Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows Vista Keygen a Hoax

CowboyNeal posted more than 7 years ago | from the too-good-to-be-true dept.

Windows 154

An anonymous reader writes "The author of the Windows Vista keygen that was reported yesterday has admitted that the program does not actually work. Here is the initial announcement of the original release of the keygen, and here is the followup post in which the same author acknowledges that the program is fake. Apparently, the keygen program does legitimately attack Windows Vista keys via brute force, but the chances of success are too low for this to be a practical method. Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

cancel ×

154 comments

Sorry! There are no comments related to the filter you selected.

i thought so (2, Insightful)

jrwr00 (1035020) | more than 7 years ago | (#18217332)

I figured it would turn out like that, its just a random number gen that prints a 25 digit number.
a 4 year old using BASIC could do that

Another reason (0)

p51d007 (656414) | more than 7 years ago | (#18217344)

why before downloading such things, I wait a few weeks to let the kiddies try it.

you posted to the wrong thread (2, Insightful)

DrSkwid (118965) | more than 7 years ago | (#18217356)

I think you meant this one [slashdot.org] and you should have said "I think this is a hoax"

Re:i thought so (-1)

Anonymous Coward | more than 7 years ago | (#18217742)

Yeah, me too. I also knew the stock market would have a "correction" on Thursday. And I knew the WII would do well. And that the SCO trial would peter out. And I knew that ReiserFS wasn't as good as everyone claimed.

James Hindsight

When in reality (3, Informative)

Alien54 (180860) | more than 7 years ago | (#18217854)

The 25 digit key is in base 36 (0-9 plus A-Z), providing 8.08281277e+38 possible keys, without accounting for various error checking and validation schemes

Re:When in reality (1)

Yvanhoe (564877) | more than 7 years ago | (#18218716)

But do we know how many valid keys exist in this domain ? After all we have seen MS releasing a key protection scheme (I believe it was for Win98) where you just had to provide a key where the sum of specific digits would be a multiple of 7. There was something like 36^12 possible keys but 1/7th of them were valid. Or was that also an hoax ?

Anyway, it really depends on how much valid combinations exist. If they tailored the algorithm to only accept a few billions of combination they are safe but if they allowed 0.001% of combinations to be valid keys, well... brute force remains a valid option.

Re:When in reality (0)

Anonymous Coward | more than 7 years ago | (#18218888)

Do you even think about these things before you post?

Assuming the previous poster's numbers are correct (and I've no reason to believe they're not), there's over 8,082,812,770,000,000,000,000,000,000,000,000,000 combinations...

Even 0.000001% of them ( 100 millionth ) means there's over 8,082,812,770,000,000,000,000,000,000 (that's > 8 OCTILLION) combinations...

Brute force away...

Re:When in reality (1)

jotok (728554) | more than 7 years ago | (#18219172)

Assuming the previous poster's numbers are correct (and I've no reason to believe they're not), there's over 8,082,812,770,000,000,000,000,000,000,000,000,000 combinations...

To a layman, that's about 8 brazilian combinations.

Re:When in reality (1)

GuidoW (844172) | more than 7 years ago | (#18219372)

The total number of valid keys does not matter, what matters is how many keys you have to produce on average before you hit one that works. If a 100 millionth of all possible keys will work, then you will have to produce, on average, 100 million keys before you hit one that works.

I don't know exactly how hard it is to produce these keys and (more importantly) check whether they are valid, but I'd guess that the computing power required to produce one Vista key in this manner is probably more expensive than a legit Vista license.

(But then again, there's no factual basis for the 0.000001% number either, so it's all just wild guesses anyway...)

Re:When in reality (2, Informative)

jrockway (229604) | more than 7 years ago | (#18219506)

> If a 100 millionth of all possible keys will work, then you will have to produce, on average, 100 million keys before you hit one that works.

Actually, it's 50 million on average.

Re:When in reality (2, Informative)

solitas (916005) | more than 7 years ago | (#18219592)

The 25 digit key is in base 36 (0-9 plus A-Z), providing 8.08281277e+38 possible keys, without accounting for various error checking and validation schemes

Actually, there should be a lot less than that since some characters are always letters and some characters are always numbers.

People lie on the internet? (5, Funny)

Anonymous Coward | more than 7 years ago | (#18217346)

Quote from the author: 'Everyone who said they got a key is probably lying or mistaken!'"

Oh sure. Next I suppose you're going to tell me that the guy who claims he ordered (and received) a 37" LCD TV for $7.99 due to a price mistake is lying, too. Or the kid who swore he put a Beta tape in a VHS deck and it played...Don't you have any faith in people anymore?

