https://jobs.hackinthebox.org


hackinthebox
 ::  hitb portal  ::  hitb portal (SSL)  ::  hitb forum (SSL)  ::  hitb security conference  ::  hitb training ::  hitb irc  ::  hitb photos  ::  hitb videos :: 

HITB Search:
Who's Online
There are 224 unregistered users and 0 registered users on-line.

You can log-in or register for a user account here.


Main Menu
· Home

Sub Menu
· Latest Comments
· HITB@AvantGo
· HITB@Tradepub
· HITB E-Zine Archive
· HITB Merchandise
· HITB Lite
· HITB GFX
· Members List
· Recommend Us
· Search
· Stats
· Contact Us
· Top 50

Top Stories for Today
[324] Special Report: HITB2009 CTF Weapons of Mass Destruction
[282] How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
[214] Adobe apologizes for festering Flash crash bug
[191] Hackers training website shut down by China government
[184] Microsoft's Windows 7 chief: It's not us; it's your batteries
[176] Germany to purchase stolen Swiss bank data for $3.5 million
[160] Conficker outbreak infects Leeds hospital servers
[155] AMD Reveals Fusion CPU+GPU, To Challege Intel in Laptops
[153] How O2 secured its network for the iPhone
[152] Former Intel Exec Pleads Guilty in Galleon Insider Case
[150] YouTube confirms IPv6 support
[147] £150m sting to infect computers with porn
[130] Open source means freedom from 'anti-features'
[128] Google warns Chinese copycat Web site
[126] Inside CloudLinux's New Linux-Based Cloud OS
[118] Intel, IBM roll out new computer network chips
[112] IT hiring jumps in January
[111] 95% of user-generated content was malicious in 2H 2009
[110] Critical infrastructure under constant cyberattack
[110] IT Outsourcing: Why It Pays to Appraise Your Contract
[106] Korean government to spend $341M on IT workforce training

View the Top 50 articles

Top 20 of the Last 2 Weeks
[4217] Dev Team Confirms iPhone 3.1.3 IPSW Jailbreak

[3270] Geohot Releases PS3 Exploit - SKFU calls it useless

[3225] The 10 best IT jobs right now

[3103] The face of first contact: What aliens look like

[3072] Bank sues victim of $800,000 cybertheft

[2914] The 10 best IT jobs right now

[2907] Expert sees security issues with the iPad

[2850] Apple unveils the 'magical' iPad

[2841] 30 commercial games released for FREE

[2835] How to Hack Your Android Phone (and Why You Should Bother)

[2800] Privacy Search Engine Offers Anonymous Web Browsing

[2789] How to: Prevent RSI

[2780] Google Encouraging More Chromium Security Research

[2758] 4 Arrested In Alleged Plot To Wiretap Senator's Office

[2736] Hackers ran detailed reconnaissance on Google employees

[2712] Apple betrays loyal customers with iPad's micro-SIM slot

[674] David Litchfield: Oracle database can be hacked remotely

[664] Cisco's Backdoor For Hackers

[640] Taiwan-based Aurora cyber attack part of larger hack than previously reported

[587] Hacker Defaces 49 House Sites, Flames Obama


E-Zine Archive
Issue #1 - #37
Issue #38

Past Articles
Tuesday, February 09
·Hackers training website shut down by China government (0)
Monday, February 08
·Blackberry spyware source code released (0)
·P2P Snoopers Know What's In Your Wallet  (0)
·Symantec hit with class-action lawsuit over auto-renewals (0)
·Internet Overuse Invites Depression, Study Says (0)
·Recovery, Transformation for IT, Telecom in 2010 (0)
·iPad Study: The More You Know, The Less You Want One (0)
·BlackBerry has spyware risk too, researcher says (0)
·High-tech to keep Super Bowl on track (0)
·AU Gov't Still Wants ISPs To Solve Illegal Downloads (0)
·How the NSA Deal Could Kill Google (0)
·Apple's new beta of Mac OS X 10.6.3 includes few changes (0)
·Security flaw puts iPhone users at risk of phishing attacks (Updated) (0)
·Unannounced Core i7 Apple MacBook Pro surfaces in benchmarks logs (0)
·Indian IT Giant Tata Consultancy Services Hacked (0)
·ShmooCon: Inside FarmVille's sinister underbelly (0)
·Six golden rules for strong passwords (0)
·The FBI Wants to Know Where You are Online (0)
Friday, February 05
·Taiwan-based Aurora cyber attack part of larger hack than previously reported (0)
·The 10 best IT jobs right now (0)
·German grocery stores experiment with payment by fingerprint (0)
·How Trend Micro addresses cloud security (0)
·We've got a file on you - Dutch privacy under threat (0)
·Hack Your Kindle to Support Bluetooth (0)
·Encrypting your iPhone backups? Time to choose a better password (0)
·Pentagon seeks billions to battle terror abroad (0)
·Hospitality Industry Hit Hardest By Hacks (0)
·Do Google's search warrant police run IE6? (0)
·Microsoft slates colossal Windows patch next week (0)
·Google Asks NSA to Help Secure Its Network (0)
 Older articles

Hosting Provided By

WinXP product activation cracked: totally, horribly, fatally
Posted by alphademon on Wednesday, July 18, 2001 - 10:57 AM (Reads: 114059)
Source:


Since Microsoft introduced Windows Product Activation (WPA) the crackers have gone through a series of WinXP beta builds, finding new ways to at least circumvent the protection system. But now, taking an entirely different approach, Germany's Tecchannel has demonstrated that WPA as shipped in RC1 is full of gaping holes, and can be fooled almost completely.



Tecchannel's report available in English here, or in German here) demonstrates that WPA can be compromised via numerous hardware-related routes; it all centres on the file wpa.dbl, which WinXP keeps in the system32 directory.

This file stores information on the nature of the hardware at the time of activation, and when Windows XP notices more than three items of hardware have changed, it deletes it. Then you need to activate again. You'll also, Tecchannel notes, need to activate immediately if you installed more than 30 days (or 14 with RC1) ago, as that's when the clock starts ticking. This, incidentally, is also the case if you do a 'repair' to fix a bust system - not exactly friendly.

So first of all Tecchannel saved the file then started changing hardware. Two items OK, but replacing a third - the CPU - triggered the deletion. Although you'd think the CPU is only one component, it's actually tallied up as two. Switching off the CPU serial number in the bios and therefore knocking it down to one doesn't get the earlier wpa.dbl back - this has been restored in a non-activated state.

Copy the saved version back? That surely shouldn't work - but it does. Next, Tecchannel tried a completely new installation using the same product key. This produces a new product ID, but nevertheless copying the wpa.dbl file back again works.

They also use this file on another computer, altering the computer's volume ID first, which is easily enough done. They can also use forged network cards MAC addresses, so now they've taken two parts of the hardware ID out of the picture. Next, use the hardware profile to tell the computer it's a notebook with a docking station. This works, and tells WPA to stop counting the IDE/SCSI controller and the graphics card.

That gets the differences counted down to three, hard disk, CPU and CDROM ID, which is within the limit, so WPA is effectively toast.

What does this mean? Tecchannel's investigation shows that, at the very least, you can use the same wpa.dbl file to activate as many computers as you like, provided the RAM size is the same. A 'universal' file that didn't even require the same RAM might be a possibility, but it's more likely that people will simply swap files to get one appropriate for their hardware. If Microsoft doesn't change WPA before WinXP ships, then it's pointless. But changing it when RC2 is looming, and when the holes are so obviously huge, would be difficult.

So farewell then, Windows Product Activation - for the moment?

The Register

(Printer-friendly page Send this story to someone)

 
WinXP product activation cracked: totally, horribly, fatally | Log-in or register a new user account | 0 Comments
Comments are statements made by the person that posted them.
They do not necessarily represent the opinions of the site editor.
Login
 



 


 Log in Problems?
 New User? Sign Up!

Last 15 Postings to HITB Forum
Re: RSA - Breaking the Standard
Re: Project: Gaining entry to a computer not on my network.
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
Re: Project: Gaining entry to a computer not on my network.
Re: RSA - Breaking the Standard
Re: RSA - Breaking the Standard
RSA - Breaking the Standard
Re: Project: Gaining entry to a computer not on my network.
Project: Gaining entry to a computer not on my network.
Re: ADSL

Packet Storm Security Latest
· HPSBUX02503-SSRT100019.txt
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
· MDVSA-2010-034.txt
Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
· nightdahack2010-cfp.txt
Night Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France.
· CORELAN-10-010.txt
GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
· wsnguestdb-disclose.txt
WSN Guest Database appears to suffer from a database disclosure vulnerability.
· bluedove-sql.txt
Blue Dove suffers from a remote SQL injection vulnerability.
· synspam_0.4.0-1.tar.gz
Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
· as3flexdb-sqldisclose.txt
AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities.

Topics
· All topics
· AMD News (Feb 09, 2010)
· Apple News (Feb 09, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Feb 03, 2010)
· Encryption (Jan 15, 2010)
· Games (Feb 04, 2010)
· Hardware (Feb 08, 2010)
· HITB News (Feb 09, 2010)
· Industry News (Feb 09, 2010)
· Intel News (Feb 03, 2010)
· Law and Order (Feb 09, 2010)
· Linux (Feb 09, 2010)
· Microsoft (Feb 09, 2010)
· Networking (Feb 09, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Feb 08, 2010)
· Red Hat (Nov 18, 2009)
· Science (Feb 04, 2010)
· Security (Feb 09, 2010)
· Software & Programming (Feb 09, 2010)
· Spam (Jan 26, 2010)
· Technology (Feb 09, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Feb 09, 2010)
· Wireless (Dec 28, 2009)

Follow us
Join our Facebook Group

Follow us on Twitter

Follow our RSS feed


HITB Affiliates
Warez Raid
Btscene
Raid Network
Rapidshare.net
FullDownloadShare.com
PlaystationHome.com
TriniWarez
Rapidsharedownload.net
SCForum.info
Pogoed Full Downloads
Nitro Roms
Gu1337
Twistys Download
Ideal Torrent
DirtyWarez.com
RaidPIC
Torrents Download
RapidShareLink
FreshDL
Warez Linkers
WarezFactor
FullDDL.net
Digital Vortex
TorrentHub
RealWarez
Fullversion Search
DreamDDL
HackersNews.org
Black-Zero
MyPDACafe.com
Guvenli.org
Dark-Hack.net
Dark Tavern
HardlineNews.com
ITDefence.ru
Xatrix Computer Security
shellcity.net
EyeonSecurity
HackerStickers.com
Astalavista
Go Hacking
XSSed.com
madirish.net
Secumania.org
Megapanzer

If you own a PR4+ (Page Rank) network security or computer related website with 5,000 unique visits and would like to affiliate with HITB, email us.


Page created in 0.82329916954 seconds.