Vista activation cracked by brute force

Can't wait to see how this is going to unfold. Yes, I will definitely be waiting for the dust to settle before I buy Vista.

It also says its a very dirty, and long arduous task.. anyone can do this for any key, its just too much effort for most.

Plus, the file has been popping up on a few sites, but differing in sizes so just would like to put a warning out -- it may have been bound with a backdoor/rootkit on some sites.

This is very silly of microsoft. Keys should only be validated server side that way they can see how many attempts each person makes at activation and make brute force attacks impossible. Oh dear. :o

I certainly dont want to be a Microsoft Customer representative when the calls start flooding in, if they flood in that is, this could prove pretty costly to MS.

Sam

how can you validate it server side???? what happens if i do not have the internet???

this is the case with 99% of ALL key software, it is not just MS, so I dont really see how its such a big thing.

LMFAO - just LMFAO this is going to be an interesting few months :p

You do validate server-side in Vista...

"Sometimes you just build an angry mouse, who takes a very big sledgehammer to your very delicate, Rube Goldberg-esque trap."

This is my favourite line of 2007 so far. So true.

:D

so lets just go down the list of apps you can crack just by entering a key that cost more than Vista

3DS Max
XSI Softimage
Maya
Adobe Creative Suit

all can be cracked with a keygen.. and this is basically a long winded way of getting a keygen.. omg !! SUCH NEWS!!

oh wait... no its not.

Serves them right, tbqh :p

Vista activation is not having a good time is it ?

So if someone buys a proper copy, takes it home and cant register ( 'coz it has been too many times ) Then calls MS, they wont be able to to anything?

25 characters in a few hours!?!?!? normaly that would take months

Although I have only cracked passwords upto 14 characters alpha numeric with symbols that took about 1 month per pass using john the ripper under ubuntu 5.1 on an athlon 2600+ with 1gb of ram.

Originally Posted by keir
So if someone buys a proper copy, takes it home and cant register ( 'coz it has been too many times ) Then calls MS, they wont be able to to anything?

Make sure you buying it on a credit card then. Might be the only way to get your money back.

Personally, I dont think that they will screw their customers over like that.

Originally Posted by sinizterguy
Vista activation is not having a good time is it ?

Correction; Vista isn't having a good time, period. :D

To be honest though, I couldn't help myself but laughing my rear off. Even though I know this is pretty serious, and that people who buy the OS and find that they can't even register it is pretty bad. But the way Bit-Tech has written it, it seems like Microsoft is really falling on their own big mouths here, hehehe.

Safest Windows ever! Best security in Windows ever! No virusses for Vista!
....

pewPEWpew! Byebye to all the bigtalk, hello to reality. :D
Sorry Microsoft, but if you are trying to get us to believe you're doing a good job, make sure you actually áre doing a good job. We'll talk about playing suck-up after that ;)

Too bad though... with the first screenshots of Vista I was actually excited. But the more I hear about Vista, the more it seems like hot air, wrapped in a nice XP-compatible skin ;)

Heh, can't pretend we didn't see it coming. Although if that's fully cracked, then how cracked is the version that... err, nevermind.

It does sound fast for a key of that length... ~808,281,277,460,000,000,000,000,000,000,000,000,000 possibilities assuming any character can be one of thirty-six things (which obviously it can't since then any random typing would be a valid key, so they must know quite a bit about the structure)

Originally Posted by sinizterguy
Make sure you buying it on a credit card then. Might be the only way to get your money back.

Personally, I dont think that they will screw their customers over like that.

No way. First of all, there's a little thing called consumer rights - if you buy something that doesn't work as advertised, you have a right to a replacement or full refund. So MS can't sit back and do nothing if legitimate copies are being declined for authorisation because some clown has already stumbled on that key. Secondly, the PR fallout would be IMMENSE. MS' name would be dirt (even moreso than it is already - at least people currently generally trust MS, even if they don't like it).

