Forgot your password?
typodupeerror
Microsoft

WinXP Keygen Foils Product Activation 559

Posted by timothy
from the next-generation-will-require-dongles dept.
Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"
This discussion has been archived. No new comments can be posted.

WinXP Keygen Foils Product Activation

Comments Filter:
  • Weird (Score:5, Interesting)

    by glh (14273) on Thursday February 14, 2002 @04:57PM (#3009768) Homepage Journal
    Don't they have some kind of database with all the keys in it.. (after all, a lot of games out there such as anything newer by blizzard works that way)!

    • Re:Weird (Score:5, Insightful)

      by MattRog (527508) on Thursday February 14, 2002 @05:01PM (#3009802)
      I don't know entirely how WPA works, but I know with most games you *can* use a keygen for most of the codes. If they are 'well-formed' and comply with their format then the game will accept it. However, only a select number of the 'possible' working keyset is actually *valid*, meaning it exists in their large database.

      I would suspect that would be the case here; the question is whether or not that false key once accepted by the program is transmitted back to Microsoft for validation.
      • Re:Weird (Score:4, Interesting)

        by Anonymous Coward on Friday February 15, 2002 @12:29AM (#3012137)
        a good method that i've never seen used for key generation is to not use a "Working/Not Working" states, but instead, have the key actually disable/enable certain parts to the game. It would make finding a valid key even harder. You might think you have a valid one, but get to level 3, and the game suddenly dumps you out unexpectedly. It wouldn't be foolproof as far as stopping piracy, but it might hamper it a little i suppose.
    • Re:Weird (Score:5, Informative)

      by Mister Snee (549894) on Thursday February 14, 2002 @05:04PM (#3009830)
      Actually, some companies do it the way you describe (with a database of known keys) but Blizzard does something slightly different, which Microsoft may do as well.

      In Blizzard's games, the routines used by the installer to verify authenticity of a CD key actually checks for compliance to a much more broad algorithm than the keys are actually manufactured by. This means that methods of generating keys reverse-engineered from the game itself will produce keys that work for installing the game but are very likely outside of the real algorithm, which usually constitutes a tiny subset of the one used for installation. This REAL algorithm is used to manufacture the CD keys and is what is checked for on, for instance, the multiplayer servers. Since that checking is serverside it theoretically can't be reverse-engineered to a keygen. Lots of companies are doing this now -- most game keygens are fine for installing but won't play online, and while it's possible for the keygen to randomly hit on a key that falls within the real algorithm and thus allow online play, it's astronomically unlikely.

      Quite smart, really. :D
      • Re:Weird (Score:3, Funny)

        by Lord Sauron (551055)
        I know of a CD-Burner software that if you enter a fake serial number, appears to be registered ok, but when you would burn a CD, it'd say there was an error, and your CD was lost.

        Windows could pretend it was registered ok, and then start crashing, after some time.

        But, oops, no one would notice between a crashing windows and regular windows :)
        • Re:Weird (Score:5, Insightful)

          by fred911 (83970) on Thursday February 14, 2002 @05:29PM (#3010048)
          That specific software you are mentioning was older versions of CDRWIN. Jeff Arnold the owner of Goldenhawk wrote a nice little feature into his app that would generate hidden files until your hard drive was full, if a keygen generated key was used to install.

          A real asswipe. Writes an app designed to dump raw bits from CD's but doesn't want his software copied.

          Then again.. it was a few years ago.
          • Re:Weird (Score:3, Insightful)

            by jhoffoss (73895)
            I know it's blasphemous to mention on /. but, last time I checked, CDRWin wasn't (and indeed, never was) open-source software. This guy wrote the app, and he's free to do whatever he wants to prevent it from being stolen and/or used illegally. CDRWin is a great friggin app, and one that I got more than my money's worth from. A program like that, or nero, is one I am happy to fork money over for. Something like EZ-CD Creator on the other hand, if I were desperate, I would steal in two seconds. And I would delete it as fast as is physically possible. But that's why I never bought (or installed) a copy of it.

