Report of a new hack – and one of my favorite websites stumbles


For me the report of this latest hack was a double whammy. First it’s no fun to read a report of a new attempt to hack Microsoft’s products, but secondly the tone of coverage of this hack on one of my favorite sites left me very disappointed.


 First the hack. Known as the ‘timer crack’ or ‘2099 crack’ this hack basically resets the pre-activation grace period to be in effect through 2099. Implementing this hack requires the user to implement a 23-step process that involves modifying/replacing kernel level files, making manual registry edits and other serious changes that could have destabilizing consequences. Our team is actively reviewing the reports of this workaround now, and I expect we’ll take corrective action soon.


I ran across the first report of the hack on one of my favorite websites, Engadget, which I read daily as a feed on my live.com page. What disappointed me so much about the post that announced this hack wasn’t that they discussed the hack, because I do think it’s newsworthy. What really disappointed me was the tone of the Engadget poster.  The poster seems to endorse the practice of trying to hack Windows Vista to enable unlicensed use. The beginning of the post says “we’ve already found a way to circumvent Redmond’s most valiant efforts to make us activate the darned software” and the end concludes with “So if you’re looking to hit up a new OS in the coming weeks, or you’ve already got ‘er up and running, be sure to peep the read link if you’re interested in pulling this off“.  I don’t know how to interpret that except as a blatant endorsement of theft, by whoever “we” is. I can’t imagine reading another post on Engadget using language like that to encourage people to try to get their hands on any of the recently-stolen truck load of RAM or any other of the thousands of products they have featured on their site. The Engadget editorial policy says “If we get something wrong, we correct the error immediately. I’d ask, is it wrong to advocate theft?

Comments (31)

  1. Corrine says:

    I would hope that the posting has been protested and its remove requested.

    Pingback from http://securitygarden.blogspot.com/2007/01/windows-geunine-advantage-reports-hack.html

  2. rdamiani says:

    Disabling activation != theft. It may enable theft, but it’s not theft in an of itself. Revenue protection schemes impose burdens on end users. End users, seeking to avoid those burdens, look for work-arounds. This is a signal that means people are unhappy, and they don’t see any advantage to compliance.

    When work-arounds are approached as ‘theft’ rather than ‘this method of marketing isn’t working out very well’ the opportunity for a constructive dialog is lost.

    Example – many households have several computers. Mine (for example) has 4 – one Mac, two laptops, and a desktop. If I had all Macs, I could upgrade to the latest Apple OS with a Family Pack for $70.00 more than the cost for a single license. I could even have two or three bootable partitions for each Mac without having to purchase additional licenses. Cost for the upgrade is $199.00

    If I want to run Vista on all of them, I’ll need to get 4 upgrade licenses (the Mac is a newer Intel Mac with Boot Camp installed, so it can run Windows too). If I want to take advantage of virtualization, or have multiple bootable partitions, I’ll need to purchase additional licenses for each instance. Even without the additional instances, I’m still looking at ~$600.00 if I opt for a version with Aero. Getting into an MOLP might save me a few bucks, but that’s still not gonna get me down into Family Pack pricing [1].

    If you want to lure people away from work-arounds, you’ve got to offer them something more than a stick if they comply. An attitude of activation difficulty = theft isn’t going to make that happen.

    What will I do? Well, I’m probably gonna sit this upgrade out at home. Aero isn’t worth $600 to me. I’m gonna recommend to my clients that they stick with XP for at least the next year and hope MS sees the light on activation, and I’m gonna attend some MS training to figure out how to get my job done while protecting your revenue from the real thieves who will happily continue to stay one or two steps ahead of WGA, just like they are staying one or two steps ahead of every other protection scheme out there.

    [1] I know about the argument that Apple pushes new hardware rather than encoraging folks to keep upgrading old PCs. OTOH, I’ve got a Pismo PowerBook in my office that’s happily running Tiger. None of my PCs that old can run XP usefully.

