Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Keygen a Hoax

Posted by CowboyNeal on from the too-good-to-be-true dept.

An anonymous reader writes "The author of the Windows Vista keygen that was reported yesterday has admitted that the program does not actually work. Here is the initial announcement of the original release of the keygen, and here is the followup post in which the same author acknowledges that the program is fake. Apparently, the keygen program does legitimately attack Windows Vista keys via brute force, but the chances of success are too low for this to be a practical method. Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

12 of 154 comments (clear)

  1. People lie on the internet? by Anonymous Coward · · Score: 5, Funny

    Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

    Oh sure. Next I suppose you're going to tell me that the guy who claims he ordered (and received) a 37" LCD TV for $7.99 due to a price mistake is lying, too. Or the kid who swore he put a Beta tape in a VHS deck and it played...Don't you have any faith in people anymore?

    1. Re:People lie on the internet? by Anonymous Coward · · Score: 3, Funny

      My favorite was always the "If you heat up a needle and put it through this particular spot on your Tomb Raider CD, Lara Croft will be naked!" How many did that one disappoint, I wonder?

      =)

    2. Re:People lie on the internet? by TheVelvetFlamebait · · Score: 3, Funny

      How many did that one disappoint, I wonder?
      I wasn't disappointed until I read that!
      --
      You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
  2. OEM_BIOS_Emulation_Toolkit by ekasperc · · Score: 5, Informative

    OEM_BIOS_Emulation_Toolkit_For_Microsoft_Windows_V ista_X86.v1.0-PARADOXThis has been floating around for a few minutes now, and according to the history of this group, i guess this is a bulletproof solution ..
    But i don't know what will be the impact for online upgrades since i don't use Vista myself.

    1. Re:OEM_BIOS_Emulation_Toolkit by Anonymous Coward · · Score: 5, Informative

      OEM activation works by having OEM identifiers and SLIC table stored in the BIOS and Microsoft then sign a cert per OEM (also required). The softmod uses vista boot manager to spoof flashed BIOS. Patching a VM should be even easier.

      Once again, product activation is only a PITA for legit customers.

    2. Re:OEM_BIOS_Emulation_Toolkit by gEvil+(beta) · · Score: 4, Informative

      Hmmm, I wasn't aware of this. Then again, I haven't been paying much attention to Vista stuff anyways. A few minutes of digging around brought up this site, which looks to have links to modified BIOS files for quite a few motherboards. Pretty sneaky, sis...

      --
      This guy's the limit!
    3. Re:OEM_BIOS_Emulation_Toolkit by Anonymous Coward · · Score: 3, Informative

      Links... PARADOX's OEM emulation tool is out on the various torrent sites. Here is the link from Demonoid.

      Pantheon released a full Windows Vista Ulimate CD with their own activation tool using the same principle. Here is the NZB set (click NZB to download the file) to facilitate downloading from Usenet. Posts are two hours old so they may need a bit longer if you're not using Giganews, Newshosting, etc.

  3. Why by JackMeyhoff · · Score: 5, Interesting

    .. doesnt somebody actually create a distributed brute force on Windows activation. How many windows machinès in the world? That adds up to some pretty powerful attack.

    --
    http://www.rense.com/general79/wdx1.htm
  4. When in reality by Alien54 · · Score: 3, Informative

    The 25 digit key is in base 36 (0-9 plus A-Z), providing 8.08281277e+38 possible keys, without accounting for various error checking and validation schemes

    --
    "It is a greater offense to steal men's labor, than their clothes"
  5. Might not even have to validate keys at all anymor by gd23ka · · Score: 5, Informative

    I see no reason why they even have an algorithm to check whether
    a key is valid before submitting it to their server for signing.

    If I were them I would do what prepaid mobile phone has been doing
    for years: generate completely random keys and at the signing server
    end just check if that key is in the database and if it's not already
    used. If that's the case then all they would have to do is sign the
    key and the computer configuration and return that to the client code
    that would in turn check if the signature is valid.

    That way there would be no way to brute force keys because they have
    control over the validation server and can put a stop to that and there
    is no key validation code exposed from which someone might derive a
    key generator or at least get hints at how the keys are distributed
    in key space.

  6. Re:If it's actually a brute-force == Solution! by julesh · · Score: 3, Interesting

    Based on calculations in the other thread discussing this, we reckoned that if MS hadn't been stupid designing the key system, you'd have to try somewhere in the region of (IIRC) 10^17 keys before getting one that works. Now we can discard the "evidence" that suggested they had been stupid, this is back to being our baseline assumption. Based on speed-of-trial stats reported there, this would take a 65K-node botnet around 14 years to crack a single key.

  7. Re:Key gen or not.. by johnlcallaway · · Score: 3, Funny

    You, kind sir, may be expecting SP1 to actually fix the first round of bugs.

    I, on the other hand, do not.

    (Or I fucked up the post ... both are equally valid options)

    --
    I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.