Vista Activation Cracked by Brute Force

Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"

MS would owe at least the key

[yagu]

From the article summary:

To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'

I don't see how this is possible, or credible speculation even for a company a evil as MS is perceived on slashdot. I'm no MS fanboy, but I've had reasonable "service" from MS on issues of keys to activate my machines under some unusual circumstances.

This may get sticky for MS, but for goodness sake we've got to find better bashing material on MS (and I believe there be plenty) if we want to maintain any street cred. There's no WAY MS won't be giving license keys to legitimate purchasers of XP (especially considering the vast majority are pre-activated shelf-delivered versions).

(Aside: pure speculation on my part, but one of the most glaring weaknesses of this "claim" may be the notion of brute force, and that that is even a possible approach. Most validation handshakes require a reasonable length of time between attempts to circumvent brute force attacks... if it takes one second between attempts for billions of combinations, you're going to eventually be activating an obsolete OS. Further, after 3 or 4 incorrect attempts, any validation scheme worth its salt will quiesce for some longer inconvenient time... requiring a "cooling off" period before one can make further attempts. This story falls under the heading of "I heard someone say they knew someone whose sister's brother has figured out a Vista activation hack..." Sigh.)

Re:MS would owe at least the key

[DJCacophony]

Any customer who gets their key "stolen" by this program can just take it back - Vista comes with several activations on the same key. Once the customer uses the key, the previous user of it will eventually be required to re-activate.

Re:MS would owe at least the key

[leuk_he]

I bet...

This is not a brute force hacker, but just a database of some key with a fancy interface on top that pretends to be calculation just just updates a progress bar. The database will release some key after some hours of "calculation". Users notice that the (enterprise?) key is accepted and tell it works. MS will notice some volume keys are used too often wan will block them at the next wga update (and the next service pack)

Since MS cannot simply extract the leaked keys form the database they have a harder time to block them.

Note that theinquirer article is mostly speculation based on what the program claims to do, not on facts.... just as my writing here is.

Re:MS would owe at least the key

[Zontar_Thing_From_Ve]

I don't see how this is possible, or credible speculation even for a company a evil as MS is perceived on slashdot. I'm no MS fanboy, but I've had reasonable "service" from MS on issues of keys to activate my machines under some unusual circumstances.

This may get sticky for MS, but for goodness sake we've got to find better bashing material on MS (and I believe there be plenty) if we want to maintain any street cred. There's no WAY MS won't be giving license keys to legitimate purchasers of XP (especially considering the vast majority are pre-activated shelf-delivered versions).

I think you're probably right. However, all companies in similar situations don't act this way. A few years ago I bought a Russian-English translation program for my PC. I got the best one on the market. I didn't use it a lot, but it was useful to me for quick translations from Russian to English for email. At the time I didn't know Russian as well as I do now and while I could do translations by hand, it took a very long time. It was certainly worth the money to have a computer program do it for me in a few seconds and then I could double check the weird parts and re-translate those myself. It turned what might be a 2 hour translation job at the time into a 10 minute job at worse. A year or so later I had a catastrophic Windows failure and had to do a destructive reinstall. Although I had a valid license key for the translation program, it wouldn't work after the reinstall. The vendor told me their keys are valid for one use only and although I explained that I had bought the product (and they knew I had) and had to do a reinstall of Windows, I got basically "Too bad. So sad. Here's a 10% discount off our lowest price." in response, which still meant I had to buy the product at pretty close to it's normal value. I sucked it up and did that and installed my new key. However, I was very angry because I realized that to the software vendor if I needed a new key I was probably a thief and if I wanted another key, I was going to have to pay for it. After another year or so, guess what? Yep, I had to do another destructive reinstall of Windows. I decided not to rebuy the software. The babelfish translator, which is free, is not as good, but my Russian had improved a lot and I had less real use for a computer translation program. For as little as I needed to use one, babelfish was good enough. However, the vendor of the translation program has lost me forever as a customer because they weren't willing to give me the benefit of the doubt about my problem and my choice was either to buy a new key or live without the program. Their attitude was "If you need a new key, you're a thief". Since then a guy on a forum told me the magic needed to make old keys work on a reinstall, but I've never bothered with it.

Re:MS would owe at least the key

[catch23]

Unfortunately most of the users of their new operating system will eventually be corporate users. And I'm fairly sure the company is not going to put up with re-activation every few days because a bunch of users in China are stealing their keys. So either the company will ditch the new operating system (bad for microsoft), deal with it (a serious pain for the company), or ask microsoft for a pre-activated key that cannot be reactivated (more trouble for microsoft but saves everyone's butt).

Re:MS would owe at least the key

[ergo98]

Once the customer uses the key, the previous user of it will eventually be required to re-activate.

Once Vista sets the activated flag, does it actually check for revocation of activation at some prescribed interval?

Re:MS would owe at least the key

[des09]

Normally, I'd agree without comment, but this case does resemble theft more than most piracy in that the "victim" loses the ability to use the software they [purchased|licensed].

Re:MS would owe at least the key

[Brian+Gordon]

What is peoples' problem that they can't undertand that "I did it for fun and experience" is a valid reason for an exploit?

