WinXP Keygen Foils Product Activation

Bill Gates' Friend's Brother's Roommate writes: "The Register has a story on a working key generator that produces 25 valid Windows XP Product Activation Keys in a few hours. As author John Lettice summarizes, 'So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast.'"

Weird

[glh]

Don't they have some kind of database with all the keys in it.. (after all, a lot of games out there such as anything newer by blizzard works that way)!

Well, yes

[Anonymous Coward]

We can tell by checking your Activation ID against our database. If it isn't in their, it isn't properly registered.

We've got your MAC address, so it isn't like it's a big deal to verify the AID against that to make sure you aren't just loading the OS across multiple machines.

Basically, this system will work as long as you don't connect to the internet.

Enjoy!

It's a security issue

[NewtonsLaw]

Given that the activation code is used to secure XP from unauthorized use -- I guess you could say that this is a security issue.

Given Microsoft's rather lackluster track-record in the area of security, is it any wonder that their own protection scheme has (allegedly) been cracked so soon?

Maybe they wrote it with the new C++ compiler :-)

This just generates the keys...

[reemul]

As far as I can tell, the user still needs to contact the MS server and go through the validation process. At the very least a key that has already been used will be rejected. At worst, MS will log all attempts and check that the key came from the correct geographical region that the boxed product was shipped to, and disable copies that don't match even if the key hasn't been used before. It's a huge hole in the security, but the end users are still going to be bothered. The worst of all possible worlds.

All of the folks looking for a free copy are better off finding a copy of the corporate edition, which doesn't phone home.

25 keys in one night with one PC

[J.D. Hogg]

That means you probably could get 25000 keys in one hour if distributed.net was setup to do that. Even DES is harder to crack. That should tell you something about the extent of Microsoft's understanding of security issues if they can't even protect their own bread and butter correctly.

This is a bit late in the game to even care...

[Da VinMan]

WPA was 'cracked' before the product even went retail. From the device game circumvention game to binary hacked versions of XP on the 'net, WPA is not a barrier to obtaining an illegal copy of WinXP.

Given that WPA is effectively not a barrier at all (for any but the most in-need-of-a-clue user), why even bother? Windows-based revenue will clearly not rise because of these measures, and it will in fact scare away the set of users that qualify as casual copiers. Microsoft won't gain any money out of this, but they will lose mindshare.

But really, all the above only applies to those who would venture to re-install Windows. I would guess that involves less than 5% of Windows users. In other words - almost no one. Microsoft is still VERY dependent upon the OEM teat AFAIK.

If I'm right about that, then WPA doesn't even matter. Why they're putting up such a fuss with consumers over this is a complete mystery to me. They will not profit by it.

Am I missing the boat on this somehow? This whole thing just seems stupid to me.

It's not the serial number that's important.

[gpinzone]

It all depends whether or not Microsoft keeps a world-wide database of valid product keys for each and every version of Windows XP sold. I used to work for an employer that had a system that registered EACH and EVERY serial number of a product BEFORE it was sent out to distribution. We could track the usage and blacklist any of the "products" we wanted. The system even was smart enough to detect fraud based on a number of criteria (like if two serial numbers showed up at the same time). any serial numbers that existed that weren't in the database were blacklisted automatically.

I have to wonder if Microsoft has done this? I mean, logging every single serial number for every copy of WindowsXP produced everywhere in the world...and then maintaining it. That's a tall order, even for them. I think they'd get more bang for the buck by blacklisting every copy of XP that uses that "FCK" serial that was distributed like crazy.

Well they won't accept their license agreement...

[Nailer]

By allowing me to decline their license and give me the refund they promise if I do so, I don't see why I should accept it and activate periodically.

ncftp -u xpkey -p xpkey -P 6473 24.22.15.128

keygen

[Graspee_Leemoor]

I was wondering about this after I heard the story somewhere else first, ( hoho ).

Most people not paying for XP are either going to be using the crack on the "trial" version or downloading the corporate version from their fave p2p network.

Thinking about the 2nd scenario, the corporate version requires a key, but doesn't need activation. The key is printed on the back of the cd case and every corporate version.rar I have seen has the same key- starting, (amusingly) "FCK..."

Anyway- the corporate versions of Win2000 didn't need a key- they filled it in for you (unless I am getting mixed-up with other MS software of the same period).

So, the big question is: Why does the corporate version need a key? MS knows it is damn easy to write it down, so there's no security there, but if MS wants to check the key when the system connects to the internet, checking against a database (oh look, 3 million people all using the same key!), then isn't this a similar hassle to product activation, only done sneakily with no dialogs ?

