Activating Vista Enterprise Using a Spoofed Server

Ruvim writes "It has been mentioned in previous Slashdot discussions as possibility, and now it became a reality: Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions. It is being made available on several pirate Web sites and spoofs a Key Management Service server, used to activate a large number of copies of Windows Vista in enterprise environments." From the article: "Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months. The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. 'Looks like Windows Vista Volume Activation 2.0 is a big bust,' wrote a user identified as 'clank' on the PirateBay Web site Friday. "

Soviet Microsoft

[Jeremiah Cornelius]

In Mysterious Future, Vista Activation Spoofs You!

ROTFLMAO

[MoxFulder]

Best Soviet comment ever...

Re:

[Jeremiah Cornelius]

Why, thank you, sir. I admire your oonerspism!

yep

[User 956]

Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions.

And you don't even need a separate computer. You can spoof the activation from the same machine.

Even better: thepiratebay!

[mr_luc]

Even better is that the torrent tracker referred to is The Pirate Bay -- who mocked microsoft's legal threats, resulting in Microsoft appearing to pull strings that lead to an unprecedented, although ultimately unsuccessful, raid on their servers.

So, when the first hacks for Vista start popping up, it's nice to know that I can rely on The Pirate Bay to host those .torrents for me!

Re:Even better: thepiratebay!

[Jah-Wren Ryel]

Even better is that the torrent tracker referred to is The Pirate Bay -- who mocked microsoft's legal threats, resulting in Microsoft appearing to pull strings that lead to an unprecedented, although ultimately unsuccessful, raid on their servers.

It is commonly believed that the MPAA, not Microsoft, was responsible for the US State Department leaning on the right local ministers to get the Pirate Bay raided. For one thing, the MPAA prematurely ejaculated a press-release congratulating themselves for getting the Pirate Bay shut down, while Microsoft was mum on the event.

Re:Even better: thepiratebay!

[strider44]

Being against annoying and imposing DRM and copy protection doesn't mean you support piracy. Two people do not equate to the whole of Slashdot, the free software community, or, in fact, all of the world.

... idiot.

Re:

[Jah-Wren Ryel]

If you have actually bought Vista and want to activate it why not do it the right way instead of setting all this stuff up?

Maybe you bought it because you had to use it for your job, same reason most people bought previous generations of Windows.

Maybe you don't want to participate in the whole data collection inherent in MS's activation schemes. Maybe you want as little to do with MS as you absolutely have to.

I've purchased a laptop and a desktop that both came with XP preinstalled. The first thing I did

Re:Even better: thepiratebay!

[Sir Homer]

Wow, should Slashdot should castrate anyone who is against the notion of copyright law? Either make file sharing legal (the democratic method) or put the 50+ million people who do it in jail (the fascist method). I think we are headed toward the fascist method.

So what _does_ Vista actually secure?

[msobkow]

The DRM module doesn't block unsigned drivers, allowing injection of attack code.

The license module has been spoofed, which means it's not protecting Microsoft's revenue.

Does Vista protect anything other than media restrictions imposed by producers?

Re:So what _does_ Vista actually secure?

[tkrotchko]

"Does Vista protect anything other than media restrictions imposed by producers?"

Let's just say it protects everything is was designed to protect. To a certain extent.

Re:So what _does_ Vista actually secure?

[Bert64]

Well, Yes...
If it becomes too hard to pirate windows, then of those millions of people who run pirated copies, many will stick with older versions, and some will move to linux or pirated macosx... Either way, it reduces the marketshare of vista.
Just think, where would microsoft be without piracy? Most of asia would probably be running linux by now.

Short on details

[weave]

Sounds like someone just stole a vmware image from their work that is set up as a kms (many sites are just plugging their KMS in as a vmware guest to get going).

I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?

Re:

[Creepy Crawler]

OK... vmware runs upon another OS. Say... linux.

I now route all packets to null and whitelist what I want to allow. Problem solved.

Re:Short on details

[Anonymous Coward]

I'm sure that Microsoft must have thought of that as a possibility.

And you came into this conclusion because... Microsoft has such a good track record in security?