Re:MS would owe at least the key

[Danga]

but why MS expects people to keep putting up with this "phone home" behavior is beyond me... but I'm happy to trade off a little convenience for control of my own machine.

MS phoning home to check if the OS is pirated does not seem like some huge big deal to me. I mean if they have a list of KNOWN pirated keys then it is their right to be able to check for those keys if you want to be able to access the windows update webpage (which is one place I think the validation occurs but I could be wrong). It isn't really losing control either because I think it asks you before it does the checking, I know last night on my laptop a thing popped up asking to click through to validate and it was painless. If you call that losing control you are crazy IMO. If you are that paranoid then either don't install Windows in the first place, setup your firewall to block everything to Redmond, or don't connect the machine to the internet.

Is the reason you don't want to "put up with this phone home behavior" because your copy of Windows is pirated?

I am *so* glad Linux has evolved to the point it is today.
Linux definitely has gotten better over the years but for me the biggest reason keeping me using Windows and not going Linux exlusively is games and the ease of installing new hardware. I have almost never had a problem installing new hardware on Windows XP Pro which I can't say the same thing for linux. Getting some things to work on linux is just a huge headache. My latest problem with linux was last month when I decided to download the latest Fedora ISO to install on an old P3 500 box I had sitting in the closet. Guess what? It couldn't even get more than about 20 seconds into the installation process! It got to a certain point checking the hardware if I remember correctly and just froze. I thought about digging up my old Red Hat discs I have somewhere that I have installed on the same machine sometime in the past but then ran out of time. Linux isn't to the point yet where I can dump Windows completely, it has A LOT of work left.

Re:MS would owe at least the key

[PitaBred]

But those programs you listed actually DO something tangible contributing to the business, rather than just being there to enable OTHER programs to work. If AutoCAD license were essentially forced on companies, then I'd be upset in the same way. But now to just get basic "turn my computer on and use it to run other programs" functionality, you now need yet another service (or perhaps entire server) eating up network bandwidth and administration resources, because they're the de-facto standard due to monopolistic tendencies?

Re:MS would owe at least the key

[drinkypoo]

The irony is that you think violations of IP is theft.

Not so much ironic as subscribing to a different value system.

Unless you subscribe to a different dictionary, this is really quite irrelevant. Copyright infringement is not theft. It is copyright infringement. We have a whole separate area of law to address it specifically because they are not the same thing.

Ironic would be someone who pirates windows freaking out because somebody violated the GPL. Which happens all the time here.

Well, I agree with that assertion, anyway.

The person who brute force discovers and uses someone else's code is not the one causing their Copy of Windows to be invalidated. Microsoft is doing that. This is a very important distinction..

Exactly, like when I used your card number to order all that stuff. It wasn't me who took the money from your account, it was the bank. I just typed in some numbers. Why are you so upset? Credit Card numbers are information and information wants to be free. How could anyone be upset about that?

Heh heh. Information wants to be free. Yeah, and my car wants to go fast.

Seriously though, I don't feel that the two situations are analogous. If I intentionally used your specific registration code to invalidate your copy of windows, well, I'm still not stealing anything. I am taking an action that indirectly causes Microsoft to invalidate your copy of windows. I agree that doing that intentionally would be wrong, but I don't agree that it is theft.

For one thing, you are still the owner of the copy of windows, or if you believe the bullshit that the computer industry attempts to push on you, the licensor. I am not. Therefore Microsoft is illegally terminating your right to use the software (whether you are in legal fact an owner or a licensor.) The fact that Microsoft would take an additional use of your key (which, as should have been obvious after the Windows XP Key generator, can be brute-forced) as a sign that you have broken the EULA or otherwise no longer have the right to use the software is the problem here.

In addition, there are legitimate reasons to use a key which is not your own. You could have legally purchased the software but no longer have box or manuals (do you even get any manuals?) and you may not even have the disc - it could have been destroyed. You are still the legal licensor, under the "licensee" way of thinking. You are still entitled to run the software, but lack the means to do so without generating another key. Microsoft, however, prevents you from using the software for which you have paid. So, you might consider generating a key so that you can use the product. If Microsoft then chooses to invalidate someone else's copy of Windows, how is that my fault?

You're acting like Microsoft is reasonable and I am unreasonable. But what's reasonable about invalidating your copy of windows just because someone else has the same key? Once, the EDD made me use a fake social security number because some mexican (I'm a quarter mexican, not that you could ever tell by looking at me) was using mine to evade taxes. That meant that my history was lost, and a new account was started for me. Was that right? But that guy had no real choice; the US has been taking gigantic shits on Mexico and helping to preserve the utterly corrupt status quo for many, many years now, because if we don't have mexicans to pick fruit and veggies, you'll be paying four bucks for a head of iceberg lettuce and sixty bucks for a bottle of crappy wine. So in order to feed his family he came here, and in order to work he used my SSN. Was the EDD's response justified? That poor field workin' dude didn't use my SSN in order to cause me hardship, but it happened anyway - but not because of him, because of the ridiculous response from the EDD.

Is this a HOAX?

