Vista Activation Cracked By Brute Force

[hapbt]

Holy smokes! :blink: This could be bad for Microsoft. I'm sure there is SOMETHING they can do.

Die?

[one321]

I wonder what this means for me. I have multiple legitimate keys and if someone magically got one of my keys from a keygen mine would fail WGA :/

I guess if that happens in high enough numbers Microsoft will have to end WGA altogether?

Yes, I will definitely be ****ed if my key ever starts giving me trouble because someone generated it through brute force. I will give this a try just for fun. I wouldn't mind generating a list of keys and just keeping them on hand in case this becomes cold war between Microsoft and the citizens of the world.

[Omegatron]

Yay got mine only in 40 minutes!

[boogerjones]

Yay got mine only in 40 minutes!

Here's what to do next!

1. Yell upstairs to your mom
   
2. Tell the dumb broad to fix you some Pop Tarts
   
3. Sit in front of your activated copy of Vista all day and develop some blood clots in your legs
   
4. Have 1 (or more) of those clots pass up into your lungs
   
5. Instruct your family to sue Microsoft for wrongful death after you've passed
   

[blachole]

What I want to know is how someone "comes across this accidentally" while learning vbscript. That statement right there is BS. If my key gets stolen, I expect Microsoft to replace it with a new one. In the end, it really doesn't matter. They let you activate your copy over the phone no matter what.

[AdverseDeviant]

Not even MS said it was unhackable, so why do things like this keep being spread. Also, brute force generation is not really a crack; a crack involves bypassing a protection, while brute forcing is really just trying a whole lot of keys. Any protection using keys or passwords is "vulnerable" to that really, the difference is just how long it takes. But that's mostly semantics. What's important to both MS and priates alike is if this method is efficient enough. :)

What I'm surprised about is how bruteforcing can be possible even now...

25 characters with 26 (letters) + 10 (digits) combinations each => 25^36 combinations. That number is 50 digits long!

211758236813575084767080625169910490512847900390625 combinations.

I don't really get how they can do this in a viable way still... They have to have figured out a way to reduce the number of permutations far below 26^36 somehow, perhaps by figuring out the key algorithm and not trying *all* combinations. That would just be ridiculous! Perhaps they're able to just try out for a specific Vista Edition, but it still feels like a whole lot! 100 million "valid" keys among all those combinations would still just be a drop in the ocean?

add on top of that, on the forum the guy says it can only go 10,000 keys every 30min. and no there's no algorithm used its just striaght brute force. i think alot of people lie about getting a key maybe a small handful will get lucky cause of randomness.

[leesmithg]

Here's what to do next!

1. Yell upstairs to your mom
   
2. Tell the dumb broad to fix you some Pop Tarts
   
3. Sit in front of your activated copy of Vista all day and develop some blood clots in your legs
   
4. Have 1 (or more) of those clots pass up into your lungs
   
5. Instruct your family to sue Microsoft for wrongful death after you've passed
   

Thats freakin ironic.

I was thinking about getting M$ to cough up a few billion that way for me, except, I was going to say it was

too much exposure to porno and drugs on the net that made me an addict, so M$ cough up. My lawyers will be the EU!

[WelshBluebird]

I bet there's some MS executives sweating lol. There's not much they can actually do to stop this though. Apart from limited online activation attempts, but even then people can still use the phone activation

[Emon]

In worst case .. it will take 4613477611100251487689152970642 years to find a valid key.

[Deactivated Account]

Any news from Microsoft on what they think of this?? would be interesting to know what they think of this method and of the OEM Bios method..

[maeby]

wow it was cracked, didnt see that coming..... haaaaaa

[Mouldy Punk]

What ever happened to good old fashioned stealing? Wanna steal some software? Go and nick it from PC World or something.

[Pharos]

I wouldn't be surprised if 50% of what's in Vista's SP1 will be fixes and countermeasures against all of those piracy cracks and workarounds. LOL

[xcapepr]

add on top of that, on the forum the guy says it can only go 10,000 keys every 30min. and no there's no algorithm used its just striaght brute force. i think alot of people lie about getting a key maybe a small handful will get lucky cause of randomness.

He should know at least that certain characters are not used in Microsoft's product keys... EVER!

When was the last time you've seen an A??? Or any vocal?!?!

Actually, theres a couple of them actually:

The 5 Vocals - A, E, I, O, U

4 consonants - N, L, S, Z

The numbers 0 and 1

So that drops the number of possible combinations down considerably. If his script is coded without these considerations then it would take a lot longer to get an usable key.

If you have Vista, you can try it yourself. Go over to Windows Properties and click on the change product key "link" and try punching in any of those characters! You will get a message that says that an unusable character was used.