Re:

[Anonymous Coward]

And you came into this conclusion because... Microsoft has such a good track record in security?

The only good MS security track record is in copy protection.

To get MS terminal server licenses activated you have to jump through many hoops - it's extremely annoying. On the other hand, I've never heard of any hacks for it.

Re:

[JFitzsimmons]

It has been a long time since I administered a terminal server but I'm pretty sure it was based on the honour system. i.e. "please enter the number of licences you have purchased: ____"

Re:Short on details

[Amouth]

There where ways.. it wasn't that hard.. in fact it was really easy to have the connecting client clear it's temp key so that every computer connecting everytime would appear to terminal server as a new cient and would issue a 30 day key.. and everytime they connected it gave them a new one.. and after 90 days the terminal server would drop the non active temp key.

or the better way was to manual configure the registry and get terminal server to run under internet connector license..

while it took some work it wasn't that bad once you figure it out.

Re:

[supremebob]

Terminal Services licensing is pretty easy to bypass, which is good because my customers have a bad habit of losing the license keys that they paid for. Windows 2000 works on the honor system, so that's a non-issue. For Windows Server 2003, just set the terminal server to check users instead of machines, since user licenses are not tracked.

Re:Short on details

[Anonymous Coward]

That's assuming the information somehow escapes because pirates are mass distributing keys and other information. On the other hand, legitimate purchasers of Vista may want to do their own "home-grown validation" in order to get a product that:
A) doesn't phone home to MS on a regular basis
B) dosen't need to re-validate on a regular basis and break if it doesn't
C) doesn't throw a hissy fit if they do too many hardware upgrades, and,
D) continues to work the way the product SHOULD work when they are actually legitimate customers, despite whatever bugs may exist in the validation software.

In other words, people with legitimate licenses may want to circumvent for the purposes of yielding a more reliable system without this superfluous "feature", in which case they don't have to use or expose the existence of technically illegitimate keys. They can just block anything involved with validation to/from Microsoft at the router, in which case MS can deactivate the key all they like, but the spoofed system won't see it if it is only talking to the fake key server.

Re:

[Sancho]

A) doesn't phone home to MS on a regular basis

I've never read anything that implied this was the case for OEM/OTS versions. Got a citation?

B) dosen't need to re-validate on a regular basis and break if it doesn't

I haven't read anything about this, either, except for the typical WGA stuff. Is there any evidence that business customers don't have to run WGA stuff to apply updates?

C) doesn't throw a hissy fit if they do too many hardware upgrades, and,

I thought Microsoft caved on this one.

D) continues to wor

Re:

[The MAZZTer]

I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?

If YOU were a pirate, would YOU download an update which adds this "functionality"?

Microsoft has taken an interesting approach ...

[jfclavette]

Vista Business and friends are the most likely to be cracked due to volume licensing. However, features are removed in a way that it is advantageous to businesses but turn away most home users. It'll be interesting to see how that works out.

Re:

[crabpeople]

No thats not true. Even VLK has to be activated. Aparently they will be having a machine ala SUS that makes all the authorization attempts for them. They said the activations are like 180 days or so.

Re:Microsoft has taken an interesting approach ...

[MoxFulder]

What does Microsoft do for government customers like the CIA/NSA/DIA? Some of those networks are completely and totally isolated from the public Internet.

I imagine Microsoft must provide them with a KMS that doesn't itself require activation, which can be run on a secure, closed network. I imagine it's not widely publicized...

Very interesting

[empaler]

That is actually very interesting.

However, given the nature of their work, I'd guess they don't use the newest OS...

Funny that MoxFulder should point this out?

Re:Very interesting

[astrashe]

You're right. They're not early adopters. They do painstakingly difficult code audits, and certify products for use years after they've come out.

This is a non-issue for a long time.

Re:Microsoft has taken an interesting approach ...

[TheGratefulNet]

What does Microsoft do for government customers like the CIA/NSA/DIA? Some of those networks are completely and totally isolated from the public Internet. ...greetings professor falke^C

ooops. damn.

Re:

[Kjella]

On a wild ass guess, they either get new activation codes or CDs with updated keys. Isn't that how you can phone in and activate Windows today? Geez, sometimes you make not being connected to the Internet sound so much more difficult than it is. If they have to do that for one central server, it's hardly a big deal.

