Vista keygen script - a hoax, but not impossible

Computer User, the individual behind the Vista keygen script has admitted that the program was a joke, but this joke could lead to problems for Microsoft.

Computer User, the individual behind the Vista keygen script has admitted that the program was a joke, but this joke could lead to problems for Microsoft.

In a post on KezNews, Computer User said:

fact is the brute force keygen is a joke, i never intended for it to work. I have never gotten it to work, everyone should stop using it!

Engadget took this a step further, calling the script a "hoax."  They quoted me as having said that I'd "found two activation keys with this method," an exaggeration to say the least. Unlike many, I never claimed to have activated using these keys – only that Windows itself seemed to have accepted them

Whether Computer User intended for it to work or not, the truth is that the script that was released on KezNews is a brute force key generator for Windows Vista.  Why?  Because the script outputs 25-character keys that are of a similar format to Vista product keys.  This can be proved by modifying the script to output each key it generates to the screen.  That part is not a hoax or a joke.  Sure, it's a clumsy script, slow and inefficient, but it's true to the phrase "brute force."

The issue is not one of the script being a fake or not, it's whether it can generate a key that can be used to activate Windows Vista (Windows won't accept just any random combination of 25-characters as a product key).  What I found when I ran the script on my test install for a few hours was that the key changed twice from a default key generated by Windows to a different key (I checked this using the Magical Jellybean program that was bundled with the script).  For a combination of moral, legal and ethical issues, I didn't try activating the installation using the key that I believe was generated by this script (and it should be noted that the script doesn’t go off to try to activate it on its own – so the rumors that this hammered the activation servers are misguided).  My guess is that it wouldn't have worked because getting past Windows’ local validation checks would be a lot less stringent than getting past Microsoft's activation servers.  The reason for this is simple.  The checks done by Windows when you install the OS or change the key are pretty basic, while Microsoft's activation servers either a) know which keys have been issued (which would mean that you'd have to be lucky enough to hit a key that's been issued out of a key base that's about 167 bits large) or b) the servers know the range of valid keys that Microsoft is likely to issue, making the task of hitting a valid key a little easier … but it’s still a massive long shot.

I also think that it's important to clear up the meaning of the phrase "brute force" when used in context of this key generator.  Normally when people think of brute force they think of cracking say an encrypted file.  Here brute force is used to try to find the single key in a sea of keys that will decrypt the file (to put this into perspective this is like trying to find a single unique grain of sand hidden somewhere in the Sahara desert).  However, brute force against Vista product keys is a little different.  You're not trying to find that single glass slipper that fits Cinderella's foot, you're looking for one of many, many slippers that will fit.  How many?  Only Microsoft really knows.  Also, there are plenty of different versions of Vista to attack, so we have numerous Cinderellas, each capable of fitting an unknown number of slippers.

To be honest, if I were Computer User, given how big this story has become and how far and wide it's traveled, I'd want to play down this script too for legal reasons.  However, as Computer User is calling the script a joke over on KezNews, there are a number of users who claim to have activated Windows Vista using this technique.  Has anyone managed to do this?  I don't know and I have no way of proving this one way or another, but statistically the chances are low.  However, that doesn't rule out the possibility of it happening.  The only people who know for sure what the chances of this script actually generating a valid Windows Vista product key are Microsoft employees, and they're unlikely to tell us what the chances really are.

But whether anyone can get a working product key using this script and then use that key to activate a copy of Windows Vista is not the real issue here.  A far more serious side effect of this script is that it has rekindled interest within certain circles inside the cracking community in developing a working keygen for Windows Vista and Office 2007.  I've already seen discussions on reverse-engineering Vista code in order to discover the valid format for Vista product keys and also how fake the Windows activation process.  This is likely to be a mammoth task but given how quickly we've seen a few determined crackers defeat schemes such as AAAS, I think that it's quite likely that Microsoft will have to fend off more and more attacks on product keys and activation.  Windows Vista is a valuable commodity and cracking it would be extremely profitable for pirates.  It seems that the Pantheon group have released a crack that bypasses activation and relies on BIOS emulation.  I've not tried this crack myself but Pantheon are well known in the cracking community.  Whether this method survives WGA for long is another matter.  However, this crack is another indication that when it comes to product activation in Vista, Microsoft has been sloppy in implementing the process.  This same sloppiness could easily translate into how broad a product key base the company left open for Vista.

On the flip-side, if more working cracks hit the web, this will mean that Microsoft will respond by making WGA more stringent.  This could be bad for consumers because it could increase the chances of legitimate installations being marked as non-genuine. That, surely, has got to be the real story here.