OT: how to cracks work with Windows Genuine Advantage Activation codes?

[RayLopez99]

I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

1) perhaps the 'key generator' figured out how to generate a 'legal' activation code--a GUID--that chances are would be accepted by Microsoft. This is the most likely answre

2) perhaps there is a 'master code' that will always be accepted--and somebody found this code and passed it to the net. Unlikely as Microsoft would 'block' this code once a couple of hundred people tried to use it.

Any other ideas?

RL

 

[Paul]

I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

1) perhaps the 'key generator' figured out how to generate a 'legal' activation code--a GUID--that chances are would be accepted by Microsoft. This is the most likely answre

2) perhaps there is a 'master code' that will always be accepted--and somebody found this code and passed it to the net. Unlikely as Microsoft would 'block' this code once a couple of hundred people tried to use it.

Any other ideas?

RL

Yes, these do get de-activated when they're abused.
Corporate IT departments work to different standards than
Joe and Jane Pirate.

http://en.wikipedia.org/wiki/Volume_license_key

The Dell SLIC based on-disk installations likely use the same
key for each one as well. But the SLIC is there to do the validation.
The SLIC based ones don't need to contact the activation server.
The key you find in the on-disk install, is different than the
(separately installable) key on the sticker on the machine.

Paul

 

[Loren Pechtel]

I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

1) perhaps the 'key generator' figured out how to generate a 'legal' activation code--a GUID--that chances are would be accepted by Microsoft. This is the most likely answre

2) perhaps there is a 'master code' that will always be accepted--and somebody found this code and passed it to the net. Unlikely as Microsoft would 'block' this code once a couple of hundred people tried to use it.

Any other ideas?

RL

I thought the WGA crack was based on replacing the code that did the
test.

 

[Man-wai Chang]

I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

I think they just use something like WireShark to log and analyze all
TCP & UDP messages sent and received by the Window$ Update process...


--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Flasherly]

I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

1) perhaps the 'key generator' figured out how to generate a 'legal' activation code--a GUID--that chances are would be accepted by Microsoft. This is the most likely answre

2) perhaps there is a 'master code' that will always be accepted--and somebody found this code and passed it to the net. Unlikely as Microsoft would 'block' this code once a couple of hundred people tried to use it.

Any other ideas?

RL

Duuhhh...dumb looks still count?

Harken, do we hear the pipping of stretching wings, as the little
birdies doth quip...

How does one follow the path of wind behind the effortless flight of a
great bird...if not only for Master Blaster, King of the Hack
Programers.

Great Birdie peers aback to pine back...

Hm, hum, & a hem ... that's exactly what we oughn't mean to say.
Strike it out and be duly forewarned never call to home again, witless
and exposed for mere mortals, incompetent jackass cast out from fools'
paradise.

 

[RayLopez99]

> I thought (obviously wrongly) that every copy of Windows has a unique code--like a GUID--that is linked to just one machine in the world. Yet an activation code I found on Piratebay.se for Vista worked for me...so it raises the question, how?

I think they just use something like WireShark to log and analyze all
TCP & UDP messages sent and received by the Window$ Update process...

So they steal these codes? But this theory supposes that you can "reuse" codes more than once, which is also what Paul said.

And don't you think Microsoft has some sort of anti-virus to fight WireShark?

RL

 

[Man-wai Chang]

I think they just use something like WireShark to log and analyze all

So they steal these codes? But this theory supposes that you can "reuse" codes more than once, which is also what Paul said.
And don't you think Microsoft has some sort of anti-virus to fight WireShark?

NO... the product code is not important. They only need to find the
processes that responded to activation server then modify their codes by
debugger. Doing this takes a lot of time and effort.

Of course, it's still my guess only...

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Man-wai Chang]

And don't you think Microsoft has some sort of anti-virus to fight WireShark?

WireShark is just a tool to analyze TCP/IP networking! It did not inject
or modify anything into the data stream it's analyzing, it just listens
and reports what's being sent & receive over the network!

The simplest way to defeat hacks like WGA is to force all customers to
login Micro$oft server over internet before they could start using
Window$....

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Paul]

WireShark is just a tool to analyze TCP/IP networking! It did not inject
or modify anything into the data stream it's analyzing, it just listens
and reports what's being sent & receive over the network!

The simplest way to defeat hacks like WGA is to force all customers to
login Micro$oft server over internet before they could start using
Window$....

Wireshark is a promiscuous packet receiver, which can be used
to keep track of transmitted and received network packets.

I can debug my USENET sessions with it, and it's a tool on my
machine. It's not a tool for cracking things as such.