Re:People lie on the internet? (3, Funny)

Anonymous Coward | more than 7 years ago | (#18217404)

My favorite was always the "If you heat up a needle and put it through this particular spot on your Tomb Raider CD, Lara Croft will be naked!" How many did that one disappoint, I wonder?

=)

Re:People lie on the internet? (3, Funny)

TheVelvetFlamebait (986083) | more than 7 years ago | (#18217486)

How many did that one disappoint, I wonder?
I wasn't disappointed until I read that!

Re:People lie on the internet? (1)

Dogtanian (588974) | more than 7 years ago | (#18217822)

My favorite was always the "If you heat up a needle and put it through this particular spot on your Tomb Raider CD, Lara Croft will be naked!" How many did that one disappoint, I wonder?
An even "better" one was for the Intel 486SX CPU, the cheapo version of the Pentium's predecessor. To quote the Foldoc entry [foldoc.org] :-

All 486SX chips were fabricated with FPUs. If testing showed that the CPU was OK but the FPU was defective, the FPU's power and bus connections were destroyed with a laser and the chip was sold cheaper as an SX, if the FPU worked it was sold as a DX.

The Jargon File claimed that the SX was deliberately disabled crippleware. The German computer magazine, "c't", made this same theory the basis of an April Fools Joke. They claimed that if one drilled a hole of a specified diameter through the right point on a SX chip, this would brake the circuit that disables the FPU. Some people actually tried (and then bought themselves new processors).

Uhh... (-1, Flamebait)

encoderer (1060616) | more than 7 years ago | (#18218612)

Do you really think you need to 'splain what a 486SX chip is? Tell me, what was the 486DX? Was that a predecessor to my toaster oven?

Re:People lie on the internet? (2, Funny)

gEvil (beta) (945888) | more than 7 years ago | (#18217840)

My favorite was always the "If you heat up a needle and put it through this particular spot on your Tomb Raider CD, Lara Croft will be naked!" How many did that one disappoint, I wonder?

But that one really worked. I did it myself. I swear!

Re:People lie on the internet? (2, Informative)

secolactico (519805) | more than 7 years ago | (#18218546)

My favorite was always the "If you heat up a needle and put it through this particular spot on your Tomb Raider CD, Lara Croft will be naked!" How many did that one disappoint, I wonder?

Uh? Never heard of that hoax. Is there any reference on the web? A cursory google search turns up nothing.

Re:People lie on the internet? (2, Funny)

antibryce (124264) | more than 7 years ago | (#18219484)

How many did that one disappoint, I wonder?

I know of at least one... :(

Re:People lie on the internet? (2, Funny)

shawn(at)fsu (447153) | more than 7 years ago | (#18218842)

I don't know about that, but I do know that if I post this message 10 times I will get a free thingamajiggy in the mail. It works, my friend said so.

Sure (0)

Anonymous Coward | more than 7 years ago | (#18217378)

The OEM BIOS hacks on the other hand...

OEM_BIOS_Emulation_Toolkit (5, Informative)

ekasperc (1070946) | more than 7 years ago | (#18217390)

OEM_BIOS_Emulation_Toolkit_For_Microsoft_Windows_V ista_X86.v1.0-PARADOXThis has been floating around for a few minutes now, and according to the history of this group, i guess this is a bulletproof solution ..
But i don't know what will be the impact for online upgrades since i don't use Vista myself.

Re:OEM_BIOS_Emulation_Toolkit (5, Informative)

Anonymous Coward | more than 7 years ago | (#18217490)

OEM activation works by having OEM identifiers and SLIC table stored in the BIOS and Microsoft then sign a cert per OEM (also required). The softmod uses vista boot manager to spoof flashed BIOS. Patching a VM should be even easier.

Once again, product activation is only a PITA for legit customers.

Re:OEM_BIOS_Emulation_Toolkit (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18218378)

"Once again, product activation is only a PITA for legit customers."

For some extreamely low threshold of PITA. But then this is the forum that's stymed by DVD commercials.

Huh? (2, Funny)

encoderer (1060616) | more than 7 years ago | (#18218628)

The atomic number of zinc is 30?

Re:OEM_BIOS_Emulation_Toolkit (1)

the_mushroom_king (708305) | more than 7 years ago | (#18219162)

Fajita or Chicken-Ranch?

Re:OEM_BIOS_Emulation_Toolkit (4, Informative)

gEvil (beta) (945888) | more than 7 years ago | (#18217508)

Hmmm, I wasn't aware of this. Then again, I haven't been paying much attention to Vista stuff anyways. A few minutes of digging around brought up this site, [mydigitallife.info] which looks to have links to modified BIOS files for quite a few motherboards. Pretty sneaky, sis...

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18218068)

Eh, the above link only takes you to the OEM BIOS hack which involves physically flashing the motherboard with a hacked BIOS. The solution in the GP is better outlined below...

http://www.mydigitallife.info/2007/03/02/windows-v ista-oem-activation-crack-vstaldr-without-modify-o r-flash-bios/ [mydigitallife.info]

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18217510)

Yup this method is working. This to Digital Life has complete instructions [mydigitallife.info] . The oldie but goodie is the Timer Stop fix which is working very well for most people. I'm fairly sure Vista's activation scheme will be cracked soon--I'm just surprised none of the big cracking groups are openly trying/releasing hacks.

Re:OEM_BIOS_Emulation_Toolkit (1)

JackMeyhoff (1070484) | more than 7 years ago | (#18217570)

Wont TPM and EFI make this harder?

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18217620)

I thought "users have full control over TPM" was the official line? Only a conspiracy nut would suggest that major tech corporations had lied and colluded to ram a draconian control system down our throats. Remember, TPM is all "warm and fuzzies" like Jar-Jar Binks retarded cousin.

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18217632)

Wont TPM and EFI make this harder?

Vista doesn't use either.

Re:OEM_BIOS_Emulation_Toolkit (1)

Tony Hoyle (11698) | more than 7 years ago | (#18217668)

You just disable the TPM chip - the majority of PCs out there don't have one (this laptop was new in November and doesn't have one for example, so it's not just old ones either) so they can't exactly make it mandatory.

Re:OEM_BIOS_Emulation_Toolkit (1)

JackMeyhoff (1070484) | more than 7 years ago | (#18217748)

Dell D820's have them as do most business sold laptops I imagine. They also come with smart card readers as standard.

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18217740)

TPM could theoretically make it impossible, that's the entire point. Your surrendering control of your hardware platform to the OS vendor. In reality it's only a matter of time before the TPM is cracked and emulated in software.

The MacBook PRO dropped TPM and it's unused on the MacBook. While I'd like to see more vendors drop support, it's perfectly reasonable for MS to require their OEMs to ship machines with a TPM.

Re:OEM_BIOS_Emulation_Toolkit (0)

Anonymous Coward | more than 7 years ago | (#18219482)

Sure it will... where will they get the private key?

Re:OEM_BIOS_Emulation_Toolkit (3, Informative)

Anonymous Coward | more than 7 years ago | (#18217686)

Links... PARADOX's OEM emulation tool is out on the various torrent sites. Here is the link from Demonoid [demonoid.com] .

Pantheon released a full Windows Vista Ulimate CD with their own activation tool using the same principle. Here is the NZB set [yabse.com] (click NZB to download the file) to facilitate downloading from Usenet. Posts are two hours old so they may need a bit longer if you're not using Giganews, Newshosting, etc.

Re:OEM_BIOS_Emulation_Toolkit (0, Flamebait)

Anonymous Coward | more than 7 years ago | (#18217766)

PARADOX are a bunch of retards that are doing nobody a favor with their stupid cracks. Every time someone installs a warezed copy of Windows or Office is one lost chance to gain a Linux/BSD user.

glass

Re:OEM_BIOS_Emulation_Toolkit (2, Insightful)

Pharmboy (216950) | more than 7 years ago | (#18218234)

While I understand your logic, I disagree with your conclusion. To play some games, you must have Windows at this time. I would rather than people who must have a copy, find a way to get it free. This way they are not financially tied into MS, and they are not any more inclined to invest any money into MS.

Also, since Vista comes with 90% of all computers sold in the US, the fact that they don't have it already means they are building their own boxes instead of buying Dells. Guys that build their own don't pirate OS's because it is cheaper, they do it because it is there to be done. Like running apache on an Xbox...it has no practical value, but fun to try anyway, and play a little with it.

Re:OEM_BIOS_Emulation_Toolkit (1)

DarkOx (621550) | more than 7 years ago | (#18218640)

To play some games, you must have Windows at this time. I would rather than people who must have a copy, find a way to get it free. This way they are not financially tied into MS, and they are not any more inclined to invest any money into MS.

Gee -I'd rather then have ABSOULTLY no possibility of running windows without paying for, that way they'd have a financial intrest in finding ways to sever their ties with M$ and might be willing to spend part of what they would have on Vista to facilitate their transition to a more open platform. In my opion the more M$ charges for Windows and the harder it is to pirate the better the software landscape will end up looking.

Not Quite.... (2, Insightful)

encoderer (1060616) | more than 7 years ago | (#18218676)

I can [not!] speak for myself when I say that even if you don't buy the OS, you can still be very easily financially tied to MS. Both in terms of hardware purchases and software purchases that are windows-only.

I probably have $1k in windows software.

