Forgot your password?
typodupeerror
Windows Operating Systems Software Security IT

Microsoft Genuine Advantage Cracked in 24 Hours 522

Posted by CmdrTaco
from the only-a-matter-of-time dept.
jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check. BoingBoing has the story. "
This discussion has been archived. No new comments can be posted.

Microsoft Genuine Advantage Cracked in 24 Hours

Comments Filter:
  • by TripMaster Monkey (862126) * on Thursday July 28, 2005 @03:26PM (#13188848)

    A simple hack has been found that disables the check.

    It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.
    • by Zzesers92 (819281) on Thursday July 28, 2005 @03:31PM (#13188907)
      the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

      In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack).

      • by aicrules (819392) on Thursday July 28, 2005 @04:23PM (#13189493)
        You are quite correct. They're not targetting the people who download it off of a warez site. They're hoping to get the people who bought a copy that looked real with a manual and all that.
      • by shark72 (702619) on Thursday July 28, 2005 @04:34PM (#13189598)

        "In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack)."

        Thank you for pointing that out -- it's a concept that's lost on many people. It's a bit like the locks that come on your car: they probably won't hinder that professional thief who wants your car, but they'll stop the amateurs.

        • Well, of course no security is unbreakable. The idea is usually:
          1. to prevent people who have no idea what they're doing from being able to break in
          2. to make the break-in appear dangerous enough that a large portion of those who could break in are too afraid to try.

          Now, maybe some security measures will make it really hard for even those with quite a lot of expertise, but that's pretty rare. Most locks/alarms rely on fear and a lack of expertise, and that's pretty effective.

        • Actually if you need to use the car comparison, a better representation would be this: It won't stop the professional car thief, but it will stop the person who unknowingly walks up to the wronng car in the parking lot and expects to be able to unlock the door and drive away.

          Many, many people have bought pre-built PCs with Windows loaded on it by a PC builder that was pirating Windows to his heart's content They just have no idea it's not legit.
      • by Simonetta (207550)
        they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version...

        I don't believe that there are many people who don't know that they are using a "quote" pirated "unquote" version of Windows. In the USA, it is extremely rare for unregistered versions of Windows to be used in Offices. And most people who buy PCs 'ready-to-operate' will have the Windows license included at a vastly reduced bulk price. People who build their own PC from components
        • by cdrguru (88047) on Thursday July 28, 2005 @06:07PM (#13190411) Homepage
          Easy - low-end Internet retailers ship PCs without a valid copy of Windows all the time. Yes, I got one and the sales receipt says I was charged for Windows XP. The product code that was pre-set when it was loaded on the machine had already been registered with Microsoft and no COA or anything else came with the machine.

          It was not a valid copy of Windows.

          I turned them in to Microsoft after they were completely unresponsive to email and a phone call. What do you know - a few days later I got a package from UPS that they shipped out the day I called Microsoft.

          Windows is not so cheap to the OEM that they aren't above sneaking one past Microsoft every chance they get. Illegal and immoral? Sure, but it is Microsoft they are ripping off, so most people aren't going to care.

    • well,

      hahahahaha
      after reading this http://www.google.com/search?hl=en&lr=&q=new+windo ws+Vista&btnG=Search [google.com]
      Introducing Windows Vista(TM). It enables a new level of confidence in your PC and
      in your ability to get the most out of it

      LOL
      ROFL
      hahahahaha
      etc ect
    • as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

      You mean I don't even have to hold down the Shift key? ;-)
    • by DrEldarion (114072) on Thursday July 28, 2005 @03:59PM (#13189224)
      If you want to get all conspiracy theorist, you could say that they did this on purpose, and it's not a backdoor so much as a honeypot. All of you are now flagged as hackers, enjoy!
  • bwahahah (Score:5, Funny)

    by 1336.5 (901985) on Thursday July 28, 2005 @03:27PM (#13188856)
    Quality programming I tell you. Quality!
  • It works... for now (Score:5, Interesting)

    by gbulmash (688770) * <semi_famous@yahooBLUE.com minus berry> on Thursday July 28, 2005 @03:27PM (#13188857) Homepage Journal
    Just tried it and it works (after Microsoft forced me to download the Genuine Advantage update).

    Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update, so I believe this is only a temporary reprieve. I guess it will be a back and forth between MS and and hackers until MS has secured Genuine Advantage.

    I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows.

