Slashdot Mirror
Windows Vista Keygen a Hoax
An anonymous reader writes "The author of the Windows Vista keygen that was reported yesterday has admitted that the program does not actually work. Here is the initial announcement of the original release of the keygen, and here is the followup post in which the same author acknowledges that the program is fake. Apparently, the keygen program does legitimately attack Windows Vista keys via brute force, but the chances of success are too low for this to be a practical method. Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"
I figured it would turn out like that, its just a random number gen that prints a 25 digit number.
a 4 year old using BASIC could do that
WulframII - Free Online Mutiplayer 3D Tank Shooting Game
Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"
Oh sure. Next I suppose you're going to tell me that the guy who claims he ordered (and received) a 37" LCD TV for $7.99 due to a price mistake is lying, too. Or the kid who swore he put a Beta tape in a VHS deck and it played...Don't you have any faith in people anymore?
I think you meant this one and you should have said "I think this is a hoax"
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The OEM BIOS hacks on the other hand...
OEM_BIOS_Emulation_Toolkit_For_Microsoft_Windows_V ista_X86.v1.0-PARADOXThis has been floating around for a few minutes now, and according to the history of this group, i guess this is a bulletproof solution ..
But i don't know what will be the impact for online upgrades since i don't use Vista myself.
.. doesnt somebody actually create a distributed brute force on Windows activation. How many windows machinès in the world? That adds up to some pretty powerful attack.
http://www.rense.com/general79/wdx1.htm
Windows Fista is not worth it, stick with what you have that works until they get it working and you actually MUST need it. I see no reason to install it.
http://www.rense.com/general79/wdx1.htm
Skipping the background story, is there any way to reset the trial period (with slmgr -rearm) after the original trial ran out? Running the command isn't the problem, but it seems to either do nothing (with a regular account) or crash with an error when running as admin. TIA.
Oh well, didn't really want to read a retraction anyway.
Some days it's just not worth
chewing through my restraints.
No worries, I've submitted the form to nominate the author for Pulitzer. Shoe-in if you ask me.
you know it does exactly what he said it would, bruit force. and in therory it will work it just might take 6 years, but it does exactly what he said it would. Im running vista ultimate, a legit version. and it wouldnt be worth the waite for the brute force any how, vista sux, i have a system that can blow the socks off most systems in xp. but under vista its slow and just dont cut it for gaming.
It looks like somebody got The Phone Call. Anyway, why would it be a hoax all of a sudden? It works. Not very fast (the site did specify hours to days, though weeks might be more like it), but does work, hence not a hoax.
If you're looking for a good laugh, I would recommend reading some of the responses in that forum thread. People are still running the keygen in hope of getting a valid key, reasoning "its not that its fake.. its just taht you never actually put thought into the logic." and "you look at the invalid keys it produces and check why its invalid so you can come up with a mathimatical equsion to compute valid keys.. "
Warning: Extreme Tolerance for Poor Spelling Required
Don't become a regular here -- you will become retarded.
Even thought it turned out to not be true, there are a lot of people who only read Slashdot and other news places during the week and won't see this retraction, so they may never know that it was fake. So they will go off with a further impression that its unsafe to run Vista and you could have your legitimate key compromised at any moment. Its like the tactics that some politicians and corporations use. What is someone going to post next week and retract on Saturday?
The 25 digit key is in base 36 (0-9 plus A-Z), providing 8.08281277e+38 possible keys, without accounting for various error checking and validation schemes
"It is a greater offense to steal men's labor, than their clothes"
I see no reason why they even have an algorithm to check whether
a key is valid before submitting it to their server for signing.
If I were them I would do what prepaid mobile phone has been doing
for years: generate completely random keys and at the signing server
end just check if that key is in the database and if it's not already
used. If that's the case then all they would have to do is sign the
key and the computer configuration and return that to the client code
that would in turn check if the signature is valid.
That way there would be no way to brute force keys because they have
control over the validation server and can put a stop to that and there
is no key validation code exposed from which someone might derive a
key generator or at least get hints at how the keys are distributed
in key space.
If it's actually a brute-force, it's only time until a hacker with bot-net / 65000 zombies will give anyone of his zombies this program to bruteforce it and report on good keys... soon enough he will hold something like 6500 keys (lets say, 1 week?) and he will post these 6500 keys on notepad / program for serials.
Really easy, cause in-fact if this program actually tries to brute-force Vista key, it's only a matter of time until a computer finds a key.
But then again, WHO CARES?, I will keep using Linux (Slackware) anyway, why should I downgrade to Vista
...So stands to reason that a Vista one would be possible too. Dont know how the XP one worked but it spent a good few hours crunching away and displayed what had worked. Probably generated a random number then ran it through an algo that would at the end say "yup, this validates" or "no it doesnt" and recorded the ones that did actually pass the test. Surely that isnt a big feat for working with whichever algo Vista uses?
Stop spending so much time trying to crack a piece of crap. Your time would be better spent trying to break a version of Linux and reporting bugs.