Piracy and competition

[robvangelder]

The prize being to 0wn the Microsoft security mechanisms, but more-so to do it before rival warez groups.

The warez groups aren't so much competing against Microsoft, but amongst themselves - for the sheer status of it.

Self Contained Networks

[nra1871]

Interesting...our network is completely self contained and does not touch the internet at all. I wonder how this will work for networks like mine (no plans to upgrade anytime in the near future, and since we use the workstations to run Citrix-based apps, it doesn't matter what OS we use.)

Re:

[icepick72]

You can't "simply allow activation" if your systems aren't connected to the Internet!

Getting your info from the right sources? ... Microsoft says differently:
Q. Does MAK activation require Internet connectivity?
A. MAK activation can be performed either online or by telephone.
http://www.microsoft.com/technet/windowsvista/plan /faq.mspx [microsoft.com]

I argued the point that Microsoft will make it easy for you to activate their product because they want to sell it to you. Indeed they do.

Or you can switch to Linux a

Not really new.

[Anonymous Coward]

This is exactly how cracks for flexlm based products (Maya, ArcGIS) work as well.

Just Wait...

[Iriestx]

Honestly, I'm going to laugh my ass off 6 months down the road when MS pushes out a mandatory WGA update, disguised as another 'critical update,' that nukes pirated installs. All these scam cracked/KMS/pirated Vista copies are going to lock-up, shut down and only be able to do one thing, display the phone number to call MS to purchase a legitimate key. Pirates have gotten by the initial flaws in the authentication system. Microsoft is going to change it, and quietly force everybody to reactivate from a legitimate source. Just wait... it's coming. If you really need a free, modern OS, rather than run something that clings to functionality through hacks, cheats, cracks and work-arounds, why not just bite the bullet and download a good desktop Linux distro? It's free. It's arguably more capable than Vista. How/where/when you play your media isn't decided by the AAs and to top it all off, you don't have to hack/crack/scam to get it to run.

Re:Just Wait...

[ZDRuX]

...why not just bite the bullet and download a good desktop Linux distro? It's free. It's arguably more capable than Vista.

Because Linux does not run Everquest and 99% of the other games I like to play on a regular basis. So as far as a "Conveninent home OS that everybody can use" - Windows is still king regardless of what everybody says.
If I had the luxury of having 2 or 3 system in my house, then I would be running Windows for the family, and Linux on the other 2 for myself, but untill the time comes when Linux can have the type of compatibility with the every-day apps that Microsoft provides, I don't think my family would appreciate me switching over to Linux. And that I think, is the main reason why Linux is still not on the majority of people's computers.

Re:

[PieSquared]

Could you set it up to dual boot? I did that to my laptop yesterday, and it was my first experience with Linux. I can now use windows for playing several games, and linux when I feel the need. *I* haven't noticed any problems, but if you don't have 50GB of free space (like I did) it might not be an option. Consider extra space the next time you buy a computer, and during set up go ahead and partition it... you can always undo it later if you decide to give up on Linux.

Re:

[Sancho]

The problem is that you'll start doing more and more in Windows. Like you'll quit playing your game and want to go read a FAQ, so you open up IE. While you're there, you might as well check your e-mail. And there's no point in rebooting, because you'll want to play the game next time you use your computer, anyway.

Sooner or later, your bookmarks on Windows exceed the ones in Linux, and the time it takes to reboot seems like such a waste, and you eventually end up blowing your Linux partition away in favor

Re:

[turnip torrent]

Very true. I guess this is a reason to play more Linux games. Frozen Bubble totally owns 3D Pinball!

Re:

[Kingrames]

be sure to let me know when you find World of Warcraft on a console.

Re:Just Wait...

[Iriestx]

If your OS choice rests solely on 'which plays WoW' then you probably have bigger issues than I'm qualified to help you with.

Re:

[Kuciwalker]

If playing WoW is one of your major activites on the computer then what exactly is wrong with ability to run WoW being a factor in OS choice?

Re:

[Beer_Smurf]

But World of Warcraft does run on a Mac.

