Microsoft Genuine Advantage Cracked

piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."

Text

Indian cracks Microsoft's anti-piracy program

Alok Sharma | June 21, 2005 14:53 IST

An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.

Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.

Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.

WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.

Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.

Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.

Re:Text

Did he stick tape over the Windows key during installation?
Or did he perhaps hold down the shift key.

The world must know.

Re:Text

No, he colored over the inner ring of the internet with a Sharpie.

Re:Text

Did he stick tape over the Windows key during installation? Or did he perhaps hold down the shift key.

I share your amusement. Though I am by no means capable enough to perform such a task myself (those shift keys are tricky) it seems that a Microsoft program being cracked or broken or worked-around or otherwise finagled is not necessarily a breakthrough. I suppose the most news-worthy aspect of this particular crack was in response of someone sinking what Microsoft was apparently toting around as the Titanic.

Interesting, yes. Front page? Maybe not other to rub it in Microsoft's face. This isn't the Special Olympics people. Not everyone gets a medal and a hug. :)

That's great microsoft...

I love how they say it represents very little threat. I guess we can expect them to save face, but someone must be kicking themselves over this one! "Very little threat" probably translates into millions of copies distributed over P2P networks :)

Re:That's great microsoft...

Think about which is easier:

1) Accessing a random legitimate install once for a minute or two.

2) Accessing a legitimate install every time a new patch comes out, for however long it takes to download. Must also make arrangements to transport the downloaded files.

That answer your question?

Two quotes come to mind

The first is from George Patton : "Fixed fortifications are monuments to the stupidity of man." The second is from Karl von Clausewitz: "If you entrench yourself behind strong fortifications, you compel the enemy seek a solution elsewhere." I think these speak volumes

You'd think this would be obvious

Microsoft has the right to restrict product updates to only their paying customers.

However, the installed base is huge and the illegally installed base is also huge. Microsoft, because it is their OS, has a moral responsibility to prevent internet worms and viruses by releasing patches to all users, regardless of the legality of the installation.

Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?

Re:You'd think this would be obvious

Can MS really be held at fault when illegal usage of the OS results in a huge failure of the Internet?

I'll bite. Microsoft can only repair the vulnerabilities that they have been made aware of. If somebody uses a 0-day exploit to craft a worm, then I don't believe Microsoft can really be held accountable. That is like blaming the manufacturer of a safe for being susceptible to a heretofore undisclosed method of safe cracking.

If it is a vulnerability that they've known about for months, however, not unlike many of those that affect Internet Explorer, then that should probably be considered a different story.

Despite the accusations of trolling that you've received, however, I believe that you were right to distinguish an ethical responsibility from a legal one.

Re:You'd think this would be obvious

No, it would still depend on the obviousness of the exploit used.

I'm not a Microsoft apologist. I never deploy Windows. I despise many of their tactics. I prefer a Unix-based operating system.

That said, let's face it: A 0-day exploit can affect any operating system, no matter how secure we might consider it. That includes every clone and variant of Unix available today.

As a programmer, you can take every precaution and still encounter a blatantly obvious -- to your critics, at least -- compromise. Although it really isn't a valid comparison, I'll cite the design problem that was eventually fixed in our beloved PHP interpreter. The end-user was once allowed to manipulate server-side variables, and that was sometimes an absolute nightmare to work around.

If such an obvious vulnerability were present in an ASP interpreter, we'd chuckle together and continue bashing the developers (developers, developers!) at Microsoft. I'll admit that it's often very funny to do so, but I'm ultimately afraid that people in glass houses shouldn't throw stones -- even if our glass house is reinforced. ;-)

Re:You'd think this would be obvious

(Mods, that's not a troll, it's a decent point)

You'd probably be quite surprised at the number of legal copies of Windows that are in use. Most people get it whether they like it or not with their new computer. People running 98/ME usually find that their computer is under-spec to run 2K/XP and simply buy a new one. It's mainly people who build their own computer (and thus should know what they are doing) who pirate Windows.

