Feeds

Cracked or not? WinXP protection war hots up

Did the Dark Side win? Which one is the Dark Side anyway?

  • alert
  • submit to reddit

Build a business case: developing custom apps

Following our piece on Windows XP copy protection yesterday (MS tips its hand on WinXP protection system) we've received some interesting emails, and there may also have been developments, one of these being that a new build of XP, 2475, may have leaked.

We'll get back to that one, but the question of whether or not the security surrounding Microsoft's Product Activation technology has been breached is for the moment the most interesting matter. We've been contacted by a Mr Jack Flack, who specifically asked for a name-check (hello there, Jack), said he was a courier, and claimed cracking credit for the #crackXP team on DALnet. We're not in a position to verify the crack, but the files he sent are interesting in that they don't involve the replacement of winlogon.exe with an older version (which is how people got around protection in previous builds).

Instead, the key seems to be the replacement of oobeutil.js (out of box experience utility - so Microsoft is still sticking the signposts on the code). This route, by the way, is getting to be pretty common currency in the relevant IRC channels, so we're not telling them or Microsoft anything they didn't know already. The #crackXP routine may work, and there may already be other cracks using a similar approach. One snag on the verification issue is this, from the instruction file: "You CANNOT forward your clock to see if this works, it is a bug in XP 2469 that means forwarding the clock fucks everything up, it will say it isnt activated yet it is. Take our word on this!"

So that kind of leaves things open for the next two weeks, which is when it'll stop working if the the crack didn't work after all. Unless the bug got fixed in 2475, of course.

Another interesting mail, this time from somebody who really didn't sound like he wanted a name check, sounds extremely plausible, and casts considerable doubt on the possibility of a swift, easy crack for the new system. "The new build of Windows XP includes digital signatures on all vital login code, including Winlogon.exe. If you pick apart this file with de-assembly tools you can clearly see the exported keys." He also mentions that Microsoft has digitally signed all its theme files, and muses about why this would be. Maybe worth us musing further another time.

He goes on: "Creating a crack will be far harder than anyone thought for the above listed reasons and for a new reason, all the files that are used to activate are being cross checked. In order to create a working a crack, one would need to break the digital signature on at least 2 files (winlogon.exe & msgina.dll) and possibly several others, including the setup program. (which appears to check the digital signature on file copy) On top of all this, the crack will need to pick apart an activation process that is done via SSL."

So the interesting thing about the possible cracks now doing the rounds is that they at least superficially seem to take a route other than attacking winlogon.exe, while the interesting thing about what this guy has to say is that Microsoft appears to be using cross-checking of digitally signed files as part of the protection. Widen the number of files involved and the crack can easily be made a much trickier proposition. So long, of course, as the signing itself cannot be compromised on the local machine. Once you're running XP you can certainly make your own choices about signed files, but that needn't necessarily be the case in the OOBE phase.

Our sceptic (who was writing yesterday, before alleged cracks started appearing), ends: "There's a budding murmur of agreement that Microsoft just might have won this time amongst crackers out there." This is reinforced by a posting on neowin.net which says: "People on IRC are screaming blue murder, crying out for Microsoft's blood and the well known forces of the 'Crack elite' are shrugging their shoulders in wake of this re-newed onslought from Microsoft. It seems that the cry for Warez 1 - Microsoft 0 was a little premature."

Maybe, maybe not. But Microsoft is clearly getting serious about this, and the spy v spy war looks like its going to get seriously interesting before WinXP ships in October. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.