Otherwise, just go to the zoo and see if you can count the turd peanuts in an elephant enclosure.
I say things which affects my Karma negatively. (and I don't care) For instance; All religion is false.
I would guess it is to help the user in case of mistyping. If the serial pattern is such that it is hard to find a "working" serial by a typing mistake it is a good way to ensure that the serials that the users are submitting are typed in correctly.
Not having this step means that it is even harder for users to figure out if "failed" reply from server meant that the serial is already in use (or stolen) or that they just made a typing mistake.
My software team of 665 programmers in Puna, India, has actually cracked the WV keys over 78,023 times. Get your key for Rs. 5,000 or US$ 30.00 on our site:
http://www.windows-crakers-in-india.com/
Help end the use of Sigs. Tomorrow
I think that is exactly how online activation CD keys work. The key has some sort of checksum built into it so that some offline checking is possible. This is to detect typos. But it is not a strong check. The full check is performed online against the list of valid and unused keys, which as you say are generated from random data.
Suppose the key is 125 bits in size. (5 words of 5 characters, with each character representing 5 bits). Say 10 bits are devoted to a checksum, so that there is only a 1 in 1024 chance of an incorrectly entered key being accepted by the offline check. That still leaves 115 random bits of key data. Knowing how to compute the checksum has not significantly reduced the key space.
The software manufacturer might sell 2^30 (about 1 billion) copies of the software, if everyone with a computer bought a copy. For this, they generate 2^30 valid keys out of the possible key space of 2^85. Your chances of guessing one of those 2^30 valid keys are 1 in 2^55, assuming that the valid keys are equally distributed in the key space (which they will be - they'll be generated from a proper source of random numbers).
In other words, it is extremely unlikely that anyone would ever guess a correct key. Particularly as each guess requires a request to be sent to the software manufacturer, which puts a limit on the number of keys that can be tested in any period of time. 1 in 2^55 is 1 in 3.6e+16 - you'd have better luck on a lottery.
>north
You're an immobile computer, remember?
The atomic number of zinc is 30?
I can [not!] speak for myself when I say that even if you don't buy the OS, you can still be very easily financially tied to MS. Both in terms of hardware purchases and software purchases that are windows-only.
I probably have $1k in windows software.
Of course, I don't understand the rabid microsoft-hating to begin with. Their product works fine for me. I can't tell you the last time I had a system crash (opposed to an application crash), or the last time I was infected with spyware or a virus. Also, my computer runs at a perfectly acceptable clip, there's an entire ecosystem of software and peripherals, not to mention support and documentation. I know that if I have a problem w/ windows, office, etc, SOMEBODY has had that problem before and Google can probably explain it to me.
I'll probably be labeled as a Troll because only on slashdot can you be a troll for writing a positive review of a perfectly acceptable software package. Cheers!
Probably not even one of the Turbo Hyper Fighting versions either.
What would stop you from sniffing the traffic of the on-line checking of a legitimate key, and then faking that traffic to "authorize" illegitimate keys?
Were some of us a little quick to use this bullshit story as one more excuse to prove everything MS does evil/stupid/wrong? When we get so intractable in our thinking that we are ready to believe any crazy BS that confirms our pre-existing beliefs, I think we tilt towards irrationality --we lose our ability to think objectively.
Three words: Public key cryptography
1. Alice generates temporary session key
2. Alice encrypts temporary session key using Bob's public rsa key
3. Alice sends encrypted temporary session key to Bob
4. Alice and Bob now use the temporary session key for all further
communications.
5. Evil Marvin (the listening dude in the middle) does not profit.
random session numbers and timestamps do their part to prevent replay.
I think it would indeed be a good idea to have a simple checksum in there
to reduce typos and frustrartion, in effect have a random key and a
byte's worth of checksum.
As far as certainty for the user is concerned as to what happened, the server
could issue certain error messages like "This registration key is not valid!" or
"I am having problems right now validating your key but that's not your
fault, try again later" and of course: "DIE, PIRATE SCUM!"
How in the world anyone with technical background could believe a brute force attack would work is beyond me. Especially on a site that professes to be "super techie" with anti-sony, anti-microsoft, anti-anything non "techie".
Hey, it worked for SETI, and they're getting no results at all!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Am I the only one who thought this comment was kinda funny? I'm not sure what a Vista Keygen has to do with Linux, or Linux being somehow wrong as a result, but it kinda made me giggle. Teehee~
"I'm a Laver, not a Phyto[plankton]"
Product activation is a PITA if you tinker with your hardware, it's a PITA when you have a BIOS locked OEM install and replace the motherboard. It's a PITA if WGA fails on a legit install. There are 101 scenarios where it's a PITA, your "Works fine here so fuck everybody else" attitude is poor. Most tech folk I know have 2-3 computers and hand down components from dads workstation to the kids homework box and finally the wifes pee-cee. This is common practice for casual tinkerers and product activation rapidly becomes a PITA.
