http://conference.hackinthebox.org/hitbsecconf2010kul/


hackinthebox
 ::  hitb portal  ::  hitb portal (SSL)  ::  hitb forum (SSL)  ::  hitb security conference  ::  hitb training ::  hitb irc  ::  hitb photos  ::  hitb videos :: 

HITB Search:
Who's Online
There are 210 unregistered users and 0 registered users on-line.

You can log-in or register for a user account here.


Main Menu
· Home

Sub Menu
· Latest Comments
· HITB@AvantGo
· HITB@Tradepub
· HITB E-Zine Archive
· HITB Merchandise
· HITB Lite
· HITB GFX
· Members List
· Recommend Us
· Search
· Stats
· Contact Us
· Top 50

Top Stories for Today
[427] How to Design a Secure DMZ
[407] German ID cards hacked by the CCC
[359] Malware hosted on Google Code project site
[258] Apple's elephant in the cloud
[230] Russian cops cuff 10 ransomware Trojan suspects
[230] Algerian Hackers Attack Wrong Website
[218] How Google attacks changed the security game
[201] Feds crack phone clone scam that cost Sprint $15m
[197] PSJailbreak code leaked online
[194] US undergrads crash NASA satellite into Arctic
[194] How Your Cloud Dream Is Becoming a Security Nightmare
[194] Apple's iOS 4.1 ships Sept. 8
[192] Heartland to pay Discover $5M for 2008 data breach
[185] Malaysian National Institute of Public Administration suffers cyber attack
[162] DARPA launches insider threat detection effort for military
[144] China demands real names from mobile phone users
[141] VMWare Sees Big Business In Becoming The Internet Operating System
[132] Windows Phone 7: Done

View the Top 50 articles

Top 20 of the Last 2 Weeks
[3279] Smear campaign against Julian Assange / Wikileaks begins

[1203] Walking for 40 minutes three times a week can make you smarter

[1153] Malware implicated in fatal Spanair plane crash

[1108] 5 Ways To Download Torrents Anonymously

[1095] Garmin issues recall for nuvi GPS devices

[1055] Bothersome online friends have spawned blocking apps

[1024] Viruses Might Help Make Better Batteries

[1010] HP to Acquire Fortify Software

[1000] Twitter Turns to OAuth for Application Authentication

[962] Click Fraud Trojans - A Profitable Business

[959] Benefits of using multiple timestamps during timeline analysis in digital forensics

[956] Belgian 'top downloader' snarfs 2.7TB of data in a month

[955] Avast gets $100 million for free antivirus software push

[949] 8th Annual HITBSecConf Features Brand New Quad-Track Event and Special Keynote Panel

[888] HITBSecConf2010 - Malaysia: New Additions

[881] Ready for 2020? Advice for every career stage

[874] Scaling the Security Chasm

[840] Facebook Places: How it works, and how to turn it off

[818] Xorg Critical Security Flaw Silently Patched

[817] Wikileaks moves servers to an underground nuclear bunker


Past Articles
Wednesday, September 01
·Moscow police investigate alleged ransomware gang
·Novell rolls cloud-security service
·More IT managers plan to spend less, survey finds
·Twitter Turns to OAuth for Application Authentication
·Verizon Uses VMware for Enterprise Cloud Service
·Five Things You Need To Know About IPv6
·iPhone 4 with New Antenna Coming Soon?
·Mark Zuckerberg fights to keep life private
·Android Tablet flood is imminent
·Hackers Steal $600,000 from Catholic Diocese
·Pirate Bay secures documentary funding from fans in just 3 days
·Darpa’s Star Hacker Looks to WikiLeak-Proof Pentagon
·Hackers Focus on Misconfigured Networks, Survey Finds
·Australian ban on PS3 hack extended to September 3
·Apple to offer live video stream of Wednesday's keynote
·US finally reforming its high-tech export control system
Tuesday, August 31
·Wikileaks moves servers to an underground nuclear bunker
·Indian e-voting critic released on bail
·Skype might be bought by Cisco
·Commonwealth Bank of Australia security upgrade causes ATM outage
·Google aims to wipe smile off Facebook
·Will Intel's Sandy Bridge pose a threat to discrete GPUs?
·3M to buy security firm Cogent for $943 million
·Microsoft to build giant data center
·Apple still hasn't fixed iPhone 4 proximity sensor bug
·7 skills every IT manager needs to survive the 2010s
·Intel buys wireless chip tech in mobile-phone push
·Hackers Port Android to Nokia Phones
·Old Apple QuickTime code puts IE users in harm's way
·India Could Face Onslaught of Pakistani Hackers, Say Intelligence Officials
 Older articles
WinXP product activation cracked: totally, horribly, fatally
Posted by alphademon on Wednesday, July 18, 2001 - 10:57 AM (Reads: 115147)
Source:


Since Microsoft introduced Windows Product Activation (WPA) the crackers have gone through a series of WinXP beta builds, finding new ways to at least circumvent the protection system. But now, taking an entirely different approach, Germany's Tecchannel has demonstrated that WPA as shipped in RC1 is full of gaping holes, and can be fooled almost completely.



Tecchannel's report available in English here, or in German here) demonstrates that WPA can be compromised via numerous hardware-related routes; it all centres on the file wpa.dbl, which WinXP keeps in the system32 directory.

