|
When those tools came out, not long after the
release of WindowsXP, many of those keys could be activated. but as the model
created for generating the keys is not random. I assume Microsoft
obtained the keygen tools and deactivated those keys, that they
generate.
there is also the followings key in the Regisitry
that holds some info for Windows Product Activation:
HKEY_LOCAL_MACHINE\SYSTEM\WPA
Lan Guy
----- Original Message -----
Sent: Sunday, September 07, 2003 8:43
AM
Subject: Re: [Full-Disclosure] Product
activation is exploitable
There is a freely available tool that you can download to see
what your
"Product Key" really is. Most likely this tool reverses the
key from the
"Product ID", which is in the registry...but I a not sure
(correct me if I
am wrong). I tried using Regmon to see what registry
keys the tool is
querying, but I had no luck. Anyone know how this
tool works? I'm sure it
is entirely possible to write a nice worm
(0-day win sploit + vuln scanner)
that grabs prod ids and uploads them to
arbitrary locations for later
retreival and key reversal. I have no
clue as to how windows XP product
activation and such work so these are
merely guesses.
The one thing I don't understand about WPA is the fact
that no one really
understands the key generation algorithm!!! For
any product that accepts
user input typed keys, there should be an
available keygen (assuming the
algorith has been reversed). So why
hasn't anyone written one yet? No one
reversed it yet? I did
manage to find a nice little prog that guesses and
finds keys by brute
force (takes about 1-20 minutes to generate one valid
key), but even this
is useless for WPA since activation using these keys
results in an error
from MS servers stating "Unauthorized Key" (or something
like that).
WTF??? Does MS really keep track of all the keys they have
issued
(aka. "whitelist")??? Someone please explain...
Kris
Hermansen
----- Original Message -----
From: "Rick Kingslan"
<[EMAIL PROTECTED]>
To:
"'Geoincidents'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent:
Sunday, September 07, 2003 12:59 AM
Subject: RE: [Full-Disclosure] Product
activation is exploitable
> Interesting. But, I'm not sure
how effective this would be, as everything
> that I've looked at (XP,
2003) doesn't have the actual WPA keys in the
> registry - unless I'm
looking in the wrong place (possible). And, unless
> it's WPA, MS
is going to have a tough time shutting anyone else off who is
>
'suspected' of using a published key.
>
> However, there's always
shutting off the POWER in your city - that's
> effective,
too.
>
> -rtk
>
> -----Original Message-----
>
From: [EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED] On Behalf Of
Geoincidents
> Sent: Saturday, September 06, 2003 6:04 PM
> To: [EMAIL PROTECTED]
>
Subject: [Full-Disclosure] Product activation is exploitable
>
>
So I'm reading this story http://www.nccomp.com/sysadmin/dell.html
about a
> company who laid off their admin and he took all their product
keys and
> posted them on the internet. Well to make a long story short,
somehow
> applying a hotfix caused the software to deactivate (it has to
have a
> deactivation feature or what good is it?) and require
activation again
which
> of course was impossible since MS shut those
numbers down.
>
> It got to thinking, what if the dcom worm had
grabbed the product key from
>
>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
>
"ProductKey"="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" or
>
ProductID="XXXXX-OEM-XXXXXXX-XXXXX"
>
> and posted it to a dozen
random newsgroups? According to the EULA
Microsoft
> has the right to
shut down every one who becomes infected and compromised
in
> this
manner.
>
> Sure looks like a security issue to me, product
activation makes this
> registry entry which allows all users full read
access a dangerous thing
to
> have laying around
unprotected.
>
> Geo.
>
>
_______________________________________________
> Full-Disclosure - We
believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
_______________________________________________
> Full-Disclosure - We
believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure
- We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