You still raise a very interesting question there though. I would say that they should allow anyone to update, mainly because many updates to Windows are security fixes and zombie machines adversely affect other users, not just the owner.

1992 called ...

... they want their copy protection scheme back.

Re:1992 called ...

I'm not sure if the year 1992 has any significance. But in the early age of consumer computing, software used to be built with schemes to make it "impossible" to copy/install/use the software without validating that you had purchased the product.

Usually, this was done by being forced to physically lookup a phrase in the physical documentation and then feed it back to program before it would start/continue work.

This was annoying as hell, particularly to the paying customers. "crackers" would usually located the protection routine in the binary code, and patch it to skip the check. The practice was discontinued because the "protection" scheme would not protect non-purchased use of its product, (the savvier users would merely apply the publicised crack) and would reduce its marketshare by annoying its purchasing customers. Ultimately, software companies just factored piracy rates into its pricing structure.

The post was meant to be humorous, but you may have started using computers after the practice stopped, and thus your question.

This was done about two months ago...

This was discovered by multiple people months ago, as evidenced by this full-disclosure thread [grok.org.uk], with a followup by another discoverer of the same exploit [grok.org.uk].

Oh no...

DVD Jon has been out-sourced to India!

impenetrable?

Where does that "impenetrable" quote come from? MS has pretty openly stated that they know that protection mechanisms like Activation can, and will, be cracked. They have been pretty clear that these mechanisms are in place more for the hobbyist or mom-and-pop user, than the people that would actively seek out cracks/pirate software.

Full-disclosure link

Go here [derkeiler.com] and download here [hackingspirits.com].

Windows Genuine Advantage

The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.

Funny that you asked

http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip [hackingspirits.com]

Not a true crack

From the doc linked to:
>6. After downloading "GenuineCheck.exe", run it on the machine running a genuine copy of Windows XP.
> It will generate a code which is used for WGA validation. Copy the code and use the same code to
>validate a pirated copy of Windows XP and bypass the WGA.

But that's bogus, you still need "access" to a authentic copy to perform this hack. It's not really a hack at all.

But sadly this will only make it easier for people unwilling to pay for windows to continue to use it. It would be better if they had to find a cheeper (legal) solution.

Easy fix.

This should be easy for Microsoft to fix. Like all problems the solution lies with legislation.

Outlaw India - problem solved.

Re:What's the point?

The "No, thanks" option is supposed to go away at some point in the near future. Also Windows Update will not run without WGA in the near future as well.

MOD PARENT INSIGHTFUL

Genuine Advantage is a pain in the arse for both registered and unregistered users. If reinstalling windows was a nightmare, imagine now with having to actually activate your windows. And now for updates? Come on!

Somebody has to put an end to this.

Re:MOD PARENT INSIGHTFUL

I had to activate windows over the phone the other day, because installing SP2 on it broke everything (well, it just didn't like the SIGNED graphics card driver).

It kept hanging while it was starting up so I took all the expansion cards out, including the graphics card and used the onboard. Worked fine, apart from popping up a message saying the hardware had changed dramatically and windows needed to be reactivated. Didn't have time to play with it so I left it a few days. Next time I turned it on I couldn't do anything unleses I activated windows. Ok, I will just activate it over the internet - or I would if it was configured for the network it was connected to. Cancel activation so I can set up the network, nope, can't change network settings unleses I activate windows (even in safe mode). So, do I configure a DHCP server on another machine, or use the activate by phone option? It was a free call, but if I knew how long it was going to take for the auto responder to read out really really long numbers for me to type then I would have just set up a DHCP server.

Re:MOD PARENT INSIGHTFUL

Genuine Advantage (What kind of name is that? What does it mean? It's not to my advantage to have to prove I paid for Windows every time I need to reinstall) and the like is one of the main reasons I switched to linux for everything but Grand Theft Auto. I refuse to pay ~$100 and then be treated like a theif. I will never pay for windows, in any capacity, again. If that forces me to build my own comptuer every time I upgrade, so be it.
Luckily, these days linux is pretty nice, what with Ubuntu and all. You barely need to think any more when installing, and no annoying registration screens!