  3. mhornyak says:

    Alex,

    I hope they continue to report these in glowing terms.  In fact, I hope they actually provide a ‘wizard’ or script so that even the slowest of computer users can disable activation.  Every time I see a new crack, the first thing I think of is how upset you are, then I laugh.

    Seriously, I wish nothing but ill will in your endeavors with WGA. (However, everywhere else, I’m willing to concede good will).  I’ve yet to see even an ounce of understanding that WGA can be bad, and an ounce of compensation for users who are locked out of Windows through bugs in the code that you’re writing.

  4. mhornyak says:

    Shorter reply: stop whining already.  Maybe when ‘one of your favorite websites’ reports on how to disable activation, you can take it as a sign that you’re working on one of the most annoying software (mis)’features’ in history.

    Remember copy protection for games in the 80s involving black text on dark red paper?  That was very annoying–perhaps the most annoying copy protection ever.

    WGA manages to be even more annoying.

    So, seriously, stop whining.

  5. rdamiani says:

    What I’m looking forward to is the first ‘mission critical’ system that is disabled because of a WGA-related failure. With companies needing to either set up a license server or do individual activations, the most likely time for the leading edge to have a key server failure would be sometime in late spring or early summer. For the folks waiting a year or so, figure on it being about fall of ’08.

  6. MSDN Archive says:

    mhornyak, I’m sorry to hear you get pleasure out of what you think is someone else’s pain. I have yet to see anyone be ‘locked out’ of Windows because of WGA. To date everything we’ve done on Windows XP has been oriented towards informing the users of counterfeit or unlicensed product of the status of their systems.

    To your point about understanding that WGA could be bad, and to be clear I don’t think WGA is bad, but I do recognize it can be speed bump in some instances.

    At the end of the day I hope everyone remembers that there are real victims of counterfeiters and as much as our efforts can help protect them and Microsoft’s IP I do feel good about our work.

    Another basic fact I think is worth keeping in mind is that our software has validated a huge number of systems. Of the hundreds of millions of individuals who have validated their Windows software and the extremely small number of complaints Microsoft receives we would consider the program a big success.

  7. MSDN Archive says:

    rdamiani, to your point about bypassing activation not equaling theft, while I think the issues quickly extend into realm of the lawyers when terms in the EULA are violated etc. what that all means at least in so far as our recent action with respect to the ‘Frankenbuild’ systems are concerned I think things are very clear cut since Windows Vista isn’t even available to non-business customers.

    Also, to your point about workarounds, I would ask you to remember that there are real victims of counterfeit and to help them I think our program is definitely worth it.

  8. rdamiani says:

    "Of the hundreds of millions of individuals who have validated their Windows software and the extremely small number of complaints Microsoft receives we would consider the program a big success."

    Small number of complaints? The best non-MS WGA write-ups I’ve seen are people saying it’s not completly horrible. I can’t recall hearing any non-MS source (with the possible exception of the BSA) write about how WGA helps them.

    Number of complaints vs. number of authentications is an odd definition of success. I’d think that success would be measured by increased revenue. There really isn’t any point in irritating folks who give you money unless it encourages them to give you more money.

  9. rdamiani says:

    Frankenbuild should be cut off, no question. To my mind, it’s first and foremost a security issue and only marginally related to WGA.

    WGA only addresses ‘casual’ piracy, which is the real issue I have with it. Loaders and big-time pirate operations are the ones that actually hurt the industry as a whole and are the ones that need stopping, but WGA isn’t going to stop them. WGA is playing defense, and that necessarily means that you are going to always be one or two steps behind the pirates.

    The issues here are similar to the ones around DRM. The folks that need stopping have the means to break the locks or avoid them, while the hapless end users who don’t know the monitor from the mouse face roadblocks, error messages, and a degraded experience.

    Looking for end-user sites like engaget to triumph effective copy control is kinda pointless anyway. The second thing a gamer does with a new system is install the nocd hacks for their favorite games. To imagine that they wouldn’t do the same to similar features in the OS isn’t very realistic.

