April 12, 2007 12:08 PM PDT

Microsoft confirms Vista OEM hack

In response to widespread chatter on blogs and forums, Microsoft has acknowledged the presence of hacks that may allow pirates to bypass the product activation security feature in its Windows Vista operating system.

According to a post by Microsoft Senior Product Manager Alex Kochis on the Windows Genuine Advantage developers' blog, Microsoft has identified two ways in which hackers have broken the product activation security feature on original equipment manufacturer PCs that come bundled with Vista. But the Redmond, Wash.-based tech giant does not yet have plans to snuff out this threat.

"We focus on hacks that pose threats to our customers, partners and products," Kochis wrote. "Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims."

Microsoft first introduced product activation as a security feature with its Windows XP operating system, which launched in 2001.

Reports of a vulnerability in Vista's product activation began to surface last month with word of a crack called "Vista Loader 2.0," an enhanced version of the "Vista Loader 1.0" that was devised by Chinese hackers, according to a March 10 post on the My Digital Life blog. Vista Loader, the post explained, simulates an OEM motherboard's basic input-output system, software that is responsible for communication between the machine's hardware and the operating system. Consequently, with a BIOS simulator, the registration process that would normally lock out an unauthorized copy of Windows Vista could be bypassed.

While Microsoft is not immediately taking action, Kochis did acknowledge on the Windows Genuine Advantage blog that this could be a problem. "Because Windows Vista can't be pirated as easily as Windows XP, it's possible that the increased pressure will result in more interest in efforts to attack the OEM Activation 2.0 implementation," Kochis wrote.

Last month, it was believed that hackers had found a loophole in Vista's product registration, but Microsoft refuted the claim shortly afterward. Another alleged hack, this one involving a random product key generator, was also debunked in March.

See more CNET content tagged:
product activation, Microsoft Windows Genuine Advantage, OEM, hacker, blog


Join the conversation!
Add your comment
You'd think that somebody at MIcrosoft
would remember the 80s. DRM was called copy protection back
then, and it didn't work. Software developers had given up on it
before the end of that decade. Today it doesn't work for the music
labels or the movie studios, yet somehow MS thought it was going
to work for them! Brilliant.
Posted by Macsaresafer (802 comments )
Reply Link Flag
What does that have to do with what the article says?
"We focus on hacks that pose threats to our customers, partners and products," Kochis wrote. "Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknown victims."
Posted by hdubya (21 comments )
Link Flag
You don't really understand..
...with music, you're talking about a $1 purchase for a song, or maybe $10 for an album.

But this is a $100-300 or so operating system that people are not going to buy if they don't have to. DRM is bad for music because a lot of the time, even without DRM (or possibly moreso without it) people still buy the music by and large (I do, and many many others do as well, most of the time). But strip away the ability for MS to control its own operating system and you will find that essentially nobody except businesses (and even then you WILL see rampant piracy) will ever purchase the OS. Same problem with high-end software like Photoshop... if you can get the hacked version for free... why spend $700? Most people can't just spend that much money on something that isn't going to greatly impact their lives (i.e. they don't do photo editing for a living).
Posted by DraconumPB (229 comments )
Link Flag
Now we need a OX Loader 1.0
Something that will emulate the expected Mac hardware and allow people to run OSX on any PC.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
In the 1980's
there was many copy protection removers and many disk copy programs that could copy copy protected disks.

When the DOS software was moved to Hard Drive and Network Drive environments the floppy disk protection prevented them from running, and it forced companies to create software that removed software protection.

I recall cracking Lotus 123 2.0 so it would run on a Novell Netware drive instead of a floppy disk using MASM and Codeview to find the part that checked for the bad floppy sector and change a JE to a JNE instruction. After Lotus 123 3.0 came out, they had Novell Netware support and it checked how many copies of the program were open on the network and refused to run if the network license was violated. Once 3.0 came out, Lotus was encrypting their copy protection code so it wasn't as easy to crack.

The Microsoft copy protection uses IRL code which is like assembly language, and the hackers have debugged it and found a way to patch it so that it always returns a validation. They even figured out how to simulate BIOS from an OEM machine to trick Vista into thinking it is running on an OEM machine that doesn't need online validation, because the OEM version of Vista automatically validates if the proper BIOS codes are found to validate it is running on a Dell, Gateway, HP, ASUS, or whatever machine. Then you just generate an OEM key for whatever OEM machine the BIOS simulator is pretending to be and you got what looks like a legit copy of Vista.

Until Microsoft applies an update that validates OEM keys over the Internet before software updates are to be installed via Windows Update that sees if the key was one that Microsoft generated and has on file. If not, then it disables activation of the OEM key, and the pirate is out of luck.

I heard of the same OEM hack being done to make a machine look like an Apple branded machine to run the Intel version of OSX on it, but I am not 100% sure of that.
Posted by Orion Blastar (590 comments )
Link Flag
DRM isn't a "total" failure...
There are still many Apple II software that could not be successfully copied - even with the likes of such tools as Locksmith, Nibbles Away II or Copy II+. I still have my original Wizardy disks, and I STILL can't make copies of them - even with the 20+ year old Locksmith parameters.

DRM also works - it is just that it works for the common man. There are hundreds of thousands of common people for every one persistent person. For DRM to fail on one of every 100,000, I'd say that DRM is definitely doing its job. Don't call DRM a failure just because a few hundred thousand people are getting away using this hack. It is like saying that door locks are a completely failed technology. IT IS A DETERRENT!

There are still millions and millions of legal installations out there. That's basically why, as Microsoft mentioned, that they'd rather go after the bootleggers than the hackers. Make sense to me... For Windows, there's more loss of revenue to bootlegging than there ever will be in P2P.
Posted by groink_hi (380 comments )
Link Flag
No need to remember
It never went away. A more recent example is SecuROM and it is part of recent games such as Command and Conquer 3.
Posted by Siegfried Schtauffen (269 comments )
Link Flag
The simplest solution....
LOWER THE PRICE! Think of all the money you'll save by not having to engineer complex activation schemes, customer support, and enforcement personnel. Come on, Microsoft! You can afford to lower the price to something reasonable, like $50-$100.
Posted by robbtuck (132 comments )
Reply Link Flag
I meant...
Customer support for activation problems.
Posted by robbtuck (132 comments )
Link Flag
That won't stop...
people from pirating Windows or negate Microsoft's need to put in product activation. If anything it will only make it worse.

If Windows only cost a penny somebody would still try to steal it. Personally, I think Microsoft should give Windows away for free and charge for access to it's update servers and support. They could charge $50 a year per computer and still make out like bandits (assuming people actually paid for the services).
Posted by System Tyrant (1453 comments )
Link Flag
Brilliant solution (not!)
Stand up in the next MS shareholders meeting and make a suggestion that would shave off billions of revenue dollars for a public company with a $280 billion market cap.

The fact that Windows is popular does not mean that you can steal it or MS should give it away or not protect it. Just because a company has a large cash stockpile does not mean that it should give away its products. What company do you work for that can operate like you suggest?

Windows is a bargain IMO. You get free patches over some seven years or so and too many extra features to mention. Plus you get server interop, a huge development community, plug and play with millions of hardware devices, and backward compatibilty with apps written 10 years ago. All nicely packaged and integrated into a pretty package.

Any version of Windows cost less than Photoshop for example. You mean to tell me that Photoshop does more than Windows?
Posted by NewsReader_ (280 comments )
Link Flag
May be free of charge will be be better.
Because Xp/2000 it's superior don't worth the money.
Posted by adriangal88 (3 comments )
Link Flag
I don't know
I dont know what the big rush is to hack Vista. It sucks.
Posted by jleemc44 (22 comments )
Reply Link Flag
but I've been told
If Steve Jobs was in control he would just hand out Kool-Aid and all the Mac geeks would lap it up
Posted by ewsachse (663 comments )
Link Flag
That Old Time Religion (the filk response)
(tune Give Me That Old Time Religion)

If your OS is bein stolen
and your bank account's not golden
add drm and reg, don't fold em!
And that's enough for ol BG!

Lee Darrow, C.H
Posted by mstrhypno (49 comments )
Reply Link Flag
Why waist your effort and time? It's a waist of disk space.
Posted by bradyme (43 comments )
Reply Link Flag
Vista doesn't need hacks, it's not worth pirating
I agree Vista has a waist. It's probably a waste of hardware too.

And silly rabbit! on Microsoft, hackers _always_ go after the
weakest link.
Posted by rcardona2k (318 comments )
Reply Link Flag
It's true. Vista even doesn't worth to be hacked.
I don't see a real reason to be counterfaked. May be just for publicity. Who really need a computer, definitively doesn't need VISTA.
So, shame on M$.
Posted by adriangal88 (3 comments )
Link Flag
Not Worth Pirating
I don't know much about the pirating but I am sure of one thing, if and when security holes are found, most criminals are not going to use them yet anyway. Why waste really good hacks when there is hardly a user base yet?

Better to save them for a time when the market is ripe for attack.
Posted by wacer (2 comments )
Link Flag
Can not use Vista, can not get XP
Vista is horrible and No one is selling me XP based PC. What to do? Looks like time to seriously look for Linux or Apple PC.
Posted by rtripathi (90 comments )
Reply Link Flag
Try eBay...
If you are still looking to purchase Win XP, why not look on eBay? I still see people selling unopened, legit copies on eBay and even Craigslist.
Posted by ebeamsales (36 comments )
Link Flag
Try Dell Small Business
You can still get Win XP through Dell SB, and you don't have to be a business.
Posted by robbtuck (132 comments )
Link Flag
Dell Small Business
They do have them on dell.com in small business section. I just bought one.
Posted by wacer (2 comments )
Link Flag
xps better
get xp 64 bit oem if you got new pc
tell them your the guy they sold hard drive to last week and it will save you heaps i think a genuine updated copy of xp is heaps better one week ago i upadted my systers new laptop while she was waiting for them to install her cable
it was servoce pac 2 to start with
by the time i was finished it had
internet explora 7 outlook express
windows defender
millious software removal tool
plussssss like 1001 hot fixes
ill wait to they stop updating xp till i update
Posted by jaiivanoff (1 comment )
Reply Link Flag
This month I bought a Thinkpad t60p, which I opted for Windows Xp Pro as the preloaded system.
Posted by iRhapsody (46 comments )
Reply Link Flag
Perhaps if MS started selling difff versions in USA
USA is a melting pot of all colors and creeds.

But to this end Microsoft still refuses to sell at retail stores its other versions such as:
Microsoft Windows Chinese edition in the USA.
Microsoft Windows Korean edition in the USA.
Microsoft Windows Japanese edition in the USA.
Microsoft Windows Russian edition in the USA.
Microsoft Windows Spanish edition in the USA.

Why is it only english is sold in the USA?
don't give me this historical BS how to adopt english. If this was so then there would not be any Chinatown in NYC or California.
Posted by inachu (963 comments )
Reply Link Flag
On music, or movies, or Windows. Sell it cheap. If activation is
used at all, it should be just to deny support. Or to put up a
reminder to pay once a day.

Everybody praises Gates for giving away his $45 billion, or part
of it, but why does he have all that money in the first place.

I'm on a Mac. If I try to use VMWare or Parallels to run Windows,
Billy wants me to pay for the Business edition. Why? A
virtualization tax. And I have enough horsepower to run Home
Premium, but it refuses to run on a virtual machine.
Posted by swift2--2008 (197 comments )
Reply Link Flag
I love it when DRM gets hacked....
DRM is simply a challenge to those that want the end-product and a nuisance to the honest buyer of those products.
While I do not encourage or support "pirating" software neither do I support DRM. I have DRM on some of my music files that I have paid for and when I upgrade my machines I have to jump through hoops to get the licenses back. Yes, I know I can burn them to MP3 to remove the licensing but that is not the point.
DRM is just a hassle and gets in the way of the honest user and is not a hurdle (for long) for the dis-honest user.
Microsoft has so over-priced Vista that it should make up (in profit) for a good deal of the pirated versions.
I am a die-hard Windows user but I think all of us "die hards" are coming to a crossroad of alternatives whether that be Mac OSX or a decent Linux distribution. Microsoft has defintely crossed the line with Vista, both in resources required and in lack of privacy.

Fred Dunn
Posted by fred dunn (793 comments )
Reply Link Flag
DRM and Copy Protection
As one of the top dawgs in copy protection removal from the 80's, I have only this to say to Microsoft: If 99% of the companies that used copy protection in the 80's had simply quit using it and lowered their pricing schemes, I would not be the calibre of programmer I am today. The need for my services way back when wouldn't existed and everyone would have been glad to buy a copy of their favorite game.

Look, in the 80's Microprose went so far as to create a disk with a non-standard format. That took me all of 2 weeks to pick apart and a few months of programming and testing to build a bug-free disc reader. If Microprose couldn't defeat the hackers in the 80's, what makes Mircosoft think they can today?

Basically, DRM and copy-protection don't work. Never have. Never will. Build a product worth stealing and price it where the masses can afford it. Better yet, just GPL it and don't charge. You'd be amazed at what you get that way!
Posted by rgnglzrd (6 comments )
Reply Link Flag
wininit.exe what will get it gone
Process Library fond it on my new HP vista, just after I got it.Best Buy laughs at me but all there display computers have it.Seems to have stuff locked says my NOD32 antivirus now I'm off Norton which let it by.The aitivirus removals I seen don't show it on my computer.Not happy to give Geek Squad (at Best Buy) money after telling me Norton would do good.
Posted by clip56 (1 comment )
Reply Link Flag
umm...if you really wanna get rid of wininit.exe, be prepared for the priciest paperweight ever. one time i decided to run through task manager and close things to see what happened. closing wininit.exe caused an instant BSoD. So don't get rid of it.
Posted by SinthrillMeadear (2 comments )
Link Flag
...It was only a matter of time!!
Posted by andrew.gray (1 comment )
Reply Link Flag
Wasn't the DMCA Supposed to Make This Kind of Hacking Go Away?
Shocking that MSFT has to be victimized by such unethical hacking on the most secure windows ever.
Posted by Sumatra-Bosch (526 comments )
Reply Link Flag
you all are busy arguing about people hacking activation. what about the people who do it AND rub it in M$ face. They buy a copy, install it, call M$ saying they upgraded their comp (which they didn't), tell them 'NO' when they ask if this version is on any other computers, and get their new product key for use on another computer. plain and simple. they shell out what, like $300-$400 for one vista install, and end up with...possibly hundreds. worry about those people, not the occasional guy who does manage to hack vista into thinking hes got OEM.
Posted by SinthrillMeadear (2 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.