0 Members and 1 Guest are viewing this topic.
According to researcher Debasis Mohanty, the Windows Genuine Advantage validation check can be tricked by using another Microsoft validation tool—"GenuineCheck.exe"—and a second PC. The application can be used to generate a key that will validate an unlicensed copy of Windows XP and gain access to the Download Center.GenuineCheck.exe is actually supposed to be a secondary means of validation, apparently targeted towards those who do not use Internet Explorer, as the Windows Genuine Advantage mechanism requires a browser with full ActiveX support in order to function.
With WGA 1.0, individuals will connect with Microsoft's server, which will communicate whether the operating system (OS) in question is legitimate. If the OS checks out, the individual will be able to take advantage of the "benefits of genuine software", such as Windows Media Player updates.Another enhancement to the software is the elimination of the 25 character key entry - a definite security weakness. When Microsoft Vista is released in 20XX, hackers will have a new set of challenges to hurdle in their efforts to circumvent this protection. However this type of server/client verification has been defeated before, as witnessed by Half Life 2. This first person shooter required the home PC to verify the authenticity of the game through the Valve Software servers. Although creative, the effort was annulled.
The technology used to verify a genuine copy of Windows was designed mostly at Internet Explorer users in the form of an embedded ActiveX control. Microsoft also released another version for non-IE users which requires a program to be downloaded and run to generate a validation key.This is where the exploit actually happens, (NOTE: in order to do this you must have a "Genuine" copy of Windows or know someone who has and is willing to give out their code) simply copy the code the program generates from a Genuine copy of Windows and use that code on any non-Genuine machine.This exploit is only for Mozilla Firefox or any other non-ActiveX compliant browser, if you try it on Internet Explorer it will fail.
For Internet Explorer users:You'll need to download trixie and the relevant user script [Thanks Mark S., MacMonkey]. Simply download the .js file and drop it into trixie's scripts\ folder.Fire up Internet Explorer (32-bit) and click Tools > Trixie Options. You should see WGA Workaround. If it's not already checked, check it. Uncheck the others if you don't want to use them (recommended).Visit Microsoft Downloads or Microsoft Update to test it out!
Quote// ==UserScript== // @name WGA Workaround // @namespace d09733c0-fe4c-11d9-8cd6-0800200c9a66 // @description Windows Genuine Advantage Workaround (IE) // @include http*/*.microsoft.com/* // ==/UserScript== (function () { var js = document.createElement("script"); js.setAttribute("language", "JavaScript"); js.setAttribute("type", "text/javascript"); js.text = 'document.cookie="WinGenCookie=validation=0";';document.getElementsByTagName('head').item(0).appe ndChild(js); window.g_sDisableWGACheck='all'; } )(); OH AND ALSO if you want to install IE7 but can't because of WGA, this works:1. Extract IE7-WindowsXP-x86-enu.exe with WinRAR.2. Open update\iecustom.dll in a hex editor. 3. Navigate to hexadecimal offset 0x1034h(4148 decimal) and change 0F 95 to 0F 94. Boy, MS sucks at this "security" thing, huh?
// ==UserScript== // @name WGA Workaround // @namespace d09733c0-fe4c-11d9-8cd6-0800200c9a66 // @description Windows Genuine Advantage Workaround (IE) // @include http*/*.microsoft.com/* // ==/UserScript== (function () { var js = document.createElement("script"); js.setAttribute("language", "JavaScript"); js.setAttribute("type", "text/javascript"); js.text = 'document.cookie="WinGenCookie=validation=0";';document.getElementsByTagName('head').item(0).appe ndChild(js); window.g_sDisableWGACheck='all'; } )();
There's another trick. Go to Windows Update, and BEFORE you hit "custom" or "express", paste THIS into your browser's address window and hit "go" (or enter):javascript:void(window.g_sDisableWGACheck='all')
For an even more simple work around for users with Windows Service Pack 2 installed is to goto Internet Explorers tools > manage add-ons > then disable Windows Genuine Advantage validation tool.
Still yet another hack is to Open LegitCheckControl.dll (it's in windows\system32) with a Hex editor and at 0002BE98h change 8B45D8 to 33C090 Genuine Windows Validation will now pass whatever key you're using.