Um...

[tsanth]

I daresay you're sidestepping GP's points:

1) Linux does not run a critical set of games which he wants to play.
2) Linux apps lack the kind of application compatibility that he and his family are looking for.

Let's accept that a console is superior to a PC for gaming, and let's accept that Linux is preferable to Windows for general computing tasks. GP's two points are still unresolved: he wants to play that particular set of games (presumably not available on either a console or on Linux) and he wants c

Re:

[CortalUX]

How about WINE [winehq.com]? I know they break compatability with games now and then, but the majority of the time games work pretty soon after they come out, or update.

Wine is an Open Source implementation of the Windows API on top of X and Unix. Think of Wine as a compatibility layer for running Windows programs. Wine does not require Microsoft Windows, as it is a completely free alternative implementation of the Windows API consisting of 100% non-Microsoft code, however Wine can optionally use native Windows DLLs if they are available. Wine provides both a development toolkit for porting Windows source code to Unix as well as a program loader, allowing many unmodified Windows programs to run on x86-based Unixes, including Linux, FreeBSD, Mac OS X, and Solaris.

Why?

[Belial6]

"You can flip over a screwdriver to pound in nails, but why not just use the hammer?"

because the screwdriver manufacturer hasn't installed a "Feature" that makes the tool cease to function, forcing you to call the hammer manufacturer to ask permission to regain use of that hammer you bought. All the while knowing that at some point, the hammer manufacturer is going to decide they want to sell their new hammers, so they will stop giving permission to the old hammer owners to keep using their purchased hammers.

The real question would be, "Why would you buy a screwdriver, when you can rent a hammer?"

Re:Why?

[djbckr]

so they will stop giving permission to the old hammer owners to keep using their purchased hammers.

Now, I'm realizing that I'll probably get flamed for this, but here goes anyway...

You did *not* purchase a hammer, you bought a license to *use* a hammer at the manufactures discretion.

Unfortunately, that's how software sales works now. I hate it.

Re:

[asdfghjklqwertyuiop]

You did *not* purchase a hammer, you bought a license to *use* a hammer at the manufactures discretion.

Unfortunately, that's how software sales works now. I hate it.

Says who? If I go to a store right now and buy a copy of windows, there IS an actual copy of the software on a disc in that box along with that license, is there not?

Re:Why?

[mrchaotica]

That's what they claim, but it's still, in reality, bullshit. You bought and paid for it -- with the store presenting it as a "sale" -- without reading or signing any kind of contract or license. Therefore, it is a sale and you own it.

The idea of "licensing" it only becomes true because you believe it.

Re:

[Belial6]

And that is exactly it. If I am just buying a license, then those who are "selling" it are committing fraud. If I see and ad that says a product is for "Sale", go into a store and see a sign under the product that says "Sale", go to the register, pay for the product and get a "Sales" receipt... For the manufacturer of the product to still own that product, SOMEONE must have committed fraud.

Re:Why?

[mrchaotica]

Did the store actually specifically state you'd have the right to use the software on the disc?

What are you, stupid? Do stores "specifically state" that you have the right to wear clothes you buy? Do stores "specifically state" that you have the right to eat the food you buy? Do stores "specifically state" that you have the right to read the books you buy?

When I buy a box with a disc in it, that mans I can do anything I want to with it -- look at it, eat it, throw it like a frisbee, and read the bits off it! And any kangaroo court that thinks otherwise can kiss my ass!

Besides, I dare you to cite one single instance (that wasn't subsequently overturned) of a court enforcing an EULA that wasn't printed on the outside of the box or otherwise presented to the buyer before sale. Because I believe you're a fucking liar.

Re:

[mojodamm]

See, I suppose this is why I differ from the /. "The screwdriver is God!" groupthink. I've NEVER had a problem with my hammer being taken away. I've never been forced to upgrade. Sure, I've purchased larger hammers due to my desire to run certain applications, but it was not becase I was suddenly denied my right to use my hammer.

I'd be surprised to hear that such a thing is anything more than FUD because people don't like the hammer-maker, or that it affects a significant portion of the people that actu

Re:

[Maxo-Texas]

It's a classic catch 22.

