Windows Vista "Brute Force Keygen" a hoax

by Paul Miller, posted Mar 3rd 2007 at 1:01PM

It sounded too good to be true, and it turns out it was. KezNews forum frequenter "Computer User" confessed last night that his Brute Force Keygen hack for Windows Vista is a scam. "Fact is the brute force keygen is a joke, i [sic] never intended for it to work. I have never gotten it to work, everyone should stop using it! Everyone who said they got a key a probably lying or mistaken!" Oddly enough, Adrian Kingsley-Hughes of ZD Net, who we sourced the news from yesterday, claims to have found two activation keys with this method, so it's hard to tell who to believe: a confessing prankster, or a potentially duped but trusted source. For the moment, we're going to go with Computer User's word on this one, because the likelihood that Microsoft would issue enough keys to make a random key generator at all viable for obtaining 25-character product keys is pretty dang slim.

[Via Slashdot; thanks Matt]

Filed under: Desktops, Laptops

Tags: brute force keygen, BruteForceKeygen, hack, hoax, keygen, microsoft, vista, windows vista, WindowsVista

Reader Comments (Page 1 of 1)

Highest Ranked

Jumbie @ Mar 3rd 2007 1:13PM

I think it's true but the potential of finding a key is pretty damned small given the fact that there are just so many possibilities and this thing is trying them all (randomly) one at a time. It's just like a simple dictionary hack to find a password.

I've been following this out of interest (have a legit Vista that I have yet to install) and Computer User just strikes me as some scared kid from reading his comments on the KezNews forums. He is flip-flopping like the best of the politicians. One moment he says it works, then he issues an "apology to MS", then he says it doesn't work and he's done with it, then he contributes new code, then back to saying he's done with it again, and so on and so on.

Quite frankly, it's quite idiotic and it fits in with most of the members of that forum who continue to scream like irate, spoiled children when no one will help them or give them a key. I don't know where the sense of entitlement comes from but it's extremely annoying to see the pathetic temper tantrums they throw.

Neutral

Pingspike @ Mar 3rd 2007 1:45PM

Ask yourselves this: when and why would anyone apologize to MS ?

Neutral

James Krauth @ Mar 5th 2007 6:50PM

Well, I don't know about all the other people in the world but I can't aford MS anymore. I'm going with Linux and stop trying to pay high prices for software. People like me can't aford it, we're on social seruity.

Low Ranked

Matt @ Mar 3rd 2007 1:46PM

Happy 3rd Birthday Engadget!

Low Ranked

Danny @ Mar 3rd 2007 1:49PM

ok a guy called ka0s in

#vistatalk

irc.efnet.net 6667

said it worked for him so people talk to him because he lives in that channel so he is always there.

I think the guy said that so Microsoft can get off his ass.

Neutral

Matt @ Mar 3rd 2007 1:57PM

Hmm i think im gonna take this to circuit city / best buy and get a serial off one of the display models..

Neutral

Sean @ Mar 3rd 2007 2:08PM

What you've got to remember is that he said it gave him 2 keys, BUT he never tried activating them. Getting the offline OS to install/accept a key and getting Microsoft's servers to accept it are two very different things!

Highly Ranked

Fenrir @ Mar 3rd 2007 2:38PM

As far as I can tell from actually reading all the discussion, he's not saying it's a hoax at all. What he is saying is that it's a pathetic idea (a joke) because it relies on brute force with a massive number of possibilities and the odds of success are incredibly small.

As for the apology, he was saying he regretted causing MS trouble and that he never intended to cause such a fuss over his little experiment. He's also sorry that the valid keys that this method generates may overlap with legitimate owner's CD keys and cause them problems. He says he doesn't have a grudge against Microsoft at all, and enjoys their software (otherwise, why on earth would he be using it?). Is that so hard to understand?

And last of all, this is not a real keygen at all. All he did was modify an EXISTING script to automatically try random sequences. That's it. And he says so himself. He admits that he's not a cracker at all, and he was just playing with a VBScript file. That's it.

Also, please think back to when XP came out. The majority of pirated users ran one version with one license key, but eventually (SP1) that got blacklisted. BUT, brute force methods (like this) were also available for XP, and worked just fine (assuming you don't mind having your PC using 100% CPU for N hours, where N equals a number between 1 and infinity).

Low Ranked

Ivan @ Mar 3rd 2007 2:55PM

IT'S A TRAP!

Neutral

Ryan @ Mar 3rd 2007 3:22PM

Okay, so did we just find out that 'journalist A' may be of questionable reliability? I mean he seemed to confirm--pretty strongly--that the hack worked. Would he care to verify that statement?

