Hacker finds chink in Microsoft's anti-piracy armor

A security researcher in India has discovered "easy to exploit" ways to cheat Microsoft's OGA (Office Genuine Advantage) anti-piracy checks.

A security researcher in India has discovered "easy to exploit" ways to cheat Microsoft's OGA (Office Genuine Advantage) anti-piracy checks.

Debasis Mohanty, a hacker with a history of circumventing Redmond's software validation tools, says there are numerous ways to bypass the checks, which generate a hash out of information from the installed Microsoft Office software and passes it to a server for verification.

According to a proof-of-concept released by Mohanty, a simple Google query for Office updates or add-ins will return direct download links to the file on Microsoft's server "without any validation check."

Mohanty also hinted that the OGACheckControl.dll can be patched to sidestep validation.  "However just to keep myself away from those scary legal notices, I do not want to release any patch at this point of time," he said in a note posted to the Full Disclosure mailing list.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All