Feeds

Cracked or not? WinXP protection war hots up

Did the Dark Side win? Which one is the Dark Side anyway?

  • alert
  • submit to reddit

The smart choice: opportunity from uncertainty

Following our piece on Windows XP copy protection yesterday (MS tips its hand on WinXP protection system) we've received some interesting emails, and there may also have been developments, one of these being that a new build of XP, 2475, may have leaked.

We'll get back to that one, but the question of whether or not the security surrounding Microsoft's Product Activation technology has been breached is for the moment the most interesting matter. We've been contacted by a Mr Jack Flack, who specifically asked for a name-check (hello there, Jack), said he was a courier, and claimed cracking credit for the #crackXP team on DALnet. We're not in a position to verify the crack, but the files he sent are interesting in that they don't involve the replacement of winlogon.exe with an older version (which is how people got around protection in previous builds).

Instead, the key seems to be the replacement of oobeutil.js (out of box experience utility - so Microsoft is still sticking the signposts on the code). This route, by the way, is getting to be pretty common currency in the relevant IRC channels, so we're not telling them or Microsoft anything they didn't know already. The #crackXP routine may work, and there may already be other cracks using a similar approach. One snag on the verification issue is this, from the instruction file: "You CANNOT forward your clock to see if this works, it is a bug in XP 2469 that means forwarding the clock fucks everything up, it will say it isnt activated yet it is. Take our word on this!"

So that kind of leaves things open for the next two weeks, which is when it'll stop working if the the crack didn't work after all. Unless the bug got fixed in 2475, of course.

Another interesting mail, this time from somebody who really didn't sound like he wanted a name check, sounds extremely plausible, and casts considerable doubt on the possibility of a swift, easy crack for the new system. "The new build of Windows XP includes digital signatures on all vital login code, including Winlogon.exe. If you pick apart this file with de-assembly tools you can clearly see the exported keys." He also mentions that Microsoft has digitally signed all its theme files, and muses about why this would be. Maybe worth us musing further another time.

He goes on: "Creating a crack will be far harder than anyone thought for the above listed reasons and for a new reason, all the files that are used to activate are being cross checked. In order to create a working a crack, one would need to break the digital signature on at least 2 files (winlogon.exe & msgina.dll) and possibly several others, including the setup program. (which appears to check the digital signature on file copy) On top of all this, the crack will need to pick apart an activation process that is done via SSL."

So the interesting thing about the possible cracks now doing the rounds is that they at least superficially seem to take a route other than attacking winlogon.exe, while the interesting thing about what this guy has to say is that Microsoft appears to be using cross-checking of digitally signed files as part of the protection. Widen the number of files involved and the crack can easily be made a much trickier proposition. So long, of course, as the signing itself cannot be compromised on the local machine. Once you're running XP you can certainly make your own choices about signed files, but that needn't necessarily be the case in the OOBE phase.

Our sceptic (who was writing yesterday, before alleged cracks started appearing), ends: "There's a budding murmur of agreement that Microsoft just might have won this time amongst crackers out there." This is reinforced by a posting on neowin.net which says: "People on IRC are screaming blue murder, crying out for Microsoft's blood and the well known forces of the 'Crack elite' are shrugging their shoulders in wake of this re-newed onslought from Microsoft. It seems that the cry for Warez 1 - Microsoft 0 was a little premature."

Maybe, maybe not. But Microsoft is clearly getting serious about this, and the spy v spy war looks like its going to get seriously interesting before WinXP ships in October. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.