PDA

View Full Version : Microsoft fixed the loophole in WGA


Pages : [1] 2

Superfly
08-04-05, 10:46 AM
Check it out:

http://microsoft.weblogsinc.com/entry/1234000533052770

Quote:

Microsoft has updated the Windows Genuine Validation tool to circumvent the hack exposed last week that allowed the system to be bypassed with a snippet of JavaScript code. The Validation is now a two-step process that first generates a code and then has you copy and paste that code to complete the process.

rewt
08-04-05, 04:14 PM
lol when will they ever give up...

Superfly
08-04-05, 04:28 PM
never hopefully.

Riptide
08-04-05, 04:36 PM
They might give up when people stop stealing from them. So in other words never.

ascully
08-04-05, 04:47 PM
If you go to tools/mabage add ons in internet explorer and disable the WGA applet windows update works fine with a non legit windows :) Not that I would know I paid for my copy.

rewt
08-04-05, 06:54 PM
Yeah I payed for mine too but you know what it ticks me off that I can't activate it anymore. Says something like "you have activated this cd-key too many times". So I downloaded a corporate version and now I don't have to activate it. The updates still work fine and I got IE 7 on there too.

rohit
08-04-05, 06:58 PM
The updates still work fine and I got IE 7 on here too
how did you get IE7? is it Beta or final?

rewt
08-04-05, 07:00 PM
superfly posted a link to it a while back. It's beta.

Superfly
08-05-05, 05:57 AM
im a hero - Pm me for linkage.

AthlonXP1800
08-05-05, 07:59 AM
New patched WGA is still useless with a new registry key added that will bypass WGA, unlike Java script. :o

Superfly
08-05-05, 08:01 AM
New patched WGA is still useless with a new registry key added that will bypass WGA, unlike Java script. :o

wanna share that with us, I'd like to get it fed back to MS and locked out.

be a good boy - dont make me google for it.

AthlonXP1800
08-05-05, 08:42 AM
be a good boy - dont make me google for it.

:lol: :D I was found it from Neowin forum on last thurday when Microsoft activated WGA and someone gave the registry key, I dont know how he get it, I think it probably came from registry scanner software detect it when WGA scanning the PC for product key and found it legal. I was really surprised Microsoft never noticed about the registry they probably didnt know about it, they knew about Java script and blocked it with updated WGA fixes.

Here the registry key to bypass WGA:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17492023-C23A-453E-A040-C7C580BBF700}]
"Compatibility Flags"=dword:00000400

I first tested it with this key last thursday and it was worked and also slipstreaming into XPSP2 CD image and tested cleaned installed it on VMWare workstation and it sucessful downloaded all the latest updates from Windows Update.

Superfly
08-05-05, 08:47 AM
thankyou - ill be forwarding this back via MSDN. im sure they already know but beter safe than sorry.

netviper13
08-05-05, 03:50 PM
thankyou - ill be forwarding this back via MSDN. im sure they already know but beter safe than sorry.

Ok so wait, you're illegally distributing copies of IE7 meant only for legitimate Vista beta testers, and then trying to play the hero by reporting how people bypass WGA? Something in that equation doesn't work out right :screwy:

Superfly
08-05-05, 06:38 PM
Im sure I know you from somewere........

anyways - I believe that anyone interested in IE7 should be able to test it, it is after all destined to become a free upgade to XP owners.

As for WGA I own my copy of XP and dont want to see free upgrades for those that dont.

brady
08-07-05, 10:07 AM
I've been using the corporate edition of XP for almost a year now. During that time I also owned a legit copy of XP Pro, but I saw no reason to activate it yet. Since Microsoft launched WGA I've decided to get my legit copy of XP Pro up and running because I don't want to have to keep trying to bypass thier security measures. Additionally, I don't like leaving "auto update" on. I prefer downloading and installing updates myself.

Slyder
08-07-05, 11:40 AM
Ok so wait, you're illegally distributing copies of IE7 meant only for legitimate Vista beta testers, and then trying to play the hero by reporting how people bypass WGA? Something in that equation doesn't work out right :screwy:

Ditto.

anyways - I believe that anyone interested in IE7 should be able to test it, it is after all destined to become a free upgade to XP owners.

But that is not your decision to make. If Microsoft wanted to release the beta to the public, they would of. A minor double standard imho.

As for WGA, this is a minor setback to the masses. Im sure I read somwhere you dont have to download this of Win Update anyway :confused: Is it mandatory to install this now then or what ?

Superfly
08-07-05, 11:49 AM
MS are BETA testing a new version of windows update this month, WGA is now mandatory however using autoupdates still works for some pirate versions.

remember WGA will not block critical security updates anyway those you ARE allowed for now.

myshkinbob
08-09-05, 04:03 AM
I don't think microsoft need you to tell them of workarounds, and it does sound like a double standard you have there. Pirating windows and redistributing IE7 from vista both break the EULA don't they? Let people have windows for free if they like, you pay if you want the support, that's how i see it.

Superfly
08-09-05, 05:51 AM
I don't think microsoft need you to tell them of workarounds, and it does sound like a double standard you have there. Pirating windows and redistributing IE7 from vista both break the EULA don't they? Let people have windows for free if they like, you pay if you want the support, that's how i see it.

Sure they need people to tell of these things - I agree that im not the person to do it but it still needs to be done.

as for double standards - your right although that will change now I have official BETA access.

j0j081
08-11-05, 03:28 PM
Another work around is to run the genuine advantage tool in win2000 compatability mode. It then gives you a working key to paste into the browser so you can download things like Microsoft Antispyware Beta.

Slyder
08-11-05, 04:57 PM
I don't think microsoft need you to tell them of workarounds, and it does sound like a double standard you have there.


Luckily there are a few ways to beat this now. I wont personally share them as I dont care for people who tell Microsoft the workarounds, but that of course is there perogative.

For every lock, there is a key . ;)

Superfly
08-11-05, 05:10 PM
For every lock, there is a key . ;)

Indeed - you sound like quite a tool yourself.

supra
08-12-05, 02:00 AM
ya i read about this the other day

http://www.techworld.com/security/news/index.cfm?NewsID=4134

rewt
08-12-05, 06:57 AM
Its sounding more and more like they created loopholes in WGA rather than fixed it :-/