Jump to content



Photo

Vista Activation Cracked By Brute Force


  • Please log in to reply
77 replies to this topic

#1 vetvoidunknown

voidunknown

    Neowinian Senior

  • 2,556 posts
  • Joined: 20-August 02
  • Location: California

Posted 02 March 2007 - 00:37

Holy smokes! :blink: This could be bad for Microsoft. I'm sure there is SOMETHING they can do.

IT LOOKS LIKE Microsoft's unhackable OS activation malware has been hacked.

There is an active thread at the Keznews forums (account needed), and a summary on its main page about the crack.

It is a simple brute force attack, dumb as a rock that just tries keys. If it gets one, you manually have to check it and try activation. Is is ugly, takes hours, is far from point and click, but it is said to work. I don't have any Vista installs because of the anti-user licensing so I have not tested it personally.

The method of attack has got to be quite troubling for MS on many grounds. The crack is a glorified guesser, and with the speed of modern PCs and the number of outstanding keys, the 25-digit serials are within range. The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people

It won't take long for boxes bought at retail to be activated before they are bought, and the people who plunk down money for the mal^h^h^hsoftware for real get 'you are a filthy pirate' messages. Won't that be a laugh riot at the MS phone banks in Bangalore.

So, what do you do? There is really no differentiating between a legit copy with a manually typed in wrong key and a hack attempt. Sure MS can throttle this by limiting key attempts to one a minute or so on new software, but the older variants are already burnt to disk. The cat is out of the bag.

The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, MS will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.

This is ugly for MS, and if it allows you to take back your legit keys, how long do you think it will take before people catch on to the fact that you can call in and hijack already purchased keys once you generate one that someone else activated?

No, this is a mess, and the problem is the very malware activation and anti-consumer licensing that MS built into Vista. Then again, it is kind of hard to feel sorry for them the way they screw their paying customers. We'll give it three days before there is a slick GUI version with all the bells and whistles.


Edited by voidunknown, 02 March 2007 - 01:00.



#2 Slimy

Slimy

    Ars + Neowin

  • 22,355 posts
  • Joined: 04-April 04

Posted 02 March 2007 - 00:40

I always wondered why we were still at a mere 25 digits for cd keys. I wonder how many people will bother trying this, as opposed to the "other methods".

#3 vetRadishTM

RadishTM

    Neowinian Racer

  • 25,249 posts
  • Joined: 28-November 01
  • Location: London, UK
  • OS: Windows 7 x64

Posted 02 March 2007 - 00:40

Oh dear :s

Off topic, voidunknown - that thread in your signature was funny back in the day :laugh:

Radish™

#4 OP vetvoidunknown

voidunknown

    Neowinian Senior

  • 2,556 posts
  • Joined: 20-August 02
  • Location: California

Posted 02 March 2007 - 00:41

Oh dea:s:s

Off topic, voidunknown - that thread in your signature was funny back in the da:laugh:h:

Radish™

Ahhhh, the memori:D. :D

#5 Admodieus

Admodieus

    Neowinian

  • 553 posts
  • Joined: 14-December 04
  • Location: Philadelphia, Pennsylvania

Posted 02 March 2007 - 00:42

Perhaps when you buy a version of Vista now or install it/activate a key, you'll also have to include a PIN number or password. Then, if somebody tries to guess your key/use it, they'll also have to know and use your PIN. Perhaps this system is too simple, but I think just another level of security will be thrown on top of the key system.

#6 vetNicholas-c

Nicholas-c

    Apeture Scientist #74395

  • 13,654 posts
  • Joined: 17-February 06
  • Location: Staffordshire, UK

Posted 02 March 2007 - 00:43

this was going to be a surprise why?

#7 OP vetvoidunknown

voidunknown

    Neowinian Senior

  • 2,556 posts
  • Joined: 20-August 02
  • Location: California

Posted 02 March 2007 - 00:44

Perhaps when you buy a version of Vista now or install it/activate a key, you'll also have to include a PIN number or password. Then, if somebody tries to guess your key/use it, they'll also have to know and use your PIN. Perhaps this system is too simple, but I think just another level of security will be thrown on top of the key system.

This is getting out of hand though. Wouldn't you agree?

If thats the case, next they will want my Social Security number, drivers license, birth certificate, proof of purchase, a digital copy of the cd, and for me to stand on my head and spin around 3 times.

#8 AdverseDeviant

AdverseDeviant

    Neowinian Senior

  • 1,776 posts
  • Joined: 11-February 06
  • Location: VA, USA

Posted 02 March 2007 - 00:56

i dont mean to be the ass but i mean the op is linking to a page that not only shows you how to do it but gives links to the zip with the utilities used to do this.

#9 Rob2687

Rob2687

    ?

  • 13,333 posts
  • Joined: 27-April 03
  • Location: Ontario, Canada

Posted 02 March 2007 - 01:00

I wonder how long it takes to find one that works.

#10 AdverseDeviant

AdverseDeviant

    Neowinian Senior

  • 1,776 posts
  • Joined: 11-February 06
  • Location: VA, USA

Posted 02 March 2007 - 01:01

depends on your computer speed. ill tell you tomorrow with a 64 3200+ ;)

#11 OP vetvoidunknown

voidunknown

    Neowinian Senior

  • 2,556 posts
  • Joined: 20-August 02
  • Location: California

Posted 02 March 2007 - 01:03

I wonder how long it takes to find one that works.

To keep the trolls at bay, I edited the post.

Do you really think that is going to stop anyone? I don't...

I wonder how long it takes to find one that works.

Most have reported 2-5 hours...

depends on your computer speed. ill tell you tomorrow with a 64 3200+ ;)

Wait, you complained that I linked to the main page where the instructions where, then you openly admitted to using it? Oxymoron much?

I didn't try this. All 5 of my Vista installs are legit.

#12 Toology

Toology

    The Collective Unconscious

  • 3,373 posts
  • Joined: 28-December 04
  • Location: Los Angeles, CA

Posted 02 March 2007 - 01:05

The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people.



It's good to know the article's author likes to have legitimate customers f**ked by pirates. Assclown.

#13 AdverseDeviant

AdverseDeviant

    Neowinian Senior

  • 1,776 posts
  • Joined: 11-February 06
  • Location: VA, USA

Posted 02 March 2007 - 01:06

i was jk

#14 roadwarrior

roadwarrior

    Mississippian by birth and by choice

  • 12,943 posts
  • Joined: 25-April 03
  • Location: Republic of Mississippi

Posted 02 March 2007 - 01:07

There was a similar keygen for XP (which I won't mention by name, of course) although it only ever seemed to work right for one particular type of key. It could sometimes take hours for it to come up with a decent list of keys, but they all worked (at least until WGA came around with more stringent checks on product ids). What I don't get is why Microsoft never just made a database of all the keys that they issued, and checked all activations against that database.

#15 ironsight2000

ironsight2000

    Neowinian Senior

  • 1,584 posts
  • Joined: 26-August 06
  • Location: Toronto

Posted 02 March 2007 - 01:15

There was a similar keygen for XP (which I won't mention by name, of course) although it only ever seemed to work right for one particular type of key. It could sometimes take hours for it to come up with a decent list of keys, but they all worked (at least until WGA came around with more stringent checks on product ids). What I don't get is why Microsoft never just made a database of all the keys that they issued, and checked all activations against that database.




that would be real smart, all it would take is a hacker and they have every key



Click here to login or here to register to remove this ad, it's free!