99% of their accounts are on windows so they focus on windows.

99% of their accounts are on windows BECAUSE they focus on windows.

---
I have the same everquest situation.

Openoffice, firefox, azureus, audacity, gimp, etc are slowly removing any need for windows other than this.

MOD parent FUNNY

[crossmr]

99% of the games? You're kidding right?

Re:Just Wait...

[Anonymous Coward]

Honestly, I'm going to laugh my ass off 6 months down the road when MS pushes out a mandatory WGA update, disguised as another 'critical update,' that nukes pirated installs.


Me too. But I'm going to DIE laughing when it turns out they nuked thousands of legit copies along with the pirate copies.

I don't object to paying for software, but there is no way in hell I'm going to put up with the vista activation bullshit.

Fooled me once (XP) shame on you. Fooled me twice (and tied me up and kicked me a few times (Vista)) shame on me.

Re:

[geekoid]

nope. just spoof what the OS is looking for.
Or find the area in hex and insert a jump pass the MS activation lookup.

Re:Just Wait...

[BeanBunny]

Well, I was with you until you started gushing over Linux. Don't get me wrong, I like Linux too, but I yearn for the day that people don't end a comment about Microsoft with, "Why don't you just run Linux? It's so great!" That may be true, but this is Slashdot - we know that already!

Re:

[jasen666]

Anyone with half a brain and a cracked Windows install disables WGA first thing anyway. Thus rendering your "mandatory" update, not so mandatory.

Re:

[Jugalator]

Hehe, was that post an attempt at "recruitment by fear"? ;-)

Re:

[jonwil]

Pirates will either not install the "manditory patch" or will wait for the hackers to obtain it and remove the disabling functionality.

Link to the torrent.

[jZnat]

Brought to you by The Pirate Bay [thepiratebay.org] as usual. :)

Re:

[crossmr]

You only need to include the torrent for the version of Vista that works best with this as well ;)

Re:Link to the torrent.

[Firehed]

Something tells me this would have been one of those occasions where posting as an AC would have been a wise choice. Personally, I don't find a bit of Slashdot karma worth having the Long Baton of Microsoft forcefully inserted into an exit-only part of my body.

But, your call. I thought it was easy enough to find just by going to the top of the Top 100 list for Windows software at TPB ;)

Godspeed, Microsoft

[Citizen of Earth]

Let's hope that Microsoft fixes this problem very quickly. It is important that all Microsoft users pay every last penny for their habit.

Re:

[mugnyte]

You insensitive clod! Haven't they paid enough?! Think of the children!

Try again.

[Stumbles]

This is just another reason why anything dealing with software activation, DRM and it's ilk is a colossal waste of time and money.

it boggles the mind - Windows Genuine DISASTER

[toby]

...Why anyone would run their business (or hobby) on a system that is subject to DeActivation.

Defective by Design, indeed. [cincomsmalltalk.com]

Re:

[istartedi]

Why anyone would run their business (or hobby) on a system that is subject to DeActivation

Hold on... Before we answer that we need to upload some more pictures to flickr.com. Then we need to update our blogs on MySpace and reply to some contact invites on LinkedIn.

And yes, an unfavorable change in the ToS on these sites is not as bad as deactivation. A complete loss of service appears unlikely at this stage; but you never know what might change. The bottom line? Unless you control your data, and s

Re:

[Bios_Hakr]

Flickr and MySpace are opening new avenues to business. Those ways of getting customers were not there before. It's like mana from heaven.

However, for a company to place an OS on the desktop of every individual, they need to ensure the new system is better than the last.

The first company to lose a day of work because of deactivation will be the nail in WGAs coffin. Either MS will release an anti-WGA patch, or everyone will go back to Win2k.

Re:

[smash]

Last I checked, you didn't pay several hundred dollars for the services offered by Myspace of Flickr. Rightly or wrongly, people perceive software as a once-off purchase. You pay for the development costs + profit, and thats it.

Once I "buy" something, I should be entitled to use it as I see fit, without being at the whim of whoever I purchased it from. The "licensing" and possible de-activation (by no longer providing activation) of software is a crock. It's akin to buying a new car from Ford, and the

Re:

[Shawn is an Asshole]

What else will run the software and hardware the business needs?

