Vista Activation Cracked By Brute Force

[wprigjoigj3i40jhgi0435ejh Veteran]

Holy smokes! :blink: This could be bad for Microsoft. I'm sure there is SOMETHING they can do.

IT LOOKS LIKE Microsoft's unhackable OS activation malware has been hacked.

There is an active thread at the Keznews forums (account needed), and a summary on its main page about the crack.

It is a simple brute force attack, dumb as a rock that just tries keys. If it gets one, you manually have to check it and try activation. Is is ugly, takes hours, is far from point and click, but it is said to work. I don't have any Vista installs because of the anti-user licensing so I have not tested it personally.

The method of attack has got to be quite troubling for MS on many grounds. The crack is a glorified guesser, and with the speed of modern PCs and the number of outstanding keys, the 25-digit serials are within range. The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people

It won't take long for boxes bought at retail to be activated before they are bought, and the people who plunk down money for the mal^h^h^hsoftware for real get 'you are a filthy pirate' messages. Won't that be a laugh riot at the MS phone banks in Bangalore.

So, what do you do? There is really no differentiating between a legit copy with a manually typed in wrong key and a hack attempt. Sure MS can throttle this by limiting key attempts to one a minute or so on new software, but the older variants are already burnt to disk. The cat is out of the bag.

The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, MS will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.

This is ugly for MS, and if it allows you to take back your legit keys, how long do you think it will take before people catch on to the fact that you can call in and hijack already purchased keys once you generate one that someone else activated?

No, this is a mess, and the problem is the very malware activation and anti-consumer licensing that MS built into Vista. Then again, it is kind of hard to feel sorry for them the way they screw their paying customers. We'll give it three days before there is a slick GUI version with all the bells and whistles.

Edited March 2, 2007 by voidunknown

[Slimy]

I always wondered why we were still at a mere 25 digits for cd keys. I wonder how many people will bother trying this, as opposed to the "other methods".

[RadishTM Veteran]

Oh dear :s

Off topic, voidunknown - that thread in your signature was funny back in the day :laugh:

Radish?

[wprigjoigj3i40jhgi0435ejh Veteran]

Oh dea:s:s

Off topic, voidunknown - that thread in your signature was funny back in the da:laugh:h:

Radish?

Ahhhh, the memori:D. :D

[Admodieus]

Perhaps when you buy a version of Vista now or install it/activate a key, you'll also have to include a PIN number or password. Then, if somebody tries to guess your key/use it, they'll also have to know and use your PIN. Perhaps this system is too simple, but I think just another level of security will be thrown on top of the key system.

[Nicholas-c Veteran]

this was going to be a surprise why?

[wprigjoigj3i40jhgi0435ejh Veteran]

Perhaps when you buy a version of Vista now or install it/activate a key, you'll also have to include a PIN number or password. Then, if somebody tries to guess your key/use it, they'll also have to know and use your PIN. Perhaps this system is too simple, but I think just another level of security will be thrown on top of the key system.

This is getting out of hand though. Wouldn't you agree?

If thats the case, next they will want my Social Security number, drivers license, birth certificate, proof of purchase, a digital copy of the cd, and for me to stand on my head and spin around 3 times.

[AdverseDeviant]

i dont mean to be the ass but i mean the op is linking to a page that not only shows you how to do it but gives links to the zip with the utilities used to do this.

[Rob2687]

I wonder how long it takes to find one that works.

[AdverseDeviant]

depends on your computer speed. ill tell you tomorrow with a 64 3200+ ;)

[wprigjoigj3i40jhgi0435ejh Veteran]

I wonder how long it takes to find one that works.

To keep the trolls at bay, I edited the post.

Do you really think that is going to stop anyone? I don't...

I wonder how long it takes to find one that works.

Most have reported 2-5 hours...

depends on your computer speed. ill tell you tomorrow with a 64 3200+ ;)

Wait, you complained that I linked to the main page where the instructions where, then you openly admitted to using it? Oxymoron much?