Originally Posted by DeX
This is very silly of microsoft. Keys should only be validated server side that way they can see how many attempts each person makes at activation and make brute force attacks impossible. Oh dear.

AFAIK they do, but as I understand it, this crack works by churning through keys until it finds one that MS has authorised for use on a legit copy (i.e. it finds a key which is already in circulation on the licence certificate of a genuine copy of Vista). Not much they can do to stop it tbh, short of a full recall and reissue with longer keys. I'd like to see how much that would cost them.

Realistically, if this starts to become a problem, they're just going to have to relax the licensing restrictions, in order to keep the legit purchasers who get stung (who could number MANY when this crack gets known in the wider world) from turning up at Redmond with pitchforks and flaming torches.

Originally Posted by Kipman725
25 characters in a few hours!?!?!? normaly that would take months

Although I have only cracked passwords upto 14 characters alpha numeric with symbols that took about 1 month per pass using john the ripper under ubuntu 5.1 on an athlon 2600+ with 1gb of ram.

Yeah, but remember MS will have MILLIONS of legit codes in circulation, and probably a great many more pre-authorised on licences ready to go out. There are many possible solutions to this particular brute force.

I guess one semi-solution is to limit the number of activation requests serviced in a given time by each IP address - e.g. no more than 5 goes in a 1 hour period for any IP address. This would slow down the brute force something chronic (though I guess you could in principle use a distributed attempt from a botnet to spread the requests over many IPs), but would still allow for a couple of typos in the key, or for the (rare) situation where an IP leased to one person who has used it to activate his copy of Vista is then dropped and immediately re-leased to a second person who also needs to activate.

EDIT: I guess the point is that ANY activation / copy protection will eventually be broken, given enough effort, and MS' software will always attract that kind of effort. The best MS can hope to do is inconvenience the hackers enough that for the majority of people it isn't worth the hassle of working through the crack just to save a few £$€

you know you can do this on XP as well? and 2k3 and ME and 2k ...

to bad vista isn't worth cracking...
much less buying.

If you need to input any kind of key, it can be bruteforced. Simple as that. I would have expected something like this a lot earlier TBH...

I feel sorry for the rep who gets my call if I find my key has already been activated

well within the possibility of trying them all until one works?

26 letters+ 10 numbers = 35 possible characters*.

25 positions*.

35^25 = 3.9966959347247031355112791061401e+38

number of seconds in a millenium = 3.1556926e+10

So even if we could try one million per second, there's still no hope of trying all combinations in any of our lifetimes.

And again, even if Microsoft does have 10 billion codes reserved, that's still less than 0.000000000000000000000001% of the total permutations.





*Obviously there will be fewer permutations, depending on the number of restrictions on the codes.

best vista install story to date:

http://www.overclockers.com/articles1416/

i'll quote an excerpt:

"The Customer Service Manager told me that I could either borrow an XP Home disk from a friend (isn't that software piracy ??) or look online for one of the many Vista Activation cracks to bypass Vista Activation completely, and specifically mentioned "TimerLock" (um... hey, HE told me to do it !!). Well, I followed his instructions."

lol wow is all i can say!

me likes. my dad already bought vista so i might be trying this out.

Originally Posted by jakenbake
best vista install story to date:

http://www.overclockers.com/articles1416/

i'll quote an excerpt:

"The Customer Service Manager told me that I could either borrow an XP Home disk from a friend (isn't that software piracy ??) or look online for one of the many Vista Activation cracks to bypass Vista Activation completely, and specifically mentioned "TimerLock" (um... hey, HE told me to do it !!). Well, I followed his instructions."

this story is simply hilarious!!!!!

and yet so fake? surly they would have just issued him with a new key

and once again microsoft is everybody's best friend

Originally Posted by Buzzons
you know you can do this on XP as well? and 2k3 and ME and 2k ...