Re:

[nine-times]

I've been saying this since Microsoft first started using activation: As an anti-piracy technique, it doesn't really work. If there's a chink in the activation-scheme's armor, pirates will find it, and you'll still see pirated versions of the OS all over the place. The people this really hurts is Microsoft's legitimate customers, who certainly bought Windows anyway because it came with their fracking machine. They should finally just cut this crap out, and focus on helping their customers.

Re:

[wyohman]

I think one of the biggest issues is the lack of media rejection. Back in the 80s when copy protection became rampant, the computer media (Byte, Computer Shopper, PC Mag, PC Week) led a concerted effort to educate users and rejected copy protection. Now it seems the old computer journalists have given up or become irrelevant (*cough* Dvorak *cough*).

Cheers.

And we are surprised why?

[mrpaco18]

It was inevitable that Vista Enterprise would be cracked in some way. Every version of Windows has been. In fact, I can't think of a single large-scale (scale as in cost) software that has not been cracked. No matter what any software vendor does, the dedicated pirates will always be one step ahead. Measures like product activation are only to stop widespread casual piracy, not piracy in its entirety.

Re:And we are surprised why?

[badboy_tw2002]

Which is good enough. If Joe 6pack has to jump through hoops to pirate, he might just buy the product. Even better, Joe 12pack (twice as smart) might even be more wary of searching sites because of a legitimate fear of fake pirate sites that have viruses.

In games this is even more prevalent - the goal of fighting piracy isn't to prevent the inevetable - somewhere somebody has enough spare time to crack your stuff, but to _delay_ it. If Johnny 6cola can't get his game right away, then he might have to suck it up and buy it. The most sucessful ones have locked out pirates for 30 days or so. If you've been waiting for months for a game, waiting another month might not be an option. (Some of those might be from pirates distributing a game which still has parts of it not working and crashes half way through - even better for publishers). Obviously this is unique to games, as other software publishers want to keep people out for good.

Malware in pirated software? Right.

[Esteanil]

Actually, these days you're more likely to catch malware off of legitimate purchases (CDs, games containing StarForce, etc) than off a decent pirate site. (Torrent sites in particular tend to kill off torrents containing malware).

Isn't it ironic?

Re:And we are surprised why?

[smash]

Which is good enough. If Joe 6pack has to jump through hoops to pirate, he might just buy the product

On the contrary, if "joe sixpack" has to jump through hoops to run his legitimately purchased product, perhaps he won't bother.

I'm fully prepared to pay for an O/S (have purchased several variants of Linux, previous microsoft O/S, etc) however i'm not willing deal with an O/S that constantly phones home to verify that I am allowed to run it.

Paying for a product is supposed to be less painful than simply running the pirate version, not the reverse...

Re:

[badboy_tw2002]

But if you're not going to buy it anyways, what price is good enough? $20? $10? 5? It costs money to make these things no matter what. Again, you don't sound like a casual user. A casual user is someone who wants to play a game, and if its not on Bittorrent he might have to bite the bullet. Like frat guys at a Linux convention, they're here for the beer, not the source or speech. Put it another way: Two publishers put out two games at the same time. One has anti-copy protection, the other doesn't.

Windows Vista Cracked?

[ImaNihilist]

Inconceivable!

Re:Windows Vista Cracked?

[Jugalator]

And once again, before it's widely available. (I don't consider MSDN for their subscribers wide availability, really)

You'd think this sent a message...

Now, all that's left is an even more annoying activation system for legit customers.

Re:Windows Vista Cracked?

[RxScram]

You keep using that word. I do not think it means what you think it means.

Re:

[Rahga]

don't worry, I doubt it was sarcasm.

I can't compete with you physically, and you're no match for my brains. [imdb.com]

Interesting twist on the Vista Edition

[Jugalator]

An interesting twist from this is that the most feature-rich Vista Ultimate Edition may not be the most warezed one after all. Because these aren't supporting KMS activation, unlike Enterprise and Business who were both intended for this use. However, for a pirate, that may not matter much, as the benefits of Vista Home Basic/Ultimate (= home/entertainment-oriented software) is probably quite easily outweighed by already available software, often free.

