Download From Microsoft Without a WGA Check

← Back to Stories (view on slashdot.org)

Download From Microsoft Without a WGA Check

Posted by ryuzaki0 on Tuesday September 5, 2006 @12:50PM from the routing-around dept.

Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."

19 of 195 comments (clear)

Correct me if I'm wrong... by Ninwa · 2006-09-05 12:52 · Score: 5, Insightful

But I just tryed this with an invalid version of Windows, and no dice. I think the article is misleading, and this isn't even newsworthy. I don't believe this is a way to "skip" authentication, but simply a way of manually entering your key into the URL, essentially what you would've done anyway, except in a form text area. No?
1. Re:Correct me if I'm wrong... by Darkman,+Walkin+Dude · 2006-09-05 12:58 · Score: 5, Funny
  
  Even better, when you're submitting a story to slashdot as AC, it might be best to omit linking directly to your email address.
  
  Just a thought.
  
  --
  What he can't kill, he has sex on. Trent.
2. Re:Correct me if I'm wrong... by Jade+E.+2 · 2006-09-05 13:01 · Score: 5, Informative
  
  I did the same thing, went to a test machine with an old blocked VLK and tried it, no dice. Then I realized... Hey, wait a minute. This looks like it's just a shortcut to inputting your product ID by using a hash... I wonder what would happen if I just replaced the hash with one from a valid system?
  Not having a valid windows system handy I was willing to run a somewhat questionable executable on, where could I get a valid hash? Oh hey, look at that. Right there in the article it says "(example &Hash=6VJPCR9)". I appended that to the URL, and bingo. "Genuine Microsoft Software".
3. Re:Correct me if I'm wrong... by Bing+Tsher+E · 2006-09-05 13:20 · Score: 5, Interesting
  
  Not having a valid windows system handy I was willing to run a somewhat questionable executable on,
  
  That sentence alone is enough to get me riled up. Granted, I'm one of the people who stepped gracefully off the Microsoft Bus as soon as 'Product Validation' became a reality. (I even run Windows 2000 and the first version of Office 2000, which are the two last versions on their respective lines to not have the 'phone home' features)
  
  It sorta chills me to think of being afraid to run particular binaries on a machine that I own and am legitimate owner of, because a 'phone home' feature will nark on me.
  
  My copies of Windows 2000 and Office 2000 are the full retail-box versions (about the most expensive way possible to buy Microsoft's products). I used to buy a lot of their stuff. Not any longer. And I'm not alone.
4. Re:Correct me if I'm wrong... by Columcille · 2006-09-05 13:43 · Score: 4, Informative
  
  Phone home was reported on beta versions of the software. Microsoft documented the phone home practice and removed it in the final version of the software. As far as I know, no complaints have been made about phone home practices since the final version was released.
  
  --
  I love my sig.
5. Re:Correct me if I'm wrong... by Achromatic1978 · 2006-09-05 13:59 · Score: 4, Insightful
  
  I love it. Slashdot's editorial ethics prevent it from linking to ways of getting around Apple DRM, but happily offer up links to getting around Microsoft DRM??
6. Re:Correct me if I'm wrong... by Ninwa · 2006-09-05 15:30 · Score: 4, Informative
  
  Using a valid download center key you can download the file on a machine with an invalid VLK, but you still can't install it. This is the case at least with IE7, so I assume it's the same with other software as well. The installer does its own validation check. So ultimately, what do we gain except now we have the installer, which doesn't do an invalid user any good, because it checks for the key. And it doesn't do a valid user any good, because they could've gotten it anyway, without this!
  So what the hell is the point of this?
7. Re:Correct me if I'm wrong... by paganizer · 2006-09-05 20:44 · Score: 4, Informative
  
  ....or you can do what I did; modify your hosts file with "127.0.0.1 update.microsoft.com" so that any time it tries to automatically go to windows update, it can't.
  Then, go to WinDiz at windowsupdate.62nds.com using a non-IE browser. It's faster, more secure, doesn't TRY to make you install the latest DRM upgrade, just the critical patches.
  The Only system I have that I let go to windows update is my Media Center laptop; it has to be running all the latest DRM/Spyware to work properly, so I just go with the flow and Isolate it on my home network.
  
  --
  Why, yes, I AM a Pagan Libertarian.
8. Re:Correct me if I'm wrong... by Shaper_pmp · 2006-09-06 00:24 · Score: 4, Insightful
  
  Sorry, but betas are buggy pre-releases that users use specifically on a voluntary basis.
  
  If a company pro-actively pushes code to my machine and effectively forces me to run it, that's releasing a "final version", by any sensible definition of the term.
  
  Now, after the furore when people discovered the dialling-home behaviour MS might have disabled that "feature" in a later version, but that doesn't make the preceeding one a "beta", except in very bad efforts at spin-control or post-facto apologetics.
  
  And I think the point is that with MS pulling shit like this every other month, people are getting increasingly itchy about running any MS apps or utils they don't absolutely have to.
  
  --
  Everything in moderation, including moderation itself
9. Re:Correct me if I'm wrong... by RemovableBait · 2006-09-06 00:56 · Score: 4, Informative
  
  Except, you can't block access to Windows Update or certain other Microsoft websites by using the HOSTS file. You just can't.
  
  Microsoft wrote some sort of hack into Windows so that requests for Microsoft websites (including update.microsoft.com and microsoft.com) cannot be blocked or redirected by malware or viruses.
  