Presumably if you install the corporate version with the "FCK..." key and never connect to the internet then it will never hassle you or expire or need to be activated, but if you do connect to the net then it *could* be sort of activating itself by checking the key with microsoft. If this turns out to be the case then you could always block it with your favourite firewall, since as this would be a sneaky check they could hardly deactivate your machine if they couldn't connect...

Then again, we all know that MS loves home piracy and the product activation is just to stop small and medium businesses from using one cd on their whole lan.

graspee

Re:This just generates the keys...

[Aexia]

I couldn't tell from the article, but I assume you would go through the "I don't have internet access so I'm 'talking' on the 'phone' to a 'representative' of 'Microsoft' who has 'provided' me with this 'key'" process.

Otherwise, it'd be pretty useless.

Don't ruin MY key

[innate]

What if someone using this keygen generates my key that has already been activated? It will look to Microsoft like the key-in-question is being installed on a different computer with different hardware. Then the next time I go to re-install XP my legitimate key won't work.

Re:Weird

[govtcheez]

> Quite smart, really.

Except that every Blizzard game I've ever played would be just peachy if a reg-code of all 3's was typed in. Seriously.

For those of you who don't read German...

[oobeleck]

Or don't know how to use babelfish...

Here is the translated link from the register:

Crack and Keymaker activate Windows XP

In the Internet circulate two different programs,
which can activate Windows XP also without
Microsofts benediction completely.

The Patch of the group of Sad team consists only
one 700 KByte of a large EXE File, which contains
a Installer.

In order to de-energise the Home and Professional
versions of Windows XP, the Patch is started in
the secured mode. After a restart Windows is
completely activated.

The second tool is a Keymaker, which generates
valid D-CKeys for Windows XP Home, Professional
and Corporate as well as for Office XP and Visio XP.

In addition the program counts quite a while: In
our test generated the Tool within one night of 25
valid codes for Windows XP Home.

If such a code is indicated for the installation
of Windows XP as Product ID, the copy can be
de-energised completely ' officially ' by
Microsoft by telephone or Internet connection.

Since Windows XP on the market is, a multiplicity
of Crack programs promises to be able to go around
the activation. Most functioned however not;

the only worked method was so far the exchange of
some files on the installation CD against versions
from the corpus width unit version with a total
volume of 13 MByte. ( kav / c't)

Re:want to copy xp the easy way?

[Graspee_Leemoor]

" you can even change a whole motherboard out and it doesn't say a thing"

I changed the mb and processor in my (legal, non-corporate) XP and it didn't say a thing either.

graspee

Re:Can we say Service Pack 1?

[HMC CS Major]

Uh, they havent started doing that with win2k, win98, winme, or any of their other products, why would they start with xp ?

The only thing even vaguely close is the ms office update that refuses to install if its running with a known bad serial number, but that doesnt disable anything.

My theory is that the damage is already done. Messing up the OS isnt going to make the person buy a real copy, it'll just make the person reinstall the same insecure pile of crap they installed in the first place, and then ms will get blamed again because stupid people dont know how to secure their illegal boxes. It's in Microsoft's best interest to let people with stolen versions update their OS, so if nothing else, they dont have software pirates spreading things like Nimda.

Re:Weird

[mr3038]

In Blizzard's games, the routines used by the installer to verify authenticity of a CD key actually checks for compliance to a much more broad algorithm than the keys are actually manufactured by.

Yeah, but it's only question of time when the first keygen starts bombing multiplayer authentication with generated keys until one is okayed and returns only that to end user. Yeah, perhaps your IP gets logged but you wouldn't run that kind of program on your own computer, would you? Local library or ISPs shell would be just fine.

Current system could work if keys were big enough so that hitting real key with keygen would be hard but, unfortunately, as long as end user has to type in the code during install you cannot input that many bits into the key anyway.

Re:But what about Microsoft snooping on your key?

[maddman75]

Spyware is not easy to sneak by. Think of how many smart people have a BSD firewall sitting in front doing transparent firewalling while logging every single packet that goes by?

The guys in comp.os.vms group claim to have put a packet sniffer on an XP box with nothing special running and found encrypted packets heading for microsoft. No idea what was inside them.

So what?

[The_Shadows]

It was cracked. Big deal. Everyone is saying "Now we can use this and won't have to register it with MS!" or "They probably have an archive of keys and can see the fakes, who will then be arrested!"

No. Here's what I say: So what?
Great, it's cracked. You know what? The number of people who will wind up using the crack is probably insignificant to MS.

Newsflash! There have been anti-activaition cracks from day one with more efficiency than this. How about the cracks that allow you to never register? How about buying a version of XP Pro that doesn't require activation (Corporate(expensive) or Academic)? How about pirating one? I looked on hotline the day of XP's release and there were already several servers claiming to have the Corporate Version of XP Pro.

