Loading ...
Sorry, an error occurred while loading the content.

Vista activation cracked by brute force

Expand Messages
  • Ryan Luyao
    Vista activation cracked by brute force Sledgehammered By Charlie Demerjian : Thursday 01 March 2007,
    Message 1 of 3 , Mar 2, 2007
    • 0 Attachment

      Vista activation cracked by brute force

      Sledgehammered

      By Charlie Demerjian: Thursday 01 March 2007, 17:15

      IT LOOKS LIKE Microsoft's unhackable OS activation malware has been hacked.

      There is an active thread at the Keznews forums (account needed), and a summary on its main page about the crack.

      It is a simple brute force attack, dumb as a rock that just tries keys. If it gets one, you manually have to check it and try activation. Is is ugly, takes hours, is far from point and click, but it is said to work. I don't have any Vista installs because of the anti-user licensing so I have not tested it personally.

      The method of attack has got to be quite troubling for MS on many grounds. The crack is a glorified guesser, and with the speed of modern PCs and the number of outstanding keys, the 25-digit serials are within range. The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people

      It won't take long for boxes bought at retail to be activated before they are bought, and the people who plunk down money for the mal^h^h^hsoftware for real get 'you are a filthy pirate' messages. Won't that be a laugh riot at the MS phone banks in Bangalore.

      So, what do you do? There is really no differentiating between a legit copy with a manually typed in wrong key and a hack attempt. Sure MS can throttle this by limiting key attempts to one a minute or so on new software, but the older variants are already burnt to disk. The cat is out of the bag.

      The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, MS will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.

      This is ugly for MS, and if it allows you to take back your legit keys, how long do you think it will take before people catch on to the fact that you can call in and hijack already purchased keys once you generate one that someone else activated?

      No, this is a mess, and the problem is the very malware activation and anti-consumer licensing that MS built into Vista. Then again, it is kind of hard to feel sorry for them the way they screw their paying customers. We'll give it three days before there is a slick GUI version with all the bells and whistles. µ

    • gzphilippines
      That s why I m so happy with Kubuntu & WineHq = peace of mind I hope millions of people will move to this combination :) only thing a bit lacking is a good
      Message 2 of 3 , Mar 2, 2007
      • 0 Attachment
        That's why I'm so happy with Kubuntu & WineHq = peace of mind
        I hope millions of people will move to this combination :)

        only thing a bit lacking is a good guide line for "windows" users
        It took me months to get my system working the way I need it,and I
        think most new people don't have that much patience.

        :) gudy

        --- In ce-gnu-lug@yahoogroups.com, "Ryan Luyao" <ryanluyao@...> wrote:
        >
        > Vista activation cracked by brute force
        >
        > Sledgehammered
        >
        > By Charlie
        Demerjian<javascript:__doPostBack('article_body$lnkEmailForm','')>:
        > Thursday 01 March 2007, 17:15
        > *IT LOOKS LIKE* Microsoft's unhackable OS activation malware has
        been
        > hacked.
        >
        > There is an active thread at the Keznews
        > forums<http://keznews.com/forum/viewtopic.php?t=2586>(account
        needed),
        > and a summary on its
        > main page <http://keznews.com/2431_Vista_Brute_Force_Keygen> about
        the
        > crack.
        >
        > It is a simple brute force attack, dumb as a rock that just tries
        keys. If
        > it gets one, you manually have to check it and try activation. Is
        is ugly,
        > takes hours, is far from point and click, but it is said to work. I
        don't
        > have any Vista installs because of the anti-user licensing so I
        have not
        > tested it personally.
        >
        > The method of attack has got to be quite troubling for MS on many
        grounds.
        > The crack is a glorified guesser, and with the speed of modern PCs
        and the
        > number of outstanding keys, the 25-digit serials are within range.
        The
        > biggest problem for MS? If this gets widespread, and I hope it
        will, people
        > will start activating legit keys that are owned by other people
        >
        > It won't take long for boxes bought at retail to be activated
        before they
        > are bought, and the people who plunk down money for the
        mal^h^h^hsoftware
        > for real get 'you are a filthy pirate' messages. Won't that be a
        laugh riot
        > at the MS phone banks in Bangalore.
        >
        > So, what do you do? There is really no differentiating between a
        legit copy
        > with a manually typed in wrong key and a hack attempt. Sure MS can
        throttle
        > this by limiting key attempts to one a minute or so on new
        software, but the
        > older variants are already burnt to disk. The cat is out of the bag.
        >
        > The code is floating, the method is known, and there is nothing MS
        can do at
        > this point other than suck it down and prepare for the problems
        this causes.
        > To make matters worse, MS will have to decide if it is worth it to
        allow
        > people to take back legit keys that have been hijacked, or tell
        customers to
        > go away, we have your money already, read your license agreement
        and get
        > bent, we owe you nothing.
        >
        > This is ugly for MS, and if it allows you to take back your legit
        keys, how
        > long do you think it will take before people catch on to the fact
        that you
        > can call in and hijack already purchased keys once you generate one
        that
        > someone else activated?
        >
        > No, this is a mess, and the problem is the very malware activation
        and
        > anti-consumer licensing that MS built into Vista. Then again, it is
        kind of
        > hard to feel sorry for them the way they screw their paying
        customers. We'll
        > give it three days before there is a slick GUI version with all the
        bells
        > and whistles. µ
        >
      • Dominique Cimafranca
        I read somewhere that this is a hoax, and that the author admitted as much. There is a brute force method, but it s too slow to be practical. ... Some of the
        Message 3 of 3 , Mar 3, 2007
        • 0 Attachment
          I read somewhere that this is a hoax, and that the author admitted as
          much. There is a brute force method, but it's too slow to be
          practical.

          > only thing a bit lacking is a good guide line for
          > "windows" users It took me months to get my system
          > working the way I need it,and I think most new people
          > don't have that much patience.

          Some of the docs at http://help.ubuntu.com/community might help. I
          also have my own user's view at http://ubuntuliving.blogspot.com


          --
          Dominique Gerald M. Cimafranca
          http://villageidiotsavant.blogspot.com
          http://ubuntuliving.blogspot.com
          Davao City
        Your message has been successfully submitted and would be delivered to recipients shortly.