Download From Microsoft Without a WGA Check

Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."

WTF?

[E IS mC(Square)]

Is this not old news [google.com]?

Re:Correct me if I'm wrong...

[IHawkMike]

Normally, the site will install an ActiveX control that verifies that your copy of Windows is genuine. Instead you can bypass this check by running the mgadiag too and modifying the download URL with the code that the tool displays. My copy of Windows is genuine so I don't know if a non-genuine copy gives a working code or if you have to use a code from a legal copy.

Re:Correct me if I'm wrong...

[Jade E. 2]

I did the same thing, went to a test machine with an old blocked VLK and tried it, no dice. Then I realized... Hey, wait a minute. This looks like it's just a shortcut to inputting your product ID by using a hash... I wonder what would happen if I just replaced the hash with one from a valid system?

Not having a valid windows system handy I was willing to run a somewhat questionable executable on, where could I get a valid hash? Oh hey, look at that. Right there in the article it says "(example &Hash=6VJPCR9)". I appended that to the URL, and bingo. "Genuine Microsoft Software".

Mirror for the lazy

[stevetures]

mirror for the lazy:
http://mirrordot.org/stories/3627c5be2ac21048d6da6 04b34dc63bb/index.html [mirrordot.org]

Re:Why the fuck..

[narzy]

Some people just don't like to be frisked every time they want to download or install a piece of software. For me it is the equivalent of getting a cavity search every time I go to the airport. I really just don't enjoy my holes being probed at every turn. My copies of XP are valid and I could really do without WGA.

Re:Correct me if I'm wrong...

[Tatsh]

A nongenuine Windows will return a non-working code, but I'm talking about Windows XP only. Any non-genuine 2000 or below will return a working code, and if you use Firefox and use the separate app method provided on the download site, you can run that on Windows 2000 and then download the files and of course, then use them on an XP machine.

Or you can take the code generated from the Windows 2000 or below (best with 98SE, which M$ doesn't care about anymore) and just type it on your Windows XP machine. This works too.

The Article

[Anonymous Coward]

Download everything from Microsoft without WGA Check
Monday, September 4th, 2006 | Translate to: German flag Spanish flag French flag Italian flag Portuguese flag Dutch flag Greek flag Japanese flag South Korean flag Russian flag Chinese flag

When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.

All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the "Download Center Code", this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.

A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.

        &Hash="download center code"

Replace the "download center code" with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.

To sum it up for the lazy ones:

      1. download mgadiag.exe
      2. start mgadiag.exe and look at the download center code
      3. visit a download page at microsoft.com
      4. append &Hash="download center code" to the url (example &Hash=6VJPCR9), no quotation marks needed
      5. Hit enter

Microsoft is probably going to fix this soon, it is working nevertheless at the moment.

Update: I created two images to show you the difference that the &hash= entry makes:

this is nothing

[sdnoob]

mgadiag.exe still 'phones home' to verify your windows and to obtain the download code (being a diagnostic tool, it also displays some additional license information).

it's no different than running the manual verification using the 'alternate tool' (i.e. the method, still available, that firefox users had to use before microsoft released a netscape/firefox plugin version of the activex checker). http://go.microsoft.com/fwlink/?LinkId=50344 [microsoft.com] (genuinecheck.exe at microsoft.com)

the only thing this will bypass is the installation of the verification activex (or plugin)... so you're still being subject to the 'body cavity search' -- the only difference is that you get to choose when you drop your drawers...

Re:Correct me if I'm wrong...

[Columcille]

Phone home was reported on beta versions of the software. Microsoft documented the phone home practice and removed it in the final version of the software. As far as I know, no complaints have been made about phone home practices since the final version was released.

Re:Correct me if I'm wrong...

[Red Alastor]

Normally, the site will install an ActiveX control that verifies that your copy of Windows is genuine. Instead you can bypass this check by running the mgadiag too and modifying the download URL with the code that the tool displays. My copy of Windows is genuine so I don't know if a non-genuine copy gives a working code or if you have to use a code from a legal copy.

I did not test for a cracked version of Windows but I just did for Linux (using crossover to run the .exe). It worked flawlessly. So I believe the OP probably failed to follow the instructions properly (maybe did not remove the quotation marks).

you're wrong

[Martey]

In that article [slashdot.org], the editor claimed:

Engadget does not provide a link to QTFairUse6, and neither will we.

If you had read the Engadget article [engadget.com], or even looked at the comments [slashdot.org], you would have realized that Engadget did provide a link.

If anything, I think it was editorial laziness rather than ethics that resulted in that article not having a link.

A couple of options

[krray]

I prefer this method: go to AutoPatcher [autopatcher.com] and choose your OS (Win2K, XP, 64, or 2k3). Benefit here is that they do have some nice registry tweaks and/or installers (TweakUI for example) all rolled in for you. Wonderful to bring a new install "up to speed" in as few clicks as possible and keep the file size requirements to a minimum.

Don't trust somebody other than Microsoft themselves? (I can even write that with a straight face :)

Go to: Microsoft Downloads [microsoft.com] and Search in the Windows sub-section. Search for "iso-9660". Be amazed. Problem with this is these downloads are huge (not that I mind on a 10Mbit synchronous pipe :) -- they cover the same Windows families, but to get one you have to download it ALL. This is, of course, good for multi-flavored environments...

Me, myself, and I? I prefer to click on the Apple and choose "Software Update..." (or softwareupdate -ia from the command line). Of course on the servers a good 'ol fashioned "yum update" does the trick. But hey, that's just me. Microsoft is making this WAY TOO HARD -- and I've begrudgingly paid for each and every one of my Windows installs (personal and/or corporate).

And This Is Supposed To Work...How?

