Vista Activation Cracked by Brute Force

Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"

MS would owe at least the key

[yagu]

From the article summary:

To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'

I don't see how this is possible, or credible speculation even for a company a evil as MS is perceived on slashdot. I'm no MS fanboy, but I've had reasonable "service" from MS on issues of keys to activate my machines under some unusual circumstances.

This may get sticky for MS, but for goodness sake we've got to find better bashing material on MS (and I believe there be plenty) if we want to maintain any street cred. There's no WAY MS won't be giving license keys to legitimate purchasers of XP (especially considering the vast majority are pre-activated shelf-delivered versions).

(Aside: pure speculation on my part, but one of the most glaring weaknesses of this "claim" may be the notion of brute force, and that that is even a possible approach. Most validation handshakes require a reasonable length of time between attempts to circumvent brute force attacks... if it takes one second between attempts for billions of combinations, you're going to eventually be activating an obsolete OS. Further, after 3 or 4 incorrect attempts, any validation scheme worth its salt will quiesce for some longer inconvenient time... requiring a "cooling off" period before one can make further attempts. This story falls under the heading of "I heard someone say they knew someone whose sister's brother has figured out a Vista activation hack..." Sigh.)

Re:MS would owe at least the key

[DJCacophony]

Any customer who gets their key "stolen" by this program can just take it back - Vista comes with several activations on the same key. Once the customer uses the key, the previous user of it will eventually be required to re-activate.

Re:MS would owe at least the key

[notaprguy]

The commentator on the Inquirer Web site is obviously a total boob (trying to use a British-sounding insult). He's cheering theft which in its own right is sleazy. Worse, he seems to be happy that the legitimate and paying Windows Vista customers are going to be at best confused and worst case screwed because some idiot stole their key. I totally don't understand the bizarre perception that software thievs are somehow Robin-hood-like characters. They're the 21st century equivalent of pick-pockets.

Re:MS would owe at least the key

[DJCacophony]

Or they could NOT loosen up activation, and it would be a hindrance to all legitimate users.

Re:MS would owe at least the key

[Zontar_Thing_From_Ve]

I don't see how this is possible, or credible speculation even for a company a evil as MS is perceived on slashdot. I'm no MS fanboy, but I've had reasonable "service" from MS on issues of keys to activate my machines under some unusual circumstances.

This may get sticky for MS, but for goodness sake we've got to find better bashing material on MS (and I believe there be plenty) if we want to maintain any street cred. There's no WAY MS won't be giving license keys to legitimate purchasers of XP (especially considering the vast majority are pre-activated shelf-delivered versions).

I think you're probably right. However, all companies in similar situations don't act this way. A few years ago I bought a Russian-English translation program for my PC. I got the best one on the market. I didn't use it a lot, but it was useful to me for quick translations from Russian to English for email. At the time I didn't know Russian as well as I do now and while I could do translations by hand, it took a very long time. It was certainly worth the money to have a computer program do it for me in a few seconds and then I could double check the weird parts and re-translate those myself. It turned what might be a 2 hour translation job at the time into a 10 minute job at worse. A year or so later I had a catastrophic Windows failure and had to do a destructive reinstall. Although I had a valid license key for the translation program, it wouldn't work after the reinstall. The vendor told me their keys are valid for one use only and although I explained that I had bought the product (and they knew I had) and had to do a reinstall of Windows, I got basically "Too bad. So sad. Here's a 10% discount off our lowest price." in response, which still meant I had to buy the product at pretty close to it's normal value. I sucked it up and did that and installed my new key. However, I was very angry because I realized that to the software vendor if I needed a new key I was probably a thief and if I wanted another key, I was going to have to pay for it. After another year or so, guess what? Yep, I had to do another destructive reinstall of Windows. I decided not to rebuy the software. The babelfish translator, which is free, is not as good, but my Russian had improved a lot and I had less real use for a computer translation program. For as little as I needed to use one, babelfish was good enough. However, the vendor of the translation program has lost me forever as a customer because they weren't willing to give me the benefit of the doubt about my problem and my choice was either to buy a new key or live without the program. Their attitude was "If you need a new key, you're a thief". Since then a guy on a forum told me the magic needed to make old keys work on a reinstall, but I've never bothered with it.

Re:MS would owe at least the key

[ednopantz]

The slashbots are excited because this, *this* will be the thing that makes people go to desktop Linux.

Nobody will upgrade to XP--er.... Nobody will upgrade to Vista because of activation.

Yes! 199-, er...
2003, er....

2007 WILL BE THE YEAR FOR DESKTOP LINUX!!!

Re:MS would owe at least the key

[ednopantz]

The irony is that this is an example where IP theft *is* actually taking the original out of commission.

Unlike duplicating an mp3, here the original copy is no longer usable. It isn't just making another copy for yourself and leaving the original functional.

But the victim is MS or their customers, so it must be ok.

Re:MS would owe at least the key

[orderb13]

In which case there will be lawsuits and EULA's will be challenged and a companies responsibility to it's consumers will be better defined. Sounds like a win-win scenario here, as much as anything in regards to this can be called a win.

Re:MS would owe at least the key

[vux984]

So you imagine he probably works for a non-commercial software company?

Regardless, its copyright infringement, not 'theft' and not 'piracy'. Its really quite simple, theft is when you physically take something that doesn't belong to you. Copyright infringement is, amongst other things, when you make a copy of something you aren't authorized too.

In fact in this case the real issue isn't even copyright infringement. Suppose I use this keygen on legally purchased software. What laws are being broken?

I didn't 'steal' your key, I happened to come up with the same number MS assigned to someone else independantly. Hell, I might have come up with the number before MS, which, if anything, would make it -my- intellectual property; and MS would be infringing my copyright by issueing you "my" key string.

Which is of course absurd.

Re:MS would owe at least the key

[CmdrGravy]

I'm not sure boob is really typically British insult, I have a German friend with the same trouble who believes that the word ignoramus is in common enough use to pass himself off as a native although he is sadly mistaken in this.

For future reference you could try using words like:

Fuckwit, wanker, bastard, fuckhead, tosser, cunt, spanner, moron, dickhead or even shit for brains.

For example:

"The commentator on the Inquirer Web site is obviously a total fucking wanker. The fuckwit is cheering theft which is in its own right sleazy. Worse, the cretin seems to be happy that the legitimate and paying Windows Vista customers are going to be at best confused and worst case screwed because some idiot stole their key. What a fucking cock !"

I must admit I probably have the same problem in my belief that most Scottish people curse each other by calling them sassenachs.

Re:MS would owe at least the key

[Brian+Gordon]

Since it's a vbscript the code is wide open. Look for yourself, this is a legitimate brute forcer.

Re:MS would owe at least the key

[SatanicPuppy]

When it's Microsoft's long costly lawsuit?

Sorry, couldn't resist.

In the end though, this sort of corporate behavior is hugely annoying. Microsoft rose to the top partly because it looked the other way on unlicensed use of it's products, and now that it's the standard, it's trying to lock down. Well, the problem is, now there is a huge group of people who have a vested interest in using that software for free, and there is no way that they're going to beat them using a purely technical solution...Crackers are proving that on a daily basis.

Smarter of them to leave things as they were.

Re:MS would owe at least the key

[VJ42]

How is a long, costly lawsuit a winning scenario? It's a winning scenario for the lawyers...

Re:MS would owe at least the key

[drinkypoo]

The irony is that this is an example where IP theft *is* actually taking the original out of commission.

The irony is that you think violations of IP is theft.

The person who brute force discovers and uses someone else's code is not the one causing their Copy of Windows to be invalidated. Microsoft is doing that.

This is a very important distinction.

Sounds like a distributed computing project to me

[nizo]

I can see it now: thousands of computers worldwide activating keys, just to make life miserable for Microsoft and users. It could be called the "annoy Microsoft Windows Users at home" project.

relax

[ohzero]

I guarantee you MSFT will release a patch to reorder license keys or figure out some other solution. If you were the largest software company in the world, and you had a product that was being touted as "more expensive than switching an entire IT department to OSX:, wouldn't you?

Re:Easy Fix

[Odiumjunkie]

> All Microsoft has to do is block the IP address that is requesting thousands of activations on > separate, invalid keys per second. RTFA. That's nothing like how this works. The actual activation part is totally manual, only the key generation is automated. You can generate keys without any kind of network connectivity.

