The Vista brute force keygen - Updated

The Vista brute force keygen - Updated

Summary: UPDATEDOver on KezNews.com a brute force method for acquiring a usable product key for Microsoft's Vista platform has been released. I can confirm that this method works (for now at any rate), but I don't think that Microsoft has much to worry about.

SHARE:
TOPICS: Windows
36

Follow-up post here. 

[Updated: Mar 4, 2007 @ 16.45 pmNote to Engadget writers who didn't read this article before commenting ...
I never claimed to have found "activation keys," all I saw what that after running the script for some time that the Magical Jellybean applications showed that the keys had changed.  I didn't use these to activate Windows and I made that clear in the article.  It was pretty obvious from the type of crack that this wasn't reliable by a long shot. 
Looking at the VBScript code it's clear that the script is capable of generating valid keys, but as I said, the hard part is not getting keys past Windows but getting them past the activation servers.
However, what this incident has done is generate interest among hacker circles in generating a keygen for Windows.  Microsoft could well find itself having to fend off a number of cracks over the next few months.
Maybe I should take the approach that the Mythbusters do and state whether this is "plausible" "busted" or "confirmed."  Using that criteria the keygen is plausible and I saw the default keygen change twice.  It can generate keys that are in the format required by Vista (certainly they "look" like Vista keys) but the chances of getting past the Microsoft activation servers are slim at best.

[Updated: Mar 2, 2007 @ 2.45 amA lot of tech sites seem to have totally misunderstood how this works.  Many seems to think that this crack somehow relies on hammering Microsoft's activation servers 20,000 times an hours.  This is inaccurate.  This crack uses Vista itself to check that the key is in an acceptable format.  Only after a key that's accepted by Vista does the user have to attempt activation.  Limiting how many times an IP address can access the activations servers would have no effect on this.  The real weakness here is that Microsoft has relied on a script to control licensing and as a result it makes this kind of attack easier because the script can be easier modified and tampered with.

Windows Vista brute force crackOver on KezNews.com a brute force method for acquiring a usable product key for Microsoft's Vista platform has been released.  I can confirm that this method works (for now at any rate), but I don't think that Microsoft has much to worry about.

Gallery here.

Bottom line is buy Windows or go LinuxThe brute force keygen relies on replacing the software license manager script slmgr.vbs with one that's been modified to search for valid 25-character product keys. Periodically you have to check manually to see if they key has changed and then manually use that key to attempt to activate Windows.

I can confirm that the scheme works.  I've had the script running on Windows Vista Ultimate inside Virtual PC 2007 and already netted two product keys.  Now I've not used these keys to try to activate Windows, but others have reported successfully activating their copies of Windows Vista using keys found in this way.  There are, however, some drawbacks to the keygen that will probably prevent it from becoming widespread.

First, the process can take a long time and consumes a lot of system resources while running.  Anyone expecting to net a key needs to spend hours or maybe even days running this script.  This is not a  "click the button and a key is generated instantly" kind of key generator. 

You also need some smarts to use it.  A lot of people start running the script and then use the Magical Jelly Bean Keyfinder (included with the download package - those hackers think of everything!) to check the key but a lot of people seem to be trying to activate using the default trial keys.  You have to be able to tell the difference between a valid key and the default key that is assigned during installation if you choose not to enter a key.

There's another thing to bear in mind here too.  A system activated using a key procured in this way might not remain activated for long.  As WGA is updated it may be reprogrammed to seek out keys generated using this technique (remember, Microsoft knows what keys it has issued).  Microsoft can also tighten up the activation servers to only accept keys from within the range Microsoft has issued.  Given the fact that a Windows product key is 25 characters long and that people have used the key generator to generate a valid key in a few hours, I'm starting to think that either Microsoft has made the mistake of issuing too many keys so far (thus making a 25 character product key randomly easier to guess) or that the activation server is too sloppy.  Either way, Microsoft could quickly and easily fix this issue.  However, as more and more people run key generators like this, the chances of them hitting valid keys increases.  This could mean problems later for people trying to activate legally acquired keys because their key has already been used. 

I predict that pretty soon there will be a GUI version of the key generator making it easier to use than the current script (script is pretty inefficient and a key generator based on the same principal as the VBScript script but written in C++ would inevitably be a lot faster).  But, at the same time I see Microsoft taking steps to make it a lot more difficult  to activate a key generated in this way.  Microsoft might also release an updated WGA that makes an attempt at uncovering illegal keys.  At any time Microsoft could pull the plug on these illegally activated machines.  Bottom line is buy Windows or go Linux.

