Feeds

Cracked or not? WinXP protection war hots up

Did the Dark Side win? Which one is the Dark Side anyway?

  • alert
  • submit to reddit

Intelligent flash storage arrays

Following our piece on Windows XP copy protection yesterday (MS tips its hand on WinXP protection system) we've received some interesting emails, and there may also have been developments, one of these being that a new build of XP, 2475, may have leaked.

We'll get back to that one, but the question of whether or not the security surrounding Microsoft's Product Activation technology has been breached is for the moment the most interesting matter. We've been contacted by a Mr Jack Flack, who specifically asked for a name-check (hello there, Jack), said he was a courier, and claimed cracking credit for the #crackXP team on DALnet. We're not in a position to verify the crack, but the files he sent are interesting in that they don't involve the replacement of winlogon.exe with an older version (which is how people got around protection in previous builds).

Instead, the key seems to be the replacement of oobeutil.js (out of box experience utility - so Microsoft is still sticking the signposts on the code). This route, by the way, is getting to be pretty common currency in the relevant IRC channels, so we're not telling them or Microsoft anything they didn't know already. The #crackXP routine may work, and there may already be other cracks using a similar approach. One snag on the verification issue is this, from the instruction file: "You CANNOT forward your clock to see if this works, it is a bug in XP 2469 that means forwarding the clock fucks everything up, it will say it isnt activated yet it is. Take our word on this!"

So that kind of leaves things open for the next two weeks, which is when it'll stop working if the the crack didn't work after all. Unless the bug got fixed in 2475, of course.

Another interesting mail, this time from somebody who really didn't sound like he wanted a name check, sounds extremely plausible, and casts considerable doubt on the possibility of a swift, easy crack for the new system. "The new build of Windows XP includes digital signatures on all vital login code, including Winlogon.exe. If you pick apart this file with de-assembly tools you can clearly see the exported keys." He also mentions that Microsoft has digitally signed all its theme files, and muses about why this would be. Maybe worth us musing further another time.

He goes on: "Creating a crack will be far harder than anyone thought for the above listed reasons and for a new reason, all the files that are used to activate are being cross checked. In order to create a working a crack, one would need to break the digital signature on at least 2 files (winlogon.exe & msgina.dll) and possibly several others, including the setup program. (which appears to check the digital signature on file copy) On top of all this, the crack will need to pick apart an activation process that is done via SSL."

So the interesting thing about the possible cracks now doing the rounds is that they at least superficially seem to take a route other than attacking winlogon.exe, while the interesting thing about what this guy has to say is that Microsoft appears to be using cross-checking of digitally signed files as part of the protection. Widen the number of files involved and the crack can easily be made a much trickier proposition. So long, of course, as the signing itself cannot be compromised on the local machine. Once you're running XP you can certainly make your own choices about signed files, but that needn't necessarily be the case in the OOBE phase.

Our sceptic (who was writing yesterday, before alleged cracks started appearing), ends: "There's a budding murmur of agreement that Microsoft just might have won this time amongst crackers out there." This is reinforced by a posting on neowin.net which says: "People on IRC are screaming blue murder, crying out for Microsoft's blood and the well known forces of the 'Crack elite' are shrugging their shoulders in wake of this re-newed onslought from Microsoft. It seems that the cry for Warez 1 - Microsoft 0 was a little premature."

Maybe, maybe not. But Microsoft is clearly getting serious about this, and the spy v spy war looks like its going to get seriously interesting before WinXP ships in October. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.