Re:

[Jah-Wren Ryel]

An interesting twist from this is that the most feature-rich Vista Ultimate Edition may not be the most warezed one after all. Because these aren't supporting KMS activation, unlike Enterprise and Business who were both intended for this use.

Somebody will probably figure out how to drop the right DLLs from the Enterprise edition into any other edition to make it do KMS.

Microsoft.Windows.Vista.Local.Activation.Server-MG

[Odiumjunkie]

Microsoft.Windows.Vista.Local.Activation.Server-Me lindaGates.torrent

unlike windows xp and volume activation 1.0 windows vista doesnt have any corporate
keys which will permanently activate it. volume activation 2.0 requires a corporate
user to either do a one time activation through microsoft servers (mak) or companies
can host a local activation server which does not talk to microsoft (kms). the only
difference is kms requires re-activation once every 180 days. however as long as
theres a local kms server its simple to keep windows activated. this release is a
vmware image of a permanently activated kms server which allows local activation of
windows vista business/enterprise edition. volume activation 2.0 is only built into
those two editions.

install vista business/enterprise edition with the key [removed, check .nfo].

using the latest vmware workstation, boot the image. disable vmware firewall.

on the non vm vista right click the command prompt icon and run as admin. type ...

cscript c:\windows\system32\slmgr.vbs -skms vm_vista_ip

cscript c:\windows\system32\slmgr.vbs -ato

windows should now be activated.

to check activation status type ...

cscript c:\windows\system32\slmgr.vbs -dlv

tested using echos windows vista enterprise and vmware workstation 5.5.3 but seems to
have issues with the billgates windows vista business.

Re:Microsoft.Windows.Vista.Local.Activation.Server

[nachoboy]

The part they don't mention is that the activation server only hands out activations on networks with 25+ computers. The machine may be permanently activated, but after 180 days, if you don't have 25 unique machines (and no, virtual machines can be detected and don't count), the activation server will deny your request to reactivate.

That doesn't preclude from downloading another pre-activated KMS Server, but this isn't really a permanent solution.

"MelindaGates" hack?

[XoXus]

The "MelindaGates" hack? Is that because people are getting sick of being screwed by Bill?

Re:

[Jackie_Chan_Fan]

I love the name. The irony of Melinda and Bill Gates and their charitable ways vs Microsoft and their overpriced DRM anti consumer rights OS.

Not Possible

[bluethundr]

But..but..but..I thought Vista was unhackable!

Trust your feelings. You know this to be true.

What about Windows Genuine Advantage?

[Jugalator]

While this may bypass activation, which is the Big Thing, what about WGA?

I'm only aware of cracks for XP so far, but maybe these work for Vista as well?

The thing is that MS has ramped up the effects from WGA authenticity failure a lot in Vista to make it hardly usable, contrary to before when you'd just miss out on a few extras from Microsoft Update.

This was cracked so fast that...

[zappepcs]

you would swear it must be open source?

Why would any government agency, or anyone else, pay for this? There seems to be absolutely NO security... why pay, you get as good or better for free with F/OSS... wow

Re:

[mrchaotica]

There seems to be absolutely NO security...

On the contrary, there is negative security! Since you can't see the source code, there's no way to be certain that Microsoft itself (or a rogue programmer working there) hasn't put in any kind of backdoors or spyware or such. In a sane world, everyone including government agencies would realize that closed-source software like Windows can only be a liability.

Re:

[iSeal]

The most surprising bit is that implementing cracks of this nature is nothing new. That's how cracks work for flexlm based products (Maya, ArcGIS.) You would thus think that MS would have learned from their failures and made a more resilient system. And by resilient I mean one that could last more than a week before being ultimately cracked.