Either way, the race is now on between the crackers and Microsoft. 

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • The DRM company is always playing catchup

    The race is indeed on, but the problem is that one side leads, and the other plays catchup. And the catchup is much, much more expensive than the leading. Futility and expense seem to be the leading features of DRM systems.
    tic swayback
    • And the sellers of DRM software they are loving it!!!!

      NT
      mrlinux
  • Protecting your Keys!

    I have enjoyed using all versions of Microsoft Windows (even DOS), and continue to do so today. However, I think it is a mistake to place the product key on the machine itself.

    I think the Windows product keys should be hidden away with the user manual. Of course, this does not stop the problem with keygen programs described in this article, but it is a start.

    Then there should be some other mechanism which a keygen would have trouble duplicating. The focus should be on security for the key, AND simplifying the authorizations for legitimate users.

    racingmustang
    racingmustang
  • Well that didn't take long!

    And fact is as some of the black hats start to modify the code, it will get easier and I am sure they will be able to trim time off eventually. But the fact remains a method of bs'ing the Microsoft security scheme is out there. ]:)
    Linux User 147560
  • haha, smarter than hackers?

    Microsoft is kidding itself to think it will ever defeat piracy. Pirates are a decentralized network of the most creative (albeit devious) minds on the planet.

    No single company will ever be smarter than the populace at large. Write that down in your journal and smoke it.
    fecklessness
  • It works.... but?... but what?

    I don't understand your arguement in this post, what the hell is the 'but' for? That the tool works as advertised, BUT MS will probably find a way to patch it / fix it / NUKE it. Has this not ALWAYS been the case with cracks / hacks for Windows OS? Why do you think MS releases new 'revisions' of WGA? Its due to successful hacks / patches / keygens.

    This is similar to SPAM email, they will always be a few steps behind and you will NEVER eliminate piracy...
    jakex3@...
    • unless....

      [quote]you will NEVER eliminate piracy...[/quote]

      Unless of course, commercial software disappears and only FOSS lives on.
      num23bulls
  • It will be refined

    They got a working system, brute force. Over time, they will learn the rules as to which is the default, which is valid. They will learn the rules and how to detect which keys have been issued, which haven't. They will reverse engineer the key's complete function within vista, learn how to make the key irrelevant, and/or convince the WGA subsystem think it is a valid key while not.

    Look at High Def DVDs. Brute force single disk at a time to any disk at a time to GUI control to here, a 1-2-3 anyone can use to rip the DVD to HD so they can watch it DRM free. What 2 months end to end?

    For every patch or enhancement, MS has the burden to keep current folks working, test completely and then deploy. Hackers don't have that concern.

    In any case, anyone who wants Vista free will have it, and nothing MS can do about it.

    TripleII
    TripleII-21189418044173169409978279405827
  • I can't get it to work!

    oh, wait thats a windows thing! DUH! silly me. =)
    Hrothgar - PCLinuxOS User
  • It works but does anyone care?

    People aren't exactly lining up to buy it.

    http://tech.yahoo.com/blogs/null/18085

    An interesting comment:

    [b]If Vista was a $100 upgrade that anyone could use, it'd be a top seller, I'm sure.[/b]

    I think he's right. If it was $100 for the premium edition instead of the Home Crip Edition, I might not be so derisive about Vista.

    And if MSFT could ever get their SQL clustering fail over to work right, that would be an improvement. Here's a clue: Don't enable automatic updates on a SQL Cluster. Many of you would scoff at not testing patches, but I'm continually amazed how many customers have automatic breakdowns enabled on critical services. Can you tell that's what I spent all day fixing? It's frustrating. And what's really frustrating is when you have automatic updates off and some genius MCSE, fresh out of school, turns it back on.

    That's why I use Linux at home, because it just works and I can lock out stupid.
    Chad_z
    • Get real

      First, you get your "news" from a blog on Yahoo? Second, you must have high standards good good sales because my guess - which will be proven next time Microsoft announces earnings - is that Windows Vista has sold more in terms of units and dollars since it shipped than any software product in history with one exception - Windows 95. And Windows 95 shipped when there were vastly fewer PC's in the world so the opportunity was much greater. Go into any store in the world today that sells PC's and you'll see that practically every one of them includes some version of Windows Vista. I just bought a new Sony "all-in-one" PC running Windows Vista Home Premium at Costco last Sunday. There were people lined up to buy the same machine. So..what's your standard for a good selling software product?
      marksashton
      • What the consumer is buying

        Were your lined up consumers buying Vista, or Sony PCs on special that day?