            I start to have problems with paying for programs when I'm paying more for the software than my computer cost me when it was new, though. I still haven't paid for anything like that...so no one is perfect. But I don't blow sunshine up my ass and pretend I have a "right" to the software. I know I'm still stealing it.
        • Re:Weird (Score:4, Insightful)

          by G-funk (22712) <josh@gfunk007.com> on Thursday February 14, 2002 @11:12PM (#3011871) Homepage Journal
          So basically, if you purchase his software and mis-type the code, the programmer decides it's ok to damage your real-world property? What a cockhead. I'd buy it mis-type the code and sue to prove a point.
      • Re:Weird (Score:4, Interesting)

        by govtcheez (524087) <govtcheez03@hotmail.com> on Thursday February 14, 2002 @05:22PM (#3009992) Homepage
        > Quite smart, really.

        Except that every Blizzard game I've ever played would be just peachy if a reg-code of all 3's was typed in. Seriously.
      • Re:Weird (Score:3, Interesting)

        by mr3038 (121693)
        In Blizzard's games, the routines used by the installer to verify authenticity of a CD key actually checks for compliance to a much more broad algorithm than the keys are actually manufactured by.

        Yeah, but it's only question of time when the first keygen starts bombing multiplayer authentication with generated keys until one is okayed and returns only that to end user. Yeah, perhaps your IP gets logged but you wouldn't run that kind of program on your own computer, would you? Local library or ISPs shell would be just fine.

        Current system could work if keys were big enough so that hitting real key with keygen would be hard but, unfortunately, as long as end user has to type in the code during install you cannot input that many bits into the key anyway.

    • Re:Weird (Score:3, Funny)

      by Luminous (192747)
      They do have a database of the keys, but it was secured with a password and they can't remember what it is. They would use one of those programs that crack Access passwords, but that just seems wrong.
    • Re:Weird (Score:4, Informative)

      by TWR (16835) on Thursday February 14, 2002 @07:38PM (#3010943)
      But here's an idea: if someone uses this key generation program to submit MILLIONS of keys to MS (complete with fake registration information), they'll start marking them as valid keys assigned to the fake id.

      Then when someone gets that key genuinely, MS will deny it as a fake.

      Kinda funny, really.

      -jon

  • by 2Flower (216318) on Thursday February 14, 2002 @05:00PM (#3009788) Homepage

    While this gets you out of the gate and running, it still means you have an unregistered key. If ever your key is reported back to Microsoft and they do a simple record check, they can tell if you're valid or not. And then the FBI is just a phone call away...

    I don't mean to say WinXP is spyware (although I wouldn't doubt it) but I can't see keeping your activation key a secret for long, with it likely being tied into so many products and services. It's like running around town buying beer with a blatantly fake ID that claims you're a 78 year old airline instructor from Zanzabar -- sooner or later you'll get caught.

    • by Anonymous Coward
      Spyware is not easy to sneak by. Think of how many smart people have a BSD firewall sitting in front doing transparent firewalling while logging every single packet that goes by?

      If anything goes to a MS address, they'll be sure to let us know. I mean, outside of major contributions to the Linux kernel, catching Microsoft red-handed trying to fsck us over is one damn quick way of becoming a folk hero among the Slashbots, if not the internet geek population in general.
      • Spyware is not easy to sneak by. Think of how many smart people have a BSD firewall sitting in front doing transparent firewalling while logging every single packet that goes by?

        The guys in comp.os.vms group claim to have put a packet sniffer on an XP box with nothing special running and found encrypted packets heading for microsoft. No idea what was inside them.
        • by BrookHarty (9119) on Thursday February 14, 2002 @07:26PM (#3010867) Homepage Journal
          Install XP and see for yourself.

          It trys to connect to time.microsoft.com, windows updates, intellimouse updates, m$ internet keyboard pro, media player, msn messenger, windows explorer (dont know why, but my firewall catchs it).

          Im running tinysoft firewall, which tells me which process is trying to connect to the internet, and create an ACL for it. It also does a CRC check to let me know if the binary is updated.