If a journalist is found to be lying, they've basically squandered the most important part of their professional character: their integrity.

Lowest Ranked

ethana2 @ Mar 3rd 2007 5:03PM

Sorry to bug you guys yet again, but...
Why hack Vista when you can just use Linux?

If you need any help figuring Linux out or getting it working for you, whatever:
ethana2@gmail.com

I'd be more than happy to help you

Neutral

Oro @ Mar 3rd 2007 5:04PM

This is a fun story to follow, but I'm a bit surprised nobody's figured out the entirety of the situation yet. It's not rocket science.

There are conceptually three kinds of keys.

The first kind is the incorrect kind (duh). Vista won't let you install with this key.
The second kind is the "looks right" kind. Vista will let you install with this key, but won't let you activate Vista (unless it's also "real").
The third kind is the "real" kind. Vista will not only install, but also activate, with this kind of key.

(These ignore the cases of OEM licensing keys and corporate keys, just pretend those don't exist for now.)

Now, if you've read the back of the box of Vista you'll notice that you get 120 days to activate. _Plus_, should you not have your key, you can install a trial version which works for 120 days. So the second kind of key is functionally identical to just installing the trial version.

Why does Vista even bother to validate the key during install? It has nothing to do with preventing pirated use, it's purely to prevent typos when users input their key! It's a huge pain to undo when a user accidentally inputs an incorrect key, it pretty much always generates a customer service call, and a single customer service call is enough for Microsoft to lose money on an OEM copy of Vista.

So yeah, the keygen works to get past the Vista install. No, it's nothing relevant or worrisome to Microsoft. (Heck, they're almost certainly quite happy about it; everyone who uses this method will have to either buy Vista in 120 days or uninstall it. It's word-of-mouth advertising for trial versions of Vista!)

Can we all just get over it now?

Neutral

Dr. Nil8tor @ Mar 3rd 2007 6:34PM

First lets do some basic cryptology understanding. A key is 25 characters long. each character can be 36 possiblities. 0-9 and a-z assuming that all the letters are either capital or lowercase. If it is a case sensitive you can add another 10 if you need to really know why go back and learn ascii. Your chances of finding a Vista code are as followed

36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36x36

which =8.08e32

so finding one code is about a chance in 1/80,000,000,000,000,000,000,000,000,000,000

or the scientific express
1/HELL

so if MS released 1,000,000 codes your chances would still be slim to none!!!

so yeah that keygen might work but i wouldn't hold my breath.

Neutral

atrain @ Mar 4th 2007 12:31AM

Actualy, M$ tends to try and get rid of vowels... and you can remove posiblilitys of combos of all of the same thing, or all numbers, or all letters...

Still quite big, but considering the speed of modern computers, the list could be generated in a few weeks to maybe a month. Much less with a good cluster.

By list: A list of every possible combination, so that anyone could just plug those in rather than generating them, and speed up the process severely.

While possible, I also don't advocate piracy. If your willing to go through the trouble and effort to do this, why don't you just use Linux, get passed whatever minor issues exist, and be happy with a stable system.

Neutral

Jerome Gravel-Niquet @ Mar 3rd 2007 6:36PM

I was there most of the time on the forum, didn't talk much but I've read the first 70 pages or so... Computer User, if he was anything like a scammer, seemed to be more than thrilled to have 'invented' this new technique.

If he did indeed scam us, he did it good. With no real consequences apart from having lost a little productivity with taking a lot of juice from our PCs.

I did try it, I was fascinated with the coding as I also code in VB. Was fun experiencing this script with the guys out there.

Neutral

tchiseen @ Mar 3rd 2007 7:26PM

indeed the odds of getting a viable key from this brute force keyfinder/keychecker is very low with the surrent methods, it is not impossible. it's also possible to randomly enter keys yourself and get a correct one, there's nothing in this script so far that leads you go the keys and better, only faster.

I think CU's statement was a good idea, cause now all you freaking noobs who just wanted a keygen will piss off. This project is about doing something within the constricts of the OS, not just abt getting a free vista.

Neutral

SgtHeney @ Mar 3rd 2007 8:08PM

It could be depicted a lot easier via 36^25 (spelled out, thirty-six to the power of twenty-five). But that was partially correct, but anyhow, the ratio wouldn’t be 1:36^25 unless there was only 1 key created for it. This means you would have to divide 1,000,000/36^25 (yielding 8.08e32 as stated above)…
So, cryptography, no… That is brute force. Nothing to do with a cryptography lesson, lol. A cryptography lesson would best be explained using a time-memory tradeoff paper. Maybe a sort lesson in reverse engineering. Refs: http://lasecwww.epfl.ch/pub/lasec/doc/Oech03.pdf

Neutral

James @ Mar 3rd 2007 9:50PM

I'm sure Microsoft is pleased that people are trying so hard to upgrade to Vista even though they may not want to pay for it. It seems people do like Vista.
-
http://www.WindowsVistaUserGuide.com

Low Ranked

Fenrir @ Mar 4th 2007 12:12AM

Apart from Windows ME (and potentially NT4, although I have no personal experience with that), name a version of Windows that has not significantly improved on it's predecessor.