And in terms of protocol analysis, it can only make real progress,
on unencrypted conversations. For example, if I was using the
"telnet" program, to communication with a remote computer, and
the telnet program sends username and password in plaintext,
I can use Wireshark to capture the username and password.
I've used Wireshark on occasion, when I couldn't remember the
username/password for something here, and by sniffing the LAN
connection, I can refresh my memory (That's for situations
where some tool has memorized the username/password and no
longer presents it on the screen, and I've forgotten it.)

And that's why you'll find Linux distros deprecating unsecured
tools, and using versions of tools with things like Secure Socket
Layer. So tools like Wireshark can't be used to listen in.

The USENET session I'm doing right now, is on port 119, and
using Wireshark, I can see my username and password being sent
to the NSP. The whole protocol is in plaintext. Which makes me
very trusting I guess.

Paul

 

[RayLopez99]

Man-wai Chang wrote:
>> And don't you think Microsoft has some sort of anti-virus tofight
>> WireShark?
>
> WireShark is just a tool to analyze TCP/IP networking! It did not inject
> or modify anything into the data stream it's analyzing, it just listens
> and reports what's being sent & receive over the network!
>
> The simplest way to defeat hacks like WGA is to force all customers to
> login Micro$oft server over internet before they could start using
> Window$....
>

Wireshark is a promiscuous packet receiver, which can be used
to keep track of transmitted and received network packets.

I can debug my USENET sessions with it, and it's a tool on my
machine. It's not a tool for cracking things as such.

And in terms of protocol analysis, it can only make real progress,
on unencrypted conversations. For example, if I was using the
"telnet" program, to communication with a remote computer, and
the telnet program sends username and password in plaintext,
I can use Wireshark to capture the username and password.
I've used Wireshark on occasion, when I couldn't remember the
username/password for something here, and by sniffing the LAN
connection, I can refresh my memory (That's for situations
where some tool has memorized the username/password and no
longer presents it on the screen, and I've forgotten it.)

And that's why you'll find Linux distros deprecating unsecured
tools, and using versions of tools with things like Secure Socket
Layer. So tools like Wireshark can't be used to listen in.

The USENET session I'm doing right now, is on port 119, and
using Wireshark, I can see my username and password being sent
to the NSP. The whole protocol is in plaintext. Which makes me
very trusting I guess.

Paul

So I guess I misunderstood Man-wai Chang's point, or perhaps I need more information. So to use Wireshark to snoop onto codes/data being sent to Microsoft, you would have to be an employee of a big company like GoDaddy or AOL or Earthlink or whoever and set up Wireshark so that all network requests(data) sent to microsoft.com/activation (or whatever the port is for activation of Windows) is listened to? Is that it? Then, once you get this data you can try and figure out what pattern works for activation? I would think that using "Wireshark" to listen to data going to and from a network run by GoDaddy or AOL or Earthlink or whoever is illegal according to companyrules, so you would risk being caught and fired if you are an employee?

RL

 

[Paul]

So I guess I misunderstood Man-wai Chang's point, or perhaps I need more information.
So to use Wireshark to snoop onto codes/data being sent to Microsoft, you would have to
be an employee of a big company like GoDaddy or AOL or Earthlink or whoever and set up
Wireshark so that all network requests (data) sent to microsoft.com/activation (or
whatever the port is for activation of Windows) is listened to? Is that it? Then,
once you get this data you can try and figure out what pattern works for activation?
I would think that using "Wireshark" to listen to data going to and from a network
run by GoDaddy or AOL or Earthlink or whoever is illegal according to company rules,
so you would risk being caught and fired if you are an employee?

RL

It's trivially easy to defeat Wireshark.

For example, on a browser, there is http and https. If you use
the latter one, when running your web site, then I can't decode
anything being sent or received. It will look like digital noise
to me, because I can't decrypt things sent on a secure socket.

Microsoft would be pretty silly, if they transmitted anything of
value in plaintext. If something is critical to their business
model, it'll be transmitted in an encrypted form.

*******

When it comes to cryptography, your ISP is in a unique position
to do the following. So even with cryptography in place, there
can be exposures.

http://en.wikipedia.org/wiki/Man_in_the_middle_attack

Paul

 

[RayLopez99]

RayLopez99 wrote:

>
> So I guess I misunderstood Man-wai Chang's point, or perhaps I need more information.
> So to use Wireshark to snoop onto codes/data being sent to Microsoft, you would have to
> be an employee of a big company like GoDaddy or AOL or Earthlink or whoever and set up
> Wireshark so that all network requests (data) sent to microsoft.com/activation (or
> whatever the port is for activation of Windows) is listened to? Is that it? Then,
> once you get this data you can try and figure out what pattern worksfor activation?
> I would think that using "Wireshark" to listen to data going to and from a network
> run by GoDaddy or AOL or Earthlink or whoever is illegal according to company rules,
> so you would risk being caught and fired if you are an employee?
>
> RL

It's trivially easy to defeat Wireshark.