  Try it and see for yourself: put two lines in the HOSTS file, '127.0.0.1 google.com' and '127.0.0.1 microsoft.com' (without the quotes). For the uninitiated, the HOSTS file is located in \Windows\system32\drivers\etc, and you'll need Administrator priveleges to edit it. Now open up your favourite web browser and try to open google.com. You'll find that Google is unreachable and returns an error. Now try microsoft.com and watch as the page merrily loads.
  
  Maybe you'll need to rethink your tinfoil hat solution for avoiding Automatic Updates?
Hmm... by Anonymous Coward · 2006-09-05 12:55 · Score: 5, Funny

Doesn't an email address defeat the purpose of being an anonymous coward?
1. Re:Hmm... by Surt · 2006-09-05 13:18 · Score: 5, Funny
  
  Doesn't an email address defeat the purpose of being an anonymous coward?
  
  I don't think you understand the momentousness of this occassion.
  
  HE'S THE GUY The anonymous coward. How many times have we been irritated with his postings? How often has he trolled? Now we finally know who he is! I foresee the greatest email bombing to ever hit the net in final retaliation for his long years of tormenting us all.
  
  --
  "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Mirror for the lazy by stevetures · 2006-09-05 13:08 · Score: 5, Informative

mirror for the lazy:
http://mirrordot.org/stories/3627c5be2ac21048d6da6 04b34dc63bb/index.html
Re:Why the fuck.. by narzy · 2006-09-05 13:11 · Score: 4, Informative

Some people just don't like to be frisked every time they want to download or install a piece of software. For me it is the equivalent of getting a cavity search every time I go to the airport. I really just don't enjoy my holes being probed at every turn. My copies of XP are valid and I could really do without WGA.
Generalized way to find the hashes by Anonymous Coward · 2006-09-05 13:12 · Score: 5, Interesting

You don't even need some silly executable to find the daily hashes to append to the url. Microsoft provides a ready community where the latest codes are reported!
Re:Why the fuck.. by topham · 2006-09-05 13:14 · Score: 5, Insightful

As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.

The short description, XP decided it needed to Activate (could NOT log in without activating it), but I hadn't finished installing drivers; forcing me to phone up their support instead of doing it online.

Then, because I had not yet installed the rest of the hardware (which; without the drivers installed were causing the machine to reboot, or bluescreen before windows even started). the Windows Activation bitched at me again when I was done. At least this time it gave me a 3 day window before it would deactivate; this gave me an opportunity to install the rest of the drivers, etc.

This second time it forced me to call Microsoft again, even though the network connection was now working fine, because the machine had changed too much, and been activated too many times.

Then it lead me to believe I could just use the automated method (the voice recognition is actually pretty good), but after reading a billion digits to the computer it decided I wasn't allowed to do it that way and passed me off to an operator.

And you think I want to trust WGA if I need a hot-fix to add security patches, etc?

The only people not having problems with Windows XP Activation and WGA are the damn pirates.
The Article by Anonymous Coward · 2006-09-05 13:27 · Score: 4, Informative

Download everything from Microsoft without WGA Check
Monday, September 4th, 2006 | Translate to: German flag Spanish flag French flag Italian flag Portuguese flag Dutch flag Greek flag Japanese flag South Korean flag Russian flag Chinese flag

When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.

All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the "Download Center Code", this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.

A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.

&Hash="download center code"

Replace the "download center code" with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.

To sum it up for the lazy ones:

1. download mgadiag.exe
2. start mgadiag.exe and look at the download center code
3. visit a download page at microsoft.com
4. append &Hash="download center code" to the url (example &Hash=6VJPCR9), no quotation marks needed
5. Hit enter

Microsoft is probably going to fix this soon, it is working nevertheless at the moment.

Update: I created two images to show you the difference that the &hash= entry makes:
Re:Why the fuck.. by Bing+Tsher+E · 2006-09-05 13:55 · Score: 4, Insightful

The only real reason to go around WGA is if you're using a pirated copy of Windows.

Incorrect. I, personally, have Windows machines, but I'm not foolish enough to let machines running Windows to have close connection to the Internet. So if I wanted to download updates I would want to do it from this NetBSD machine, which is what I customarily use for online things (and which is routed to the Internet).

My Windows machines are authentic, and I have all the 'paperwork' and media to prove it. I'm just not gonna hang them out on the net.

And it makes perfect sense that people who want to apply all the patches to secure a Windows system are going to want to get those updates first on an already secured system. Am I supposed to connect my machine with a freshly installed Day Zero copy of Windows 2000 (I pre-registered to pre-order Windows 2000 before it came out, so I have first release media with all the exploits, etc.) online to download security patches? Do I seem like I'm nuts?
Re:Why the fuck.. by matt328 · 2006-09-05 13:59 · Score: 5, Interesting

As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.

I feel your pain. I provide all our company's in house tech support. If a machine goes down and needs a hard drive replaced, I don't fudge around calling up Microsoft when the WPA thing starts bitching. I have a utility that patches an operating system file, and bam, no more WPA or WGA bullshit. If they want to accuse me of being a pirate, they can come on in and look at the product key hologram stickers on every box I do this to. Its not that I'm pirating it, I just don't have time to jump through all their hoops. Alot of my users do all their work on the computer, and if its down for more than 2 hours or so I start to get flak.

--
Check out the cave on the east side of lake Hylia. Strange and wonderful things live in it.