Windows Vista Hacked
By Michael Ross
This article was published by ComputorEdge, issue #2709, 2009-02-27, as a feature article, in both their PDF edition (on pages 10-11) and their website.
Microsoft worked on developing the Vista brand of its flagship Windows operating system, for many years (in fact, too many years, in the opinion of some industry pundits, given the evolutionary rather than revolutionary nature of Vista versus its predecessor). As part of this huge effort, the company built into Vista some new security measures, designed to make it impossible for pirates to produce a working bootleg version and then distribute that "cracked" copy to anyone on the Internet who wants to download it for free. This extra effort is partly a result of the company's goal to reduce piracy as a key way to grow its sales of Windows.
The company most likely recognized that more stringent measures were needed in order to battle the pirates, given the extensive history of Microsoft products being hacked — including all versions of Windows up to that point, along with Microsoft Office and many other products. Several of the earlier Windows versions, long before Vista, were supposedly protected with lengthy serial numbers, each of which consisted of five sets of five alphanumeric characters. These might have been annoying for users to type in when installing the given Microsoft product, but it was just as easy for pirates to distribute those serial numbers, which could be used to activate an unlimited number of bootleg copies of the product.
But now the Internet has made it much easier for companies to counter that software pirating strategy, through the use of online activation. Specifically, for any product that uses this security approach, any time the user starts up the program, it "phones home" to a Web server controlled by the company, and verifies that it is a legitimate copy of the program, before allowing the user to continue. This approach is straightforward and secure, but is only appropriate for cases where customers would not be overly inconvenienced by the program requiring an Internet connection. (Note that this is not the same thing as spyware sending your confidential information off to some Web server without your permission.)
For operating systems, however, this strategy of startup online activation would not be feasible or acceptable to the public, because no operating system vendor can reasonably demand that a customer have an Internet connection at all times, including when the software is being installed. What happens to the customer if her Internet service is, for whatever reason, not functioning? What if she is using a laptop and is currently outside of any Wi-Fi hotspots, or the Wi-Fi card in her laptop is broken?
With the introduction of Windows XP, Microsoft took a different tack, which normally utilizes Internet communication between the user's PC and Microsoft servers only once — in order for the operating system to notify Microsoft of the PC's configuration (sort of like a hardware "fingerprint") and the installation ID number, which consists of nine sets of six alphanumeric characters. The servers return a confirmation ID number, and from that point forward, that copy of Windows Vista is considered genuine, and works even when the PC is off-line. In fact, no Internet connection is even required, because you can call a toll-free number at Microsoft, provide them with your installation ID over the phone, and they will then give you the confirmation ID to enter.
Stopping the Clock
People were allowed to install Windows XP and try it out for 30 days, without having to activate it either online or with a telephone call. Each day that you used a non-activated copy of XP, it would inform you as to how many days you had left before the system would lock up and not let you continue using it. In other words, the operating system had a built-in timer, which was always counting down. Pirates naturally wanted to extend that trial period indefinitely — or at least until the next version of Windows came out, at which time they might switch to that one as their favorite "free" operating system. It did not take too long for them to hack the code so that the timer always thinks that there is plenty of time left during the trial period. (This is the most common way to crack trial software that uses a built-in timer.)
Microsoft built even more stringent security measures into Windows Vista, in an attempt to defeat anyone trying to fool the countdown timer. However, pirates raced to figure out a workaround, and they succeeded. An article published on KezNews provides the details on how this particular attack works. Anyone interested in the details can check that article.
What may be most interesting to the reader of that article, is the brief mention of other methods of attack that have been attempted in the past, in order to "bypass, skip, delay, disable or spoof Vista activation", namely, "extend evaluation period, rearm method, install Vista in future year, 'frankenbuild' Vista by replacing RTM build WPA files with RC build files, activate against spoofed KMS server, or run and activate Vista with own local KMS server". The number and variety of these methods hints at how many potential vectors of attack that hackers can try in defeating the privacy guards of an operating system or any other piece of software.
Cracks in the System
Microsoft has employed other strategies to try to make these pirates "walk the plank" and become legitimate users. Some may not have been well thought out, such as the idea to have the fancy new Aero display — which includes dynamic icons, translucent windows, and animated flips between open programs — only work for copies of Vista that have been designated as genuine. Users of pirated copies would see the regular, non-fancy display (as if that would be punishment enough). But considering how much of a drain the Aero display is on the PC's resources, the non-Aero display probably runs faster, partially undermining this strategy as any sort of deterrent.
In the fall of 2004, Microsoft began testing its new Windows Genuine Advantage program, as another way of putting a halt to Windows piracy. The success of the protection may be judged by the level of piracy still in the wild. Even as early as January 2007, fully hacked versions of Windows Vista Ultimate were appearing in China, in the black markets, for a very affordable $2.50. Anyone living outside of that area, or who wished to save even that amount of money, could see what is available on the file-sharing networks, such as BitTorrent. A quick search on The Pirate Bay reveals dozens of cracked versions of Vista, such as "Windows Vista All Versions With Patch", clocking in at just under 3 gigabytes.
There have been numerous other reports in the press of Windows Vista being defeated by various hacking attempts. It all raises an interesting question: If it appears impossible to prevent any copyrighted software from being cracked, is there any point in investing the time and programmer hours in trying to make a product such as Windows Vista unbreakable? From the perspective of software vendors, it probably is worthwhile, since most customers do not have the technical wherewithal to crack the product themselves, or to find some pirate's handiwork. Furthermore, in the case of Windows, most users are unable to avoid the licensing fee anyway, since they pay it as part of the original purchase price of the PC.
The never-ending battle between software vendors and pirates is certainly not over, and one can safely predict that the release of Windows 7 will cause a flurry of pirates trying to be the first out with a cracked copy, thereby earning bragging rights. For those of us who run legitimate versions of Windows, it all may interest us primarily as a display of the impressive creativity of computer programmers, on both sides of the law.
Copyright © 2008 Michael J. Ross. All rights reserved.