Windows Vista activation 'unlocked' with OEM BIOS hack

Tool released by TEAM PARADOX used to emulate OEM BIOS information

Windows Vista Ultimate as activated using OEM BIOS emulation method
Leaked OEM BIOS files lead to Windows Vista activation bypass

Microsoft last week confirmed the existence and effectiveness of a method to bypass Windows Vista activation. Microsoft senior product manager Alex Kochis posted on the MSDN Windows Genuine Advantage blog details of Microsoft’s OEM BIOS-based activation system and how it can be used to illegally activate nearly any version of Windows Vista.

This form of product activation is also known as OEM Activation or just OA,” Kochis wrote. “Back at the launch of Windows XP when Microsoft introduced Windows Product Activation, we recognized that as easy as end-user activation is, it still represented an extra step.

“In an effort to reduce the impact of even that extra step but maintain the overall effectiveness of product activation, Microsoft worked with OEMs to develop an implementation that would work best for them and their customers while keeping the goals of product activation clearly in focus. As we looked to develop a solution, it was important to ensure that product activation technology could still deliver an acceptable degree of protection, while at the same time, reduce the need for an extra step by the end user.”

Large system builders who tend to ship large numbers of PCs with Windows preinstalled have the ability during their manufacturing processes to identify systems that will ship with Windows pre-installed. Sales numbers are reported to Microsoft, who partners with such OEMs to place a marker in the BIOS of the system’s motherboard to identify PCs that were to be pre-installed with licensed copies of Windows XP or Vista. Kochis said that the special BIOS marker enables a copy of Windows verify that it is properly licensed without the need for activation.

The most recent OEM BIOS hack in question applies to Windows Vista, where a hacker group known as “TEAM PARADOX” obtained the hardware-embedded BIOS information from OEMs Asus, Acer, HP and Lenovo to emulate on illegitimate systems for the purpose of activation.

According to the documentation released along with the hacking software tools by TEAM PARADOX, “the basic concept of the tool at hand is to present any given BIOS ACPI_SLIC information to Windows Vista's licensing mechanism by means of a device driver. In combination with a matching product key and OEM certificate this allows for rendering any system practically indistinguishable from a legit pre-activated system shipped by the respective OEM.”

The OEM BIOS hack, exposing the special BIOS from various OEMs is acknowledged by Microsoft. Kochis responds, “While this method is easier to implement for the end user, it's also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard.”

Microsoft said that the same hack can also be carried out not only in software emulation, but also by modifying the hardware with reprogramming the BIOS. The latter method, however, is less of a concern to Microsoft, as the company deems that it “doesn't scale well to large numbers of systems, which makes it less of a threat.”

The Microsoft senior product manager said that the hack is nothing new. “Over the years we've seen examples of BIOS editors that, with some work, allowed people to make an edited BIOS appear to be an OEM BIOS. In Windows XP this kind of BIOS editing wasn't as difficult as it is in Windows Vista and frankly, because there were easier ways to pirate Windows XP, I don't think much attention was ever paid to it,” explained Kochis. “However, because Windows Vista can't be pirated as easily as Windows XP, it's possible that the increased pressure will result in more interest in efforts to hack the OEM Activation 2.0 implementation.”

Although Microsoft is well aware of the effectiveness of the OEM BIOS hack, the software giant does not appear to have plans of curbing this apparent exploit. “We focus on hacks that pose threats to our customers, partners and products,” Kochis wrote. “Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims.”

Another publicized hack to avoid Windows Vista activation is stopping the grace period countdown timer. Those who do not wish to introduce unknown files to their machines but still wish to stave off activation can do so with a simple command, which can extend the trial period to as much as a year.

In February, Microsoft CEO Steve Ballmer said that piracy was to blame for the slow initial sales of the new operating system. Then in March, the software company announced that the sale of Windows Vista licenses more than doubled those of Windows XP during its first month of availability.

"This is from the It's a science website." -- Rush Limbaugh
Related Articles

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki