facebook rss twitter

Vista activation circumvented... properly?

by Steve Kerrison on 4 March 2007, 21:43

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qahz7

Add to My Vault: x

Last week's reports of a working hack for Vista product activation turned out to be naff. Microsoft shouldn't breathe a sigh of relief though. Somebody else has done it.

A quick bit of background. Late last week news of a 'brute force' keygen for Vista proliferated across the Internet. There were reports that after a few hours it could return a number of valid keys. Turns out the excitement drummed up was premature. It's too slow to be a practical route around Microsoft's activation technology. Before everyone knew it was naff, however, the thieves cheered at the prospect of free Vista, while journos chuntered at how activation only hassles legit users.

But there's an activation circumvention method from another team of hackers. And this one could cause MS a bit more trouble.

The new hack exploits Vista's System Locked Pre-installation 2 (SLP2) mechanism. SLP2 allows favoured OEMs to avoid users having to activate their Vista installs. SLP2 combines an OEM specific certificate on the Vista installation media, along with appropriate markers in the machine's BIOS (specifically, in the ACPI_SLIC table) and an appropriate product key. With all three, Vista sees the system as pre-activated and doesn't do any further activation process.

The hack is basically a BIOS emulator, which exists as a system driver (so does that make X64 editions immune?), serving up the correct BIOS data to the Vista licensing system when required. Combine this with the appropriate certificate and key for the version of Vista and OEM BIOS - bang goes the activation mechanism.

This method has been seen to work and given that it takes a few steps and a bit of file-swapping, it's more favourable than hoping a random number generator comes up with a key. It looks like the circumvention will work on any installation media, provided the correct keys and certificates are used... and they're out there.

Is Microsoft in trouble, then? Has its activation technology fallen down after two months of use? Updated motherboard BIOSes with a Vista activation compliant SLIC table might prevent the hack from working, but how many end users are going to update their BIOS? MS can't just block the keys, that's for sure. The last thing it wants to do is inconvenience the customers of some of the biggest OEMs. Chances are a Windows Update will fix it, but unless Microsoft re-works its licensing system, it might turn into a cat and mouse game with the emulator writers.

It'll become clear in the next few weeks whether this method of activation circumvention is going to cause Microsoft serious problems. If it proves so, then it's anybody's guess as to when they'll counter it...


News on the failed method neatly rounded up on Slashdot.

HEXUS Forums :: 42 Comments

Login with Forum Account

Don't have an account? Register today!
But a few of my friends are using time stopped vistas? Does that not count, it works apparently?
I was reading somewhere about a hack that actually keeps hitting the server with random keys until it manages to activate. If this is true it could cause major probs to people that buy Vista and the key has already been used.

I am yet to get my Vista Ultimate 64 bit online but it is legally activated by Microsoft via the phone support. It will be extremely annoying once I get it online to find out if someone has snaffled my key that is legit.

Hopefully Microsoft will somehow stop this pretty quickly and protect the rest of us legitamate users.

Just hope that Thompson / Alcatel will release the driver for the USB Speedtouch 330 sooner rather than later this month. I have tried the quickfix on the Vista 64 forums but I'm not even sure whether my ISP support Vista as of yet. I manage to get the modem in sync but it won't connect as under Broadband it keeps tring to connect as pppoe instead of pppoa and the Dial Up it will not logon with my username and password.

Either way this could be pretty bad for Microsoft unless they stamp it out pronto.
I was reading somewhere about a hack that actually keeps hitting the server with random keys until it manages to activate.
That's the naff method mentioned in the article.
One chap from ZDnet claims he managed to get 2 keys from this method. Its a strange one, as you'd think that microsoft hadn't actually released enough keys to make brute force generating actually feasable.
great. just what the world needs. people using pirated microsoft software instead of looking at cheaper alternatives ¬_¬