Slashdot Mirror
Vista Activation Cracked by Brute Force
Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"
I think the program actually tries the keys on its own algorithm, and when it finds a valid one it tells you to submit it to microsoft.
> All Microsoft has to do is block the IP address that is requesting thousands of activations on > separate, invalid keys per second. RTFA. That's nothing like how this works. The actual activation part is totally manual, only the key generation is automated. You can generate keys without any kind of network connectivity.
Business users (at least large ones) won't be using Retail media on many machines. Since this is a crack for retail there would be no effect on people using MAK or KMS validations as the majority of corporations would be doing. (Yes, I know that for those few corps that want to use Ultimate on some of their machines this could be an issue because Ultimate requires retail activation). However for VL (Business and Enterprise versions) MAK and KMS would be unaffected.
- Multiple Activation Key - will only work a limited number of times
- Key Management Services - requires a local license server that maintains the count of keys used and communicates with Microsoft
neither of which will work with your scheme.Yes, I believe it is every six months, as that is the interval by which Windows Vista retail must be re-activated anyways.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
Why, yes. Rechecking the activation key against an updated list of revoked licenses takes place as part of the periodic updates to "Windows Validation" delivered via Windows Update. In practice under XP, this happens every month to every few months. Depending on your settings and whatever the future might bring, it might well be the case that machines will be checking for updates & possibly re-validating themselves every week.
"The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
AND having gone to the site and read through the ENTIRE thread on their forums;
What we have here is a random number/letter guesser. It's basically a VB Script that guesses random numbers and letters in a string that is the same length as a Vista Key, then inserts it into the registry, overwriting the existing Vista key. You use Magic Jellybean to check when the key has changed, and then manually check it against MS's activation service. Really this is little more than a person manually sitting down and making key guesses. This is why it's called a "Brute Force" attack. There is no intelligence (ie: an algorithm) behind the key guesses at all.
That said, because it IS so simple, it's almost impossible for MS to defend against, since they can't just "ban" any keys made by it like they would a traditional algorithmic keygen. Also, there is an improved version of it posted as source on the boards there, so if you want to take a peek at the code you can.
Here is a link to the forum post in question: http://keznews.com/forum/viewtopic.php?t=2634
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Since it's a vbscript the code is wide open. Look for yourself, this is a legitimate brute forcer.
Sorry, that's their EULA. You have two choices when you purchase anything M$, return the package unopened for a full refund or use it.
That may be the case in the US, but in the UK things work slightly differently. If I buy a copy of Vista from a store and it is faulty, for what ever reason, I can return it to the store for a full refund or a replacement. The legalese is "fit for purpose" and "of merchantable quality". Clearly, a copy of vista with an invalid licence key is not fit for purpose.
Incidentally, most of the big shrinkwrap software stores in the UK try to get out of doing this if they can. Just be persistent.
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
Sorry, that's their EULA. You have two choices when you purchase anything M$, return the package unopened for a full refund or use it. They do not and can not promise it will work and they are not responsible for the actions of others.
There's this little thing called an implied warranty of fitness for a particular purpose. When you buy something -- anything -- unless it has large letters on the outside of the box saying that it doesn't work, it comes with one. It states that, basically, if you use the product for the purpose for which it is marketed (i.e., with software, try to run it on a computer), it will perform that purpose to at least a basic level.
It is not legally possible for MS's EULA to disclaim this warranty, it's a basic right that you get when you buy something.
When you buy something that doesn't meet this warranty, you're entitled to a full refund. Whether you've opened the package or not.
How is it any different than needing a corporate license server for Autocad, or Rational, or any of the other software commonly licensed this way on the corporate level? It's not like these license servers are terribly difficult to maintain.
I think you imagine the maintenance to be a lot harder than it really is. Maintaining a single license server has, in my experience, been easier than maintaining hundreds of keys individually.