          Here are a couple processes from my ACL.

          e:\program files\microsoft hardware\keyboard\type32.exe
          e:\program files\microsoft hardware\mouse\point32.exe
          e:\program files\common files\system\mapi\1033\nt\mapisp32.exe
          e:\windows\pchealth\helpctr\binaries\helphost.ex e (Microsoft Help Center Hosting Service)
          e:\windows\system32\ALG.exe (Application Layer Gateway Service)
          e:\windows\system32\LASS.exe (Local Security Authority System)
          e:\windows\system32\svchost.exe (Generic Host Processes for Windows)

          -
          Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper. - Larry Flynt
      • the first time you launch IE after installing windows, a crap load of information is sent to MSN. Now, I have no idea what is in this information, but it wouldn't be too hard to include the cd-key in it. Just a little paranoia :)
        ---
    • Ya, so, I mistyped my key and the computer thingy said it was okay. I threw away my boxes and manuals and what have you because windows XP is so stable that I'll never have to install it again. So what?
      • Ya, so, I mistyped my key and the computer thingy said it was okay

        So I think "there's only a one in 80 zillion chance of this happening" would hold up in court for Microsoft.

      • So, you have no box equals you have no license. Period.

        Wanna imagine how many small to medium size companies have figured that one out after the BSA comes knocking? Either you have the little hologram, or you pay again.

        That's just the way it works in the real world... even if your dog ate the hologram.
        • If somehow the BSA managed to pull you into court (which they can't do -- it has to be the copyright holder who files such a suit) and you showed the judge your receipt (or the vendor you ordered your copies from had appropriate records, or you registered your software, or you have the original CDs, &c...) no reasonable judge would find you guilty of copyright violation simply because you didn't keep the holograms on file.

          The BSA may threaten you unless you have the holograms handy, but the question isn't whether you have the holograms -- the question is if you can convince the judge. There's no special legal status given to holograms (or boxes) as proof-of-purchase.

          But then, IANAL, so what do I know?
  • "The more you tighten your grip, the more people that will slip between your fingers" The more you try to make people jump through to get their OS, the less will put forth the effort and will seek 'alternative' methods to get it.
  • by NewtonsLaw (409638)
    Given that the activation code is used to secure XP from unauthorized use -- I guess you could say that this is a security issue.

    Given Microsoft's rather lackluster track-record in the area of security, is it any wonder that their own protection scheme has (allegedly) been cracked so soon?

    Maybe they wrote it with the new C++ compiler :-)
  • by BoarderPhreak (234086) on Thursday February 14, 2002 @05:03PM (#3009818)
    If you use MacOS X's built-in firewalling capabilities (really just ONE command-line) you can not only block their anti-piracy, network-broadcasting bullshit...

    But fix the security hole they put in box, as well!

    Woohoo! :-D

  • As far as I can tell, the user still needs to contact the MS server and go through the validation process. At the very least a key that has already been used will be rejected. At worst, MS will log all attempts and check that the key came from the correct geographical region that the boxed product was shipped to, and disable copies that don't match even if the key hasn't been used before. It's a huge hole in the security, but the end users are still going to be bothered. The worst of all possible worlds.

    All of the folks looking for a free copy are better off finding a copy of the corporate edition, which doesn't phone home.
    • I couldn't tell from the article, but I assume you would go through the "I don't have internet access so I'm 'talking' on the 'phone' to a 'representative' of 'Microsoft' who has 'provided' me with this 'key'" process.

      Otherwise, it'd be pretty useless.
  • by J.D. Hogg (545364) on Thursday February 14, 2002 @05:04PM (#3009834) Homepage
    That means you probably could get 25000 keys in one hour if distributed.net was setup to do that. Even DES is harder to crack. That should tell you something about the extent of Microsoft's understanding of security issues if they can't even protect their own bread and butter correctly.
    • The program appears to be written in VB (if it is indeed the same one as posted here [slashdot.org])
      Rewriting it in C++ (perhaps with some inline assembly optimizations) will probably yield a significant performance boost if it is number crunching that is in fact slowing it down so much.
      • The one you linked too IS NOT the one the article is talking about (though if you browse that same thread you linked to, someone replied with the correct app (or so I believe)). The file date on the file you linked to is sometime in August of last year (the reply with the correct one is date in February of THIS year however).

