Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Keygen a Hoax

Posted by CowboyNeal on from the too-good-to-be-true dept.

An anonymous reader writes "The author of the Windows Vista keygen that was reported yesterday has admitted that the program does not actually work. Here is the initial announcement of the original release of the keygen, and here is the followup post in which the same author acknowledges that the program is fake. Apparently, the keygen program does legitimately attack Windows Vista keys via brute force, but the chances of success are too low for this to be a practical method. Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

5 of 154 comments (clear)

  1. People lie on the internet? by Anonymous Coward · · Score: 5, Funny

    Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

    Oh sure. Next I suppose you're going to tell me that the guy who claims he ordered (and received) a 37" LCD TV for $7.99 due to a price mistake is lying, too. Or the kid who swore he put a Beta tape in a VHS deck and it played...Don't you have any faith in people anymore?

  2. OEM_BIOS_Emulation_Toolkit by ekasperc · · Score: 5, Informative

    OEM_BIOS_Emulation_Toolkit_For_Microsoft_Windows_V ista_X86.v1.0-PARADOXThis has been floating around for a few minutes now, and according to the history of this group, i guess this is a bulletproof solution ..
    But i don't know what will be the impact for online upgrades since i don't use Vista myself.

    1. Re:OEM_BIOS_Emulation_Toolkit by Anonymous Coward · · Score: 5, Informative

      OEM activation works by having OEM identifiers and SLIC table stored in the BIOS and Microsoft then sign a cert per OEM (also required). The softmod uses vista boot manager to spoof flashed BIOS. Patching a VM should be even easier.

      Once again, product activation is only a PITA for legit customers.

  3. Why by JackMeyhoff · · Score: 5, Interesting

    .. doesnt somebody actually create a distributed brute force on Windows activation. How many windows machinès in the world? That adds up to some pretty powerful attack.

    --
    http://www.rense.com/general79/wdx1.htm
  4. Might not even have to validate keys at all anymor by gd23ka · · Score: 5, Informative

    I see no reason why they even have an algorithm to check whether
    a key is valid before submitting it to their server for signing.

    If I were them I would do what prepaid mobile phone has been doing
    for years: generate completely random keys and at the signing server
    end just check if that key is in the database and if it's not already
    used. If that's the case then all they would have to do is sign the
    key and the computer configuration and return that to the client code
    that would in turn check if the signature is valid.

    That way there would be no way to brute force keys because they have
    control over the validation server and can put a stop to that and there
    is no key validation code exposed from which someone might derive a
    key generator or at least get hints at how the keys are distributed
    in key space.