[Zo0ok]

I couldnt find the download. People on Slashdot seems to be unusually confused about how this thing works - even those who claimed to read the article. I didnt find the article/method very confusing, but I dont know enough about Vista to tell if it COULD work or not. Are people confused because someone made something up that can not work? There are other cases where evil people have distributed trojans this way.

Is this a HOAX?

This has me curious...

[jvkjvk]

Is is possible to create a program that simply activates Vista licenses? -- I mean, without having Vista at all. Just connects to MS and attempts to activate keys, all day long.

It would be like a DOS on the licensing mechanisms.

Actually this crack won't help most people..

[goombah99]

One poster on the crack forum wrote "5 hours and i got 3 legit keys." at 20K/hour that's only 100,000 tries or 33,000 per key. So apparently despite having a 25 digit key space, Microsoft's algorithmic validity check allows 1 in every 33,000 keys. What where they thinking?

As I pointed out in the post above the chance of a randomly generated working activation- key colliding with a legitimate keys is probably worse odds than 1 in a trillion. So this will probably never ever happen by chance.

However, chance might not play a role here. Given this colossal stupidity one also assumes they did something dumb like make the decoded keys have some sort of sequential pattern too, so given enough keys one might be able to figure out how to actually generate keys directly. In that case MS will have a problem with the key-collisions with legitimate keys because people could deliberately generate those.

Why would deliberately generating legitimate keys be a good idea for a cracker? Well, if you do generate a random activation key, it will activate the product but Microsoft will also be able to determine that it's one that it did not issue. So the moment vista phones home or you try to do a system update, or install any piece of software from MS that can check the key (e.g. office), microsoft is gonna shut your genuine ass down. On the other hand if you were to generate a key that coincided with a legitimate key, then MS won't know you filtched it. So there's an incentive to see if MS also made the patterns predictable.

You could of course try to live off line. but that level of piracy is not a threat to MS.

All that said my guess is that this is not possible. If I were creating these keys what I woul dhave done would be to use public key encryption. I'd take the integers 1 to 1 billion, and encrypt them with my private. The the Vista copy caries the public decode key. To validate the vista installer decrypts the user supplied key. If it's a number between 1 and billion, you've been validated. MS can now issue up to 1 billion copies of the software with distinct keys.

Re:Welcome to the non free world.

[Like2Byte]

You have two choices when you purchase anything M$, return the package unopened for a full refund or use it.

A while ago I purchased a new computer that I pieced together from OTS parts in a FRY's store in Indy, IN. Well, after their PC people informed me that certain parts would work with other certain parts, after I took it home and assembled it, it didn't work. They gave me wrong memory, wrong power supply, etc... It was a huge screwup. I accept responsibilty for not doing my own homework on the specific parts for the system; but, there was no *WAY* I was going to keep the system after listening to their recommendations and it not work.

FRY's reluctantly took back all their parts. However, there was one they fought me over. The opened package of Windows XP Professional. Their Customer Service manager fought tooth and nail with me on why they shouldn't take it back and why I told them they *will*. I bickered with them for almost an hour on this one issue. I did not back down one inch. I won.

I got my money back and they got the opened package back. When you're right, you're right. It's as plain as that. Reach the right people, show them why their process/procedure is FUBAR and you will more than likely receive the correct response.

However, I wouldn't place bet's that I could do it again.

Also worth nothing...

[thanksforthecrabs]

Just because the checksum on the key may work, it has to be a key that was actually issued by MS for it to get activated. Lots of trial and error here.

Re:Having RTFA...

[Abalamahalamatandra]

It gets better...

The improved version is a nice rewrite of the routine in question that drops some letters (obvious candidates for a number to letter mixup like "ell" and "ess") and moves some assignments outside the loop - now it's generating 100K+ keys in 16 minutes on an X2 4200+ processor! And saving them to a file as well.

Things like this are definitely proof that Microsoft simply DOES NOT UNDERSTAND security in any way shape or form. Firstly, having something this important even be available as a VBScript function is positively hilarious, and secondly, not inserting delays in the product key validation routine to foil brute-force attempts is a seriously n00b error.

What makes you think an EULA has legal force?

[Sycraft-fu]

That they include it means nothing. It is pretty certain that, indeed, an EULA doesn't have legal force and can't make you give up rights you normally have. For example:

I work for a state institution which means in a way I am a part of the state. One of the requirements of the job is that I can't sign any contracts for the state. Anything that requires a signature has to be sent to legal (and we have a hell of a legal team). Employees can't agree to contracts directly. We have, on occasion, gotten software that comes with a written agreement. It is sent to the lawyers, almost totally rewritten, then sent back to the company (who is usually quite surprised). However we've been told not to worry about EULAs or click through agreements. We are allowed to just click ok and go on about our business.

Now why do you suppose that is? Well it is because the legal team believes that they have no legal force, and thus there's no problem. I'm going to guess they are right, they have to be very careful about protecting the state against things like that.

So MS can say in their EULA "We reserve the right to take this software away from you at any time," but that doesn't mean a judge will agree. You can still drag them to small claims court (it's quite cheap to file) and argue your case. If a judge agrees with you, they give you your money back.