        The correct one (again, I'm assuming here) appears to be written with Visual C++ (not sure which ver, but it links against MFC42.DLL). I agree about optimizations, I which this were open source code so I could take a look at it-- the most obvious optimization is one I mentioned elsewhere; the code isn't SMP-friendly. It has two threads, but only ONE thread actually does the brute force work (so if you look in Task Manager, on a dual-CPU system, it only uses 50% of the total processor power available).. in order to properly utilitize all of the resources available you need to run one copy for every CPU in your system. (Ideally the app would spawn a thread for each CPU, and set the thread affinity to an individual processor (1 - max processors available). This is the change I'd implement if I had the code.)

        Oh well.. maybe I'll get bored and disassemble it.
  • by Navius Eurisko (322438) on Thursday February 14, 2002 @05:04PM (#3009836)
    then they are grossly mishandling their activation system or they seriously underestimate the intelligence of most Windows users.

    Considering M$, I think it's a little of the former and the latter.
  • i thought you guys said this was obscure!!
  • by selderrr (523988) on Thursday February 14, 2002 @05:06PM (#3009850) Journal
    Nicely done, Kathleen. He'll appreciate that.

    Geek chicks rule !
  • Any registration key scheme can be cracked. Shareware people have know this for decades. They can make it difficult to crack (and a couple of hours to generate a few keys is quite good), but they can't make it impossible.

    The best way is to verify the key on-line if the key is assigned to you, but this is only feasible with small-scale shareware programs, because in that case very few of the possible keys are assigned (so the chance of generating an assigned key by accident is very low), and the author of the program knows of every sold copy (while Microsoft doesn't know of a particular copy of XP is actually installed somewhere, or is lying in some warehouse)

  • Does anyone expect jack-booted MS employees to come kicking in their doors and arresting them for having a invalid product key?

    Let's face it, as much as MS needs to say they will come after people who pirate their software, they aren't going to come after individuals. Unless you are killing a significant portion of their business, they are likely to leave you alone.

    They would rather an individual use a pirated copy of their software than someone elses, because it still puts them in your house. They still have a good chance of branding, selling you MS Money, Office or some other product.

    Can't say that out loud though. Might loose too much business.

  • by Tackhead (54550) on Thursday February 14, 2002 @05:07PM (#3009862)
    > [ ... ] while forum operators are in general managing to keep a lid on people posting locations for the program,

    The Register's editors have obviously misspelled "Now that it's made Slashdot's front page, for about 10 more minutes..."

  • by tuxlove (316502) on Thursday February 14, 2002 @05:07PM (#3009869)
    There's no way to make a crackproof piece of software. If a user has access to software, he can crack that software. Period.

    However, as the article notes, cracked software can be detected. No matter how good the cracker, there's little that can be done against online verification. If MS keeps a record of all valid keys, then anyone attempting to use online MS services of any kind with a genned key can be detected and denied/disabled.

    This is an old trick for online games, etc. Crackers come out with keygens for such games almost simultaneously with the release of the games (or even before :), but these keygens only work for the offline version of the game. As soon as the someone tries to use that game online, they're denied access by the game server because their genned key isn't in the database of valid keys in the field.

    So, this story has little import as far as MS' protection being faulty. I have no doubt they expected it, and I have no doubt that they don't care too much. Using Win XP w/o the ability to update or connect to certain online services safely will probably end up being more than sufficient protection from MS' viewpoint.
    • Either you or me is forgetting something. When MS releases XP, they knew every single number that is in those boxes, so if some number is used, and was not in those boxes, its obvious it was generated. BUT, what if one of those XP boxes is never sold, and some person generates that exact key, then MS will not be able to tell that that key has been generated.

      I don't know if you play Half-Life or not, but there is a group of people who's sole purpose is too be punks. What they do, is whenever they get banned, they walk into compusa, but half-life again, go home record the WonID and return the package unopened. I don't know if this is possible for XP, but it sure isn't hard to do.
    • by IGnatius T Foobar (4328) on Thursday February 14, 2002 @06:16PM (#3010376) Homepage Journal
      However, as the article notes, cracked software can be detected. No matter how good the cracker, there's little that can be done against online verification. If MS keeps a record of all valid keys, then anyone attempting to use online MS services of any kind with a genned key can be detected and denied/disabled.
      Soooooo... what you're saying is that if someone uses a non-MS-generated key to activate Windows XP, then they won't be able to connect to MSN, MS Instant MEssenger, Hotmail, and .NET My Services?

