Slashdot Log In
Activating Vista Enterprise Using a Spoofed Server
Posted by
Zonk
on Fri Dec 08, 2006 06:40 PM
from the so-close dept.
from the so-close dept.
Ruvim writes "It has been mentioned in previous Slashdot discussions as possibility, and now it became a reality: Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions. It is being made available on several pirate Web sites and spoofs a Key Management Service server, used to activate a large number of copies of Windows Vista in enterprise environments." From the article: "Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months. The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. 'Looks like Windows Vista Volume Activation 2.0 is a big bust,' wrote a user identified as 'clank' on the PirateBay Web site Friday. "
This discussion has been archived.
No new comments can be posted.
Activating Vista Enterprise Using a Spoofed Server
|
Log In/Create an Account
| Top
| 291 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Soviet Microsoft (Score:5, Funny)
(Last Journal: Saturday November 10, @07:41PM)
yep (Score:5, Informative)
(http://www.atomjax.com/)
And you don't even need a separate computer. You can spoof the activation from the same machine.
Re:Even better: thepiratebay! (Score:5, Interesting)
It is commonly believed that the MPAA, not Microsoft, was responsible for the US State Department leaning on the right local ministers to get the Pirate Bay raided. For one thing, the MPAA prematurely ejaculated a press-release congratulating themselves for getting the Pirate Bay shut down, while Microsoft was mum on the event.
Re:Even better: thepiratebay! (Score:5, Interesting)
Re:Even better: thepiratebay! (Score:5, Insightful)
So what _does_ Vista actually secure? (Score:5, Insightful)
(Last Journal: Sunday February 18 2007, @11:40AM)
The DRM module doesn't block unsigned drivers, allowing injection of attack code.
The license module has been spoofed, which means it's not protecting Microsoft's revenue.
Does Vista protect anything other than media restrictions imposed by producers?
Re:So what _does_ Vista actually secure? (Score:5, Funny)
(http://mysite.verizon.net/tkrotchko/)
Let's just say it protects everything is was designed to protect. To a certain extent.
Re:So what _does_ Vista actually secure? (Score:4, Insightful)
(http://www.ev4.org/)
If it becomes too hard to pirate windows, then of those millions of people who run pirated copies, many will stick with older versions, and some will move to linux or pirated macosx... Either way, it reduces the marketshare of vista.
Just think, where would microsoft be without piracy? Most of asia would probably be running linux by now.
Short on details (Score:5, Insightful)
(Last Journal: Wednesday September 15 2004, @07:07PM)
Sounds like someone just stole a vmware image from their work that is set up as a kms (many sites are just plugging their KMS in as a vmware guest to get going).
I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?
Re:Short on details (Score:5, Funny)
And you came into this conclusion because... Microsoft has such a good track record in security?
Re:Short on details (Score:5, Interesting)
or the better way was to manual configure the registry and get terminal server to run under internet connector license..
while it took some work it wasn't that bad once you figure it out.
Re:Short on details (Score:4, Insightful)
A) doesn't phone home to MS on a regular basis
B) dosen't need to re-validate on a regular basis and break if it doesn't
C) doesn't throw a hissy fit if they do too many hardware upgrades, and,
D) continues to work the way the product SHOULD work when they are actually legitimate customers, despite whatever bugs may exist in the validation software.
In other words, people with legitimate licenses may want to circumvent for the purposes of yielding a more reliable system without this superfluous "feature", in which case they don't have to use or expose the existence of technically illegitimate keys. They can just block anything involved with validation to/from Microsoft at the router, in which case MS can deactivate the key all they like, but the spoofed system won't see it if it is only talking to the fake key server.
Microsoft has taken an interesting approach ... (Score:5, Interesting)
Re:Microsoft has taken an interesting approach ... (Score:5, Interesting)
(http://www.toleressea.net/)
I imagine Microsoft must provide them with a KMS that doesn't itself require activation, which can be run on a secure, closed network. I imagine it's not widely publicized...
Re:Very interesting (Score:5, Informative)
(Last Journal: Friday March 26 2004, @04:22PM)
This is a non-issue for a long time.
Re:Microsoft has taken an interesting approach ... (Score:4, Funny)
ooops. damn.
History always repeats itself looks like (Score:1, Informative)
All I can say is: [nelson voice]ha ha !![/nelson voice]
Re:History always repeats itself looks like (Score:4, Interesting)
(http://www.kibbee.ca/)
Piracy and competition (Score:4, Insightful)
The warez groups aren't so much competing against Microsoft, but amongst themselves - for the sheer status of it.
