Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Activation Cracked by Brute Force

Posted by Zonk on from the disturbance-in-the-force dept.

Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"

3 of 470 comments (clear)

  1. Re:Easy Fix by Odiumjunkie · · Score: 5, Informative

    > All Microsoft has to do is block the IP address that is requesting thousands of activations on > separate, invalid keys per second. RTFA. That's nothing like how this works. The actual activation part is totally manual, only the key generation is automated. You can generate keys without any kind of network connectivity.

  2. it is useless by WARM3CH · · Score: 5, Informative

    It seems that this technique doesn't test against the microsoft server, but can tell if a key is valid on the local computer, which would actually be news.
    This is not really that important if a key is validated in a local computer or not. Any key needs to be finally validated by the servers: Out of all possible valid keys that pass the validation on a local computer, only very very tiny number of them are actually keys that have been (or will be) issued by Microsoft. Think of it like this: with 25 symbols for the keys you have a huge huge search space A. Now, this program finds the keys that are valid according to the magic formula that Vista validation system uses. All these keys form a very very tiny subset of A, called B. However, the set of keys that Microsoft has already issued (or will ever issue), set C, is only very very tiny subset of B. This program finds random keys in the B but to actually validate Vista with them, user has to contact Microsoft's servers to see if the key are part of the C or not. This is where the whole things breaks down next to being totally useless. (this is the same story with the CD-Keys of the mutli-player games...)
  3. Re:MS would owe at least the key by Brian+Gordon · · Score: 5, Informative

    Since it's a vbscript the code is wide open. Look for yourself, this is a legitimate brute forcer.