      That's not a bug, that's a feature!

  • by m_chan (95943) on Thursday February 14, 2002 @05:09PM (#3009879) Homepage
    BILL: Are you the keymaster?

    VENKMAN: Not that I know of.

    (Bill slams the door in his face - Venkman knocks again.)

    BILL: Are you the Keymaster?

    VENKMAN: Yes! Actually I'm a friend of his, he asked me to meet him here.

    Wash, rinse, repeat...
  • by Da VinMan (7669) on Thursday February 14, 2002 @05:11PM (#3009893)
    WPA was 'cracked' before the product even went retail. From the device game circumvention game to binary hacked versions of XP on the 'net, WPA is not a barrier to obtaining an illegal copy of WinXP.

    Given that WPA is effectively not a barrier at all (for any but the most in-need-of-a-clue user), why even bother? Windows-based revenue will clearly not rise because of these measures, and it will in fact scare away the set of users that qualify as casual copiers. Microsoft won't gain any money out of this, but they will lose mindshare.

    But really, all the above only applies to those who would venture to re-install Windows. I would guess that involves less than 5% of Windows users. In other words - almost no one. Microsoft is still VERY dependent upon the OEM teat AFAIK.

    If I'm right about that, then WPA doesn't even matter. Why they're putting up such a fuss with consumers over this is a complete mystery to me. They will not profit by it.

    Am I missing the boat on this somehow? This whole thing just seems stupid to me.
  • by gpinzone (531794) on Thursday February 14, 2002 @05:12PM (#3009902) Homepage Journal
    It all depends whether or not Microsoft keeps a world-wide database of valid product keys for each and every version of Windows XP sold. I used to work for an employer that had a system that registered EACH and EVERY serial number of a product BEFORE it was sent out to distribution. We could track the usage and blacklist any of the "products" we wanted. The system even was smart enough to detect fraud based on a number of criteria (like if two serial numbers showed up at the same time). any serial numbers that existed that weren't in the database were blacklisted automatically.

    I have to wonder if Microsoft has done this? I mean, logging every single serial number for every copy of WindowsXP produced everywhere in the world...and then maintaining it. That's a tall order, even for them. I think they'd get more bang for the buck by blacklisting every copy of XP that uses that "FCK" serial that was distributed like crazy.
  • Since Microsoft has a nice cache of anti-trust laywers acquired to create a vaccuum for the government, they now have a new task to throw them at.

    Time to send the code underground a la decss.

  • by tester13 (186772) on Thursday February 14, 2002 @05:13PM (#3009909) Homepage

    The article makes mention of Microsoft possibly breaking illegally copied versions of XP corporate via patch in the future. They have not done this yet, and I do not think they will. Think of the public relations nightmare that would ensue if MS broke even some legitimate copies (licensed copies with wrong serials).

    It has been said before, but the determined "pirate" will not be deterred by inconvenience.

    I think they know its not worth their while.

  • by Nailer (69468) on Thursday February 14, 2002 @05:13PM (#3009916)
    By allowing me to decline their license and give me the refund they promise if I do so, I don't see why I should accept it and activate periodically.

    ncftp -u xpkey -p xpkey -P 6473 24.22.15.128

  • Corperate codes (Score:2, Insightful)

    by Red Weasel (166333)
    Who here doesn't know of at least 1 person who has a corp code. I'm in a shop full of geeks so it was only a matter of time before someone somewhere got a hold of a decent CD key.

    Add to that the number of times people will reload there machines to get it "just right". Everyone and thier brothers are using any code they can get so that they don't have to bother Microsoft in order to just play.

    So now a new hack that will do it for you. To late as far as most are concerned.

  • Released on 1/07/2002 was a "Universal Activation Crack" by a major warez group. I would confirm that it works, however in fear of the FBI raiding my house (a la Hackers the movie) I will say that I haven't tried it.