  10. MSDN Archive says:

    rdamiani, you’re making good points. There is revenue in WGA for Microsoft, it’s the primary reason the program exists in the first place and by that measure it’s also doing well. However it could be possible to generate revenue but alienate your customer base. Our research and experience with our customers tells us that’s not what’s happening with WGA. That was the point I was trying to make about the very low number of complaints we receive. Very broad distribution plus revenue plus low rate of complaints equals a successful program.

    Also, WGA does more than just address casual piracy. WGA is very good at alerting unsuspecting victims of counterfeit. To paraphrase what you said the big-time pirate operations are pretty good at what they do. They’re able to create versions that avoid validation or pass themseves off as valid in order to sell them. However, as a web based service WGA has the ability to iterate quickly to take into account the latest hacks and still successfully alert a user of a counterfeit copy. In the end this can lead to much shorter cycles of leapfrogging which can result in better protection of the product and customers from counterfeiting.

    Thanks for your comments rdamiani.

  11. rdamiani says:

    And thanks to you for allowing an open discussion on your blog rather than just deleting the naysayers like myself.

    Personally, I think that 6 versions of Vista + aggressive activation + Vista’s built-in DRM for ‘preminum’ content (the business of disabling outputs in particular) will do more to harm MS in the coming years than pirates ever could.

    I will say there are some things I see that MS is doing right. Granting new keys to end users who were victims of generated/duplicate CD Keys is a much better approach than the more typical ‘sorry you got screwed – go buy another one’ other vendors usually take. BIOS-locking allowing OEMs pre activate the restore media is good too.

    I’d like to see price breaks such as the ones Apple offers for home users with multiple systems. Offering a 5-user pack of the home versions for upgrade+50% or so or a the three-installs-ok of the Office:MAC student and teacher edition would eliminate a lot of keygen-seeking behavor of end users. That would allow MS to devote even more attention to the real pirates.

    I’d also like to see a restoration of the imaging rights institution users enjoyed with XP – SA is really hard to sell because it offers nothing but restoration of the status quo. Perhaps a way to register a collection of OEM keys and convert them to a volume license for a nominal admin fee. Or a way to purchase full-license volume keys instead of paying for an OEM license then paying for an upgrade to the same thing.

  12. Tim Nice But Dim says:

    Alex, can you please point me towards an easy way to complain and then sit back and watch me go. I’m sick of having to validate every time I’m referred to Windows update. Now it’s doubly annoying as for IE7 and WMP 11 (I think) you now have to validate again when you first launch the application. I have a laptop that I don’t connect to the internet much and I now have to connect it once more just to play a video file. This is annoying!

    I’ve bought every version of Windows since 95. I now have several copies of Windows XP, two Home running on laptops and one copy of Pro running on a desktop. I wish to reinstall the desktop, but the CD is scratched. Microsoft is referring me to the OEM and the OEM is referring me to Microsoft.

    Licence key has been validated countless times as this PC is connected to the internet most of the time. I have offered to send Microsoft the licence key once again.

    Can someone please show me the Advantage?

    Now I’m buying another copy of the software so I can simply get a copy of the CD. You can bet that I’ll be making several copies of this disc and keeping the original safe with my spare licence key.

    Alex, while Ubuntu doesn’t suit my needs, it would do the job quite well for my mother and my sister. They just need basic internet, email and word processing.

  13. Tim Nice But Dim says:

    Oh, I forgot to mention this other one. My sister’s PC was failing WGA. She didn’t understand what was happening and just left it alone. She could still browse the web and send email, so she was fine with that.

    I finally visited, got the key from the sticker on the side, called Microsoft and had it reactivated. She had a PC working again after several months of it reminding her every few days that it "wasn’t genuine."

    So WGA lied.

    How many other customers simply don’t understand what’s happening and leave it like that?

    Alex, is there an email address that people can write to in order to complain about WGA? Unless your complaints process is easy to use, you statistics regarding complaints have no value.

  14. Tim Nice But Dim says:

    By the way Alex, showing someone how to make their computer work for them instead of fighting them is not theft, nor is it advocating theft. I’ve paid for all my copies of XP and can show receipts for each. WGA doesn’t "assure" me. WGA harasses me.

  15. mhornyak says:

    I will make one positive comment: I concur with rdamiani that the open discussion you permit here is worthy of praise.

    Indeed, I’m an extraordinarily harsh critic, yet you are engaging me.  

    I don’t take pleasure in the fact that you suffer; no, when WGA is hacked, I take pleasure in knowing that justice has been done.  You get a taste of the hours of frustrating, wasted time experienced by people victimized by false WGA deactivations.  (Though this is an incomplete analogy: MS pays you for that frustrating time; the victims of your software are not compensated at all).

    (Also note, and this is spoken very seriously, that I’d never wish ill on you in any way beyond hoping the WGA endeavor fails.  I’m sure you a decent human being.)

  16. MSDN Archive says:

    Thanks mhornyak, I appreciate the clarification.

  17. MSDN Archive says:

    Tim, the best place to direct your feedback is to ‘wgatalk at microsoft.com’ (replace at with ‘@’). This alias is monitored by my team and is the best way to provide direct feedback on the program itself. For technical issues please visit our forum (http://forums.microsoft.com/genuine/default.aspx?siteid=25) you can also provide general feedback there in the ‘Feedback and Comments’ area.  

    To help answer a couple of the questions your brought up I’d like you to know that our program is designed so that once a first validation has taken place additional validations will only need to look locally for a cached answer. This makes additional full validations not necessary including validations that take place when you install WMP 11 or other applications that require validation. However, we do release updated versions of WGA periodically, this enables us to update the WGA software to be able to detect new hacks as well as take advantage of the latest anti-piracy intelligence such as recently stolen or leaked product keys. For either of these reasons a key that validated with an earlier version of WGA may not validate in the future if, for example, we learn that installation was using a stolen key or uses a hack or recently discovered work-around.

  18. rdamiani says:

    I went to the forum you linked to above and now I’m all upset. What’s the deal with this nGear Gameprotect stuff conflicting with Vista’s licensing technology?

  19. Tim Nice But Dim says:

    By the way, a friend of mine would like to say thanks for including the name ‘Frankenbuild’. He was searching for hacks, but hadn’t a Scooby what to look for. Then after reading this page he Googled for Frankenbuild and got loads of results.

  20. dbeorn says:

    to quote alexkoc

    "…our program is designed so that once a first validation has taken place additional validations will only need to look locally for a cached answer…" is ridiculous!  The WGA Notification, as installed, regularly prompts me for a proxy login to do something – what, if not to revalidate itself??  I think our admins have somehow blocked it’s install altogether or maybe MS re-thought it because I don’t see it in windows update anymore on new machines.

  21. dbeorn says:

    and to say it’s for our protection – bullgrunkles!!  It’s for MS and MS alone – if I get a pirated copy, I don’t know any difference.  Go after the people SELLING the pirated copies, not the end consumer, because most are clueless and get caught in the middle.

  22. Mike.Gayner says:

    I cant say I agree with the viewpoints of the WGA dissenters. After much research, I’ve found no evidence of people being ‘locked out’ of their systems, and there doesnt seem to be any reputable cases of WGA having negative effects on users whatsoever – unless you consider a 5 second process of clicking "Activate Now" a negative experience.

    As a long time user of pirated software (I’m 21 years old, and have been using computers since about 11, with no real value of legitimate software through my teens), I’ve recently purchased my first ever legitimate copy of Windows, with my brand spanking new Vista Home Premium. For the record, I live in New Zealand, where legitimate software is very easy to come by, and counterfeit versions can only be downloaded, not typically purchased. After reading much over the months about this horrible new WGA system, I was very wary of the experience that lay ahead of me with activating my new software. The process could not have been easier – I spent a total of about 10 seconds validating my Windows, and now have full access to updates, downloads, etc, without being nagged about false copies.