It's not a case that Microsoft aren't making progress, it's just that their progress isn't meeting a lot of people's demands. And the price is pretty high.

*NIX flavours are in general very capable, but they're not easy and they do require significantly more work. There's been a lot of progress in the past few years in simplified Linux distros, but if you want to customise them beyond adding and removing "supported" programs you need to learn to work in console/command line. Not everybody has the patience to learn a new system when they've already mastered an existing, more common, and in some cases more functional (at least when it comes to ready-made solutions) option available to them.

Out of Windows, Linux and Mac I'd have to put Linux at as my second choice. It has power, stability and functionality surpassing Windows and Mac, if you're ready to put the time into it. Windows is slow and less stable and unreliable and can be prone to security lapses (because everybody and their dog are trying to find them), but once you're online it can do anything you want with a few clicks and a credit card number. Mac is easy, reliable, and *runs Windows*... Need I say more?

Neutral

Arcaynn @ Mar 4th 2007 12:14AM

So this means that the jump-to-conclusions knee-jerk Microsoft criticism will be rescinded? OH HELL NO d0wn w/ M$ lawl pwnt.

I sincerely think most anti-Microsoft posts are typed on Windows running IE.

Neutral

Geoff Miller @ Mar 4th 2007 12:37AM

Well, if this is a hoax, then Paradox has the real deal:
http://digg.com/microsoft/Vista_cracked_totally_by_Paradox_Microsoft_s_in_trouble_now

Neutral

Steve @ Mar 4th 2007 3:53AM

SECOND POST ATTEMPT - VALIDATION CODE NOT RECEIVED

Why does anybody care? People with any sense should be trying to figure out how to avoid the necessity of an upgrade to the "latest and greatest" piece of Microsoft kitchen-sinkware.

What is kitchen-sinkware? That's my name for what is more prosaically called "bloatware" - software where usability is sacrificed on the altar of hyperinflated feature sets.

You recall the saying "everything but the kitchen sink"?

The product development cycle goes like this. First a piece of software is developed that does a moderately good job at some useful function. Then a new release comes out, fixing bugs and including useful features the original developers overlooked. At this point, the software is workable and customers are satisified.

But satisfied customers are unprofitable customers. Satisfied customers generate no new sales - because software doesn't wear out.

So in the next development cycle it is necessary to turn satisfied customers into dissatisfied customers. This is about the point where version numbers began to give way to model year designations, as Redmond shamelessly copies the tactics that have worked for Detroit for the last 50 years. At this point, true feature bloat begins. Either here, or in the next cycle the developers throw in "everything but the kitchen sink".

But this process is ongoing - the economic imperatives trap a company such as Microsoft on the bloatware merry-go-round. The next cycle actually INCLUDES THE KITCHEN SINK!

But we're not done yet. Further cycles ensue. More of the household plumbing is added to the mix. Eventually, they get around to throwing in the outhouse, and at that point the whole thing begins to stink.

Vista - no thanks!

-Steve

Neutral

Sapo @ Mar 4th 2007 8:34AM

Steve Jobs! lol

Neutral

atrain @ Mar 4th 2007 12:57PM

The paradox system is too weak. Its just a driver to emulate a OEM BIOS. All M$ would have to do to bypass it is patch the driver system to check for the BIOS driver in a more secure way.

This wont last long. Nice while it lasts though, and definitly a step in the right direction.

Neutral

陆军 @ Mar 6th 2007 10:28AM

I hope one key

Neutral

Shane @ Mar 6th 2007 6:17PM

i would have to agree with Sean, though im sure it would be possible to fool the server but the likely hood is slim to none.

Neutral

#hAsH# @ Apr 23rd 2007 11:24AM

oryt, der is a crak 4 vista, actuali ders mani, altho, 5% only work, if any1 wld lyk any, email me, fahimtm@hotmail.com

ders one dun by dr chan, lol hes amazin, vista onli been out 4 a few months n luk wots apend, fuk mr gates, hes rich nuf, he cant apreciate wot hes got, no1ns gona bova sayin sori 2 ms,