    Just another reason to keep trying new Linux distros and updates on my testbed system until I find one I like enough to switch (tried so far: Ubuntu, SuSE, CentOS 3.3, Linspire, Knoppix, Mandrake 10). Already using OpenOffice, Firefox, and Thunderbird and have a WAMP (Windows, Apache, MySQL, PHP) set-up for development work. Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI. Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

    - Greg

    • by Achra (846023)
      I'm with you. As far as a just plug in and there you go Linux distribution goes, I don't think that Mandrake (Mandriva) can be beat.. I'm loving Kubuntu, though, I think it's the tops... Despite some issues, since KDE really isn't the supported window manager for Ubuntu. Have you tried Cedega for running windows apps? It's not free, but it's CHEAP and it has worked for everything I've tried, most especially games. Photoshop works under it, and I do all my video editing with VirtualDub.. So I don't have to j
      • I agree with previous poster on VirtualDub, and I would add that you just need to give The Gimp a while to get used to its interface. I finally have, and it does everything I ever needed Photoshop for in the past. Unfortunately, I also play lots of video games like HL2/CS:S and Civ3 which are only available on Windows right now. Unfortunately, maintaining a video gaming machine on Linux is tricky at best - video drivers and other hardware stuff just isn't as easy to use in Linux as it is in Windows.
    • by Compholio (770966)
      Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

      I would recommend trying WINE (Crossover Office is a spinoff of WINE) first since it is free. What I'd like to see is for WINE to start providing a "Windows Alternative Update" where they provide all the DLLs they've been reverse engineering as an alternative update for the Windows 2000 users that are about to get screwed.
    • I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support.

      An interesting view point, which is quite pervasive.

      So why should you get free continued support?

      Now, if you had paid a maintenance fee (quarterly, yearly, ..), then you would of course get updates for the life of the maintenance contract.

      But free?

      You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to prov
      • by gbulmash (688770) * <semi_famous@yahooBLUE.com minus berry> on Thursday July 28, 2005 @04:06PM (#13189304) Homepage Journal
        An interesting view point, which is quite pervasive.

        So why should you get free continued support?

        Now, if you had paid a maintenance fee (quarterly, yearly, ..), then you would of course get updates for the life of the maintenance contract.

        But free?

        It's supposed to be free because that's how Microsoft has done it. If they want to change it, change it. But define that change clearly and prominently at the time of sale.

        Lots of smaller software companies sell you A & B & C packages:

        • A: Software only
        • B: Software + updates for X period
        • C: Software + updates for X period + plus priority/personal support.

        If Microsoft wants to follow that model, fine. Do it... on all new copies of XP they've sold. But for the prior ones, stop adding hoops and checks to make sure I paid. I bought it, I installed it, activated it, I've done enough to qualify for my updates.

        - Greg

      • by QMO (836285) on Thursday July 28, 2005 @04:13PM (#13189374) Homepage Journal
        "You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to provide free fixes for broken software, but they are really not obligated to."

        If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

        If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

        In most industries, anyone who doesn't follow that rule goes out of business very quickly.

        I think that we are just used to software being an exception.
        • by mcrbids (148650) on Thursday July 28, 2005 @04:39PM (#13189656) Journal

          If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

          If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

          In most industries, anyone who doesn't follow that rule goes out of business very quickly.

          I think that we are just used to software being an exception.


          Which is, of course, silly. When's the last time you turned in a stolen car for a recall/repair? When you do, they'll look up the VIN (Vehicle Identification Number) and make sure that you're legally entitled to the free repair.

          Microsoft is doing the same thing, here. Bitch all you want to, but your license number is effectively the "VIN" for your software. Why shouldn't they have some reasonable means to check it?
    • Prediction (Score:4, Funny)

      by Spy der Mann (805235) <spydermann DOT slashdot AT gmail DOT com> on Thursday July 28, 2005 @05:44PM (#13190244) Homepage Journal
      Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update

      To appear tomorrow on Slashdot:

      javascript:void(window.g_sWGACheckVersion='2.0')

  • Great! (Score:5, Funny)

    by Luscious868 (679143) on Thursday July 28, 2005 @03:27PM (#13188859)
    Let's post it on Slashdot for all to see so Microsoft will find out about it and make it harder to get around!
    • Re:Great! (Score:4, Funny)

      by youknowmewell (754551) on Thursday July 28, 2005 @03:31PM (#13188914)
      Don't worry, nobody will be seeing it for the next day or so; it was posted on /.!
  • Javascript?? (Score:5, Insightful)

    by WebHostingGuy (825421) * on Thursday July 28, 2005 @03:27PM (#13188863) Homepage Journal
    Are they serious about security, privacy and piracy yet?
    • I guess people could come up with conspiracy theories for this... that Microsoft WANTED people to crack it as fast as possible so they could whine about it to senators or something.

      Does anybody know if Herr Gates is scheduled to meet any important people soon?