    In contrast, the last 12 months or so have been hell for me – just finding a non-MS website to download the newest .Net framework was an absolute nightmare, and having to deal with the latest iteration of the WGA software became tiresome and difficult. Legitimate users are NOT given the shaft while users of pirated copies get away scott-free, it’s quite the opposite. WGA has made illegitimate use very difficult, and quite rightly.

    The only reason I can see to dissent against Microsofts new measures is that you’re trying to break the terms of your license. Frankly, if you dont agree with MS licenses, speak with your wallet and buy a Mac. Personally, I’m absolutely a born-again legit user. And it’s not just MS products – with the advent of very strong copy protection in gaming software, I now no longer bother trying to acquire illegal versions of these titles either.

    My point is that systems like Genuine Advantage DO WORK, and I absolutely encourage MS to continue their pursuit, because they’re doing it in exactly the right way. I hope my message is read by someone that matters, because it would be easy to become disillusioned with all the negativity with regard to the direction of your enti-piracy software. But push on, becasue you know what you’re doing is right. Microsoft has acheived at least one extra sale through these methods, and I’d be pretty surprised if there weren’t a whole group like myself. Good work.

    Regards

    Chris Doms

  23. ioniancat21 says:

    ON THE CONSUMER SIDE…

    Hate to say it, but $400 for a new Ultimate license is kind of outrageous. While I do like Vista for the HAL-independence and enhanced imaging features, Vista didn’t totally reinvent the wheel. Vista is still "Windows", it hasn’t morphed into a totally new build totally alien to XP versions. Also WGA is a complete nuisance on both the corporate and consumer side, it only inconveniences us admins and paying customers and as you can see has failed since before the RTM release with multiple methods to crack Vista versions.

    Vista is broken up into 5 different versions compared to the simpler two version XP approach and even simpler 2000, NT and 98 one license setup. This has lead users to confusion on which version they actually need. Vista Basic and Enterprise should be eliminated from the picture as it’s redundant. Bitlocker features should be given to Bsuiness customers to eliminate Enterprise and Basic is such a barebones upgrade, most users will feel "left out of the buzz" with no Aero, no backup tools, no Media Player, it’s just not good for business.

    ON THE BUSINESS SIDE…

    Most corporations haven’t upgraded to Vista BusinessEnterprise, in fact, many people I know in I.T. are looking at Vista as an opportunity to upgrade those Windows 2000 machines to XP on the cheap when XP prices come down. I myself have one lab computer with Vista Business 90-day trial to test application compatibility issues, BDD 2007, WAIK and .wim related tasks, just keeping ahead of the curve, but not required of me by management.

    Also, the TCO on Vista is kinda high when you factor in the hardware upgrades most organizations will have to perform to be Vista Ready which is why the licensing costs have to come down. Our organization purchased 200 Dell’s (Precision and Optiplex, all P4’s). Anyway, those "new" machines would need about 20-25K worth of upgrades as the Video and memory would be insufficient to run Vista and barely pass Vista Upgrade Advisor, though fine with XP.

    When people talk Linux, I always think of application installation, driver availability and support as it’s major weaknesses when compared to Windows. That situation, just like any won’t last forever. Just as Windows has developed from the DOS era to the current Vista incarnation after 20+ years of development, eventually Linux will do the same solving the problems that currently hold it back. It won’t be long, I was looking at the OpenSuSE 10.2 Live DVD and let me say Linux has come a long way in a very short time, OpenSuSE is free by the way, which leads me to close with the idea that Microsoft needs to re-evaluate it’s unrealistic pricing and licensing scheme. I feel Microsoft can and should rethink these things to ensure their future viability to their nearly 500K MCSE workforce, their employees and to their customers.

  24. ioniancat21 says:

    What about these KMS servers? When my management got wind that they would need an additional server to cover licensing Vista, the idea of that expense alone killed it for Vista in my shop. The last thing we want or need is a server that we need to maintain just to prove we bought Vista and worst of all, if the server god forbid crashes or something, our Vista clients could be reduced to limited functionality mode, with our XP VLK’s, were safe and sound……

    PS – For users who are interested in getting Vista Basic, I have a free alternative:

    1. Windows XP

    2. uxtheme.dll file and one of the many Aero theme packs available

    3. Google Desktop

  25. ioniancat21 says:

    rdamiani was right, it’s nice for you to have open discussion I also like to hear the MS view from alexkoc. Under that guise, my beefs with Vista are solely based on the fact that I would like to see it work out well. I’m an MCSE already, don’t force me into Linux training………….

  26. ioniancat21 says:

    very articulate post; anyway, I can see you are enjoying your legit software, don’t feel bad, when I was your age I had a pirated Windows 3.1 PC at home, but let me say and be honest all, in our youth we all had a copy of someones software, actually if it weren’t for cracks and keys in my early years, I wouldn’t have had all the insight I do today about computers in I.T., Wow, your post is nostalgic….

  27. ioniancat21 says:

    Sorry for the frequent posts, but looking through the blog, it’s really great stuff.

    When reading about Vista cracks, I don’t understand why casual newbie home users are so gung-ho to crack Vista and in the process DOAing their PC’s when they could crack XP with a VLK or use the freely distributed MSDN Windows 2000 Pro or Server license keys that activate, Their games will play better with a less resource intensive OS like XP for most mainstream users hardware.

  28. ndiamond says:

    Here are observations concerning a few of the branches that this discussion has taken.

    Friday, January 05, 2007 2:10 PM by alexkoc

    > I have yet to see anyone be ‘locked out’ of

    > Windows because of WGA.

    Clever wording and I believe it.  As for being locked out of the full paid-for functionality of a genuine Microsoft product (Office XP), you ought to have read about it in or near year 2001.

    Monday, January 08, 2007 8:41 AM by Tim Nice But Dim

    > I wish to reinstall the desktop, but the CD

    > is scratched.

    I bought a used PC with a Windows XP sticker that really really looks genuine.  I’m sure that if I tried to remove the sticker then it would no longer look genuine.  It didn’t come with a restore CD.  I installed Windows XP using the key shown on the sticker.  Installation succeeded but activation asserted that the key was invalid.  I phoned Microsoft who asserted that the key was invalid.  15 minutes with a human resulted in a string of numbers that I typed in and got activation completed.  I cringe to think of what will happen when the real user of the PC ever has to reinstall Windows XP, in a country where wired phones are scarce and who knows if 15 minutes of cellular phone calls will be enough to persuade Microsoft again.

    Monday, January 08, 2007 9:19 AM by Tim Nice But Dim

    > She had a PC working again after several

    > months of it reminding her every few days

    > that it "wasn’t genuine."

    That was also XP, but this time my related story is Vista.  Fortunately this one didn’t stay around for several months … well not yet anyway.

    http://www.geocities.jp/hitotsubishi/activation.png

    I censored some sensitive information but did not add or change anything else.  The phrases "Windows is Activated" and "This copy of Windows is not genuine" are exactly as Vista showed them to me.

  29. ndiamond says:

    I wrote:

    > As for being locked out of the full paid-for

    > functionality of a genuine Microsoft product

    > (Office XP), you ought to have read about it

    > in or near year 2001.

    Found it.

    http://review.zdnet.com/4520-6033_16-4206106.html

  30. ndiamond says:

    Friday, January 05, 2007 2:10 PM by alexkoc

    > I have yet to see anyone be ‘locked out’ of

    > Windows because of WGA.

    Got it.  On April 1, 2007, Microsoft proved that I am a fool.

    Several times for myself or friends I’ve bought used PCs that have Windows XP product stickers attached to the bottoms of the cases.  Most of the time I’ve been able to reinstall Windows XP with no problem.  One time Microsoft’s automated system rejected it and I had to make a 15 minute phone call.  Well, then came April Fools Day and a 15 minute phone call wasn’t enough any more.  Microsoft confirmed that the product sticker attached to the bottom of the case matched the model of computer (made in 2003), but they refused to give me a confirmation code for activation.  I want to send the PC to Microsoft, let them remove the sticker and let them give me a refund for the licence.