Self Contained Networks (Score:4, Interesting)
Not really new. (Score:2, Informative)
Just Wait... (Score:3, Insightful)
Re:Just Wait... (Score:4, Insightful)
Because Linux does not run Everquest and 99% of the other games I like to play on a regular basis. So as far as a "Conveninent home OS that everybody can use" - Windows is still king regardless of what everybody says.
If I had the luxury of having 2 or 3 system in my house, then I would be running Windows for the family, and Linux on the other 2 for myself, but untill the time comes when Linux can have the type of compatibility with the every-day apps that Microsoft provides, I don't think my family would appreciate me switching over to Linux. And that I think, is the main reason why Linux is still not on the majority of people's computers.
Re:Just Wait... (Score:5, Funny)
Why? (Score:5, Insightful)
(http://www.glasshead.net/)
because the screwdriver manufacturer hasn't installed a "Feature" that makes the tool cease to function, forcing you to call the hammer manufacturer to ask permission to regain use of that hammer you bought. All the while knowing that at some point, the hammer manufacturer is going to decide they want to sell their new hammers, so they will stop giving permission to the old hammer owners to keep using their purchased hammers.
The real question would be, "Why would you buy a screwdriver, when you can rent a hammer?"
Re:Why? (Score:5, Insightful)
so they will stop giving permission to the old hammer owners to keep using their purchased hammers.
Now, I'm realizing that I'll probably get flamed for this, but here goes anyway...
You did *not* purchase a hammer, you bought a license to *use* a hammer at the manufactures discretion.
Unfortunately, that's how software sales works now. I hate it.
Re:Why? (Score:5, Informative)
That's what they claim, but it's still, in reality, bullshit. You bought and paid for it -- with the store presenting it as a "sale" -- without reading or signing any kind of contract or license. Therefore, it is a sale and you own it.
The idea of "licensing" it only becomes true because you believe it.
Re:Why? (Score:4, Insightful)
What are you, stupid? Do stores "specifically state" that you have the right to wear clothes you buy? Do stores "specifically state" that you have the right to eat the food you buy? Do stores "specifically state" that you have the right to read the books you buy?
When I buy a box with a disc in it, that mans I can do anything I want to with it -- look at it, eat it, throw it like a frisbee, and read the bits off it! And any kangaroo court that thinks otherwise can kiss my ass!
Besides, I dare you to cite one single instance (that wasn't subsequently overturned) of a court enforcing an EULA that wasn't printed on the outside of the box or otherwise presented to the buyer before sale. Because I believe you're a fucking liar.
MOD parent FUNNY (Score:5, Insightful)
(Last Journal: Thursday February 15 2007, @08:40PM)
Re:Just Wait... (Score:5, Insightful)
Honestly, I'm going to laugh my ass off 6 months down the road when MS pushes out a mandatory WGA update, disguised as another 'critical update,' that nukes pirated installs.
Me too. But I'm going to DIE laughing when it turns out they nuked thousands of legit copies along with the pirate copies.
I don't object to paying for software, but there is no way in hell I'm going to put up with the vista activation bullshit.
Fooled me once (XP) shame on you. Fooled me twice (and tied me up and kicked me a few times (Vista)) shame on me.
Re:Just Wait... (Score:5, Interesting)
Link to the torrent. (Score:5, Informative)
(http://del.icio.us/jvz | Last Journal: Sunday December 03 2006, @12:45PM)
Re:Link to the torrent. (Score:4, Insightful)
(http://www.firehed.net/)
But, your call. I thought it was easy enough to find just by going to the top of the Top 100 list for Windows software at TPB
Godspeed, Microsoft (Score:5, Insightful)
For the love of God... (Score:1)
(http://www.angelfire...epublican/index.blog | Last Journal: Thursday July 27 2006, @12:00AM)
LK
Try again. (Score:3)
it boggles the mind - Windows Genuine DISASTER (Score:5, Funny)
(http://www.telegraphics.com.au/ | Last Journal: Tuesday November 06, @03:35PM)
...Why anyone would run their business (or hobby) on a system that is subject to DeActivation.