Of course, I don't understand the rabid microsoft-hating to begin with. Their product works fine for me. I can't tell you the last time I had a system crash (opposed to an application crash), or the last time I was infected with spyware or a virus. Also, my computer runs at a perfectly acceptable clip, there's an entire ecosystem of software and peripherals, not to mention support and documentation. I know that if I have a problem w/ windows, office, etc, SOMEBODY has had that problem before and Google can probably explain it to me.

I'll probably be labeled as a Troll because only on slashdot can you be a troll for writing a positive review of a perfectly acceptable software package. Cheers!

Sc0re +5 Buttsecks (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18219616)

eye wood doo ewe wear yuo poo!

Re:OEM_BIOS_Emulation_Toolkit (1)

misleb (129952) | more than 7 years ago | (#18219316)

Also, since Vista comes with 90% of all computers sold in the US, the fact that they don't have it already means they are building their own boxes instead of buying Dells. Guys that build their own don't pirate OS's because it is cheaper, they do it because it is there to be done. Like running apache on an Xbox...it has no practical value, but fun to try anyway, and play a little with it.


No, really, they do it because it is cheaper and easier than going to the store to buy it. I bet if you could legitimately download Vista for $1, most of such pirating would disappear. I know I wouldn't bother pirating unless I could just 'borrow' a copy on DVD from my employer with a valid key that didn't get checked against a master database for duplicates and cause problems for my employer. (was that a runon sentence?) This is exactly why I installed Windows Server 2k3 on my home computer instead of pirating XP and messing w/ its validation crap. I could get a copy of 2k3 from work that had a a good old fashion CD key and no other protection. But otherwise, it works just like XP. Cheaper and easier.

-matthew

Re:OEM_BIOS_Emulation_Toolkit (1)

Splab (574204) | more than 7 years ago | (#18219464)

Odd. I got a Vista premium license for free from Microsoft, I haven't tried it and not going to until there is a reason for me to upgrade. Granted I didn't go from win2k to winXP until last year. Getting stuff for free doesn't mean people will magically start using it, they need to have a purpose for doing so.

Why (5, Interesting)

JackMeyhoff (1070484) | more than 7 years ago | (#18217416)

.. doesnt somebody actually create a distributed brute force on Windows activation. How many windows machinès in the world? That adds up to some pretty powerful attack.

Re:Why (2, Insightful)

vivaoporto (1064484) | more than 7 years ago | (#18217468)

Because 1) It is not intelligent, brute force was never needed to bypass Windows Activation before 2) It is not subtle enough, and an operation this size would put a big bullseye on whoever did it 3) It is not profitable, people that run those botnets do it for profit, not to "stick it to the man", or to piss off Microsoft.

Re:Why (1)

JackMeyhoff (1070484) | more than 7 years ago | (#18217482)

Yes but if they can get the algorithm then GAME OVER without hacks :)

Re:Why (2, Interesting)

JackMeyhoff (1070484) | more than 7 years ago | (#18218208)

Yes but you will be doing that every time, once you got the algorithm you just have to seed it (most likely a hash of your computer configuration) to generate valid keys. They cannot go and redo the algorithm without impacting a LARGE amount of their customers, they can black list numbers but so what, with the algorithm you just genereate a new valid one. GAME OVER. Isnt that what we want to render it TOTALLY useless FOR GOOD? This is the way, not some bypass thats just temporary. THINK BIGGER!

Re:Why (1)

Splab (574204) | more than 7 years ago | (#18219516)

Uhm, a valid key is what, 25 characters? And we got 26 characters in the alphabet and and 10 numbers giving us a 36 possibilities for each character in the key, that is 36^25 "valid" combinations, unless you know their algorithm for picking valid keys you have to search the whole keyspace and that is a mighty big number, the processing power to do so simply doesn't exists.

Re:Why (1)

misleb (129952) | more than 7 years ago | (#18219416)

Because 1) It is not intelligent, brute force was never needed to bypass Windows Activation before 2) It is not subtle enough, and an operation this size would put a big bullseye on whoever did it 3) It is not profitable, people that run those botnets do it for profit, not to "stick it to the man", or to piss off Microsoft.


I think originally people started botnets mostly for fun and to display hacking "prowess" and to DDoS people that piss them off (companies such as Microsoft, perhaps). It was only fairly recently that the kiddies found that they could use botnets to spread spam and malware for money. The problem now is that botnets now have a financial advantage and other users might seem like a waste of resources. But that doesn't mean they weren't originally started for other reasons.

The big problem with using a distributed cracking method is that, AFAIK, keys have to be unique. If there was a distributed cracking system, there would be no way to distribute one key to one person. Everyone would try to grab the same keys as they were produced.

-matthew

Re:Why (0)

Anonymous Coward | more than 7 years ago | (#18217956)

I was thinking the same thing myself. What if you use all that info to create a huge dictionary of invalid numbers so when another user gets in he gets a copy of that and its client skips those? Kinda like Ophcrack upside down.

