Feeds

Cracked or not? WinXP protection war hots up

Did the Dark Side win? Which one is the Dark Side anyway?

  • alert
  • submit to reddit

Business security measures using SSL

Following our piece on Windows XP copy protection yesterday (MS tips its hand on WinXP protection system) we've received some interesting emails, and there may also have been developments, one of these being that a new build of XP, 2475, may have leaked.

We'll get back to that one, but the question of whether or not the security surrounding Microsoft's Product Activation technology has been breached is for the moment the most interesting matter. We've been contacted by a Mr Jack Flack, who specifically asked for a name-check (hello there, Jack), said he was a courier, and claimed cracking credit for the #crackXP team on DALnet. We're not in a position to verify the crack, but the files he sent are interesting in that they don't involve the replacement of winlogon.exe with an older version (which is how people got around protection in previous builds).

Instead, the key seems to be the replacement of oobeutil.js (out of box experience utility - so Microsoft is still sticking the signposts on the code). This route, by the way, is getting to be pretty common currency in the relevant IRC channels, so we're not telling them or Microsoft anything they didn't know already. The #crackXP routine may work, and there may already be other cracks using a similar approach. One snag on the verification issue is this, from the instruction file: "You CANNOT forward your clock to see if this works, it is a bug in XP 2469 that means forwarding the clock fucks everything up, it will say it isnt activated yet it is. Take our word on this!"

So that kind of leaves things open for the next two weeks, which is when it'll stop working if the the crack didn't work after all. Unless the bug got fixed in 2475, of course.

Another interesting mail, this time from somebody who really didn't sound like he wanted a name check, sounds extremely plausible, and casts considerable doubt on the possibility of a swift, easy crack for the new system. "The new build of Windows XP includes digital signatures on all vital login code, including Winlogon.exe. If you pick apart this file with de-assembly tools you can clearly see the exported keys." He also mentions that Microsoft has digitally signed all its theme files, and muses about why this would be. Maybe worth us musing further another time.

He goes on: "Creating a crack will be far harder than anyone thought for the above listed reasons and for a new reason, all the files that are used to activate are being cross checked. In order to create a working a crack, one would need to break the digital signature on at least 2 files (winlogon.exe & msgina.dll) and possibly several others, including the setup program. (which appears to check the digital signature on file copy) On top of all this, the crack will need to pick apart an activation process that is done via SSL."

So the interesting thing about the possible cracks now doing the rounds is that they at least superficially seem to take a route other than attacking winlogon.exe, while the interesting thing about what this guy has to say is that Microsoft appears to be using cross-checking of digitally signed files as part of the protection. Widen the number of files involved and the crack can easily be made a much trickier proposition. So long, of course, as the signing itself cannot be compromised on the local machine. Once you're running XP you can certainly make your own choices about signed files, but that needn't necessarily be the case in the OOBE phase.

Our sceptic (who was writing yesterday, before alleged cracks started appearing), ends: "There's a budding murmur of agreement that Microsoft just might have won this time amongst crackers out there." This is reinforced by a posting on neowin.net which says: "People on IRC are screaming blue murder, crying out for Microsoft's blood and the well known forces of the 'Crack elite' are shrugging their shoulders in wake of this re-newed onslought from Microsoft. It seems that the cry for Warez 1 - Microsoft 0 was a little premature."

Maybe, maybe not. But Microsoft is clearly getting serious about this, and the spy v spy war looks like its going to get seriously interesting before WinXP ships in October. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.