Microsoft, don’t sweat new Vista keygen
By George Gardner
We knew it would only be a matter of time before an illegal, yet “alternative” method to unlock Vista would be available. This day is finally among us; KezNews.com is now offering a brute force method for obtaining a product key for Microsoft Vista.
Few users have reportedly succeeded in activating their version of Windows Vista using this keygen; however, it does not immediately generate a key. The process is said to take between a couple hours to a couple days before a valid Vista key is found. In addition, the software is said to bog a users machine considerably.
The brute force method actually replaces a software license manager script with a version that has been altered to search for a valid 25 character key.
Microsoft’s senior product manager of Windows Genuine Advantage (WGA), Alex Kochis, criticized the keygen saying, “there really isn’t much intelligence involved and the goal is to just randomly cycle through key after key after key until a legit one is found. One report indicates that the script written to perform this attack goes through about a thousand keys every half an hour; frankly, that’s a pretty slow brute force attack.”
Despite the many reports of success, Microsoft is yet to confirm the attack is successful, and notes that their legitimate customers may be in danger of having their product keys stolen. In this scenario, who determines which user’s key is authentic?
“We’re looking more deeply into this issue now” said Kochis, as he was enjoying his cup of coffee. Microsoft has little to no concern about this latest development, and with good reason. Many users on the KexNews forum have simply given up after a few hours of searching for keys; while, some have actually calculated that the chance to find a successful key could take months, if not years.
“Our product activation servers perform a more rigorous analysis of the keys that are sent up for activation than the local key logic does,” Kochis said. “Producing keys that will ultimately activate is less likely than just hitting upon one that will pass the local logic.”
Related:
Entry was posted
on Friday, March 2nd, 2007 at 2:32 pm
under
Read more entries by George Gardner.
Stumble It!
March 3rd, 2007
What a strange response:
>there really isn’t much intelligence involved and the goal is to just randomly cycle through key after key after key until a legit one is found
What is the Microsoft dude hanging out for someone to come up with an elegant keygen?
March 3rd, 2007
I believe, as an expert, this “dude” would expect a much more efficient program. As a coder myself, I can assure you that there are most likely hundreds of lines of code in that Keygen that could be condensed.
Thanks for that, and the ‘cunning’ choice of words, ‘dude’.
March 4th, 2007
This is a naive and slow brute force attack using a vbscript to randomly test keys against the local logic.
Doing a quick back of the napkin calc:
The keyspace is somewhere around 25^25 (probably a bit smaller, because there are probably some rules about checksum and number of consecutive chars).
The bruteforce is reported to be very slow, testing about 1000 keys per hour.
Even with a high number of ‘valid’ keys (say, sqrt(keyspace)), we’re talking cold sun before the probability of finding a single valid key goes above 50%. Roughly 17 bill years if my napkin is correct.
And any keys found will only pass the local test, there is no guarantee that they will pass the more stringent WGA.
Some people have claimed that the bruteforce has found valid keys, but none of them have been posted. Occam’s razor would suggest that they are just making fun of the true believers.
For this to work, someone has to do an optimized version of the local key validation logic and set up a distributed system a’la distributed.net.
March 4th, 2007
That’s one impressive napkin!
March 4th, 2007
Surely it would still be illegal.
June 8th, 2009
I can Crack Any Microsoft Key In Less Than 10 Hours :o) You Can Do That To ,
All you need is KNOWLEDGE and a computer system/hardware worth around 4.000 USD :o)
Those guys at Microsoft are really DUMB for having ALL THAT technology in their hands and yet producing a TERRIBLE kind of piracy protection in their software.
So thats why they began SPYING on your pc files DAILY so that their SPAMING TECHNIQUES could find out if you are LEGIT or NOT.
Isnt this HACKING into MY computer ?
IF I DO THAT IN THEIR COMPUTERS WONT THEY PROSECUTE ME ?
I l just say that i was trying to find/see if THEY USE legit software as well !!!
The judge will have to buy that ,cause MICROSOFT is doing the SAME THING IN OUR COMPUTERS 100 TIMES A DAY-DAILY !!!!
THIS IS HACKING , WHAT THEY DO
GET BACK TO THEM