Re:History always repeats itself looks like

[CastrTroy]

The problem is that there's just too much "fame" in cracking windows authentication. We used Telelogic Tau SDL in university, and it was only available on the university computers, and even there there was a limited number of licenses. We contacted the company to see if we could get some cheap/free licenses. They said no, and that licenses cost around $2000. Which was almost as much as a semesters tuition. Anyway, we also looked to pirating it, and couldn't find it anywhere. The problem was that it wasn't a popular enough program that anybody would bother cracking it. However, with windows, everyone wants it cracked, and everybody wants to be the one to crack it. So it's going to get cracked. I mean, look at the game consoles. People solder chips into the to crack them, but I don't think you'd find a way to install Linux on the v-Tech notebook. People are going to crack what they want to crack.

Re:

[shawngarringer]

They will if you have a big wallet to match!

Alas, the part of the puzzle I am missing... :(

Re:

[Anonymous Coward]

OffTopic:
Hey you've got the lowest "member id number" I've seen on here so far :) Your Slashdot penis must be huge :D

Re:

[Jeremiah Cornelius]

Taco is UID 1...

I signed up the same day, 'tho'.

Re:

[Knara]

At least I'm not the only one that gets "gee mister, your uid sure is low!"

That's about the time you guys usually show up out of the woodwork ;)

Re:

[Jeremiah Cornelius]

You still must be class of '98...

Re:vista - a time bomb - How MS DRM Works

[Travoltus]

Or they will run out of keys to revoke.

An enterprising hacker might
a) seek out and duplicate the keys of other customers' installations
and/or
b) put in zillions of keys to be invalidated all at once, until all possible combos have been covered.

a) is nearly infinitely easier and more immediately devastating. Lots of high profile customers become enraged.

b) will make Vista completely unusable.

Re:For those pointing fingers and laughing...

[julesh]

Would you feel the same way if MS found a loophole in the GPL that allowed them to start lifting code wholesale?

MS has a certain motivation for developing software, and they protect it through technical and legal means.

You'll find that most people here are perfectly in favour of MS enforcing their rights via legal means (as long as they don't use strongarm tactics to do so... discovering somebody has unlicensed copies of windows because of a tip-off is one thing, requiring a contract that enables them to randomly audit a company's offices is another entirely).

We do object, on principle, to enforcement of legal rights by technological means. This is largely because the technological means are (a) inconvenient to legitimate users and (b) don't always work quite the way the should.

Windows Activation is inconvenient because it:

* Requires you to give information to MS that you might not want to give them, and which they have no legal right to.
* Requires you to effectively get permission from MS if you want to upgrade your computer's hardware multiple times (or reinstall your copy of Windows on a different machine, if your existing machine fails, etc...)
* Has made MS extend the Windows kernel so that it will not run versions of certain programs that haven't been signed by Microsoft. This means that I can no longer rip Windows apart, replace WINLOGON.EXE with a custom program that does what *I* want it to do, and not log in via an MS-approved process. Not that I've ever done that, but I kind-of liked the fact that I could if I wanted to (it's not as well documented as replacing 'init' on a Linux system, but there is information about how you would go about doing it out there -- but that's irrelevant now, only MS can do it).

If you don't agree with what they do, then fine, don't use their software, but how is pirating a copy of Vista any different from helping yourself to GPL code without giving anything back?

It isn't. But who said anything about pirating Windows? I have a legitimate copy of XP on my machine. Label stuck to the case, and all. Do I run WGA? Fuck no, I don't want to get involved with that; I don't want to get involved with something that will complain if it isn't able to validate my copy of Windows through some completely undocumented process that may or may not be correct for any given installation. Perhaps multiple people are using my activation code -- I have no way of knowing if anyone's flipped my laptop over and made a note of the number while I wasn't present. But then, despite having that activation code, I didn't use it last time I reinstalled Windows. Why? Well, the copy of Windows that was supplied with it only installs from a system restore disc that wipes all data on your hard disk. I didn't want to do that, so I installed from a regular retail edition of XP. Which I then had to hack to make activation work, because I'd already activated a machine with its key.

Another piece of software I use validates itself against an encrypted key that has a copy of my network interface's MAC associated with it. Fine, except for some reason the damned process occasionally causes the thing's driver to crash while its performing the validation. So of course I've hacked it, despite having a perfectly legal key.

It isn't only pirates who are concerned about Windows Activation, WGA and other copy-prevention mechanisms.