on a 10Mbit synchronous pipe
Me, myself, and I? I prefer to click on the Apple and choose "Software Update..." (or softwareupdate -ia from the command line). Of course on the servers a good 'ol fashioned "yum update" does the trick. But hey, that's just me. Microsoft is making this WAY TOO HARD -- and I've begrudgingly paid for each and every one of my Windows installs (personal and/or corporate).
http://windowsupdate.62nds.com/ This site downloads all the updates using their own firefox plugin. It also doesn't install WGA or checks.
Works every time i use it. http://www.p2plife.com/forums/Official_muBlinder_P age-t320.html
Would you buy a car if you had to get your VIN checked every time that you needed to buy parts for it? Would you buy a car if you knew that there was going to be a manufacturer recall almost every day that required replacing or adding parts? I'll add a twist: what if you thought that same brand of car was the only brand allowed in your company parking lot? What if you thought that brand of car was the only brand of car that you could get parts for?
I think that the above hypothetical scenario is a simple analogy of what I like to call "The Windows Problem". Nobody likes WGA. Nobody likes the endless parade of patches and hotfixes that require a reboot as often as not. Nobody likes having to be ever vigilant against security threats. People are starting to see that Windows is very flawed. Since we as a society have spent the majority of our IT budget for the last 20 years on making this one OS the (often) only platform for our IT solutions, how do we change course now?
There are those who believe that once people hear the Good News about Linux they will throw off their Microsoft shackles and march hand-in-hand into the FOSS promised land. OK, maybe I overstated that a little, but you get the point and you know the type. Ubuntu is ridiculously easy to install, but my mother couldn't do it. She uses XP because that's what Dell installed on her computer. Even though she sees Windows as the only reasonable alternative, she still bitches about it. "Normal" people had a hard enough time getting Windows to do what they want it to do, and they'll be damned if they are going to learn it all over again.
Unless everyone else switches first.
I, for one, welcome our new robot overlords
Is WGA applied universally to downloads, even ones meant to fix serious problems? Or, for instance, can you always download security patches without the rubber gloves?
Probably not. I can imagine hundreds of illegal copies of Windows already taken over and turned into spam bots, etc. and thanks to WGA, there is no way to fix them. Can WGA keep these machines off the Internet, keep them from harming others? No.
In time, networking protocols evolve, systems change, etc. so these wide-open networked machines will eventually lose some of their teeth. But not before another decade or so of anguish, thanks to Microsoft's unbelievable failure to accept responsibility.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
What's wrong with this picture: a company (granted, not with much of a positive reputation) tries to minimize rampant piracy by encouraging validation of your purchased license. In return you get 5 years worth of free updates plus additional software, which although of dubious value is still free as in beer (i.e. Security Center, Firewall, Malicious Software Removal, etc.). Does Windows have tons of problems? Yes. Is it totally crappy? Hell. no. Is this move something to bitch about? Absolutely not. People especially from the Apple camp should hold their tongues as even though OSX is a lot less prone to exploits (it's not that simple but for the sake of conserving valuable bandwidth, let's leave it for the time being as such), since OSX release in 2001, if users wanted to keep-up with updates, we had to dish out $100/year for every incremental update since (and some of which were touting bug fixes as one of "hundreds" of new features). All in all, we are talking about another ~$500.00 since year 2001. Now, on Windows, yes one had to get anti-virus software et al, but most of that is, believe it or not, free (google for AVG anti-virus suite for instance). So, when the Vista comes out with a $400 price tag for the top enterprise package, I think that should still leave Windoze users with a nice Franklin smiling in their pockets. Now, as far as security and virii go, that's yet to be seen...
All that being said, I've written this post on my triple-booting MBP. And just for the record: after having dealt for many years with all of them, I have to admit that I hate Windows, OSX, and Linux with passion (ok, Linux less so simply due to its philosophical supremacy), despite the fact that (or should I perhaps say because?) I use all three on a more-or-less daily basis...
I'm waiting for "How to download from (pay)iTunes without paying for it" and "Circumvent Payment in Valve's Steam"
Sehr geehrter Toilettenbenutzer!
Ran MGADiag on Wine / Fedora Core 5 and the hash it spat out worked like a charm.
->www.chuma.org, ranting and Newtons, what more could you want?