        The first rule to good sales is to know what people are actually buying. Now, if
        people were lined up at the Vista aisle...
        frgough
        • "What the consumer is buying"

          Yeah, plus a boatload of trouble that they didn't know they were getting. Wait until they start finding out what what they got.... errrr..licensed.

          http://news.bbc.co.uk/1/hi/business/6407419.stm
          Ole Man
      • Your problem is?

        <p>You are forgetting that today, no system ships with anything other than Vista. So you want a new notebook, new desktop, new server? Well, you only have one choice, VISTA. You can?t buy anything else unless you go to some mom and pop store for a copy of XP which you will have trouble finding in stores. You can?t order from Dell, or HP for a machine to run XP, because they will tell you it?s not available anymore. You go to the web sites of these companies and the first thing on the support page is VISTA drivers. </p>

        <p>MS has bullied everyone into selling only VISTA so of course they are selling. Moron! Get a clue, big ass companies like that push their weight around and you are on the losing end.</p>
        mypl8s4u2
  • NO NEED FOR BRUTE FORCE...

    I just read on "The Register" that people are simply going into a computer store and then use their camera phones to copy Vista numbers from a retail boxes...
    Solid Water
    • ROFLMAO

      Now that is rich. It won't take long until they hide it inside the box, but that is funny. All the WGA and they put the keys on the outside of the box. I wonder whether those who then purchase the boxed set enjoy their first Vista experience.

      TripleII
      TripleII-21189418044173169409978279405827
    • My boss still doesn't get it...

      I keep telling the managers thats why we get a lot of [i]unopened[/i] returns on Windows purchases. They are just buying it, copying the key, then returning it a day or so later saying their system didn't meet the specs or some other lame excuse to return it and not want another copy.

      What I like are the idiots who actually install and activate the Vista they bought then try to return it saying it didn't install. I offer them a replacement which they of course refuse, Then I point to the back of their receipt where it clearly states " [b]Software:[/b] Return [i]unopened[/i] software that we currently sell for a full refund at anytime. We'll gladly [i]exchange[/i] opened software for the same title."
      devlin_X
  • Do we have nothing better to do?

    While I am against DRM as a whole, I still feel that this is really a complete ass thing to do as it potentially robs someone who legally purchased their software from using it. As far as I can tell, all those script-kiddy 'hackers' who think they're smart for using someone else's script to steal software hate Vista anyway on the basis of it being an MS product so I don't forsee an epidemic of Vista piracy coming soon. For myself, I plan on just not buying Vista until the price comes down to a reasonable level. Let the "MS SHILL!!!1!" cries begin...
    ubaz2
    • You speak the truth

      Stealing is Stealing. Unfortunatly, there are those who always will. In the past, those who would (and will steal), in general, did not substantially affect the bread and butter customers MS relies on. The new mechanisms now do very much so affect the customers MS relies on (but for some reason doesn't seem all that concerened about).

      MS will have to decide, fairly soon, whether more sales and a good experience and gain in market share and adoption is worth more than slow uptake, costly re-writes of DRM and the alienation of a low percentage of customers on an ongoing basis.

      In the meantime, I'll add a suggestion, wait for the price to come down (but don't hold your breath), but do wait until a few months after SP1 is deployed and, in general, most of the flaws are gone.

      If someone calls you a shill, then I am a shill, stealing is stealing, and I'll be a shill saying that forever.

      TripleII
      TripleII-21189418044173169409978279405827
    • Yes We Do!

      While I wouldn't steal ANYTHING, much less Vista (as a matter of fact I wouldn't USE Vista if they GAVE it to me), I find it very very difficult (bordering on impossible) to have any sympathy for a company that charges such exorbitant fees (which we all know, as well as Microsoft, that many of their customers can ill afford) for their software and services. And to make bad matters worse, instead of using developing technology to improve their products, they use it against their customers in the form of DRM, WGA, SPP and other malware and spyware to enforce their antagonistic unethical possibly illegal (noted by one supreme court justice as "not being upheld by any court") EULA.

      Name-calling means nothing. As we said when we were kids, "call me anything you like, just don't call me late for supper".
      Ole Man