  • by zoomba (227393) <mfc131&gmail,com> on Thursday July 28, 2005 @03:27PM (#13188865) Homepage
    That one will be fixed pronto in a "critical" security fix.
  • Unbelievable. (Score:2, Interesting)

    by 455 (718431)
    That really is amazing. Proof of why I don't use the MS Validation Control when we develop in VS.NET - Just turn it off!
  • by Anonymous Coward on Thursday July 28, 2005 @03:28PM (#13188871)
    Download the hack here,

    http://www.linux.org/ [linux.org]
  • That has to be the shortest article I've read! Roughly 45 words in it. Article summaries have been longer.

    Oh well, sucks to be Microsoft. Now they've had their anti-theft security cracked again. Everyone's got to be laughing at them.

  • by supersocialist (884820) on Thursday July 28, 2005 @03:29PM (#13188882) Journal
    I mean, seriously, I expected a crack out much sooner. What's it been, six hours?
  • by FerretFrottage (714136) on Thursday July 28, 2005 @03:30PM (#13188896)
    ...after users attempted to update, MS found out that there is actually only 1 registered copy of Windows XP.

  • as always (Score:4, Insightful)

    by cryptoz (878581) <jns@jacobsheehy.com> on Thursday July 28, 2005 @03:30PM (#13188899) Homepage Journal
    MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended), and they have no choice. As part of their business, it's mandatory that they attempt to curtail software piracy. But they know, and we know, that it can't be done. It's like the terrorists (now, seriously guys, I'm NOT making a link between hackers and terrorists, I'm above that). But look at it this way. The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through. That is, Microsoft will have to figure out every possible way that their products can be cracked and provide protection, but the hackers must only find one single weakness. So to speak.
    • MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended)

      This is their absolute best?

    • The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through.

      Which is much of WHY, in a race between weapons and armor, weapons always eventually win.
  • A product with the market penetration as big as Windows is always going to be cracked, as soon as possible after it comes out. No matter what they do to try and prevent it, which is why some companies don't spend that much on anti-piracy for the product on release now, something microsoft can't do... so they have to try their best.
  • by jav1231 (539129) on Thursday July 28, 2005 @03:32PM (#13188936)
    I guess they've answered "Can Open Source and Commercial Software Coexist?" with a YES, and added a HOW!
  • Does it have to be compatible with anything else than IE? Just make it in activeX! It will make it harder to crack: Using IE will get your computer deadly infected with spyware and virusses, so you can not hack the genuine advantage program yourself, ergo the genuine advantage program is safe and secure.

    Actually MS sites work pretty well with firefox (I do not know if it looks or works different in IE since they do not make a version for linux (they made one for SUN, hum, maybe give that a try....))
  • Article Text (Score:3, Informative)

    by Anonymous Coward on Thursday July 28, 2005 @03:36PM (#13188978)
    Thursday, July 28, 2005

    Microsoft "Genuine Advantage" cracked in 24h:

    "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

    Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

    java script:void(window.g_sDisableWGACheck='all')

    It turns off the trigger for the key check.
  • More then one way (Score:5, Informative)

    by KasKyt (872929) on Thursday July 28, 2005 @03:39PM (#13189007) Homepage
    This bypass also works http://home19.inet.tele.dk/jys05000/ [inet.tele.dk] I tested it earlier today, good job MS :D
  • by ackdesha (572569) on Thursday July 28, 2005 @03:41PM (#13189027)
    This seems like such a amatuer web developer move that I'm led to think maybe they left it easy to bypass on purpose. Come on, if Microsoft eliminated all piracy of windows, people might actually try something else.
  • ...and if the above posts are correct, it's about 45 words!
  • Probably one that will be labelled a critical update and won't require any checks to download once MS has it ready.

    And wanna bet that MS is gonna obfuscate the issue ever so slightly in the update description to make it appear to a person that doesn't read it very carefully that the update in question actually fixes an issue far more critical to the user than it really is, when in actuality it's only really critical to Microsoft?

  • Since BoingBoing is getting hammered here's the text of the article:

    Thursday, July 28, 2005
    Microsoft "Genuine Advantage" cracked in 24h:


    window.g_sDisableWGACheck='all'

    AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

    Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

    javascript:void(window.g_sDisableWGACheck='all')

    It turns off the trigger for the key check.

    Link [theinquirer.net] (Thanks, AV!)
  • This is deigned for people who think they have a legit copy. It will help with that. I bet a lot of white box shops who install cracked versions of windows are a little nerviousr right now.
  • Microsoft Security . . .

    Is that anything like Military Intelligence?

    ---

    Somewhere in Redmond, a developer is emptying his desk.