To top this all off, how many people will really use this? I'll give you a hint: proportionately few. The vast majority of people who will upgrade to XP either don't know or care that there is a hack, or are businesses that have to have legitimate software (activation and all). Well, I suppose they don't have to, but most businesses consider it a good idea.

So that's my thoughts. It's cracked. It's a great feat and all, but the number of illegal copies of XP isn't going to suddenly, dramatically surge.

Broken?

[Squeezer]

the script does nothing.

[adam@awilliam adam]$ cat winxpactkey
#!/usr/bin/perl

use MIME::Base64; $x = ""; while() { $x .= $_; $x =~ s/[\r\n\t ]//g; } print decode_base64($x); exit 0;
[adam@awilliam adam]$ ./winxpactkey

Old news

[grimmy]

There's several key gen's out there, and also several ways to disable activating XP.

Ohh and did I mention there's also an activation code generator? :)

Your point is?

[sethamin]

This makes no difference to MS whatsoever. The whole point of WPA is not to stop dedicated and knowledagble computer users from finding or using valid keys; it is to stop Mom and Pop from installing someone else's version of Windows. If you told your Mom, "oh, you have to use this little keygen program to get the key", then she'd be a whole hell of a lot less likely to pirate it than if you just said "Use the installation code on the back of the jewel case".

Good god, who here ever thought WPA was going to stop the pirating of MS software?
*prolonged awkward silence*
Yeah, that's what I thought.

WPA not meant to stop crackers

[tekman]

WPA is simply not meant to stop crackers. I mean, there are all kinds of tricks out there you can pull during installation to fool the setup procedure into not installing wpa, et cetera. WPA's main target is the small business who buys one copy of Windows and installs on all 10 of their machines. Now M$ gets ten times the profit out of them. Most people who run small businesses aren't computer savvy enough to know about keygens and cracks, and they'd probably be very worried about getting caught if they used one. Microsoft probably doesn't care very much if everyone at slashdot installs windows without paying (actually, they might be happy do get most *NIX geeks to install windows).

Re:Include a movie clip, as "part of the OS",

[ShavenYak]

Please read the DMCA before you continue to sprout off non-sense. It's about circumventing copyprotection schemes and CSS is not the only one in existance.

Actually, as seen in the DeCSS case, the courts have decided it illegal to circumvent an *access control* technology, which is what CSS is. CSS doesn't prevent copying a DVD, it prevents viewing it on devices whose manufacturers haven't paid their license fee to the DVD cartel.

Since WPA (or any key system) could also be construed as an access control technology (it doesn't prevent copying, it prevents unauthorized use), it is possible that the DeCSS case could be used as precedent to make keygens illegal to write or distribute or even link to.

Re:Heres another way to foil product activation

[ZxCv]

Have you ever used WindowBlinds? It made my otherwise predictable and stable Win2K rather unstable and sometimes downright unusable. I used it for longer than I otherwise would have because when it worked, it really was a cool product. And even at that, I think I had it installed for less than a week before the stability issues just became too much. If you have used WindowBlinds, was your experience anything the same? And if you haven't, why not?

A better analogy...

[mangu]

Ford says, "you bought the car, but you didn't buy the keys". Now you have the right to tow your car to your garage and let it sit there.

And, of course, you can't have a locksmith duplicate your keys if you lose them, because locksmithing is illegal under the DMCA. Please, understand this, we need the DMCA to give an incentive to software and entertainment producers to keep churning out their creations. After all, which is more important: having some way to get into your home if you lose your keys, or making sure your kids will have an uninterrupted supply of first-person-shooters?

OH NOOO!!!

[Anonymous Coward]

Please stop with the logical arguments!!
You are ruining people's fantasies about sticking it to MS!!
Like the fantasy about costing MS $100 by buying an XBOX for $300 but not buying any games (because MS loses $100 on each XBOX). Of course, this plan glosses over the fact that anyone who does this is out $300 themselves in the process, but don't let logic stand in the way of these "let's stick it to MS" people!!

Re:keygen

[Junta]

Well, part of the whole thing about corp edition is to reduce installation time and hassle on large corporate installs on machines that do not have internet connectivity, so in answer to the question about it needing to contact MS anyway, it doesn't *need* to. However, when I first had to roll out an XP install on our corp. edition, I decided to make it into an experiment. I took the host's MAC address and assigned it a static IP in the DHCP server. Then, when I went to install the system, I blocked and logged all traffic from the host trying to get to the outside. And guess what, the install did indeed still try to contact MS server about 3 or 4 times throughout the install (before Windows Update stuff). I think one of the attempts seemed to have something to do with the MEdia player (?), but at least two of them where MS hosts I had no idea what they would do (they were definitely not windows update hosts). With the packets dropped, the install did in fact complete, albeit it slowed down while waiting for responses from MS that never came. Has anyone done a more thorough experiment? I only logged source port, and destination address/port, no payload and since I dropped the packets I didn't see a full dialog as MS would have intended to occur. I didn't even bother to keep the log beyond the standard month, so that is gone too...