Re:Why (1)

LarsG (31008) | more than 7 years ago | (#18218092)

Done smart you wouldn't need a huge dictionary. You could for example divide the keyspace as a tree and give out small sub-trees to the participants. When sub-trees have been checked, they can be merged.

(simple ex: Divide as a binary tree, when 1.1.1.1 and 1.1.1.2 are done you can mark 1.1.1 as checked. If sub-trees are given out in a smart fashion, the dictionary wouldn't have to become very large.)

Re:Why (1)

wfberg (24378) | more than 7 years ago | (#18218604)

.. doesnt somebody actually create a distributed brute force on Windows activation. How many windows machinès in the world? That adds up to some pretty powerful attack.

Except that you need an activation code for every machine. So adding machines doesn't only add to the processing power by 1, but also increases the workload by 1. This is of course assuming people who don't need to get a copy of windows activated won't feel the urge to join, which seems fairly likely.

Brute force is always the last resort, and not really attractive. What was interesting about this hack is that apparently the windows activation scheme didn't limit the amount of tries (per second).

IRS (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18217420)

The IRS = US Department of Frosty Piss

Key gen or not.. (0, Troll)

JackMeyhoff (1070484) | more than 7 years ago | (#18217452)

Windows Fista is not worth it, stick with what you have that works until they get it working and you actually MUST need it. I see no reason to install it.

Re:Key gen or not.. (1)

Dan_Bercell (826965) | more than 7 years ago | (#18217670)

Lol, Random Troll spam

Re:Key gen or not.. (1)

JackMeyhoff (1070484) | more than 7 years ago | (#18217776)

I wasnt trolling just voicing my opinion on Vista. I see no compelling reason to use it for now. Perhaps in a year down the line after patches and more Vista specific products. Until then , nope. Can't recommend it. But I can always tell you what you WANT to hear, yes Vista is great, it will solve all your problems and its worth every penny. I strongly recommend you drop everything and go out and purcahse it and migrate all your machines to it. You wont regret it. Feel better now?

Re:Key gen or not.. (0)

Anonymous Coward | more than 7 years ago | (#18217876)

You weren't voicing an opinion. You were directly telling people what they should do, without anything backing up your position but "I cant see any reason to upgrade". Hence the troll mod.

Re:Key gen or not.. (1)

johnlcallaway (165670) | more than 7 years ago | (#18217920)

Same here. I've been to the MS website, read the reviews, even played with it at Staples. Until I have to get it, I ain't getting it.

I'd spend $100 on the upgrade, but not $260 for Ultimate. I could buy a lesser version, but to get both scheduled backups and media center, you have to get Ultimate. For that, I'll wait until SP2 comes out and fixes the first round of bugs.

Re:Key gen or not.. (1)

NayDizz (821461) | more than 7 years ago | (#18218042)

Wouldn't SP2 be fixing the second round of bugs?

Re:Key gen or not.. (3, Funny)

johnlcallaway (165670) | more than 7 years ago | (#18218570)

You, kind sir, may be expecting SP1 to actually fix the first round of bugs.

I, on the other hand, do not.

(Or I fucked up the post ... both are equally valid options)

Vista is to OS as IDE is to my ass (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18217480)

I am the jesus lizard
I like the butthole sex
I am the creamy jew
I like the nippleslut
I am the licking toes
I wipe my hairy ass
I am the buttsex queen
And my scrotum is huge






I am the ass and choad
I like the armpit sex
I have the big ole nads
and you make my balls jiggle, boy

wow (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18217564)

That is, without question, not only the most awesome thing I have ever read, but quite possibly the most awesome thing ever written.

Re:wow (0)

Anonymous Coward | more than 7 years ago | (#18217644)

No worries, I've submitted the form to nominate the author for Pulitzer. Shoe-in if you ask me.

Re:Vista is to OS as IDE is to my ass (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18218218)

I will be by lizard JESUS
I is which I love sex BUTTHOLE
I will be creamy JEWS
I .. I love NIPPLESLUT
I will be licking the fingers of leg
I wipe my hairy ass
I will be by queen BUTTSEX
And
My scrotum

I will be enormous by ASS and CHOAD
I love the sex of armpit

I have large OLE NADS
And
You to make my JIGGLE balls, boy

Resetting the trial period? (0, Offtopic)

mobby_6kl (668092) | more than 7 years ago | (#18217542)

Skipping the background story, is there any way to reset the trial period (with slmgr -rearm) after the original trial ran out? Running the command isn't the problem, but it seems to either do nothing (with a regular account) or crash with an error when running as admin. TIA.

/.'d (2, Funny)

oDDmON oUT (231200) | more than 7 years ago | (#18217560)

Oh well, didn't really want to read a retraction anyway.

well not really a hoax (1)

Juggalo_X (999173) | more than 7 years ago | (#18217674)

you know it does exactly what he said it would, bruit force. and in therory it will work it just might take 6 years, but it does exactly what he said it would. Im running vista ultimate, a legit version. and it wouldnt be worth the waite for the brute force any how, vista sux, i have a system that can blow the socks off most systems in xp. but under vista its slow and just dont cut it for gaming.

Just like Dell (0)

Anonymous Coward | more than 7 years ago | (#18217706)

It looks like somebody got The Phone Call. Anyway, why would it be a hoax all of a sudden? It works. Not very fast (the site did specify hours to days, though weeks might be more like it), but does work, hence not a hoax.

Re:Just like Dell (1)

julesh (229690) | more than 7 years ago | (#18218046)

It looks like somebody got The Phone Call. Anyway, why would it be a hoax all of a sudden? It works. Not very fast (the site did specify hours to days, though weeks might be more like it), but does work, hence not a hoax.

If MS weren't morons when they designed the key system, hundreds of thousands of years might be more like it. But you can keep trying if you like.

Re:Just like Dell (0)

Anonymous Coward | more than 7 years ago | (#18218412)

What we need is a virus that changes the version of vista installed then deactivates the copy, forcing reactivation except the original key won't work so M$oft is forced to regenerate keys for people.

Re:Just like Dell (1)

dioscaido (541037) | more than 7 years ago | (#18218530)

I don't have a Vista key handy but lets assume it's 15 characters (or longer, win2k3 is 15 characters). Correct me if I'm wrong, but that would mean that there are 35 (26 letters + 9 numbers) ^ 15 possible combinations, or 144,884,079,282,928,466,796,875? Even if you could test a million keys a second, it would still take 4 billion years to try them all. The product key UI usually takes at least a second to validate the key.

The brute force approach is fundamentally impossible, unless you are the luckiest person in the world. The same thing applies for any long user password, which is why rainbow tables are often used to bring down the possible combinations.

A Winner Is You! (2, Funny)

vain gloria (831093) | more than 7 years ago | (#18218774)

The brute force approach is fundamentally impossible, unless you are the luckiest person in the world.
Define "lucky". You've beaten amazing odds in a manner unrepeatable even given a million lifetimes and what do you get for it? A copy of Windows Vista.

Probably not even one of the Turbo Hyper Fighting versions either.

Re:Just like Dell (1)

david_g17 (976842) | more than 7 years ago | (#18219334)

9 numbers? did you really just state "26 letters + 9 numbers"? ;)

Re:Just like Dell (1)

Splab (574204) | more than 7 years ago | (#18219550)

I think he might have meant 25 characters and 10 numbers - O and 0 can be pretty hard to tell apart. Guess he just chose to include O instead of 0 :)

If you're looking for a good laugh... (1)

dr.badass (25287) | more than 7 years ago | (#18217762)

If you're looking for a good laugh, I would recommend reading some of the responses in that forum thread. People are still running the keygen in hope of getting a valid key, reasoning "its not that its fake.. its just taht you never actually put thought into the logic." and "you look at the invalid keys it produces and check why its invalid so you can come up with a mathimatical equsion to compute valid keys.. "

Warning: Extreme Tolerance for Poor Spelling Required

Good scare for Vista people though (2, Insightful)

suso (153703) | more than 7 years ago | (#18217800)

Even thought it turned out to not be true, there are a lot of people who only read Slashdot and other news places during the week and won't see this retraction, so they may never know that it was fake. So they will go off with a further impression that its unsafe to run Vista and you could have your legitimate key compromised at any moment. Its like the tactics that some politicians and corporations use. What is someone going to post next week and retract on Saturday?

Re:Good scare for Vista people though (0)

Anonymous Coward | more than 7 years ago | (#18217890)

"Even thought it turned out to not be true,"

I didn't RTFA, but are you sure it's not true? True or not, the guy probably got jumped on immediately by a pile of lawyers, the FBI, who knows what else. He would have been crushed, and he would be doing and saying whatever they want him to.

Re:Good scare for Vista people though (0)

Anonymous Coward | more than 7 years ago | (#18217960)

Brilliant! I see our marketing plan already!

1. Use slashdot as a media for circulating false claims about security holes regarding programs we dont like
2. ...
3. Profit!

Oh shit, go figure. Doesnt slashdot do this already?

Suso, you have my my investment money!

Re:Good scare for Vista people though (1)

dhasenan (758719) | more than 7 years ago | (#18218700)

Yes. It's a proven business model!

