[wordup] go go gadget microsoft!

[Adam Shand]

you'd think M$ would look at the wars that the cable/satelitte tv
companies have been fighting for *years* against pirates and give up.  if
they can't control a much simpler piece of hardware which is in a totally
push environment ... what the hell makes M$ think they'll be able to do
this?

INFORMATIONWANTSTOBEFREE.  so there.

From: Brett Shand <brett at earthlight.co.nz>
URL:  http://www.theregister.co.uk/content/4/20433.html

WinXP product activation cracked: totally, horribly, fatally
By John Lettice
Posted: 17/07/2001 at 12:35 GMT

Since Microsoft introduced Windows Product Activation (WPA) the crackers
have gone through a series of WinXP beta builds, finding new ways to at
least circumvent the protection system. But now, taking an entirely
different approach, Germany's Tecchannel has demonstrated that WPA as
shipped in RC1 is full of gaping holes, and can be fooled almost
completely.

Tecchannel's report available in English here, or in German here)
demonstrates that WPA can be compromised via numerous hardware-related
routes; it all centres on the file wpa.dbl, which WinXP keeps in the
system32 directory.

This file stores information on the nature of the hardware at the time of
activation, and when Windows XP notices more than three items of hardware
have changed, it deletes it. Then you need to activate again. You'll also,
Tecchannel notes, need to activate immediately if you installed more than
30 days (or 14 with RC1)  ago, as that's when the clock starts ticking.
This, incidentally, is also the case if you do a 'repair' to fix a bust
system - not exactly friendly.

So first of all Tecchannel saved the file then started changing hardware.
Two items OK, but replacing a third - the CPU - triggered the deletion.
Although you'd think the CPU is only one component, it's actually tallied
up as two.  Switching off the CPU serial number in the bios and therefore
knocking it down to one doesn't get the earlier wpa.dbl back - this has
been restored in a non-activated state.

Copy the saved version back? That surely shouldn't work - but it does.
Next, Tecchannel tried a completely new installation using the same
product key. This produces a new product ID, but nevertheless copying the
wpa.dbl file back again works.

They also use this file on another computer, altering the computer's
volume ID first, which is easily enough done. They can also use forged
network cards MAC addresses, so now they've taken two parts of the
hardware ID out of the picture. Next, use the hardware profile to tell the
computer it's a notebook with a docking station. This works, and tells WPA
to stop counting the IDE/SCSI controller and the graphics card.

That gets the differences counted down to three, hard disk, CPU and CDROM
ID, which is within the limit, so WPA is effectively toast.

What does this mean? Tecchannel's investigation shows that, at the very
least, you can use the same wpa.dbl file to activate as many computers as
you like, provided the RAM size is the same. A 'universal' file that
didn't even require the same RAM might be a possibility, but it's more
likely that people will simply swap files to get one appropriate for their
hardware. If Microsoft doesn't change WPA before WinXP ships, then it's
pointless. But changing it when RC2 is looming, and when the holes are so
obviously huge, would be difficult.

So farewell then, Windows Product Activation - for the moment?