Re:But what about Microsoft snooping on your key?

[BrookHarty]

Install XP and see for yourself.

It trys to connect to time.microsoft.com, windows updates, intellimouse updates, m$ internet keyboard pro, media player, msn messenger, windows explorer (dont know why, but my firewall catchs it).

Im running tinysoft firewall, which tells me which process is trying to connect to the internet, and create an ACL for it. It also does a CRC check to let me know if the binary is updated.

Here are a couple processes from my ACL.

e:\program files\microsoft hardware\keyboard\type32.exe
e:\program files\microsoft hardware\mouse\point32.exe
e:\program files\common files\system\mapi\1033\nt\mapisp32.exe
e:\windows\pchealth\helpctr\binaries\helphost.ex e (Microsoft Help Center Hosting Service)
e:\windows\system32\ALG.exe (Application Layer Gateway Service)
e:\windows\system32\LASS.exe (Local Security Authority System)
e:\windows\system32\svchost.exe (Generic Host Processes for Windows)

-
Majority rule only works if you're also considering individual rights. Because you can't have five wolves and one sheep voting on what to have for supper. - Larry Flynt

Re:keygen

[necrognome]

Perhaps M$ is keeping track of how many machines your firm's corp. edition has been installed on. This way the BSA [bsa.org] would know who to target during the next Amnesty^H^H^H^H^H^H^HExtortion period.

Re:Well, yes

[jerdenn]

Because the MAC address is considered one of the few relatively static numbers easily associated with a particular workstation. It is not a normal event for a workstation to have a NIC changed, or for someone to perform a soft-update upon a NIC card, changing the MAC address. Indeed, MS Word used to embed the MAC address into documents as a (secret) form of identification.

-jerdenn

Re:Weird

[Anonymous Coward]

a good method that i've never seen used for key generation is to not use a "Working/Not Working" states, but instead, have the key actually disable/enable certain parts to the game. It would make finding a valid key even harder. You might think you have a valid one, but get to level 3, and the game suddenly dumps you out unexpectedly. It wouldn't be foolproof as far as stopping piracy, but it might hamper it a little i suppose.

Re:Weird

[Anonymous Coward]

>This guy wrote the app, and he's free to do whatever he wants to prevent it from being stolen and/or used illegally.

Last time I made sure that the house I built wasn't being used illegaly they jailed me for murder.

There's limits to as far as you can go to protect your property. The destruction of other's property to protect your own, is, in many countries, a very grey area. The author of CDRWin may be liable for any lost data should the software purposely attempt to destroy any data, fake backing it up, or cause the computer to be unusable. Sure, you may have to pay a fine and (very very unlikely) go to jail, but that could pale in comparison to what this person is letting himself in for.

Ever noticed that most satellite companies don't destroy hardware remotely even when it knows the receiver's hacked? The worst they usually do is rewrite the software which they own. They don't, however, try to wear out eeproms, or anything else that doesn't have "this is owned by xyz company" written on it. They know there is a huge liability problem involved in this, and they know a jury would consider purposeful mass destruction of hardware a much worse crime than getting a free month or two of TV (which, in some cases, is legalized anyways).

Comparing Apples and Oranges and Tangerines

[wizzardz]

Why anyone would bother on the subject of key generation for XP anything is beyond me. The analysis of Blizzard, who has a very singular and controlled audience and their activation key scheme, has no correlation to MS in all practical pirating sense. Blizzard has one particular audience...the end user. MS has numerous and some very demanding audiences. Of great importance to them are their corporate and developer networks. In these instances, MS has lessened (bulk licenses), and in some instances, eliminated the restrictions (read, no key). A developer would not tolerate having to call MS central each time one of their engineers reinstalled Windows XP...particularly after spending $2K buying the MSDN packages. The simple fact is that no matter what Uncle Bill releases, he will - unlike Blizzard - gladly, and by contract release an identical, but less restricted copy to the MSDN and corporate license holders. These versions of the product are not constrained to the same activation key/call-Uncle Bill-for-permission-each-time schemes that the comparable the off-the-shelf versions are restricted to. Anyone who bothers with a pirated retail version of any MS product only begs for any associated hassle...particularly when a perfect good and unrestricted developer version is out there somewhere. Of course, thats just my opinion...I could be wrong

Re:Microsoft

[erc]

Uh, you missed the point. If I use whatever-that-crack-is to generate a valid product key and activation key, I never need to register with Microsoft. So I could have 1000 copies of XP running, and Microsoft would never know. The only time they might possibly know is if I connected to the net to download updates or something, and I don't need to do that on a cracked copy of XP.