Defective by Design, indeed. [cincomsmalltalk.com]
And we are surprised why? (Score:3, Insightful)
Re:And we are surprised why? (Score:5, Interesting)
In games this is even more prevalent - the goal of fighting piracy isn't to prevent the inevetable - somewhere somebody has enough spare time to crack your stuff, but to _delay_ it. If Johnny 6cola can't get his game right away, then he might have to suck it up and buy it. The most sucessful ones have locked out pirates for 30 days or so. If you've been waiting for months for a game, waiting another month might not be an option. (Some of those might be from pirates distributing a game which still has parts of it not working and crashes half way through - even better for publishers). Obviously this is unique to games, as other software publishers want to keep people out for good.
Malware in pirated software? Right. (Score:4, Interesting)
(http://www.gadgetsieve.com/ | Last Journal: Sunday December 03 2006, @06:21PM)
Isn't it ironic?
Re:And we are surprised why? (Score:4, Insightful)
(http://reallydodgy.org/ | Last Journal: Thursday January 05 2006, @03:54AM)
On the contrary, if "joe sixpack" has to jump through hoops to run his legitimately purchased product, perhaps he won't bother.
I'm fully prepared to pay for an O/S (have purchased several variants of Linux, previous microsoft O/S, etc) however i'm not willing deal with an O/S that constantly phones home to verify that I am allowed to run it.
Paying for a product is supposed to be less painful than simply running the pirate version, not the reverse...
I just heard this (Score:1, Redundant)
Windows Vista Cracked? (Score:5, Funny)
Re:Windows Vista Cracked? (Score:5, Funny)
(Last Journal: Monday February 13 2006, @07:11PM)
You'd think this sent a message...
Now, all that's left is an even more annoying activation system for legit customers.
Re:Windows Vista Cracked? (Score:5, Funny)
Interesting twist on the Vista Edition (Score:5, Insightful)
(Last Journal: Monday February 13 2006, @07:11PM)
Microsoft.Windows.Vista.Local.Activation.Server-MG (Score:5, Informative)
unlike windows xp and volume activation 1.0 windows vista doesnt have any corporate
keys which will permanently activate it. volume activation 2.0 requires a corporate
user to either do a one time activation through microsoft servers (mak) or companies
can host a local activation server which does not talk to microsoft (kms). the only
difference is kms requires re-activation once every 180 days. however as long as
theres a local kms server its simple to keep windows activated. this release is a
vmware image of a permanently activated kms server which allows local activation of
windows vista business/enterprise edition. volume activation 2.0 is only built into
those two editions.
install vista business/enterprise edition with the key [removed, check
using the latest vmware workstation, boot the image. disable vmware firewall.
on the non vm vista right click the command prompt icon and run as admin. type
cscript c:\windows\system32\slmgr.vbs -skms vm_vista_ip
cscript c:\windows\system32\slmgr.vbs -ato
windows should now be activated.
to check activation status type
cscript c:\windows\system32\slmgr.vbs -dlv
tested using echos windows vista enterprise and vmware workstation 5.5.3 but seems to
have issues with the billgates windows vista business.
Re:Microsoft.Windows.Vista.Local.Activation.Server (Score:5, Informative)
That doesn't preclude from downloading another pre-activated KMS Server, but this isn't really a permanent solution.
"MelindaGates" hack? (Score:5, Funny)
the point of KMS (Score:1)
I have no idea if MS has a way to deal with this, folks are not just passing around a VLA keys that would then get blocked and force the orginal owner of the key to reset the keys on all their machines.
Most people (even the ones slimy enough to pirate software) are not going to keep around a multi GB vm to they can re-activate their system every 180 days just to get a version of Vista that does not even have Media Center or Movie Maker HD.
Not Possible (Score:2)
(http://home.earthlink.net/~bluethundr | Last Journal: Tuesday August 19 2003, @12:23PM)
Trust your feelings. You know this to be true.
What about Windows Genuine Advantage? (Score:2)
(Last Journal: Monday February 13 2006, @07:11PM)
I'm only aware of cracks for XP so far, but maybe these work for Vista as well?
The thing is that MS has ramped up the effects from WGA authenticity failure a lot in Vista to make it hardly usable, contrary to before when you'd just miss out on a few extras from Microsoft Update.