Re:Good scare for Vista people though (0)

Anonymous Coward | more than 7 years ago | (#18218242)

Don't be silly. This is slashdot, this story we get duped at least two more times. Problem solved.

fags (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18217888)

see that, all you linux fags who were laughing yesterday? go fuck yourselves. who's laughing now faggot fucktards? you bitches don't know shit and it certainly showed yesterday.

Might not even have to validate keys at all anymor (5, Informative)

gd23ka (324741) | more than 7 years ago | (#18217900)

I see no reason why they even have an algorithm to check whether
a key is valid before submitting it to their server for signing.

If I were them I would do what prepaid mobile phone has been doing
for years: generate completely random keys and at the signing server
end just check if that key is in the database and if it's not already
used. If that's the case then all they would have to do is sign the
key and the computer configuration and return that to the client code
that would in turn check if the signature is valid.

That way there would be no way to brute force keys because they have
control over the validation server and can put a stop to that and there
is no key validation code exposed from which someone might derive a
key generator or at least get hints at how the keys are distributed
in key space.

Re:Might not even have to validate keys at all any (1)

Ghandalfar (918924) | more than 7 years ago | (#18218250)

I would guess it is to help the user in case of mistyping. If the serial pattern is such that it is hard to find a "working" serial by a typing mistake it is a good way to ensure that the serials that the users are submitting are typed in correctly.

Not having this step means that it is even harder for users to figure out if "failed" reply from server meant that the serial is already in use (or stolen) or that they just made a typing mistake.

Re:Might not even have to validate keys at all any (1)

gd23ka (324741) | more than 7 years ago | (#18219248)

I think it would indeed be a good idea to have a simple checksum in there
to reduce typos and frustrartion, in effect have a random key and a
byte's worth of checksum.

As far as certainty for the user is concerned as to what happened, the server
could issue certain error messages like "This registration key is not valid!" or
"I am having problems right now validating your key but that's not your
fault, try again later" and of course: "DIE, PIRATE SCUM!"

Re:Might not even have to validate keys at all any (1)

Cheesey (70139) | more than 7 years ago | (#18218560)

I think that is exactly how online activation CD keys work. The key has some sort of checksum built into it so that some offline checking is possible. This is to detect typos. But it is not a strong check. The full check is performed online against the list of valid and unused keys, which as you say are generated from random data.

Suppose the key is 125 bits in size. (5 words of 5 characters, with each character representing 5 bits). Say 10 bits are devoted to a checksum, so that there is only a 1 in 1024 chance of an incorrectly entered key being accepted by the offline check. That still leaves 115 random bits of key data. Knowing how to compute the checksum has not significantly reduced the key space.

The software manufacturer might sell 2^30 (about 1 billion) copies of the software, if everyone with a computer bought a copy. For this, they generate 2^30 valid keys out of the possible key space of 2^85. Your chances of guessing one of those 2^30 valid keys are 1 in 2^55, assuming that the valid keys are equally distributed in the key space (which they will be - they'll be generated from a proper source of random numbers).

In other words, it is extremely unlikely that anyone would ever guess a correct key. Particularly as each guess requires a request to be sent to the software manufacturer, which puts a limit on the number of keys that can be tested in any period of time. 1 in 2^55 is 1 in 3.6e+16 - you'd have better luck on a lottery.

Re:Might not even have to validate keys at all any (1)

maeka (518272) | more than 7 years ago | (#18218880)

If I were them I would do what prepaid mobile phone has been doing
for years: generate completely random keys and at the signing server
end just check if that key is in the database and if it's not already
used

What would stop you from sniffing the traffic of the on-line checking of a legitimate key, and then faking that traffic to "authorize" illegitimate keys?

Re:Might not even have to validate keys at all any (1)

gd23ka (324741) | more than 7 years ago | (#18219100)

Three words: Public key cryptography

1. Alice generates temporary session key
2. Alice encrypts temporary session key using Bob's public rsa key
3. Alice sends encrypted temporary session key to Bob
4. Alice and Bob now use the temporary session key for all further
      communications.
5. Evil Marvin (the listening dude in the middle) does not profit.

random session numbers and timestamps do their part to prevent replay.

If it's actually a brute-force == Solution! (1)

itz2000 (1027660) | more than 7 years ago | (#18217918)

If it's actually a brute-force, it's only time until a hacker with bot-net / 65000 zombies will give anyone of his zombies this program to bruteforce it and report on good keys... soon enough he will hold something like 6500 keys (lets say, 1 week?) and he will post these 6500 keys on notepad / program for serials.
Really easy, cause in-fact if this program actually tries to brute-force Vista key, it's only a matter of time until a computer finds a key.

But then again, WHO CARES?, I will keep using Linux (Slackware) anyway, why should I downgrade to Vista

Re:If it's actually a brute-force == Solution! (3, Interesting)

julesh (229690) | more than 7 years ago | (#18218032)

Based on calculations in the other thread discussing this, we reckoned that if MS hadn't been stupid designing the key system, you'd have to try somewhere in the region of (IIRC) 10^17 keys before getting one that works. Now we can discard the "evidence" that suggested they had been stupid, this is back to being our baseline assumption. Based on speed-of-trial stats reported there, this would take a 65K-node botnet around 14 years to crack a single key.

Re:If it's actually a brute-force == Solution! (1)

tonsofpcs (687961) | more than 7 years ago | (#18219560)

Not around 14 years, but up to 14 years. There is a possibility that the first key tried works. It will only take 14 years if the 1/14 years happens to be the last one tried in those 14 years, more likely it will be one of the other [14years-1] worth. (yes, this means that for any particular key attempted it is more likely to be one of the others that will be attempted]. Odds are just that, odds.

I remember the XP keygen - and that worked fine (1)

DJRikki (646184) | more than 7 years ago | (#18217962)

...So stands to reason that a Vista one would be possible too. Dont know how the XP one worked but it spent a good few hours crunching away and displayed what had worked. Probably generated a random number then ran it through an algo that would at the end say "yup, this validates" or "no it doesnt" and recorded the ones that did actually pass the test. Surely that isnt a big feat for working with whichever algo Vista uses?

Re:I remember the XP keygen - and that worked fine (1)

rumplet (1034332) | more than 7 years ago | (#18218072)

The first working XP key generator was called 'The blue list' as far i'm aware.
There was a brute force element to the generation since it took about an hour to make a key on my cruddy old laptop I had at university at the time. Not all keys generated even worked so you'd have to make a bunch. I actually had a legal key under some student licence the university had, but didn't want to phone microsoft to activate it.
At some point an instant XP keygen took over as the algorithm was well and truly hacked.
Not that i'd know.

Re:I remember the XP keygen - and that worked fine (1)

FLEB (312391) | more than 7 years ago | (#18218310)

Are you sure you even had to activate the university key? I got one from my college and it was a volume license key-- no activation required.

Re:I remember the XP keygen - and that worked fine (1)

Sethb (9355) | more than 7 years ago | (#18219354)

Then your university didn't follow the rules. VLK media is only supposed to be used by the institution, and the VLKs aren't supposed to be given to end-user types. For media given to students, faculty, and staff for their personal computers, the institution is supposed to buy (and can resell) media that requires activation, and comes with a unique key. It's pretty cheap, under $5/disc if I recall. I know that at one time, the IT staff of the institution could install the VLK version on your machine for you as well, but they still were supposed to keep the VLK itself semi-secret.

Re:I remember the XP keygen - and that worked fine (1)

stinerman (812158) | more than 7 years ago | (#18219450)

At my university (Wright St.), every campus PC has the exact same Windows XP key. All students up to a certain point were also allowed to check out a copy of XP for free. This "deal" expired (afaik) awhile back.

Part of the license agreement we had to sign was to agree to use the license only so long as we were students of the university. If you wanted a better license, you had to pay for XP (but at a very reduced charge).

To this day, many people on campus can recite the key from memory due to how much it got passed around.

Why Bother? (0, Troll)

awpoopy (1054584) | more than 7 years ago | (#18218052)

Stop spending so much time trying to crack a piece of crap. Your time would be better spent trying to break a version of Linux and reporting bugs.
Otherwise, just go to the zoo and see if you can count the turd peanuts in an elephant enclosure.

But brute force actually does work. (0, Troll)

BrentRJones (68067) | more than 7 years ago | (#18218318)

I quote: "Apparently, the keygen program does legitimately attack Windows Vista keys via brute force, but the chances of success are too low for this to be a practical method."

My software team of 665 programmers in Puna, India, has actually cracked the WV keys over 78,023 times. Get your key for Rs. 5,000 or US$ 30.00 on our site:

http://www.windows-crakers-in-india.com/ [windows-cr...-india.com]

Zealotry (0)

Anonymous Coward | more than 7 years ago | (#18218986)

Let me just throw this out there --anonymously so my account isn't pulled...

Were some of us a little quick to use this bullshit story as one more excuse to prove everything MS does evil/stupid/wrong? When we get so intractable in our thinking that we are ready to believe any crazy BS that confirms our pre-existing beliefs, I think we tilt towards irrationality --we lose our ability to think objectively.

 

A great many people think they are thinking when they are merely rearranging their prejudices."

--William James

Slashdot is run by "Techies"?? (0)

Anonymous Coward | more than 7 years ago | (#18219594)

How in the world anyone with technical background could believe a brute force attack would work is beyond me. Especially on a site that professes to be "super techie" with anti-sony, anti-microsoft, anti-anything non "techie".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?