backtop

Print E-mail del.icio.us 33 comment(s) - last by jonmcc33.. on Dec 17 at 12:07 PM
Despite its best efforts, Microsoft's activation server gets cracked

Despite all the talk surrounding its security and beefed up anti-piracy measures we all knew that it wouldn't take long for hackers to take a stab at Vista's activation scheme. Cracked copies of Windows Vista started flooding the internet soon after the operating system was released to manufacturing and ahead of its official release.

Microsoft's new Volume Activation 2.0 system requires that each copy of Vista for volume licensees be activated through Microsoft servers. This wasn't the case with Windows XP numerous pirated "corporate" editions of the operating system flooded the internet.

Microsoft's solution for making Volume Activation 2.0 easier for administrators has been attacked, however. Hackers have spoofed Microsoft's Key Management Service (KMS) server which allows corporations with 25 or more networked computers to activate Vista installations. The software hack is making the rounds around the web and in a nod to Microsoft Chairman Bill Gates is named after his wife, Melinda.

According to reports, the software hack uses a VMware image of the KMS server to activate copies of Windows Vista Business and Enterprise. APC Magazine reports:

The download is a VMware image, and the idea behind it is that you download and install VMware Player (a legal free download), boot the image and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And that’s it -- no communication back to Microsoft.

But for those that think that all of their problems are solved with this software hack, you may want to hold your horses. A valid KMS product key is still required and the activation is only valid for 180 days.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
What hack?
By stash on 12/10/06, Rating: 0
RE: What hack?
By Etsp on 12/10/2006 2:46:33 PM , Rating: 3
you dont need 25 machines. In order to legally buy the activation server software you need to have bought 25 copies of vista. This hack is a vmware image of the activation server.


RE: What hack?
By stash on 12/10/2006 3:27:03 PM , Rating: 3
Uh no. There's no 'activation software' to buy. It's built into Vista. That VB script comes with Vista.

Here's how a KMS works. You enter your VL key into a Vista machine, Longhorn server or (soon) a 2003 server. This installs the KMS service, which also registers DNS records so your clients can find it.

You then must activate the KMS against Microsoft servers over the web or phone. This is a one-time activation.

Your clients will then connect to the KMS, but will only be activated once 25 machines report in to the KMS.

Read more about it here: http://www.microsoft.com/technet/windowsvista/plan...


RE: What hack?
By GaryJohnson on 12/11/2006 12:35:01 AM , Rating: 2
Something interesting in that volume activation guide:

quote:
Volume Activation 2.0 also may provide enhanced security through frequent background validations for Genuine modules. This is currently limited to critical software, but may be expanded greatly over time.


There's an easier way.
By loser311 on 12/10/2006 6:49:23 PM , Rating: 3
I heard of a way like that but it had to do with putting your bios clock ahead until December of 2099, so when you go through with the fake activation it gives you 180 days...buuuuut its 180 days after December of 2099. : )




RE: There's an easier way.
By XtremeM3 on 12/11/2006 4:36:12 AM , Rating: 2
Could be...but I've seen simple security programs that wouldn't go for that. Kinda easy with a "kill if (todaysdate) > [(registrationdate)+180] OR if (todaysdate) < registrationdate)".

Obviously this is the plain text version, but you see what I mean. Not really hard to write, especially since date change so-called "hacks" have been used foreva.

Jeff


RE: There's an easier way.
By carage on 12/12/2006 8:14:02 PM , Rating: 2
I think Microsoft checks for system date now.
I just installed WinXP on a new PC yesterday and one of the items checked during validation was the date.


Update
By crystal clear on 12/11/2006 2:24:34 AM , Rating: 4
"Microsoft's new Volume Activation 2.0 system "
Read an update-

"Security researchers Sunbelt Software have confirmed that the Trojan is contained in a program called "windows vista all versions activation 21.11.06.exe", which has been circulating on message boards, according to a report The program claims to be a "crack" designed to unlock pirated copies of Vista, which was made available to Microsoft's volume licensing customers last week.
It in fact installs malware known as Trojan-PSW.Win32.LdPinch.aze, which attempts to steal passwords and send them back to an attacker, according to security researchers Kaspersky, which first noted the Trojan in early October.

Source-
http://www.techworld.com/security/news/index.cfm?n...




RE: Update
By jonmcc33 on 12/17/2006 12:07:41 PM , Rating: 2
From Kaspersky, which means that any good AV program can take care of that virus. No threat in my book.


Activation last forever...
By clayclws on 12/10/2006 4:37:37 PM , Rating: 3
From where I come from, piracy runs rampant. Vista has been out for weeks. Along with Office2007. It says that the softwares will expire within 30 days...but the clock never started. My bro tested it out, and has been using it for weeks...still, the timer is fixed at 30 days.




RE: Activation last forever...
By carage on 12/12/2006 8:19:07 PM , Rating: 2
A friend of mine works in a computer store in one of those countries and he reports the same thing. He has been using Vista for awhile now and the clock never did anything.
However he heard news (from a local M$ salesperson)that the clock won't start ticking until January 30th, when the retail version is supposed to be available. Maybe M$ temporarily turned it off for OEM testing purposes.


Should be......
By crystal clear on 12/11/2006 2:30:57 AM , Rating: 3
Should be-

windows vista all versions activation 21.11.06.exe

and NOT

Microsoft's new Volume Activation 2.0 system




RE: Should be......
By Samus on 12/11/2006 3:44:11 AM , Rating: 2
i dont see microsoft sweating over this.


ONLY?
By shabodah on 12/10/06, Rating: 0
RE: ONLY?
By Ratwar on 12/11/2006 12:57:02 AM , Rating: 2
Well, some of us buy PCs expecting them to last more than six months you know... Actually, most of us do...


RE: ONLY?
By ElJefe69 on 12/11/06, Rating: -1
RE: ONLY?
By Spivonious on 12/11/2006 9:33:29 AM , Rating: 3
Wow, I didn't think anyone was still running Windows 95, but you proved me wrong.


30 days free?
By sbanjac on 12/10/2006 5:33:16 PM , Rating: 2
So is it legal to download vista and use it for 30 days? are all features unlocked? Well i think that they should be, because this way we can see if it is worth the extra money... Will we be able to order these "trials" from MS?




RE: 30 days free?
By PrinceGaz on 12/10/2006 9:42:25 PM , Rating: 2
It is probably only legal to download a copy of Vista if you have already purchased a license. You don't buy the disc that software comes on, but rather the license (the right to use it).

However you can still use your copy of Vista without buying it (and activate it as that has now been cracked) but there is the slight downside that you will of course burn in hell for all eternity for your piracy sins :p


Update again
By crystal clear on 12/11/2006 9:17:26 AM , Rating: 2
This is the official response of MS-


Quote-
UPDATED 11:00 pm December 8, 2006: Cori Hartje, Director of Microsoft's Genuine Software Initiative, issued the following statement to BetaNews regarding the activation crack:

"We are actively monitoring these types of piracy and counterfeit situations, and will take action on any Key Management Service (KMS) or Multiple Activation Key (MAK) keys that have been reported as stolen or abused. Microsoft will continue to make investments under the Genuine Software Initiative (GSI) and is committed to engineering world-class anti-counterfeiting technologies in order to make piracy harder and protect customers and channel partners from the various risks associated with counterfeit software."

http://www.betanews.com/article/Hackers_Find_New_V...





whats up now
By kdog03 on 12/10/06, Rating: -1
RE: whats up now
By MachFive on 12/10/2006 5:23:14 PM , Rating: 5
Your rating isn't, that's for sure.


RE: whats up now
By SixDixonCider on 12/10/06, Rating: 0