Re:Not too big of a deal

[tomhudson]

"as someone who has worked on systems such as these (oh the inhumanity!) we have looked at this particular attack vector. Yes, it is possible. But, when you consider the size of the activation code domain (quadrillions or more of combinations), with the number of legitimate keys (hundreds of millions), and the fact that each request takes some amount of time (a few seconds), it's not too big of a risk. A risk? yes. But there are lots of risks. This is just another one to be put on the list, watched, and mitigated against (as others have said, with blocked IPs and so forth)."

Obviously someone else who didn't read either the article OR all the other user comments - no net connection required to generate the keys - the attempts to change the key are done locally; after a successful local key change, submit the new key for activation.

Blocked IPs won't do jack shit for such a scheme.

Also, you're not trying to find a specific key that works, just one of many, so even with a huge wrong-key space, you'll get a favourable collision with a valid key sooner, rather than later. Its like the same-birthday problem.

it is useless

[WARM3CH]

It seems that this technique doesn't test against the microsoft server, but can tell if a key is valid on the local computer, which would actually be news.

This is not really that important if a key is validated in a local computer or not. Any key needs to be finally validated by the servers: Out of all possible valid keys that pass the validation on a local computer, only very very tiny number of them are actually keys that have been (or will be) issued by Microsoft. Think of it like this: with 25 symbols for the keys you have a huge huge search space A. Now, this program finds the keys that are valid according to the magic formula that Vista validation system uses. All these keys form a very very tiny subset of A, called B. However, the set of keys that Microsoft has already issued (or will ever issue), set C, is only very very tiny subset of B. This program finds random keys in the B but to actually validate Vista with them, user has to contact Microsoft's servers to see if the key are part of the C or not. This is where the whole things breaks down next to being totally useless. (this is the same story with the CD-Keys of the mutli-player games...)

Except we know already what happens

[Moraelin]

The problem of generated keys and conflict with legit keys isn't new, so we already know what happens. The same existed for XP -- plus the added collison of dishonest OEM's selling one legit serial number to 100 different people who bought their computers with XP preinstalled -- and we already know what Microsoft chose: to not annoy the paying customers. What it did try to do was go after the OEM's who did that, but _not_ after the victims. The victim never had to do more than call an (automated) telephone number and get another key. It's always been that simple.

Yes, there have been some fucktards too historically, but MS was sane about it so far. I'm not saying they're saintly or anything, feel free to still be anti-MS if it makes you feel any better. Just that their sane. Even if you want to see them as some kind of super-willain, well, as super-villains go, MS was the _sane_ kind so far. The kind who's read the evil overlord's list, not the random lunatic kind. It knows when _not_ to do something that would damage itself very quickly.

Look, there are plenty of real reasons to whine about MS, no need to invent bullshit FUD scenarios. That kind of going into bullshit fantasy land, just to have something bad to say about MS, just damages the credibility of the real complaints.

Actually this crack won't help most people..

[goombah99]

One poster on the crack forum wrote "5 hours and i got 3 legit keys." at 20K/hour that's only 100,000 tries or 33,000 per key. So apparently despite having a 25 digit key space, Microsoft's algorithmic validity check allows 1 in every 33,000 keys. What where they thinking?

As I pointed out in the post above the chance of a randomly generated working activation- key colliding with a legitimate keys is probably worse odds than 1 in a trillion. So this will probably never ever happen by chance.

However, chance might not play a role here. Given this colossal stupidity one also assumes they did something dumb like make the decoded keys have some sort of sequential pattern too, so given enough keys one might be able to figure out how to actually generate keys directly. In that case MS will have a problem with the key-collisions with legitimate keys because people could deliberately generate those.

Why would deliberately generating legitimate keys be a good idea for a cracker? Well, if you do generate a random activation key, it will activate the product but Microsoft will also be able to determine that it's one that it did not issue. So the moment vista phones home or you try to do a system update, or install any piece of software from MS that can check the key (e.g. office), microsoft is gonna shut your genuine ass down. On the other hand if you were to generate a key that coincided with a legitimate key, then MS won't know you filtched it. So there's an incentive to see if MS also made the patterns predictable.

You could of course try to live off line. but that level of piracy is not a threat to MS.

All that said my guess is that this is not possible. If I were creating these keys what I woul dhave done would be to use public key encryption. I'd take the integers 1 to 1 billion, and encrypt them with my private. The the Vista copy caries the public decode key. To validate the vista installer decrypts the user supplied key. If it's a number between 1 and billion, you've been validated. MS can now issue up to 1 billion copies of the software with distinct keys.