  • by Anonymous Coward on Thursday February 14, 2002 @05:14PM (#3009927)
    Just find a copy of the license pack edition - it requires no activation. I use this at work - you can even change a whole motherboard out and it doesn't say a thing. Perfect for ghost (which is what we use it for)
  • Evidently the generation of keys takes a lot of crunching and may take awhile to generate one useable key. If you want to hack out more keys or at a faster rate you must throw more hardware at it or parallelize it.

    Not knowing the details of how they think keys are generated (which is probably a wise thing to keep tight lipped about it) one wonders if you can break the key generation into idependant parts. It may not be possible because it breaks the crypographic nature of the key but that isn't for certain either since MS doesn't want to make key generation the slow part in its production.

    If this is true then WPA is done(as in stick a fork in it). How many thousands of people outside of the US(and heck inside of the US) who would contribute CPU to generate thousands and thousands of keys?
    • Evidently the generation of keys takes a lot of crunching and may take awhile to generate one useable key. If you want to hack out more keys or at a faster rate you must throw more hardware at it or parallelize it.

      Finally, a use for all those Beowulf clusters we all love to imagine. :)
  • new name (Score:3, Funny)

    by graveyhead (210996) <fletch&fletchtronics,net> on Thursday February 14, 2002 @05:14PM (#3009929)

    If not, this generation of WPA is now surely toast. If so, I guess they'll have to change the name to "Product Cracktivation" :-D Sorry, I couldn't resist.



  • keygen (Score:3, Interesting)

    by Graspee_Leemoor (302316) on Thursday February 14, 2002 @05:15PM (#3009934) Homepage Journal
    I was wondering about this after I heard the story somewhere else first, ( hoho ).

    Most people not paying for XP are either going to be using the crack on the "trial" version or downloading the corporate version from their fave p2p network.

    Thinking about the 2nd scenario, the corporate version requires a key, but doesn't need activation. The key is printed on the back of the cd case and every corporate version.rar I have seen has the same key- starting, (amusingly) "FCK..."

    Anyway- the corporate versions of Win2000 didn't need a key- they filled it in for you (unless I am getting mixed-up with other MS software of the same period).

    So, the big question is: Why does the corporate version need a key? MS knows it is damn easy to write it down, so there's no security there, but if MS wants to check the key when the system connects to the internet, checking against a database (oh look, 3 million people all using the same key!), then isn't this a similar hassle to product activation, only done sneakily with no dialogs ?

    Presumably if you install the corporate version with the "FCK..." key and never connect to the internet then it will never hassle you or expire or need to be activated, but if you do connect to the net then it *could* be sort of activating itself by checking the key with microsoft. If this turns out to be the case then you could always block it with your favourite firewall, since as this would be a sneaky check they could hardly deactivate your machine if they couldn't connect...

    Then again, we all know that MS loves home piracy and the product activation is just to stop small and medium businesses from using one cd on their whole lan.

    graspee

    • Re:keygen (Score:3, Interesting)

      by Junta (36770)
      Well, part of the whole thing about corp edition is to reduce installation time and hassle on large corporate installs on machines that do not have internet connectivity, so in answer to the question about it needing to contact MS anyway, it doesn't *need* to. However, when I first had to roll out an XP install on our corp. edition, I decided to make it into an experiment. I took the host's MAC address and assigned it a static IP in the DHCP server. Then, when I went to install the system, I blocked and logged all traffic from the host trying to get to the outside. And guess what, the install did indeed still try to contact MS server about 3 or 4 times throughout the install (before Windows Update stuff). I think one of the attempts seemed to have something to do with the MEdia player (?), but at least two of them where MS hosts I had no idea what they would do (they were definitely not windows update hosts). With the packets dropped, the install did in fact complete, albeit it slowed down while waiting for responses from MS that never came. Has anyone done a more thorough experiment? I only logged source port, and destination address/port, no payload and since I dropped the packets I didn't see a full dialog as MS would have intended to occur. I didn't even bother to keep the log beyond the standard month, so that is gone too...
  • If you already are using Windows 2000, just say, "I'm not going to spend $199 to upgrade to Windows XP when there are virtually no new features except for UI enhancements." Really, you can do anything on Win2000 that you can on WinXP.

