Vista activation cracked by brute force
Sledgehammered
By Charlie Demerjian<javascript:__doPostBack('article_body$lnkEmailForm','')>:
Thursday 01 March 2007, 17:15
*IT LOOKS LIKE* Microsoft's unhackable OS activation malware has been
hacked.
There is an active thread at the Keznews
forums<http://keznews.com/forum/viewtopic.php?t=2586>(account needed),
and a summary on its
main page <http://keznews.com/2431_Vista_Brute_Force_Keygen> about the
crack.
It is a simple brute force attack, dumb as a rock that just tries keys. If
it gets one, you manually have to check it and try activation. Is is ugly,
takes hours, is far from point and click, but it is said to work. I don't
have any Vista installs because of the anti-user licensing so I have not
tested it personally.
The method of attack has got to be quite troubling for MS on many grounds.
The crack is a glorified guesser, and with the speed of modern PCs and the
number of outstanding keys, the 25-digit serials are within range. The
biggest problem for MS? If this gets widespread, and I hope it will, people
will start activating legit keys that are owned by other people
It won't take long for boxes bought at retail to be activated before they
are bought, and the people who plunk down money for the mal^h^h^hsoftware
for real get 'you are a filthy pirate' messages. Won't that be a laugh riot
at the MS phone banks in Bangalore.
So, what do you do? There is really no differentiating between a legit copy
with a manually typed in wrong key and a hack attempt. Sure MS can throttle
this by limiting key attempts to one a minute or so on new software, but the
older variants are already burnt to disk. The cat is out of the bag.
The code is floating, the method is known, and there is nothing MS can do at
this point other than suck it down and prepare for the problems this causes.
To make matters worse, MS will have to decide if it is worth it to allow
people to take back legit keys that have been hijacked, or tell customers to
go away, we have your money already, read your license agreement and get
bent, we owe you nothing.
This is ugly for MS, and if it allows you to take back your legit keys, how
long do you think it will take before people catch on to the fact that you
can call in and hijack already purchased keys once you generate one that
someone else activated?
No, this is a mess, and the problem is the very malware activation and
anti-consumer licensing that MS built into Vista. Then again, it is kind of
hard to feel sorry for them the way they screw their paying customers. We'll
give it three days before there is a slick GUI version with all the bells
and whistles. ยต
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph
