Jump to content
Tuts 4 You

Microsoft Tries To Stop Vista Piracy Monster...

Teddy Rogers

Recommended Posts

Microsoft has issued an update to Windows Vista that's intended to stop a piracy monster.

The software maker said on Thursday that the update is aimed at thwarting a technique that was letting some people use pirated versions of the operating system without going through the software's built-in product activation. Microsoft has dubbed the approach "frankenbuild" because it works by combining test versions of Vista with the final code to create a hybrid version.

"Windows Vista will use the new Windows Update client to require only the 'frankenbuild' systems to go through a genuine validation check," Microsoft said on its Windows Genuine Advantage program blog. "These systems will fail that check because we have blocked the (product) keys for systems not authorized to use them."

Although Vista was only released to businesses last month -- and won't hit retail shelves until late January -- it has been making the rounds on the Internet, and there have been several reported hacks to bypass its built-in security mechanisms.

A second known issue, Microsoft said, involves using virtualisation technology in conjunction with the mechanism Microsoft uses to allow large businesses to activate multiple copies of Vista.

"Piracy is evolving and has made the expected jump from Windows XP to Windows Vista," David Lazar, director of Genuine Windows, told CNET News.com. "We are already starting to see some workarounds to the Vista licencing requirements."

In a statement, the software company said it hoped the actions would help discourage people from trying to bypass its security mechanisms.

"Microsoft hopes that by taking this action now, we can send a message to counterfeiters and would-be counterfeiters, and help protect our legitimate customers from being victimised by further distribution of these tampered products," the company said.

Microsoft has been more aggressively targeting pirates over the past two years, including a stepped-up program for checking to make sure software is properly licenced. With Vista, software that doesn't pass such authentication will go into severely reduced functionality after 30 days. At that point, only the Web browser will work and then only for an hour at a time.

In addition to that reduced-functionality mode, users can also still boot into Windows "safe mode". That allows full access to data and applications, but offers limited screen resolution, fewer colors and prevents the use of most third-party software drivers.

While Thursday's update addresses only the "frankenbuild," Lazar said Microsoft is also working on a method to counteract the other hack, which uses virtualisation and Microsoft's Key Management Service.

"The update that we are releasing today does not specifically address that, but we are working on an update that will specifically address the KMS workaround," Lazar said.

Vista represents Microsoft's strongest technical effort yet to build antipiracy features into its software. In addition to the activation requirements, some features within the operating system require the software to be validated as genuine. Those include the Windows Defender spyware fighter, Aero user interface and ReadyBoost, a technology that uses USB flash drives as added system memory.

"Vista is the hardest system to pirate that we have yet released," Lazar said.


Link to comment
Share on other sites

I know a lot of people that already use pirated corporate versions of vista without problems.. Lets see when home version gets released in january.. Don`t thing MS will be able to stop people form pirating it..

Took a screenshot of their latest trick i just recieved today :D Im not gonna install it..


Link to comment
Share on other sites

Crack Available for Vista Validation Update

A crack for the Windows Vista Validation update is already available. Just the past week, Microsoft announced with great fanfare that it has introduced an update to the Windows Vista validation process in order to render inoperable pirated copies of the operating system activated via the “frankenbuild” workaround.

“We have affectionately named [it] "frankenbuild" because it involves cobbling together files from an RC build and with an RTM build to create a hybrid that bypasses activation. The other workaround involves the use of some virtualization technology and our practices for activating larger business customers,” revealed a WGA team representative.

The Windows Vista Validation crack available in the wild describes a method of recovering the complete functionality of a pirated Windows Vista operating system even if the validation update has been installed.

“Well, I wasn't paying attention and installed the validaton update. Reversing this is a real pain in the tail. If you have a recent Complete PC Backup, by all means use it. Boot from the Vista DVD, restore the backup and catch up from there. This time, uncheck and hide the damn update. If you're stuck without an image, well, here's what you have to do,” writes the author of this crack.

Here is the Vista Validation update recovery method:

“You'll need:

1) Your Vista DVD

2) the RC1 tokens.dat

3) a CPP product key

but that is exactly what got us in this mess, so you probably have them.

- Backup everything important before you do this. Seriously.

