Microsoft Genuine Advantage Cracked in 24 Hours

jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check. BoingBoing has the story. "

It works... for now

[gbulmash]

Just tried it and it works (after Microsoft forced me to download the Genuine Advantage update).

Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update, so I believe this is only a temporary reprieve. I guess it will be a back and forth between MS and and hackers until MS has secured Genuine Advantage.

I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows.

Just another reason to keep trying new Linux distros and updates on my testbed system until I find one I like enough to switch (tried so far: Ubuntu, SuSE, CentOS 3.3, Linspire, Knoppix, Mandrake 10). Already using OpenOffice, Firefox, and Thunderbird and have a WAMP (Windows, Apache, MySQL, PHP) set-up for development work. Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI. Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

- Greg

Unbelievable.

[455]

That really is amazing. Proof of why I don't use the MS Validation Control when we develop in VS.NET - Just turn it off!

Re:I can't believe I was actually worried about th

[Zzesers92]

the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack).

Re:Shocking stas gathered by program

[interiot]

Further research revealed that while some people had actually paid for XP, they found repeated product activation to be such a painful experience, that it was easier to just download the ilicit version and be done with it.

Re:Shocking stas gathered by program

[savagedome]

Only one? So, assuming Bill has the only original, that means Stevie B is pirating it. Damn. I always knew there was something fishy behind the Monkey Boy charm.

MS Released this for legt users

[ken-reno]

This is deigned for people who think they have a legit copy. It will help with that. I bet a lot of white box shops who install cracked versions of windows are a little nerviousr right now.

Re:It works... for now

[Compholio]

Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

I would recommend trying WINE (Crossover Office is a spinoff of WINE) first since it is free. What I'd like to see is for WINE to start providing a "Windows Alternative Update" where they provide all the DLLs they've been reverse engineering as an alternative update for the Windows 2000 users that are about to get screwed.

Re:only for the geeks

[mark-t]

I bought my copy too... an OEM version of Windows XP Home edition that came bundled with my Toshiba laptop. The certificate of authenticity label is attached to my laptop, and I have all the original manuals and CD's.

But for some inexplicable reason, Microsoft is unable to authenticate my info. Which leaves me with no alternative but to use the crack if I want to continue to use XP on that system.

From the "rejected key" page

[Komarosu]

To quote from Microsoft's own rejected key page:

Did you know that Windows XP can keep your computer up-to-date automatically with the latest updates and enhancements? You can set Windows to recognize when you are online, search for downloads from the Windows Update Web site, and deliver them directly to your desktop. Genuine Windows validation is not required to use the Automatic Updates feature.

So... whats the point?

Re:It works... for now

[Anonymous Coward]

Perhaps you dont remember when a Microsoft SSL certificate was issued to a non-MS person years ago. Just because something claims Microsoft created some Active-X control does not mean they really did. Nothing is foolproof.

Re:I can't believe I was actually worried about th

[EnVisiCrypt]

I know this was tongue-in-cheek, but since it's all client side, they have no way of flagging anybody as far as I can tell.

Anybody know differently?

If you bought a computer with...

[olympus_coder]

IANAL

Windows XP from a legitimet source (say Toshiba, as I've seen that mentioned in a couple of posts) and you fail to authenticate, call their support. If they don't solve the problem double quick, write your eterny general. They lied when they sold you the laptop. THEY need to fix it (not you).

If this is a common problem, a class action suit will be created and the manufacurer will have to answer for it. If the manufacturer feels it was actually MS that caused the problem, then they will file suit against them.

All this is academic. I use linux...

Re:Great!

[Marxist Hacker 42]

Microsoft's new license verification *scheme* isn't a security risk and if anything they are going to *welcome* these reports so that they can quickly close open holes that may allow "malicious" folks out there to continue to receive software updates.

I consider *anything* identifying me or where I bought something to a major corporation to be a security risk. Corporations cannot be trusted to act benignly towards consumers; the profit motive is against it.

Re:I can't believe I was actually worried about th

[shark72]

"In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack)."

Thank you for pointing that out -- it's a concept that's lost on many people. It's a bit like the locks that come on your car: they probably won't hinder that professional thief who wants your car, but they'll stop the amateurs.

Re:It works... for now

[mcrbids]

If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

In most industries, anyone who doesn't follow that rule goes out of business very quickly.

I think that we are just used to software being an exception.

Which is, of course, silly. When's the last time you turned in a stolen car for a recall/repair? When you do, they'll look up the VIN (Vehicle Identification Number) and make sure that you're legally entitled to the free repair.

Microsoft is doing the same thing, here. Bitch all you want to, but your license number is effectively the "VIN" for your software. Why shouldn't they have some reasonable means to check it?

Re:It works... for now

[ThinkFr33ly]

"I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows."

Paranoid: Exhibiting or characterized by extreme and irrational fear or distrust of others. (Source [reference.com])

"In 2002, piracy cost the worldwide software industry $13billion in lost revenue." - (Source [bsa.org])

Dispute the BSA's data if you want (I'm sure it's suspect), but I would hardly call Microsoft paranoid for thinking that a large number of people pirate Windows and that they are likely losing a lot of money to it.