[Anonymous Coward]

Right. I did this:

Ran IE.
Tools >> Windows Update
    I get the page with the choice of Express or Custom buttons.
I replace: http://update.microsoft.com/windowsupdate/v6/defau lt.aspx?ln=en-us [microsoft.com]
    With: http://update.microsoft.com/windowsupdate/v6/defau lt.aspx?ln=en-us&Hash=6VJPCR9 [microsoft.com]
Then I press Enter.
    I get the page with the choice of Express or Custom buttons.
I press the Custom button or the Express button.
    I get the page with the yellow/orange Genuine Windows Validation header.
I press the continue button.
    I get page asking me to buy a key.
Result: Doesn't work.

I also did this:

Ran IE.
Copied and pasted link: http://www.microsoft.com/downloads/details.aspx?Fa milyId=94E5BF41-2907-4415-8F72-DA7C2C2ACE09&displa ylang=en&Hash=6VJPCR9 [microsoft.com]
Pressed Enter.
    Successfully downloaded IE7 RC1 file.
Ran file.
    IE7 installation wants to validate.
Result: Doesn't work.

So, if I can't view the page that shows which updates I need and, for the one file (IE7 RC1 install) I do know the name and location of, it ends up wanting to validate on its own anyway, what the bleeping use is any of this to begin with?

An Alternative to Windows Update

[towzzer]

http://windowsupdate.62nds.com/ [62nds.com] This site downloads all the updates using their own firefox plugin. It also doesn't install WGA or checks.

muBlinder.. the best way to get around WGA

[SilentCreep]

Works every time i use it. http://www.p2plife.com/forums/Official_muBlinder_P age-t320.html [p2plife.com]

Re:Correct me if I'm wrong...

[Ninwa]

Using a valid download center key you can download the file on a machine with an invalid VLK, but you still can't install it. This is the case at least with IE7, so I assume it's the same with other software as well. The installer does its own validation check. So ultimately, what do we gain except now we have the installer, which doesn't do an invalid user any good, because it checks for the key. And it doesn't do a valid user any good, because they could've gotten it anyway, without this!

So what the hell is the point of this?

Re:this is nothing

[Anonymous Coward]

so you're still being subject to the 'body cavity search' -- the only difference is that you get to choose when you drop your drawers..

Bullpuckey. I'm running WinNT4.0 which mgadiag.exe does not support.

WGA Data-->
Genuine Validation Status: Unsupported OS
Windows Product Key: Failed to get Product Key.
Windows Product Key Hash: Failed to get Product Key.
Windows Product ID: Failed to get Product ID.
Windows Product ID Type:
Windows License Type:
etc....

Nevertheless, the "Download Center Code" still works for me, even on Firefox.

Re:Correct me if I'm wrong...

[dolmen.fr]

that really hurts when you left the office with your PC password locked and running a ssh session doing something unspeakbly long on a Linux server.

You should have a look at GNU Screen [gnu.org] (tutorial [kuro5hin.org]).

Re:Correct me if I'm wrong...

[paganizer]

....or you can do what I did; modify your hosts file with "127.0.0.1 update.microsoft.com" so that any time it tries to automatically go to windows update, it can't.
Then, go to WinDiz at windowsupdate.62nds.com using a non-IE browser. It's faster, more secure, doesn't TRY to make you install the latest DRM upgrade, just the critical patches.
The Only system I have that I let go to windows update is my Media Center laptop; it has to be running all the latest DRM/Spyware to work properly, so I just go with the flow and Isolate it on my home network.

Re:WGA even for "security" updates?

[Michael_John]

No, you can still get critical security patches even if you are running a bent copy of Windows, for exactly the reason you stated about machines getting zombied.

Re:Correct me if I'm wrong...

[sydb]

Seconded, GNU Screen rocks and only takes five minutes to grok it. It really is worth those five minutes.

What would be really nice is if someone would integrate screen into an ssh daemon, so it just worked without having to start screen before doing something long-winded.

Re:Correct me if I'm wrong...

[Anonymous Coward]

http://www.softwarepatch.com/windows/ [softwarepatch.com] will let you download windows patches and service packs, even without a valid product key. As far as I know, it doesn't phone home at all. It's not some shady executable, but just a website that works with any browser, to download service packs and the like.

Re:Correct me if I'm wrong...

[RemovableBait]

Except, you can't block access to Windows Update or certain other Microsoft websites by using the HOSTS file. You just can't.

Microsoft wrote some sort of hack into Windows so that requests for Microsoft websites (including update.microsoft.com and microsoft.com) cannot be blocked or redirected by malware or viruses.

Try it and see for yourself: put two lines in the HOSTS file, '127.0.0.1 google.com' and '127.0.0.1 microsoft.com' (without the quotes). For the uninitiated, the HOSTS file is located in \Windows\system32\drivers\etc, and you'll need Administrator priveleges to edit it. Now open up your favourite web browser and try to open google.com. You'll find that Google is unreachable and returns an error. Now try microsoft.com and watch as the page merrily loads.

Maybe you'll need to rethink your tinfoil hat solution for avoiding Automatic Updates?

Re:Correct me if I'm wrong...

[nschubach]

Couldn't you just edit the MSI with Orca and remove the Condition or did they change that recently as well? (you could even extract the MSI using one of the many tools available) I had to do this several times on my Win 2000 build so I could run software that "was not supported" on 2K.

Re:Correct me if I'm wrong...

[Anonymous Coward]

....or you can do what I did; modify your hosts file with "127.0.0.1 update.microsoft.com" so that
any time it tries to automatically go to windows update, it can't.

don't forget to modify your dnsapi.dll and dnsrslvr.dll files, as well. the sneaky bastiches hard-coded the ip's. your hosts file isn't the first place that windoze looks when resolving a DNS/ip issue; it's the last [locally].

cheers.