For example, on a browser, there is http and https. If you use
the latter one, when running your web site, then I can't decode
anything being sent or received. It will look like digital noise
to me, because I can't decrypt things sent on a secure socket.

Microsoft would be pretty silly, if they transmitted anything of
value in plaintext. If something is critical to their business
model, it'll be transmitted in an encrypted form.

*******

When it comes to cryptography, your ISP is in a unique position
to do the following. So even with cryptography in place, there
can be exposures.

http://en.wikipedia.org/wiki/Man_in_the_middle_attack

Paul

Yes, thanks. We had this discussion in another forum once. MITM attacks by 'rogue' ISPs? Or something else (see below).

So in another forum, alt.comp.anti-virus, I am having a flame war of sorts to see how anybody can 'hijack' a page on a legitimate website (since the claim is: nowadays even visiting a legitimate website, say CNN.COM, can expose your machine to malware/virus). I say that's hard to do unless you cansomehow crack the root password CNN.COM uses for their index.html page (orequivalent). My antagonists are claiming something else (but they won't say what). I'd like to know so I can counter them: how indeed would anybody crack CNN.COM's website and 'inject' something? One guy mentioned SQL Injection attack, but as we all know that if you use Stored Procedures and/ordon't hard code with <> on your web page/ javascript you don't have this problem anymore. I'm sure CNN.COM has figured out how to prevent SQL injection attacks. That leaves "poisoned" DNS (DNS spoofing: http://en.wikipedia..org/wiki/DNS_spoofing). Perhaps this is the key? DNS spoofing coupled with Man In The Middle attacks? That might work. So a hacker would get those people who use DNS servers that are not 'hardened' against Poisoned DNS attacks? Is that it? Basically that subset of CNN.COM visitors who have a crappy DNS server lookup, coupled with the hackers becoming a Man In The Middle between CNN.COM and the hapless visitors? If this is the case, then you cannot really fault CNN.COM as the "source" of the virus. It is really the evil hackers that are the Man In The Middle who are injecting viruses into the hapless visitors computers?

Man in the Middle...reminds me of Michael Jackson's Man In The Mirror song.LOL. I'm looking for the Man In the Middle...I'm asking him to make a change...

RL

 

[Man-wai Chang]

So in another forum, alt.comp.anti-virus, I am having a flame war of sorts

to see how anybody can 'hijack' a page on a legitimate website ....

Should we label tools that defeat commercial software's activation (and
copyright protection) systems as virus?

I personally would not vote "yes" to that. That doesn't mean I want
software companies to lose money and control. Viruses should mean things
that steal and/or destroy users' data.

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Man-wai Chang]

This article may interest you:

OEM Activation 3.0 In Windows 8 Will Prevent Slic Activation Hacks
http://www.technize.net/oem-activation-3-0-in-windows-8-will-prevent-slic-activation-hacks/

Read the other links referred by the article as well.

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Man-wai Chang]

http://blog.hishamrana.com/2009/07/...d-not-cracked-via-slic-2-1-and-oem-master-key

Maybe I really over-rated the capabilities of those activation hacks.
There was really a "bug" in Win 7's activation. I guess those PC
manufacturers should be blamed...


--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[Man-wai Chang]

Maybe I really over-rated the capabilities of those activation hacks.

There was really a "bug" in Win 7's activation. I guess those PC
manufacturers should be blamed...

... or was it a wrong calculation by Micro$oft? -_-"

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[RayLopez99]

&gt; So in another forum, alt.comp.anti-virus, I am having a flame war of sorts
&gt; to see how anybody can 'hijack' a page on a legitimate website ....

Should we label tools that defeat commercial software's activation (and
copyright protection) systems as virus?

I personally would not vote &quot;yes&quot; to that. That doesn't mean I want
software companies to lose money and control. Viruses should mean things
that steal and/or destroy users' data.

--

I understand some antivirus programs will flag any sort of "key crack generator" as found in torrents as a "virus", even though they are not. So some antivirus manufacturers think the answer is "yes".

RL

 

[RayLopez99]

http://blog.hishamrana.com/2009/07/...d-not-cracked-via-slic-2-1-and-oem-master-key

Maybe I really over-rated the capabilities of those activation hacks.
There was really a &quot;bug&quot; in Win 7's activation. I guess those PC
manufacturers should be blamed...

Yes, interesting how primitive Win 7 anti-piracy is: no GUID, no unique key, just a "master key" protected with some sort of BIOS data... really stupid.