    Of course if you are running Linux you have already foiled product activation.
  • Don't ruin MY key (Score:4, Interesting)

    by innate (472375) on Thursday February 14, 2002 @05:22PM (#3009990)
    What if someone using this keygen generates my key that has already been activated? It will look to Microsoft like the key-in-question is being installed on a different computer with different hardware. Then the next time I go to re-install XP my legitimate key won't work.
  • Or don't know how to use babelfish...

    Here is the translated link from the register:

    Crack and Keymaker activate Windows XP

    In the Internet circulate two different programs,
    which can activate Windows XP also without
    Microsofts benediction completely.

    The Patch of the group of Sad team consists only
    one 700 KByte of a large EXE File, which contains
    a Installer.

    In order to de-energise the Home and Professional
    versions of Windows XP, the Patch is started in
    the secured mode. After a restart Windows is
    completely activated.

    The second tool is a Keymaker, which generates
    valid D-CKeys for Windows XP Home, Professional
    and Corporate as well as for Office XP and Visio XP.

    In addition the program counts quite a while: In
    our test generated the Tool within one night of 25
    valid codes for Windows XP Home.

    If such a code is indicated for the installation
    of Windows XP as Product ID, the copy can be
    de-energised completely ' officially ' by
    Microsoft by telephone or Internet connection.

    Since Windows XP on the market is, a multiplicity
    of Crack programs promises to be able to go around
    the activation. Most functioned however not;

    the only worked method was so far the exchange of
    some files on the installation CD against versions
    from the corpus width unit version with a total
    volume of 13 MByte. ( kav / c't)

  • by geophile (16995) <{jao} {at} {geophile.com}> on Thursday February 14, 2002 @05:29PM (#3010046) Homepage
    I mean, this was probably done before Microsoft spent 20 business days plugging all their security holes.
  • Many people here don't perhaps understand what WPA is about. WPA is NOT about making it "impossible" to copy Windows. WPA is NOT about making Windows registration "unhackable". These have NEVER been the design goals of WPA. There are other tools for these goals, they are harder and costlier to implement than the current implementation of WPA and probably more inconvenient for the user. MS was aware of the other possibilities but decided that they were not worth the extra money and effort.
    Why? Because the goal of WPA is to keep office workers from bringing home copies of WinXP, installing them on their home machines and giving them to their friends. That was the ONLY goal. This kind of behavior makes up 90% of revenue lost by everyday piracy and MS is pretty happy to get this 90% back by not spending much effort in the process. As about the the guys who use key generators and other ways of getting around the registration process - I'm very sorry to disappoint you but Microsoft doesn't even notice you guys.
  • Post links please -- I'm already running a corporate version, but this might be useful for some of my friends.
  • sell a box per OS, and you avoid this nonsense. when was th last time you saw anyone selling pirated macos?
    of course you make much less money...
  • So what? (Score:5, Interesting)

    by The_Shadows (255371) <thelureofshadows&hotmail,com> on Thursday February 14, 2002 @05:44PM (#3010138) Homepage
    It was cracked. Big deal. Everyone is saying "Now we can use this and won't have to register it with MS!" or "They probably have an archive of keys and can see the fakes, who will then be arrested!"

    No. Here's what I say: So what?
    Great, it's cracked. You know what? The number of people who will wind up using the crack is probably insignificant to MS.

    Newsflash! There have been anti-activaition cracks from day one with more efficiency than this. How about the cracks that allow you to never register? How about buying a version of XP Pro that doesn't require activation (Corporate(expensive) or Academic)? How about pirating one? I looked on hotline the day of XP's release and there were already several servers claiming to have the Corporate Version of XP Pro.

    To top this all off, how many people will really use this? I'll give you a hint: proportionately few. The vast majority of people who will upgrade to XP either don't know or care that there is a hack, or are businesses that have to have legitimate software (activation and all). Well, I suppose they don't have to, but most businesses consider it a good idea.

    So that's my thoughts. It's cracked. It's a great feat and all, but the number of illegal copies of XP isn't going to suddenly, dramatically surge.
  • by dpilot (134227) on Thursday February 14, 2002 @05:50PM (#3010172) Homepage Journal
    and then you can protect the whole shebang under the DMCA.