  • by stevemm81 (203868) on Thursday July 28, 2005 @03:46PM (#13189081) Homepage
    You can also just find a direct link to what you want to download. For instance, go to
    http://download.microsoft.com/download/8/1/5/815d2 d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywa reInstall.exe [microsoft.com]
    to get the anti-spyware program.

  • by 00Monkey (264977) on Thursday July 28, 2005 @03:48PM (#13189111) Homepage
    I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.
  • by ShatteredDream (636520) on Thursday July 28, 2005 @03:48PM (#13189114) Homepage
    they would actually treat their customers like their legitimate users unless they give them reason to believe otherwise. Here would be a good idea for Microsoft: allow unlimited product activations if you buy a site license for your house and send them a registration notice in the mail. Then product activation is against others who might steal your serial number.

    I have enough PCs that I'd pay $300 for a "home site license." Microsoft could create such a thing without any hassle because for many households, it'd be worth it. All they'd have to do is make you send a copy of your driver's license or something in the mail and then if someone tries using your serial number that doesn't share the data on your driver's license, they go after them for infringement. That way, product activation doesn't harass law-abiding users.

    I'd love to use Longhorn because it looks like a good release, but damned if I'm going to buy it and get 2 "harassment-free" installs. If I buy it, you can bet that I'll only buy it after I've either gotten a cracked CD or found a site license serial that actually works like the ones that XP uses. Every windows license I have is valid, though I use cracked CDs just to get around the PA. Seesh, why am I forced to behave like a common criminal? I can't wait to be able to switch back to OS X at this rate...
  • The idea behind this check was to catch retail outlets selling pirate copies of Windows to customers. The only reason I can think of that you would be against this is if you where selling such merchandise.

    As for the rest of you, if you think Windows is so bad, why pirate it?

  • by Komarosu (538875) <nik_doof.nikdoof@net> on Thursday July 28, 2005 @03:56PM (#13189194) Homepage

    To quote from Microsoft's own rejected key page:

    Did you know that Windows XP can keep your computer up-to-date automatically with the latest updates and enhancements? You can set Windows to recognize when you are online, search for downloads from the Windows Update Web site, and deliver them directly to your desktop. Genuine Windows validation is not required to use the Automatic Updates feature.

    So... whats the point?

  • by br00tus (528477) on Thursday July 28, 2005 @04:08PM (#13189320)
    One thing I have noticed with a lot of atrocious stuff is something like this: a program comes out that installs spyware, sends all of your information to who knows where, changes all your automatic launches to this product, starts up the program with each reboot and so forth. However - these programs have in the fine print stuff that says "if you use a hex editor to modify this INI file, all of that bad stuff will be disabled". The techs who know what they're doing will do this, and stop complaining about it. The 99% of other clueless users will be stuck with this the garbage.

    Which leads me to put my tin foil hat on and say: was this really a hack? Or is Microsoft happy to have this effect 99% of people on earth, and allow the 1% of techies who are unhappy about this either for privacy reasons, or because they have have a "pirate" edition of Windows, to get around it and stop complaining? I don't really see this as getting one over on Microsoft, smart authoritarian hierarchies often leave little safety valves for discontent like this around, allowing a few people to get away with breaking the rules, instead of them going about trying to change or get rid of the rules.

  • by olympus_coder (471587) * on Thursday July 28, 2005 @04:16PM (#13189398) Homepage
    IANAL

    Windows XP from a legitimet source (say Toshiba, as I've seen that mentioned in a couple of posts) and you fail to authenticate, call their support. If they don't solve the problem double quick, write your eterny general. They lied when they sold you the laptop. THEY need to fix it (not you).

    If this is a common problem, a class action suit will be created and the manufacurer will have to answer for it. If the manufacturer feels it was actually MS that caused the problem, then they will file suit against them.

    All this is academic. I use linux...
  • by Jabroney (900831) on Thursday July 28, 2005 @06:28PM (#13190567)
    You can disable the tool from within IE. Just go Tools > Addons > Disable Windows Geniuine Advantage
  • by Anonymous Coward on Thursday July 28, 2005 @07:16PM (#13190862)
    "Cracked in 24 hours"? I 'cracked' it so long ago (Proof [no-ip.com]) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0

    I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.
  • by Mostly a lurker (634878) on Thursday July 28, 2005 @09:50PM (#13191646)
    Some people get very upset when personally identifiable data is sent to servers. Does Microsoft ever send the Windows serial number across the network today? I am guessing that they chose to do this client-side (knowing it would get bypassed) because they did not want to deal with the backlash from passing the data to the server.

Reference the NULL within NULL, it is the gateway to all wizardry.

Working...