- Reboot into xxxxxxxxxx. Make sure "Show Hidden Filesxxxxxxxxxxxxxxxxx" is checked in Folder Options. Duh.

- Zap the WPA encrypted store. Delete the following (hidden) files:



-Uninstall the WGA update. Run the following command:

xxx /u c:windowsxxxxxx.dll

Reset Software Licensing tokens:

- Copy the xxx xxxxx.dat to "C:windowsServiceProfilesxxxxxxxxxxxxxxx"

Remove the xxx data from the registry. You can't do this to a running xxxx. So...

- Restart and boot from the Vista DVD. Choose "Repair my computer" and choose your Vista xxxxx. Select "xxx"

- Run xxx from the cmd prompt

- Select xxx and then select File -> xxx

- Navigate to [your system disk]:windowsxxxxx. Give it key name of "xxx"

- Delete xxxxx to remove it and the subkeys under it. Recreate the xxx key or xxxxx won't start later.

- Select xxxxx and then select File -> unload xxxx

- Close xxx, close the prompt, and restart.


- Boot normally.

- When you log on you will in RFM and told "Your copy of windows is not genuine" Whatever. Rolling Eyes

- Run xxx.exe, enter your CPP product key and fire away. It should activate as genuine! Log off and back on to get Aero back.

Run windows update, uncheck that piece of crap, and hide it. RIGHT NOW.”

The actual process of recovering from the Windows Vista Validation update has been altered beyond recognition as to make it inoperable. We here at Softpedia do not support any example of piracy. The fragment posted above is purely for informative purposes. I must emphasize, it has been modified to such an extent that - although still legible - it no longer represents a valid recovery method.


Link to comment
Share on other sites

Pirates Activate Copies of Vista Over Spoofed Server

Despite all the talk surrounding its security and beefed up anti-piracy measures we all knew that it wouldn't take long for hackers to take a stab at Vista's activation scheme. Cracked copies of Windows Vista started flooding the internet soon after the operating system was released to manufacturing and ahead of its official release.

Microsoft's new Volume Activation 2.0 system requires that each copy of Vista for volume licensees be activated through Microsoft servers. This wasn't the case with Windows XP numerous pirated "corporate" editions of the operating system flooded the internet.

Microsoft's solution for making Volume Activation 2.0 easier for administrators has been attacked, however. Hackers have spoofed Microsoft's Key Management Service (KMS) server which allows corporations with 25 or more networked computers to activate Vista installations. The software hack is making the rounds around the web and in a nod to Microsoft Chairman Bill Gates is named after his wife, Melinda.

According to reports, the software hack uses a VMware image of the KMS server to activate copies of Windows Vista Business and Enterprise. APC Magazine reports:

The download is a VMware image, and the idea behind it is that you download and install VMware Player (a legal free download), boot the image and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And that’s it -- no communication back to Microsoft.

But for those that think that all of their problems are solved with this software hack, you may want to hold your horses. A valid KMS product key is still required and the activation is only valid for 180 days.


Link to comment
Share on other sites

3 Hours to Come Up with a Crack for Vista Validation Update

Have you ever wondered how much does it take to develop a crack or a workaround to the security features in Windows Vista? Well it took Microsoft five years to complete the operating system. So it takes a hacker just 3 (read' em TRHEE) hours to crack one of the Windows Vista validation proceses. That makes sense, doesn't it now?

The past week, when taking on the “frankenbuild” Windows Vista activation workaround, Microsoft applauded the release of an update to the Vista Validation process in order to render inoperable the operating systems activated with the “frankenbuild” crack.

Windows vista Validation update KB929391 has produced a small impact, but has generated some Brownian motion in the pirate community. As early as this morning I have reported that a crack for the Vista Validation Update was already available. You can read details about this, and even have access to the Windows Vista Validation update crack via this link.

At the time of this article, the initial crack has been joined by an alternative. As I mentioned in the other article, these are not actually cracks but workarounds, in the sense that they reveal the process to bypass the Vista Validation update introduced by Microsoft.

“Solution to Windows Vista Validation update (KB929391) - READ CAREFULLY AND FOLLOW INSTRUCTIONS- This is for all you people, like me who were foolish enough to install the KB929391 Validation Update. After at least 3 hrs of hard work I have finally come up with a valid solution to this problem. The process is quite simple, yet confusing so read carefully,” reads the invitation of the author.

Bear in mind that this workaround for the Windows Vista Validation update is different than the one reported earlier today, the syntax belongs to the author:

“1) Make a new Windows live account, and obtain a brand new xxx xxx xxx, once obtained write it down on a piece of paper. (The one you used to activate Vista Ultimate is useless now)

2) Reboot your computer into SAFE MODE

3) Make sure you computer is set to "View Hidden Files" and you have "xxx"

4) Delete the following 2 files-



5) Reboot your PC and log in

6) You will get a message saying something along the lines of " There has been a change to your Windows Activation Process" ( I cant remember what it exactly said but you'll see it, it will prevent you from going into your pc, unless you activate Vista or restart). It will give you the following 2 options-

i) Validate Windows online

ii) Close

If you click "Close" you will be sent back to your login

If you hit the "Validate Windows Online" thing (dont know the exact words) you will go to WGA Check and it will say " Your Version of Microsoft Windows is Not Genuine

7) Click on the top first option " Validate Windows Online" (Again, i dont remember the exact words, so dont be stupid, its the first option above "Close")

8) After clicking "Validate Windows Online" it will say "Your copy of Windows is not Genuine" and it will take back to the screen with the 2 options again-

i) Validate Windows Online

ii) Close

9) Manually restart the computer

10) This time it will say something like " There has been a change in the windows product key" ( Again don't quote me on the text, its a window that provides you with the opportunity to type in your product key, if the vista login shows up, then just login and it the product key window will appear.

11) Put your new product xxx xxx xxx

12) There you have it, now your Windows Vista Ultimate Edition is activated again.

13) Go into your Control Panel, updates, and disable automatic updates


End Note Important- Now you will notice that in the updates the update KB929391 is still there, yes it is, but go into your System and your Windows is activated......I have restarted several times with network support and everything seems to be working.”

As we here at Softpedia do not support piracy of any nature, the workaround posted above has been disfigured in order to make it useless. It is presented here only for informative purposes.


Link to comment
Share on other sites

Build Your Own Windows Vista KMS Activation Server

Building your very own Key Management Service for the activation of business editions of Windows Vista is actually a very simple task. You were able to read right here on Softpedia reports about the existence of KMS activation servers in the wild delivering an alternative method to activate Windows Vista Enterprise and Business editions.

Microsoft has overhauled the volume license key (VLK) activation process for Vista Business and Enterprise editions in an effort to put an end to pirated copies of the Windows operating system activated via VLK. In this regard, the Redmond company has introduced the KMS (Key Management Service) activation server as a new feature to the Vista Volume Activation 2.0. Via a KMS server, organizations are able to centralize the management of Vista volume license keys as each copy of the operating system has to be activated. A single KMS server enables the management activation of local Vista machines.

Although the method of building a KMS server is legitimate, due to that fact that it can be used in order to spoof a genuine, Microsoft KMS activation server in order to activate pirated versions of Windows Vista Business and Enterprise, I will only present the creation process for purely informative purposes and I will not complete the guide in order to prevent the creation of fully functional pseudo KMS servers.

In order to create, install and deploy a KMS server, you must first of all set up a virtual machine on your system. VMWare Server or Microsoft Virtual PC 2007 will both work. Following the installation of the virtual machine you only need to run a few command prompts with elevated privileges in order to obtain a spoofed KMS server. For the reasons mentioned above, I will not provide you with these pieces of script.

In order for a KMS server to deliver a workaround for the activation of Vista, it requires more than 25 machines with the business version of the operating system already installed. Although spoofed KMS servers do provide an activation workaround for pirated versions of Vista Business and Enterprise, the operating system will not be validated, and according to the product key used, it will fail WGA validation.

Buy Pirated Vista Ultimate Edition for $79.95

Pirated versions of the Windows Vista Ultimate edition operating system are on sale via a variety of websites for just $79.95. As the operating system has a suggested a retail price of $399.00, the marketing campaign is centered on the fact that the cut-price produces savings. But of course that taking advantage of the customer greed is just a part of a social engineering scheme.

Although in just under 5 minutes I was able to find five websites that sold Windows Vista Ultimate at just $79.95, I have not finalized a purchase. In this context, I cannot certify if these are just methods to steal credit card information or if clients actually receive a pirated copy of Vista Ultimate. But either way, this is not a transaction you want to make. No matter the case, you will not receive your money's worth, not by far.

Three of the websites I had come across were shutdown within one hour, but it is safe to assume that others will pop up just as easily. And in fact they are based on templates, so it is just a question of a changed domain name.

In the adjacent images you are able to see examples of such templates. Reports reveal that an aggressive spam campaign points to these websites. Here is the complete text of the spammed emails. While the text is the same, or at least based on a similar context promising a copy of Windows Vista Ultimate for just $79.95, the address domains they are pointing to are changed constantly:

“Dear customers and friends of DS Team,

Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000)

Windows Vista Ultimate Upgrade (DVD-ROM)

Retail Price $399.00

Our Price $79.95

You save $319.05

Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. ”

The First Windows Vista Vulnerability

Old Saint Nick went inside his coal stash and delivered Microsoft a zero-day vulnerability for Windows Vista. Proof-of-Concept code has been spreading in the wild starting with December 15, 2006, but it was initially published on a Russian forum. The zero-day vulnerability affects a wide range of Microsoft operating systems and, in the eventuality of a successful exploit it allows for escalation of privileges.

“Determina Security Research has discovered a vulnerability in the way the Windows Client/Server Runtime Server Subsystem (CSRSS) processes HardError messages. This vulnerability allows a logged on user to execute arbitrary code in the CSRSS.EXE process and elevate their privileges to SYSTEM level. The vulnerable code is present in Windows 2000, XP, 2003 and Vista,” revealed Determina Security Research.

According to data made public by Secunia, the vulnerability extends to Windows Vista, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows XP Home Edition and Windows XP Professional.

As far as the initial security reports are concerned, none of them considers the Windows Vista zero-day vulnerability of great risk. In fact, Secunia gives the flaw only a rank of Less Critical.

“If the MB_SERVICE_NOTIFICATION flag is specified when calling the MessageBox function from the Windows API, it will use the NtRaiseHardError syscall to send a HardError message to CSRSS. This message contains the caption and text of a message box to be displayed by CSRSS on behalf of the caller. This functionality is designed to allow non-interactive services to notify the user of critical errors. The HardError message is handled by the UserHardError function in WINSRV.DLL. It calls GetHardErrorText to read the message parameters from the address space of the sender. The GetHardErrorText function returns pointers to the caption and text of the message box,” are the scarce technical details made public by Determina Security Research.

In this regard, if the "\??\" prefix is at the start of either the caption or the text parameters; the immediate result is that - via the function - a pointer is returned to freed memory following the freeing of the buffer. At this point in time, reports inform that the zero-day vulnerability is related to memory corruption in kernel. As a consequence of an exploit attempt, the attacked system will crash.

Merry Vista Vulnerability!

On December 15, 2006, Proof-of-Concept code was published for a zero-day Windows Client/Server Runtime Server Subsystem (CSRSS) vulnerability. As early as December 22, the Redmond Company was informed of the issue and has began working on a patch. You can read additional information as well as limited technical details related to this vulnerability.

“Aside from discussing the holidays, the reason I am dropping in on the blog is that right now we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” stated Mike Reavey, security program manager for Microsoft.

According to Microsoft's perspective based on a preliminary analysis of the zero-day vulnerability, a successful exploit via the CSRSS flaw depends on the attacker having already authenticated access to the target system. Although the vulnerability is not limited to Windows Vista, the security community has labeled it as a minor threat.

“Currently we have not observed any public exploitation or attack activity regarding this issue. While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software,” added Reavey.

In this context, Microsoft informed that the holiday season will have no impact on the company's work to produce a security update for the CSRSS vulnerability. Considering that the Redmond Company has not even detected limited exploit attempts related to the flaw, a patch addressing the flaw will most likely be released on January 9, 2007.

“Regardless of it being the holiday season the MSRC will be monitoring overall threat conditions for this and any other issue reported to us. If we do see anything that we believe puts Microsoft customers at risk, or significant new developments, we will update everyone through our standard mechanisms,” concluded Reavey.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...