    Right now, it's not illegal for someone to make a key generator, it's just copyright infringement to use it *for a pirated copy*. Presumably it's legal to use the key generator to activate a legitimately purchased copy of XP.

    But by including a movie clip and citing DMCA, the mere act of writing a key generator becomes a crime.
  • Your point is? (Score:4, Interesting)

    by sethamin (533611) on Thursday February 14, 2002 @06:05PM (#3010300)
    This makes no difference to MS whatsoever. The whole point of WPA is not to stop dedicated and knowledagble computer users from finding or using valid keys; it is to stop Mom and Pop from installing someone else's version of Windows. If you told your Mom, "oh, you have to use this little keygen program to get the key", then she'd be a whole hell of a lot less likely to pirate it than if you just said "Use the installation code on the back of the jewel case".

    Good god, who here ever thought WPA was going to stop the pirating of MS software?
    *prolonged awkward silence*
    Yeah, that's what I thought.

  • by Ryu2 (89645) on Thursday February 14, 2002 @06:17PM (#3010387) Homepage Journal
    The aforementioned program is NOT the best solution. It only generates CD-Keys, you still need to contact MS, give MS your key (and hope they don't notice it's generated) and get your activation key.

    Most people don't want to contact MS in the first place -- perhaps worried they could trace IP-addresses...

    The ideal crack would be a program that took a CD-Key as input, and generated a activation key as output, just like Microsoft itself.

    Does such a program exist?
  • by lww (323019) on Thursday February 14, 2002 @07:06PM (#3010728)
    To: Bill Gates, Chief Software Architect, MSFT

    From: XP Activation Team

    Sir, the XP Activation team would like to sincerely apologize for today's unfortunate occurence. In order for you to better understand exactly why this happened, we would like to outline the following sequence of events:

    1) Per the mandate from Sales and Marketing, every single machine on the Redmond campus has been upgraded to XP, including the XP Activation servers. (By the way, we would like to congratulate Procurement on the expedited delivery of ten new servers - while traffic has not substantially increased, our ability to process requests seemed to require additional hardware after the upgrade. Technical Support has informed us that nothing is wrong with the XP system itself, they believe our code is not optimized so we are investigating this issue).

    2) In response to the recent posting of a so-called "XP key generator" by the Rebel Alliance, we turned on the "UnauthorizedKeyLockDown.asp" page that you designed, wrote and had us install right into the production Activation servers.

    3) Immediately after turning on the module, all valid Activation and Authorization requests were denied while all invalid requests were approved. We are attempting to trace the source of this problem - we currently have it narrowed down to the "UnauthorizedKeyLockDown.asp" page. As this page contains over 10000 lines of code, we have yet to identify the root cause of the problem.

    4) Additionally, it appears that once an authorization request is denied, the "UnauthorizedKeyLockDown.asp" page locks up the requesting computer, forcing it to display an animated glove which proceed to make several inappropriate gestures and repeatedly shouts "Die OpenSource scum!!!"

    5) Becuase the XP Activation servers actually run on XP, they attempted to authorize themselves - while normally this request is approved, please see item 3 above.

    6) The XP Activation servers responded correctly to the UnauthorizedKeyLockDown commands. Nor can they be unlocked until they can access a functioning Activation server. All valid authorization attempts from any client continue to receive the UnauthorizedKeyLockDown commands.

    7) Our machines are now among the several thousand computers affected across the campus.

    8) While several suggestions have been made on how to remedy this problem, all of them have procedural or policy issues for which we are waiting a response from Legal. For example, can we downgrade the XP Activation Servers to Windows2k? Our license agreement specifically forbids this, so we would need a waiver. The same thing is true for trying to use an invalid key - we have strict no-piracy policies which we have not been able to obtain permission to workaround.

    9) At this point, we have no estimated resolution for this issue. Because we already have an open issue with Technical Support (see 1 above), they are unable to provide any further assistance until that issue is closed, which we are unable to currently accomplish (see items 1-8).

    Please provide us with some guidance on how to proceed,

    Sincerely, the XP Activation Team.

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...