If any of you guys have the script, please send it over to hotmail_staff_warning-AT-hotmail.com to review it.

[Krome]

care to elaborate ?

wow it was cracked, didnt see that coming..... haaaaaa

There was a BIOS hack that made the OS think the machine is an OEM machine and activated the OS without a problem. And then a week later this hack came out and the news break headlines. I just don't see how this method get more attention than it should. To my knowledge, I think if Microsoft was to fear of such hack it shouldn't be this one but the BIOS one. That is at the root of activation.

[Deactivated Account]

:::Update:::

Brute force keygen a phoney

fact is the brute force keygen is a joke, i never intended for it to work. I have never gotten it to work, everyone should stop using it!

everyone who said they got a key a probably lying or mistaken!

i suggest everyone uses the 120 day 3x rearm method.

what a guy..

[NY1]

:::Update:::

Brute force keygen a phoney

what a guy..

It's almost sounds like he got a call from MS lawyers or something...

A lot of people claim that it worked for them, are they all lieing?

Did you guys read his apology letter to MS ?

http://keznews.com/forum/viewtopic.php?t=2696

lmao :)

Is there anyone here who seriosly was able to get a legit key that activate through this method?

Edited March 3, 2007 by Ron21

[RootWind]

You would think it would be surprisingly easy to stop brute force attacks. Just limit activation attempts by IP.

[AdverseDeviant]

You would think it would be surprisingly easy to stop brute force attacks. Just limit activation attempts by IP.

ive said this already in the thread. it doesnt try to activate, it checks your vista locally to see if it accepts the key then if you want to you can try to activate.

[Guol]

In worst case .. it will take 4613477611100251487689152970642 years to find a valid key.

Exactly:

(25^36)/10,000/60/24/365 = The amount of years it would take to figure out all the keys if it did 10,000 per minute

And that's about:

4.02888578 ? 10^40 years.

So that's about 40,000,000,000,000,000,000,000,000,000,000,000,000,000 years

Good luck with that:pp

So yeh, I find it no surprise the guy called it in as phoney. I mean, cmon - do the maths:pp

[laz45]

The Emulated Bios Hack does work because I have tried for educational purposes :p and it activated just fine

[Windows Vista User]

Sounds like someone is getting scared.

[boogerjones]

Exactly:

(25^36)/10,000/60/24/365 = The amount of years it would take to figure out all the keys if it did 10,000 per minute

And that's about:

4.02888578 ? 10^40 years.

So that's about 40,000,000,000,000,000,000,000,000,000,000,000,000,000 years

Good luck with that:pp

So yeh, I find it no surprise the guy called it in as phoney. I mean, cmon - do the maths:pp

I agree with you that it's unlikely that a key can be found at random, but your math is off. First off, the total number of combinations is 25^25 (25 possible digits in a serial of length 25). That's still a lot. But what you're forgetting is that we have no idea how MS has limited the keyspace that Windows Vista will accept as a valid key. Further, nobody needs to find ALL the keys, they only need to find one. These 2 facts could make it considerably easier to happen upon a valid key. Impossible to say how likely unless we know the valid key space.

However, the brute-force script that is running around itself is flawed. The code is poorly written and includes the letter "L," which Vista will not accept; and the number "5," which Vista will also not accept. This means that, on average, every other key that the script tests will have no chance of being valid because it includes invalid characters. Further, I tested the script for a about an hour and found that on a dual-core machine it was only testing, on average, about 600 keys PER HOUR.

Bottom line: it's theoretically possible that people are happening on keys using this method, but I doubt it. However, the quadrizillion years claim (like the cryptographers like to use) is just silly. Once people figure out how to narrow down the key space by finding clues about how the key algorithm works, then a brute-force mechanism might become feasible.

[Hitman2000]

The only way a brute force could work is if someone did some good coding and removes the obvious invalid keys such as AAAAA-AAAAA-AAAAA-AAAAA 11111-11111-11111-11111 etc something like that, it will still leave a few billion combination but it will be more specific as you only need to find 1 working key not all the possible keys.

Also arent some letters not allowed in cd keys?

I suppose if you did that you will probably be down to a few hundred million or a billion keys.

Then by pure chance you could find a cdkey or 2 in a couple of day or something.

[Aero Ultimate]

It's almost sounds like he got a call from MS lawyers or something...

A lot of people claim that it worked for them, are they all lieing?

Did you guys read his apology letter to MS ?

http://keznews.com/forum/viewtopic.php?t=2696

lmao :)

Is there anyone here who seriosly was able to get a legit key that activate through this method?

It must have worked properly at least for some, otherwise they wouldn't have bothered to go after him (they have better things to do), and he wouldn't have needed to write that apology letter. He was probably also forced by MS to claim that it is fake to keep people from using it.