Last week's reports of a working hack for Vista product activation turned out to be naff. Microsoft shouldn't breathe a sigh of relief though. Somebody else has done it.
A quick bit of background. Late last week news of a 'brute force' keygen for Vista proliferated across the Internet. There were reports that after a few hours it could return a number of valid keys. Turns out the excitement drummed up was premature. It's too slow to be a practical route around Microsoft's activation technology. Before everyone knew it was naff, however, the thieves cheered at the prospect of free Vista, while journos chuntered at how activation only hassles legit users.
But there's an activation circumvention method from another team of hackers. And this one could cause MS a bit more trouble.
The new hack exploits Vista's System Locked Pre-installation 2 (SLP2) mechanism. SLP2 allows favoured OEMs to avoid users having to activate their Vista installs. SLP2 combines an OEM specific certificate on the Vista installation media, along with appropriate markers in the machine's BIOS (specifically, in the ACPI_SLIC table) and an appropriate product key. With all three, Vista sees the system as pre-activated and doesn't do any further activation process.
The hack is basically a BIOS emulator, which exists as a system driver (so does that make X64 editions immune?), serving up the correct BIOS data to the Vista licensing system when required. Combine this with the appropriate certificate and key for the version of Vista and OEM BIOS - bang goes the activation mechanism.
This method has been seen to work and given that it takes a few steps and a bit of file-swapping, it's more favourable than hoping a random number generator comes up with a key. It looks like the circumvention will work on any installation media, provided the correct keys and certificates are used... and they're out there.
Is Microsoft in trouble, then? Has its activation technology fallen down after two months of use? Updated motherboard BIOSes with a Vista activation compliant SLIC table might prevent the hack from working, but how many end users are going to update their BIOS? MS can't just block the keys, that's for sure. The last thing it wants to do is inconvenience the customers of some of the biggest OEMs. Chances are a Windows Update will fix it, but unless Microsoft re-works its licensing system, it might turn into a cat and mouse game with the emulator writers.
It'll become clear in the next few weeks whether this method of activation circumvention is going to cause Microsoft serious problems. If it proves so, then it's anybody's guess as to when they'll counter it...
HEXUS.links
News on the failed method neatly rounded up on Slashdot.