I didn't try this. All 5 of my Vista installs are legit.

[Toology]

The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people.

It's good to know the article's author likes to have legitimate customers f**ked by pirates. Assclown.

[AdverseDeviant]

i was jk

[Southern Patriot]

There was a similar keygen for XP (which I won't mention by name, of course) although it only ever seemed to work right for one particular type of key. It could sometimes take hours for it to come up with a decent list of keys, but they all worked (at least until WGA came around with more stringent checks on product ids). What I don't get is why Microsoft never just made a database of all the keys that they issued, and checked all activations against that database.

[ironsight2000]

There was a similar keygen for XP (which I won't mention by name, of course) although it only ever seemed to work right for one particular type of key. It could sometimes take hours for it to come up with a decent list of keys, but they all worked (at least until WGA came around with more stringent checks on product ids). What I don't get is why Microsoft never just made a database of all the keys that they issued, and checked all activations against that database.

that would be real smart, all it would take is a hacker and they have every key

[AdverseDeviant]

just as smart as having a 25 character key that only consists of upper case letters and numbers.

[Rob Veteran]

This isn't such a big deal. They'll just limit activation tries to one per minute per IP, for example. Or they'll release an update to the activation mechanism in the software via a Critical update. Because of the nature of the importance Microsoft places upon this system, there is no way they'd release Vista without some sort of automatic updater of the activation procedures prior to the user activating.

Sure it's a hole but it'll be fixed, transparently to the user. The writer of the article has flawed logic.

[AdverseDeviant]

but it doesnt try to brute force activate online, it brute forces the local activation and when you got a key you can try activating online if you want. they can try to release a patch that stops this but then you dont have to get it.

[Sophism]

This isn't such a big deal. They'll just limit activation tries to one per minute per IP, for example. Or they'll release an update to the activation mechanism in the software via a Critical update. Because of the nature of the importance Microsoft places upon this system, there is no way they'd release Vista without some sort of automatic updater of the activation procedures prior to the user activating.

95% of the keys out there havent been activated yet, so the chances of you actually having to try to activate a working key more than once are pretty slim. Remember the OS checks to see if the key is valid, if it is THEN it tries to activate.

[MrCobra]

There also exists modified BIOS files that contain the correct OEM IDs in them to fool Vista in to thinking it's on an OEM machine.

[Andareed]

The keygen must be a bit more clever than simply trying a random key. After all, the number of possible keys is at least 22^25 = 2^111 (not all letters are possible).

[AdverseDeviant]

The keygen must be a bit more clever than simply trying a random key. After all, the number of possible keys is at least 22^25 = 2^111 (not all letters are possible).

well fist you can get rid of all the keys that youknow arent gunna be genuine. then with todays cpu's even a athlon64/pentuim d you could prolly get 30-60 thousand keys a sec. some dual core cpus could prolly hit 6 digits a sec. itll still take hours/days to get but not a ridiculous amount of time.

[primexx]

I always wondered why we were still at a mere 25 digits for cd keys. I wonder how many people will bother trying this, as opposed to the "other methods".

just as smart as having a 25 character key that only consists of upper case letters and numbers.

Yea like how many non-geeks are going to be able to type wR7v@-B#epr-*yaf!-Ze*aT-redet-acHep with ease and no error?

[Andareed]

well fist you can get rid of all the keys that youknow arent gunna be genuine. then with todays cpu's even a athlon64/pentuim d you could prolly get 30-60 thousand keys a sec. some dual core cpus could prolly hit 6 digits a sec. itll still take hours/days to get but not a ridiculous amount of time.

I'll assume there's around 2^32 (about 4 billion) "valid" keys (in the sense that local activation accepts them). So assuming you can test even 2^30 (1 billion) keys per second, it would still take 2^(111-30-32) = 2^49 seconds = billions of years until you expect to find 1 locally valid key. So the author must be using some math to eliminate certain classes of keys.

[leo221]

ms saw this coming. thats why they required you to have a powerful machine to run vista (keygen)