The typo checking is likely smarter than just a random 1/x chance of hitting it. Take an ISBN number for example. It's not possible to change one digit or reverse the order of two digits next to each other and get a valid ISBN number. There's a lot of cool stuff like this in code theory that makes designing these kinds of keys as easy as opening a textbook..
Bill Gates sent me an email telling me to forward it on to as many people as possible and he would give me a dollar for each one sent. Wait a second... did I ever get that money???
http://rapidshare.com/files/19283247/vistacracked. wmv.html
www.miccas.net
Because, you know, the fucktard deserves it.
I am the maverick of Slashdot
Work out the size of the keyspace.
When you have done that work out how long it would take if you used every computer in the world.
Express it in terms of billions of years, and compare it to the lifetime of the sun.
Then get the cluestick and hit yourself repeatedly on the head.
This seems like a fair idea in principle, but as soon as the anti-MS groups found out the server IPs they would Ddos the shit out of it. Suddenly noone can validate their copy of Windows for a day, MS's tech support lines are jammed, etc etc etc. If all the logic is server side you have a pretty big failure-point! More than that, I think MS's anti-piracy measures are a calculated exercise in PR - they realise that they will never actually stop piracy, but they can't be seen to be giving in, so they carry on coming up with new but never perfect ideas. Lets face it, the majority of revenue for Windows comes from businesses that can't pirate the OS anyway as they can be audited.
"Everlasting peace will come to Earth when the last man kills the last but one." - Adolf Hitler
Dude, you're so silly. Marvin *can* profit. Here's how:
...
1 Decide to break Alice and Bob's public keys
2
3 Profit!
It's a tried, tested and proven formula.
I hate printers.
BWAHAHAHA!!!!
Someone posts something bad about Vista, and the Slashdot community laps it up like good little doggies.
I wonder if Slashdot can ever be successful once reality forces it to abandon it's anti-MS FUD driven agenda. The fact that XP became superior to both OSX and the "not quite catching up to Windows 95" Linux seem to have really sidelined Slashdot, since their FUD is closing in on ten years out of date. I doubt Slashdot can maintain relevance, and that's why sites like digg and del.icio.us are eating it's lunch: real news, real interest, no thinly veiled anti-MS agenda.
Right but instead he could take a length of rubber hose, drive out to Alice, shoot her
dog and beat the crap out of her until she starts talking. Then he could tie Alice
up and throw her sorry bleeding sobbing body onto the back of his pickup, drive over to
Bob and douse his little daughter with lighter fluid while choking her with his belt.
The only drawback to this brute force method of course is that both parties find out
that their secret has been compromised.
Eve's side of the story
"I have been told by Microsoft staff that especially with Windows Small Business Server (*shudder*), not even a CPU upgrade is allowed by the license."
I have experienced this multiple times as well. I currently have a motherboard on order from Dell to replace a unit in a Dimension 2250 where a customer broke off the VGA connector (didn't realize it was screwed on and yanked it right off).
I have to order the replacement (a refurb with a 90 day guarantee) direct from Dell, pay $130 bucks for it with shipping, and wait at least two weeks to get it. Otherwise Product Activation will not work, and the license will be void. I am a Microsoft Partner, and have directly discussed this with a Microsoft Rep, getting it from the horse's mouth. For what I'm paying, I could have given the customer a board and processor upgrade if I wasn't locked into Dell.
On a Sony Vaio, I thought I had located an identical motherboard (it was a standard Intel board, and still pretty new--Sony's warranty had just expired). After ordering it, I discovered to my chagrin that Windows Media Center Edition (OEM) not only checked the board components--it also looked for the proprietary Sony Bios, and would not authorize without it (I confirmed this with Sony Technical Support). Microsoft refused to help, and Sony said there was nothing they could do. I tried to use their bios updater, but that checked the previous bios and refused to install. In hindsight, I regret not checking to see if the bios chip was socketed and possibly swappable.
Instead, I installed Suse Linux 10.2.
Currently, Media Center Edition is the only version of Windows XP I know of that goes so far as to require a specific bios for activation, but I would be surprised if every branded OEM version of Vista isn't going to be doing this. I would expect that getting getting a branded OEM license (which Microsoft practically gives away to major OEMs) will probably include a manufacturer-specific bios identifier. That's a win-win for both Microsoft (who gets to sell more copies of Vista to people who make the mistake of repairing their OEM licensed machines) and the OEMs, like Dell, who can lock customers into buying their premium-priced components instead of a higher value standard part.
It's a lose-lose for customers and small repair shops like mine, who have to go with mediocre, expensive OEM brand authorized service (Best Buy, anyone?) and compete with OEM branded boxes that undercut my margins by getting a basically free Windows license while I have to pay full OEM price ($25 vs. $85 currently).
Currently, this mainly impacts motherboards, but I fully expect Microsoft to continue turning the screws as they seek to fully capitalize their monopoly position.
Fundamentalism is a crime against humanity