I'm hearing you, but not many others appear to be. Why has everyone has suddenly become an anti-Microsoft fanboi? This sort of cracking has been around for years, on most pieces of software. Microsoft can simply re-issue keys over-the-phone if legitimate users are affected.

Originally Posted by Lazlow
I'm hearing you, but not many others appear to be. Why has everyone has suddenly become an anti-Microsoft fanboi? This sort of cracking has been around for years, on most pieces of software. Microsoft can simply re-issue keys over-the-phone if legitimate users are affected.

The issue is this - normally, these things are generated by keygen. It's a valid code before you even start, fitting specific algorithms.

With Vista, the need for a key to install it in the first place is no longer there. But the algorithm hasn't been worked out for a keygen, because MS REALLY did its homework on this one. Spent millions, in fact. The idea was, if you can't generate a keygen because the algorith can't be cracked, there would be no widespread cracking.

Because of that philosophy, crackers haven't been able to determine "safe" keyzones that won't infringe on other licensees. Rather than not cracking, they're just throwing numbers at the wall and seeing what sticks. It could be a corporation with 50 licenses. It could be the dude down the block. And if it's the dude down the block, he may find a bunch of people used up all his activations. If MS gives him a new key, there's a chance that one could get the exact same problem.

It's different than the XP issue simply because it's too hard to reverse engineer a decent keygen. That was supposed to stop the pirates. Instead, it's likely to simply inconvenience the users to an even greater degree. No matter what kind of complex, 10 tumbler lock you make in hopes it can't be picked, the door can still be broken down with a sledgehammer - and that has a far greater chance of hurting those standing behind said door.

Anyway, that was my purpose for writing it and why I felt it was newsworthy. :)

Originally Posted by Da Dego
Anyway, that was my purpose for writing it and why I felt it was newsworthy. :)

It is newsworthy and your explanation makes a lot of sense - thanks! So in a way, Microsoft's Vista is more secure in terms of requiring brute force this time around, compared to previous version (XP, Me etc.).

I feel sorry for those that can't validate but ms end user
agreement is so out of touch and overbearing ms deserves every bit of crap they get over this. also who would want to buy vista in the state its in now and at a
rediculous price

Oh.. it was supposed to be secured ;)

personally id like to try out vista for a bit

I mean, if i don't like it, i haven't lost anything, and if i do like it, then i can still go out and buy it
But ms don't give trials or anything, in fact if you go and download the iso or whatever you can get a better trial then what MS gives you (at least i don't know any way of trialing it)

Although, 30 days really isn't a good trial period, MS should give you like 3 months or something, and that way their more likely to get you hooked anyway

of course now you can generate a completely valid code anyway - BTW were there ever keygens for XP - and if so why aren't the codes you normally get seen as valid :s

Also, if you get a load of keys that didn't work (like trillions) and then some that did work (10's) after a while someone who is good at coding can work out a way to generate keys

you can get a 4 month trial by using the rearm command all 3 times

Well, it is interesting to see what will happen in the near future. In any case it is comon sense that, if you build something too complex...something that is burtal and primitive will break through it easily. So there is really nothing new in this. There is no real solution to this problem atm...and there probably never will

it turns out it was a hoax - so apprently the above maths was correct :p

technically you could brute force it, but the likelyhood of getting a valid key is very low

There is a proper working crack out today from paradox so ms still have an issue on their hands.

The new one uses the oem style activation method from the likes of dell/asus so its going to be hard to stop the use of it.

Originally Posted by Gordy
There is a proper working crack out today from paradox so ms still have an issue on their hands.

The new one uses the oem style activation method from the likes of dell/asus so its going to be hard to stop the use of it.

gives lots of BSOD's though..

Did no one go through the numbers before they put this up on bit tech?

x npr y = x*(x-1)*(x-2)*...1/(x-y)...

or more simply

x npr y = x!/(x-y)!

so thats 35!/10! - come on bit tech staff...

edit: thats with the assumption given by the above poster on possible number or characters for entry into the 25 space string