Is a 5 second automated check of your OS really a high price to pay for software updates?

The only people who should be pissed at this are those who stole Windows, and we should all be pissed at them for being thieves.

Re:Product Activation wouldn't be bad if...

[Honest_John]

Go look on Microsoft for the "Action Pack".

Start a small side business that "Works to develop solutions on microsoft products." Buy the action pack for that business. It's $300 per year and comes with 10 copies of XP *PRO*, 10 copies of Office *PRO* Visio. 2k3 Server, Exchange Server, SQL server, Virtual PC, Microsoft's Mapping software and all updates. More software than you will use. (I'm leaving a bunch of stuff out) The only way it could be better was if it came With Visual Studio so you could actually "Develop solutions on microsoft products".

The only draw back is that it's a yearly license. *By copies, I mean serial numbers. They give you 5 numbers that can be activated twice w/o talking to anybody.

Re:I can't believe I was actually worried about th

[InvalidError]

This is probably one of the more briliant ideas from M$ in a long time: consumers who get/got screwed by their OEM can trade evidence that their OEM is shifting fraudulent copies of M$ software for legit copies.

1) Let OEMs shift fraudulent copies
2) Get the customers to seek relief from said fraud
3) Collect evidence against OEM
4) Go after said OEM's pockets
5) Profit (fraud + copyright infringement + etc. = most likely more than enough to cover legal costs)

Re:I can't believe I was actually worried about th

[Excelsior]

since it's all client side, they have no way of flagging anybody as far as I can tell.

Not necessarily. Client-side Javascript code can write to a cookie, and the server can read that cookie on subsequent submits. The client side Javascript can even communicate the cookie to the server using the XMLHTTPRequest object, or with an iframe, eliminating the need for a subsequent user-initiated request.

Not that I expect them to go to all this trouble, and I'm definitely not saying that they are doing that now. I'm just saying it is theoretically possible.

Re:Who wouldn't know ?

[cdrguru]

Easy - low-end Internet retailers ship PCs without a valid copy of Windows all the time. Yes, I got one and the sales receipt says I was charged for Windows XP. The product code that was pre-set when it was loaded on the machine had already been registered with Microsoft and no COA or anything else came with the machine.

It was not a valid copy of Windows.

I turned them in to Microsoft after they were completely unresponsive to email and a phone call. What do you know - a few days later I got a package from UPS that they shipped out the day I called Microsoft.

Windows is not so cheap to the OEM that they aren't above sneaking one past Microsoft every chance they get. Illegal and immoral? Sure, but it is Microsoft they are ripping off, so most people aren't going to care.

Re:I can't believe I was actually worried about th

[HTH NE1]

To get the free version of Windows, a customer must fill out a counterfeit report identifying the source of the software, provide a proof of purchase and send in a counterfeit CD of the software. If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said.

Switching to translation mode: "Be a Microsoft informer. Betray your family & friends. Fabulous prizes to be won."

Updates without WGA?

[gibson042]

I still use Windows 2000 Professional because I didn't like the vibe I got from XP, what with product activation and all. My thinking was, even if it turns out to be harmless and never rejects valid copies (ha!) or if I find a way to bypass it, they will sneak something in after the fact. Well, not only was I dead right, but they back-ported the requirement to Windows 2000 as well with Windows Genuine Advantage!

I want no part of WGA, for the same reasons I wanted no part of XP. I have offline access to SP4 and SP4 Update Rollup 1, but that doesn't help me get other security updates (which are still available to everyone for the time being), desired gratis software (DirectX, Windows Media Player, .NET Framework), or desired purchased software updates (Office). Is there a way to get these without installing WGA at all?

Re:It works... for now

[Sancho]

Luckily, security fixes are currently exempt from the Windows Genuine blahblahblah requirement.

Re:Who wouldn't know ?

[Gordo_1]

In the USA, it is extremely rare for unregistered versions of Windows to be used in Offices.

Perhaps, but in other places in the world, such as China, large, sophisticated pirate manufacturing operations are common, and Microsoft is looking for ways to stop them from redirecting its profits.

But Microsoft should lighten up about this policy. They are already the richest software company. Their chairman is the richest man in the world and possibly the richest man that every lived. They don't really do anything with the money that they already have.

You are forgetting a basic premise of Capitalism: A public company is owned by its shareholders -- shareholders who demand growth of their investments so they can retire in Florida and purchase gas guzzling luxobarges that barely fit into parking spaces -- but I digress. Microsoft shareholders (which probably includes you, if you own any index or mutual funds) would pull their money out if M$ were to decide that it's ok to just sit on their piles of cash and stop trying to make any more. Enough is never enough.

Re:I can't believe I was actually worried about th

[jericho4.0]

It's unknown in the small town I live in now, but I saw lots of sketchy software in Vancouver.

Re:I can't believe I was actually worried about th

[gartogg]

I'm abroad, in Israel; I RARELY see a legal copy of Windows; no-one has a CD, and it "just came on the computer" they bought from a local, small company that puts computers together.

They aren't targeting the tech savvy people you happen to know, that's all.