This file stores information on the nature of the hardware at the time of activation, and when Windows XP notices more than three items of hardware have changed, it deletes it. Then you need to activate again. You'll also, Tecchannel notes, need to activate immediately if you installed more than 30 days (or 14 with RC1) ago, as that's when the clock starts ticking. This, incidentally, is also the case if you do a 'repair' to fix a bust system - not exactly friendly.

So first of all Tecchannel saved the file then started changing hardware. Two items OK, but replacing a third - the CPU - triggered the deletion. Although you'd think the CPU is only one component, it's actually tallied up as two. Switching off the CPU serial number in the bios and therefore knocking it down to one doesn't get the earlier wpa.dbl back - this has been restored in a non-activated state.

Copy the saved version back? That surely shouldn't work - but it does. Next, Tecchannel tried a completely new installation using the same product key. This produces a new product ID, but nevertheless copying the wpa.dbl file back again works.

They also use this file on another computer, altering the computer's volume ID first, which is easily enough done. They can also use forged network cards MAC addresses, so now they've taken two parts of the hardware ID out of the picture. Next, use the hardware profile to tell the computer it's a notebook with a docking station. This works, and tells WPA to stop counting the IDE/SCSI controller and the graphics card.

That gets the differences counted down to three, hard disk, CPU and CDROM ID, which is within the limit, so WPA is effectively toast.

What does this mean? Tecchannel's investigation shows that, at the very least, you can use the same wpa.dbl file to activate as many computers as you like, provided the RAM size is the same. A 'universal' file that didn't even require the same RAM might be a possibility, but it's more likely that people will simply swap files to get one appropriate for their hardware. If Microsoft doesn't change WPA before WinXP ships, then it's pointless. But changing it when RC2 is looming, and when the holes are so obviously huge, would be difficult.

So farewell then, Windows Product Activation - for the moment?

The Register

(Printer-friendly page Send this story to someone)

 
Login
 



 


 Log in Problems?
 New User? Sign Up!

HITB eZine Issue 003

Last 15 Postings to HITB Forum
Re: Permission problems for cmd commands in LAN
Re: HITBSecConf2009 - Malaysia videos available for download
Re: HITBSecConf2009 - Malaysia videos available for download
Re: 2WIRE wifi network key generators
Re: 2WIRE wifi network key generators
Microsoft MCP community...
Re: Hello
Re: facebook
external usb HD data recovery
Re: Permission problems for cmd commands in LAN
Re: Permission problems for cmd commands in LAN
Re: Permission problems for cmd commands in LAN
Re: Permission problems for cmd commands in LAN
Re: Permission problems for cmd commands in LAN
Re: Permission problems for cmd commands in LAN

Topics
· All topics
· AMD News (Aug 10, 2010)
· Apple News (Sep 02, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Sep 01, 2010)
· Encryption (Aug 30, 2010)
· Games (Aug 27, 2010)
· Hardware (Sep 01, 2010)
· HITB News (Aug 19, 2010)
· Industry News (Sep 02, 2010)
· Intel News (Aug 31, 2010)
· Law and Order (Sep 02, 2010)
· Linux (Aug 30, 2010)
· Microsoft (Sep 02, 2010)
· Networking (Sep 01, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Sep 02, 2010)
· Red Hat (Mar 30, 2010)
· Science (Aug 30, 2010)
· Security (Sep 02, 2010)
· Software & Programming (Sep 02, 2010)
· Spam (Sep 01, 2010)
· Technology (Aug 30, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Sep 02, 2010)
· Wireless (Aug 26, 2010)

Packet Storm Security Latest
· nullconGoa2011-CFP.txt
The Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India.
· amirocmsfaq-xss.txt
Amiro.CMS version 5.8.4.0 suffers from a stored cross site scripting vulnerability.
· advanced-xss.pdf
Whitepaper called Advanced XSS. Written in Arabic.
· moaub01-cpanel.pdf
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
· moaub01-adobe.pdf
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a newclass invalid pointer vulnerability.
· MDVSA-2010-168.txt
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
· ZSL-2010-4961.txt
LEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs.
· cpanelcp-xss.txt
cPanel Customer Portal suffers from a cross site scripting vulnerability.

Follow us
Join our Facebook Group

Follow us on Twitter

Follow our RSS feed


HITB Affiliates
Warez Raid
Btscene
Raid Network
RS Download
Torrent Download
Freshwap.net
Legendarydevils
FullDownloadShare.com
PassionDownload.com
PlaystationHome.com
TriniWarez
Rapidsharedownload.net
SCForum.info
Rafay Hacking Articles
Pogoed Full Downloads
Nitro Roms
Gu1337
Twistys Download
Ideal Torrent
Egyptfans.net
DirtyWarez.com
RaidPIC
Torrents Download
RapidShareLink
FreshDL
Warez Linkers
WarezFactor
FullDDL.net
Digital Vortex
TorrentHub
RealWarez
Fullversion Search
DreamDDL
HackersNews.org
Black-Zero
MyPDACafe.com
Guvenli.org
Dark-Hack.net
Dark Tavern
HardlineNews.com
ITDefence.ru
Xatrix Computer Security
shellcity.net
EyeonSecurity
HackerStickers.com
Astalavista
Go Hacking
XSSed.com
madirish.net
Secumania.org
Megapanzer

If you own a PR4+ (Page Rank) network security or computer related website with 5,000 unique visits and would like to affiliate with HITB, email us.


Page created in 0.814648866653 seconds.