| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Aug 12 10:30:32 2005
From: full-disclosure at kharkerlake.net (Christian "Khark" Lauf)
Subject: Wine, the implicit Microsoft Windows Genuine
Advantage
Hello,
Javi Polo wrote:
> On Aug/11/2005, Scott Edwards wrote:
>>That's right, you're thinking no way. Wine [http://www.winehq.org]
>>not only runs the validation download, but it also produces a proper
>>validation key. I discovered this weeks ago, but didn't see anyone
>>else mention it yet.
>
> http://forums.bit-tech.net/showthread.php?t=95654
And it's getting better.
From: http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en
Questions:
Will systems running WINE pass WGA validation?
Answer:
WINE is a Win32 emulator which allows Windows applications, such as
Office, to run on top of X and UNIX. When WGA validation detects WINE
running on the system, it will notify users that they are running
non-genuine Windows, and will not allow genuine Windows downloads for
that system. Users of WINE should consult the WINE community for WINE
updates. It is important to note that WINE users, and other users of
non-genuine Windows, can continue to download updates for most Microsoft
applications from Microsoft application-specific sites, such as Office
Updates.
Would be nice to know, how the WGA-Tool tries to detect if Wine is runing.
I think Wine produces a proper validation key, because it hasn't ActiveX
support.
You'll also get a proper Validation Key if you deactivate ActiveX in IE.
So far, their are 2 (maybe 3) "attack methods" with 4 ways of getting a
proper WGA-Key when still having a illegal or non-standard copy of windows.
JavaScript:
- Open the Windows Update Site, in the site where the 2 buttons for
Search and User-Defined Search appear copy the following line in your
adressbar:
javascript:void(window.g_sDisableWGACheck='all')
Then press one of the buttons.
You'll be able to download all updates. It works pretty good.
(My prefered way - I own a legal MSDNAA copy of WinXP Pro, but I know
that the Keys are traceable (Microsoft is able to see, which Key belongs
to what school) so I used a key from the internet. In order to that, my
copy isn't recognized as legal.)
ActiveX:
- Same way as with JavaScript. But this time, we'll deactivate
everything in IE, what has the "ActiveX" in it.
Hit the button. You're directly forwarded to the Updates download site.
This is could be the same scenario as with wine.
- Use a linux system runing Wine.
Go to WindowsUpdate, download your Updates manually, deploy them to your
Windows(TM) Machine.
(Also unchecked by me, but many reports along the internet who tell,
that it works.)
Also ActiveX??
(I don't know, how the compatibility mode works. If it's able to run
ActiveX etc. So made an extra categorie for this method.)
- Run the WGA-Utility in Windows2000 compatibility code and run it.
It'll always produce a valid WGA-Key.
Was mentioned a few days ago in this list. Haven't checked it. Somebody
knows if it works??
Is it right to say, that:
No ActiveX enabled == Valid WGA-Key??
If yes.. A shame for Microsoft. With billions of dollar spent in varios
anti-piracy campaigns, they make a real mistake to help solving the
problem from their site.
- Or it's just another proof that ActiveX is an unnecessary "technology".
You even don't need it, to show that your XP-Copy is legal :D
Christian
--
Christian "Khark" Lauf <khark@...rkerlake.net>
GPG-Key ID: 0xlostpassphrase-newsoon IRCnet/SILC: Khark
SILC-Fingerprint: 9424 E3BF B637 E1FC E355 BA7C 01CC 1B68 3A1C E330
.oO Die Welt ist toll, trotz allem. Oo.
Powered by blists - more mailing lists