Long overdue is Win 8's protection, see excerpt below from the url you referenced, thanks.

RL

http://www.technize.net/oem-activation-3-0-in-windows-8-will-prevent-slic-activation-hacks/

A few days back Microsoft finally released a video tour of their upcoming Operating System, most probably Windows 8.

In addition to the visual changes, Microsoft has also included some improvements in Windows security to prevent piracy Windows 8 which will make it harder for hackers and crackers to crack Windows 8. We have already covered Windows 8 anti-hacking technology. While Microsoft started to crack down on pirated Windows from Windows XP when they introduced Windows Genuine Advantage which slowly died in Windows Vista and Windows 7 as more advanced techniques were needed in order to stop piracy.


OEM 2.1 was released in Windows 7 which would help reduce and ideally prevent hackers from cracking Windows 7. OEM 2.1 associates Windows 7 with the firmware of the computer making it impossible for using the same credentialsand activation else where. Hackers used the BIOS Slic activation hack in order to crack Windows even before loading and starting the Operating System.. Microsoft has taken some measures in their latest Windows 7 Service Pack 1 but still many cracks are working and pirated Windows are still floating around.

Now Microsoft is planning to release OEM 3.0 in Windows 8 which will enablemore security against piracy. So what is OEM 3.0? OEM 3.0 will let Windows8 to be installed on only one PC and the digital product key will be generated on that PC. The digital product key will only be valid for that PC. Ifyou want to reinstall or reactivate Windows 8 again, you’ll need to havethe recovery media provided by your OEM manufacturer. This will make Windows 8 very hard to be cracked because even if Windows 8 is cracked, it will not be able to be used more than once.

 

[KR]

//blog.hishamrana.com/2009/07/30/windows-7-activation-spoofed-not-cracked-via-slic-2-1-and-oem-master-key[/url]
&gt;
&gt; Maybe I really over-rated the capabilities of those activation hacks..
&gt; There was really a &amp;quot;bug&amp;quot; in Win 7&amp;#39;s activation. I guess those PC
&gt; manufacturers should be blamed...

Yes, interesting how primitive Win 7 anti-piracy is: no GUID, no unique key, just a &quot;master key&quot; protected with some sort of BIOS data... really stupid.

Long overdue is Win 8's protection, see excerpt below from the url you referenced, thanks.

RL

http://www.technize.net/oem-activation-3-0-in-windows-8-will-prevent-slic-activation-hacks/

A few days back Microsoft finally released a video tour of their upcomingOperating System, most probably Windows 8.

In addition to the visual changes, Microsoft has also included some improvements in Windows security to prevent piracy Windows 8 which will make it harder for hackers and crackers to crack Windows 8. We have already coveredWindows 8 anti-hacking technology. While Microsoft started to crack down on pirated Windows from Windows XP when they introduced Windows Genuine Advantage which slowly died in Windows Vista and Windows 7 as more advanced techniques were needed in order to stop piracy.


OEM 2.1 was released in Windows 7 which would help reduce and ideally prevent hackers from cracking Windows 7. OEM 2.1 associates Windows 7 with thefirmware of the computer making it impossible for using the same credentials and activation else where. Hackers used the BIOS Slic activation hack inorder to crack Windows even before loading and starting the Operating System. Microsoft has taken some measures in their latest Windows 7 Service Pack 1 but still many cracks are working and pirated Windows are still floating around.

Now Microsoft is planning to release OEM 3.0 in Windows 8 which will enable more security against piracy. So what is OEM 3.0? OEM 3.0 will let Windows 8 to be installed on only one PC and the digital product key will be generated on that PC. The digital product key will only be valid for that PC. If you want to reinstall or reactivate Windows 8 again, you’ll need to have the recovery media provided by your OEM manufacturer. This will make Windows 8 very hard to be cracked because even if Windows 8 is cracked, it will not be able to be used more than once.

I would bet that there will be a work around, crack etc to defeat this garbage within days or weeks of the software being released

 

[Man-wai Chang]

I recommend all those who plan to buy a Win 8 PC to request the recovery
media no matter what.

OEM 3.0 will let Windows 8 to be installed on only one PC and the
digital product key will be generated on that PC. The
digital product key will only be valid for that PC.
If you want to reinstall or reactivate Windows 8 again,
you’ll need to have the recovery media provided by
your OEM manufacturer. This will make Windows 8 very hard to
be cracked because even if Windows 8 is cracked,
it will not be able to be used more than once.

--
@~@ Remain silent. Nothing from soldiers and magicians is real!
/ v \ Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 17 i686) Linux 3.4.4-5.fc17.i686
^ ^ 21:46:01 up 5 days 2:30 1 user load average: 0.64 0.64 0.45
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa