Start
About
FAQ
Blogroll
Shop
A while back I wrote about SLMGR, the vbs script used as the Licensing Manager in Vista. I titled that article “SLMGR.vbs, Vista’s Licensing Manager Disguised as a Hack“. Ironically enough, there is now a hack available that replaces SLMGR.
I found the story this morning and immediately followed it to the source at KezNews.com. In what the author describes as “an experiment in which i used to practice my vbscripting” he created a brute force keygen that tries every available product key at a rate of about 20,000 per hour. One user describes getting three key’s in 5 hours, another had their’s cracked in only 2 minutes, but the instructions suggest it could take hours or even days.
In my previous article I questioned the use of a vbs script for such an important task, and it now appears that someone has taken advantage of this. I find it surprising that Vista would allow a script like this to run. Even the most basic programs limit login attempts to prevent this type of hacking. It will be interesting to see what Microsoft’s response is to this method of illegal activation. I would suspect they’ll release an update that limits the number of product key activation attempts in a specific time period, which would render this hack virtually unusable, but for now, it sounds like it’s a viable method for illegal activation of Windows Vista.
Digg
Mixx
Propeller
Slashdot
Stumble
Tips and Tricks
Windows Updates
Hotfixes
Keyboard Shortcuts
Vista's Services
Vista's Commands
Product Reviews
Glossary
Videos
Web Links
Comments
Frederick
Mar 2, 2007 at 12:41 pm
It suprises me it is so difficult to get Serials, Microsoft has a good protection and if there are only a few people who have generated a key after days, there is no update needed. The Keygen is very popular, but only, let’s say, 1% gets a legit key.
Joe
Mar 2, 2007 at 1:22 pm
It’s true that in the grand scheme of things, a very tiny percentage of Vista users will ever use this method. Microsoft also has so far said they’ll not do anything about the workaround that allows an upgrade license to do a clean install. So maybe you are right, they may just ignore this one unless it really becomes a big deal.
Joe
Mar 2, 2007 at 3:15 pm
Microsoft’s WGA blog discusses this briefly. The post makes it sound like it is possible, but that the activation server may notice something is wrong, even if the local test for the key succeeds.
Joe
Mar 3, 2007 at 10:49 am
The creator of the code now says it was a joke. The code apparently exists, and many believe it could work, but the odds of it succeeding are slim to none. See his coming out here: http://keznews.com/forum/viewtopic.php?t=2782
kazx
Mar 14, 2007 at 1:59 pm
Couldn’t this Vb script in conjunction with the stolen authentication software be used to produce a working key without connecting to ms?
Joe
Mar 14, 2007 at 2:17 pm
I’ve seen a lot of mashups like that around on the torrent sites, so I think the hackers are trying all of these variations to see what works.
Leave a Comment