Microsoft Activation Protection [Archive] - RCE Messageboard's Regroupment

View Full Version : Microsoft Activation Protection

DaWsOn

May 14th, 2001, 02:35

As you know or not M$ uses a new piracy-protection system..called Activation protection OS uses some information about your current hardware and produce a uniques key (like a serial) and u had to put that key to activate the Windows..Anyone working on to crack this?

p.s:Until windows xp build 2469 all protection cracked..But 2469 is still uncracked...

nchanta

May 14th, 2001, 05:32

this seems akin to the Microsoft Reader protection.

http://www.microsoft.com/reader/download.asp

i think it ask's you to active it, which then enables M$ to let/not-let you download and run copyrighted/protected eBooks, which are sold over the net.

interesting...

Solomon

May 14th, 2001, 23:07

2469 is cracked. I saw a patch for 2469 and someone claimed that it worked coz he had tried it.

Solomon

May 14th, 2001, 23:14

The crack is "2469_solarixpatch.exe"

daWsON (restored)

May 20th, 2001, 10:10

Solarix made 2 cracks for 2469 and none of them work...

Solomon (restored)

May 20th, 2001, 10:15

I installed 2469 moment ago and applied his crack.
It extends the expiration date to 11/11/2001 , when a new beta will be released

daWsON3k (restored)

May 20th, 2001, 10:15

--------------------------------------------------------------------------------
Solomon (05-14-2001 18:0:
I installed 2469 moment ago and applied his crack.
It extends the expiration date to 11/11/2001 , when a new beta will be released
--------------------------------------------------------------------------------

set date 14 days aheasd and reboot...see a fucked OS

decx

June 3rd, 2001, 15:14

From what i know about the new activation protection is from reversing Microsoft Outlook 2002 installer. It uses RipeMD it seems, but it might be modified a bit, but its most likely is RipeMD cuz of the initialization constants used in the code matchs the RipeMD values, these are:

067452301h
0EFCDAB89h
098BADCFEh
010325476h

from:
sub_35F355B3 proc near
arg_0 = dword ptr 000000004h

mov eax, [esp+arg_0]
xor ecx, ecx
mov [eax+2Ch], ecx
mov [eax+30h], ecx
mov dword ptr [eax+18h], 67452301h
mov dword ptr [eax+1Ch], 0EFCDAB89h
mov dword ptr [eax+20h], 98BADCFEh
mov dword ptr [eax+24h], 10325476h
mov dword ptr [eax+28h], 0C3D2E1F0h ; modified?
retn 4

sub_35F355B3 endp

The RipeMD-call itself is very long, so i wont bother pasteing it here, but the code will hash and fixup the serial in different valid formats being normal keys or OEM keys.

you can get our partially finished sourcecode from:
http://www.sltgods.com/decx/mskg.asm
Warning: Its 164KB - Alot of lines to figure out

- Decx

kill3xx

June 4th, 2001, 16:49

Quote:

decx (06-03-2001 13:14):
modified a bit, but its most likely is RipeMD cuz of the initialization constants used in the code matchs the RipeMD values, these are:

067452301h
0EFCDAB89h
098BADCFEh
010325476h

from:
sub_35F355B3 proc near
arg_0 = dword ptr 000000004h

mov eax, [esp+arg_0]
xor ecx, ecx
mov [eax+2Ch], ecx
mov [eax+30h], ecx
mov dword ptr [eax+18h], 67452301h
mov dword ptr [eax+1Ch], 0EFCDAB89h
mov dword ptr [eax+20h], 98BADCFEh
mov dword ptr [eax+24h], 10325476h
mov dword ptr [eax+28h], 0C3D2E1F0h ; modified?
retn 4

sub_35F355B3 endp

The RipeMD-call itself is very long, so i wont bother pasteing it here, but the code will hash and fixup the serial in different valid formats being normal keys or OEM keys.

you can get our partially finished sourcecode from:
http://www.sltgods.com/decx/mskg.asm
Warning: Its 164KB - Alot of lines to figure out

- Decx

Interesting.. atm i'm very busy and not have time to dig into ur sources or WPA itself.. but u'r right is not RIPEMD but the more strengthened version RIPEMD-160 (or maybe a RIPEMD160-MAC)... anyway u've done a good work poking (m$ jargon

with their new toy and i'm pretty sure that u've made happy some people at M$ >

Best regards,

Kill3xx