Microsoft Genuine Advantage Cracked in 24 Hours

jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check. BoingBoing has the story. "

I can't believe I was actually worried about this.

[TripMaster Monkey]

A simple hack has been found that disables the check.

It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.

Re:It works... for now

[Anonymous Coward]

Jump through hoops? I was verified in under thirty seconds with two clicks, and every download since has been simple and trouble free. It's fairly typical "I wubb linux" gibberish when you say you've got to "Jump through hoops", to make those two clicks, when you'd spend longer typing apt-get at the command line.

Who really cares about this??

[Anonymous Coward]

Microsoft is becoming irrelevant, passe. Why would I care if I could pirate Windows? I don't use Microsoft software now, I don't plan to use Microsoft software in the future, it does not matter if they give the stuff away.

People who break authentication so they can pirate software are hurting free and open source software. This behaviour encourages people to pirate the software. If you want to use Microsoft software then don't break the law and don't use pirated copies. That's right, pay for legal use of the software. Use you elite hacking skills to improve free and open source software.

Article Text

[Anonymous Coward]

Thursday, July 28, 2005

Microsoft "Genuine Advantage" cracked in 24h:

"This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

java script:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

More then one way

[KasKyt]

This bypass also works http://home19.inet.tele.dk/jys05000/ [inet.tele.dk] I tested it earlier today, good job MS :D

Re:WTF

[TheViciousOverWind]

Erh... Think just a tiny bit before you post inane babble like that - The article was called "Microsoft Genuine Advantage[...]" and in the url it says "microsoft_genuine_ad". - See the resemblance? It's just an autogenerated filename their CMS came up with probably.

And now for something completely different (a comment about the article): I'm pretty sure the one who programmed this check knew that it wasn't bulletproof, and maybe it's just a case of a "proof of concept" project which suddenly becomes a "Gone live" project. - It will be pretty easy for them to fix, but it really is a huge embarassment for them, and you would think that a company with that kind of resources had rules to cover things like that (as in Rule #302742314 "Clientside checking is only okay if followed by a Serverside check").

Since BoingBoing is getting hammered...

[randomErr]

Since BoingBoing is getting hammered here's the text of the article:

Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:

window.g_sDisableWGACheck='all'

AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

Link [theinquirer.net] (Thanks, AV!)

Can Also Just Find a Direct Link

[stevemm81]

You can also just find a direct link to what you want to download. For instance, go to
http://download.microsoft.com/download/8/1/5/815d2 d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywa reInstall.exe [microsoft.com]
to get the anti-spyware program.

Different Way to Crack It...

[00Monkey]

I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.

Re:From the "rejected key" page

[kalislashdot]

I think Automatic Updates ONLY do Critial Updates. Which excludes updates to programs or new features.

Which is fine by me. Patch the security wholes without bugging me, just my style.

Re:It works... for now

[Ingolfke]

MS has been saying that to be safe don't run exe's off the net and disable activeX,

Microsoft has been saying don't run unknown EXEs and ActiveX controls. They do sign all of their controls so for those of us who check before we run something we can validate that they're actually from Microsoft or some other trusted party before we run the app/control.

What about softmods?

[Otto]

The original XBox still has no generally applicable software-only crack for it, after several years in the field. Real security.

What about softmods? There's several of them around, designed for various purposes. Most of them are meant to be used to run XBMC, admittedly, but in theory they could be generalized to run Linux or something.

Check the various tutorials: http://www.xboxscene.net/tutorials.php?p=151%7C#15 1 [xboxscene.net]

Re:I can't believe I was actually worried about th

[sag_ich_nicht]

sounds kind of like everyone who wnats can get windows for free now... 1. Download Windows XP Professional from Bittorrent 2. make CD 3. Print cover on CD. 4. Print paperbox. 5. Fold paperbox. 6. Take picture. 7. Send picture as proof of buy to Microsoft and report you got it from some Thaiguy. 8. Recieve free Windows XP Professional. 9. ??? 10. Profit.

Re:Unbelievable.

[enkafan]

Personally, I wouldn't use the built in validation controls because they don't output DOM compliant javascript. You can download a set of DOM compliant validation controls here: http://www.okane.com.au/matt/PermaLink,guid,c0797a e3-d041-49bb-bd15-0ae551151271.aspx [okane.com.au]

But if you are using ANY validation control in ASP.NET, you sure as hell better be calling Page.IsValid on the server side instead of relying on the javascript functionality. well, I guess this assumes you knew that the validation controls can be ran from the server side...

Re:I can't believe I was actually worried about th

[Sancho]

If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Just disable the tool

[Jabroney]

You can disable the tool from within IE. Just go Tools > Addons > Disable Windows Geniuine Advantage

I cracked it nearly 6 months ago ;)

[Anonymous Coward]

"Cracked in 24 hours"? I 'cracked' it so long ago (Proof [no-ip.com]) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0

I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.

Re:Who wouldn't know ?

[Anonymous Coward]

don't know that they are using a "quote" pirated "unquote" version of Windows

You are really weird. You do realize that when someone says "quote" and "unquote", they are verbalizing what would be written as "", don't you? It's doubly odd in that you you needed to put "quote" and "unquote" in quotes themselves.

Re:only for the geeks

[Anonymous Coward]

Dell does the same, to change your key [to the one on the label] you'll have to deactivate windows

microsoft even has instructions
http://support.microsoft.com/default.aspx?scid=kb; EN-US;328874 [microsoft.com]

Re:I can't believe I was actually worried about th

[SA Stevens]

Family and friends??

No, this is to nail 'whitebox' sellers who purportedly sold you a copy of Windows XP but just pocketed the proceeds and left you high and dry.

Windows update verification

[Anonymous Coward]

Russian pirates suggest that you go to IE options->Programs->Add-ons and disable Genuine ActiveX. Then just load the updates from the web site.