Score one for the Pirates (Score:1)
This was cracked so fast that... (Score:2)
(Last Journal: Friday May 18, @11:07AM)
Why would any government agency, or anyone else, pay for this? There seems to be absolutely NO security... why pay, you get as good or better for free with F/OSS... wow
For those pointing fingers and laughing... (Score:2, Informative)
(http://icdweb.cc.purdue.edu/~klowe1/)
MS has a certain motivation for developing software, and they protect it through technical and legal means. The Open Source community may have several motivations for developing software, but they all use their licenses to protect that which motivates them. If you don't agree with what they do, then fine, don't use their software, but how is pirating a copy of Vista any different from helping yourself to GPL code without giving anything back? Either way, you're refusing to abide by the terms of the exchange, and basically telling the creator "I'm taking your work, and I don't care what you say about it."
Re:For those pointing fingers and laughing... (Score:5, Insightful)
MS has a certain motivation for developing software, and they protect it through technical and legal means.
You'll find that most people here are perfectly in favour of MS enforcing their rights via legal means (as long as they don't use strongarm tactics to do so... discovering somebody has unlicensed copies of windows because of a tip-off is one thing, requiring a contract that enables them to randomly audit a company's offices is another entirely).
We do object, on principle, to enforcement of legal rights by technological means. This is largely because the technological means are (a) inconvenient to legitimate users and (b) don't always work quite the way the should.
Windows Activation is inconvenient because it:
* Requires you to give information to MS that you might not want to give them, and which they have no legal right to.
* Requires you to effectively get permission from MS if you want to upgrade your computer's hardware multiple times (or reinstall your copy of Windows on a different machine, if your existing machine fails, etc...)
* Has made MS extend the Windows kernel so that it will not run versions of certain programs that haven't been signed by Microsoft. This means that I can no longer rip Windows apart, replace WINLOGON.EXE with a custom program that does what *I* want it to do, and not log in via an MS-approved process. Not that I've ever done that, but I kind-of liked the fact that I could if I wanted to (it's not as well documented as replacing 'init' on a Linux system, but there is information about how you would go about doing it out there -- but that's irrelevant now, only MS can do it).
If you don't agree with what they do, then fine, don't use their software, but how is pirating a copy of Vista any different from helping yourself to GPL code without giving anything back?
It isn't. But who said anything about pirating Windows? I have a legitimate copy of XP on my machine. Label stuck to the case, and all. Do I run WGA? Fuck no, I don't want to get involved with that; I don't want to get involved with something that will complain if it isn't able to validate my copy of Windows through some completely undocumented process that may or may not be correct for any given installation. Perhaps multiple people are using my activation code -- I have no way of knowing if anyone's flipped my laptop over and made a note of the number while I wasn't present. But then, despite having that activation code, I didn't use it last time I reinstalled Windows. Why? Well, the copy of Windows that was supplied with it only installs from a system restore disc that wipes all data on your hard disk. I didn't want to do that, so I installed from a regular retail edition of XP. Which I then had to hack to make activation work, because I'd already activated a machine with its key.
Another piece of software I use validates itself against an encrypted key that has a copy of my network interface's MAC associated with it. Fine, except for some reason the damned process occasionally causes the thing's driver to crash while its performing the validation. So of course I've hacked it, despite having a perfectly legal key.
It isn't only pirates who are concerned about Windows Activation, WGA and other copy-prevention mechanisms.
At least M$ has made progress on the spam front... (Score:1)
Spam will be a thing of the past in two years' time, Microsoft boss Bill Gates has promised.
vista - a time bomb (Score:2, Interesting)
While their intentions may sound reasonable - bypass spyware and viruses that may have hijacked the OS to allow clean-up and windows updates sw through, it may also allow them to disable your system or collect enough information on you to prosecute.
Stick with XP or better yet, switch to linux.
Re:vista - a time bomb - How MS DRM Works (Score:5, Interesting)
(Last Journal: Saturday April 01 2006, @09:51PM)
An enterprising hacker might
a) seek out and duplicate the keys of other customers' installations
and/or
b) put in zillions of keys to be invalidated all at once, until all possible combos have been covered.
a) is nearly infinitely easier and more immediately devastating. Lots of high profile customers become enraged.
b) will make Vista completely unusable.
The MelindaGates hack (Score:2)
(http://slashdot.org/)
I got Bob to run on XP...don't ask me why I bothered to try it.
Re:Wishful thinking (Score:3, Funny)
Alas, the part of the puzzle I am missing...
Re:Wishful thinking (Score:2, Funny)
Hey you've got the lowest "member id number" I've seen on here so far