it still works for me with it disabled..?

Oh well, as long as there's a way around it for now

I found out when I start school in the fall that I'll get a free MSDNAA subscription and I can get whatever MS software...in a legit fashion, free of cost

The funny thing is, I went to windows update yesterday and was told after the validation tool was installed that my key was invalid, yet to day I turned on automatic updates and it installed all the available updates. This is just a test machine so it did not matter if it updated or not, but its an interesting discovery.

@bjx0: For more info. about Microsoft's piracy exchange program, click here.

---

This is one of many tricks that were quickly discovered to bypass the new validation checks, so ... **topic merged with our on-going discussion**

That's the correct behavior. It says right on the page after you fail validation that you can get the updates by turning on automatic updates. This will only install security updates though, it won't install updates like a new version of media player.

Without changing PID...

I found somebody has been cracked LegitCheckControl.dll with a simple HEX editor, but the crack only works on IE for Windows Update and Download Center.

Folks, get to the topic at hand, we aren't trying to bypass the protection, we need to get a keygen that spits out working PIDs.

xxxxx-640-0005952-xxxxx

^ that is a verified valid pid.

To get this to work, you enter in 640 and 595 into the two keygen boxes and then copy it onto the bottom two and hit generate. The number where the 2 is not predictable or controllable, from working with the keygen it seems it is based upon which numbers come before it, so i assume what any true computer science major would assume, its a check digit. Now the problem for this comes in like i stated before; the keygen will always generated a key with the number 23, if i can notice this number pattern, they can to. The probability of having two check digits like that, back to back are very unlikely. Meaning that there must be a way to generate a truly random PID. These are not wild accusations, its alot of trial and error. Think about it we know over 60% of the valid code. The odds of generating a key are exponential but, eventually you would have to find one that works, but after hundreds and hundreds of tries, nothing that comes out of that keygen works...this is the reason.

OK fire up your c++ proggies to test thies theory someone needs to create a cd-key that generates a pid that looks like this:

xxxxx-0005952-25xxx

This is know to be a valid range, and i have a firm belief it will work. Though it is not an end all, because then all they have to do is block 25, the next problem we run into is that there is probably a check digit in the last 5. *sigh*, thats probably why the keygen used 23 to begin with, because no one could figure out the algorithim creating the last 5 digits, if this is correct then 25 could fail, but it gives us a starting point. If you ever want to learn to be hackers start with number sequences. I challenge all of you to find the code that will validate 595. the one code alone would give us the ability to generate 1000s of valid keys. Or you could just buy a copy :-P

Unless I have totally missed the boat here, that is NOT what your trying to do. The new WGA privacy statement says that it will send both your Pid AND KEY to microsoft. We all know that many, many keys will all boil down to the same PID. THat is not true of a KEY, a KEY does uniquely identify a customer. The customer might be General Motors with many VLK licenses but the customer was identified none the less from the key. This s a MAJOR change in windows update's privacy policy and big win for MS to thwart piracy. What I think is occurring is the new validation assistant sends your PID and KEY to MS who then queries its internal database and says Hey, that may be a valid 640 PID but the Key was never issued by me(MS), must be a key that came from some unauthorized keygen hence a pirated xp. If the above understanding is true, even if you manage to keygen a key that generates a PID identical to that of a PC within General Motors it still will come up as pirated because the actual key was not issued by MS.

Below is an extract from the Privacy Policy found at http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us

I've dumped in about 40 keys in my 4 computers, I've not managed to get a "valid" for WGA key yet....

As of this morning the disabling of IE addon still works though, but its a sloppy hack, might need a newer keygen to come out sometime soon lol

Uh, "only?" What else does it need to work on?

Here it is btw... works now but who knows for how long.

LegitCheckControl.dll
@0002BE98h:
8B45D8 --> 33C090

There are, believe it or not, people who download ALL their updates from "Microsoft Downloads" using Firefox.

It would be interesting to see if a keygen surfaces with all the keys that MS has actually issued....

>>FIXED: It would be interesting to see if a keygen surfaces that can create keys MS has actually issued...

A keygen creates keys based on an algorithm, if something spits out keys only issued by microsoft, it would more than likely just be refrencing a master keylist, not actually generating them.

Fixed:



"...unless the Product ID is not valid."
This baltent hole in this sentence verifies that while COLLECTED the product key is not verified. And actually even though the key is 25 characters and the PID is less, it is still possible, that no two PIDs can be the same, since the PID is actually created from KEY + Hardware. Two keys would never result in the same PID unless the hardware was the same.

gb2 http://aumha.org/win5/a/wpa.php

Windows XP SP2:
LegitCheckControl.dll

Address: 0002BE82
Change: 8B45 D8 --> 33C0 90

*deleted*

Did they change it already?

WTF? That's some pretty wierd logic you've got there. The first sentence specifically says they are looking at the PID and the key. Just because they don't keep that information after you're done with your validations test -- how the heck do you translate that into "they don't validate the product key"????

no, the first sentence says that the key and PID are transfered to them, not that they are looked at, do you honestly think they care about your bios revision too? the last line in italics ays that the ONLY thing that will stop you from accessing windows update is if the PID is not valid, if you put a word to it.

whiel i won't outright doubt that they verify the product key, you would have admit checking a single key against over *guessing* 5 million single VLKs, is a VERY intensive DB operation and highly unlikely to be going on. its easier just to look for check digits in the PID. Realize something Microsoft is trying to maintain the perfect balance of stopping piracy, making users aware of piracy, and getting those that stole windows to consider buying it WHILE not distrubing legtitimate customers from getting thier updates. That check happens WAY to fast for it to actually be checking that hard.

As an OracleDBA I can assure your an index lookup into a 5M row table is not expensive/slow particularly when you realize the entire row is 25 bytes wide. Heck, this table and index is under 250M in size and would completely cache into memory. An simple b-tree index could reach any value in a handfull of memory hops. A production database server could handle a thousand of these requests a second which is all throughput MS would need to validate every WGA request. So I guess I'm saying, its totaly possible and probable that MS would validate each key sent via WGA against a master list. My guess is its also possible the PID is being evaluated to see is in the range of possible pids before the key check is even performed.

I meant exactly that. I used the word keygen loosely. It would have to be a list.

on windows update i just used this...

worked great

java script:void(window.g_sDisableWGACheck='all')

Cracked Windows anti-crack cracked claim

Although every problem has a solution, I think to generate a CD Key similar to that of Microsoft is difficult.
It is easier to work around Microsoft validation method.

Also, there's always Auto Patcher.

sorry to dig this back up but what version of ie are you guys using that you have this setting? "In Internet Explorer
Tools > Manage Add-ons
Disable "Windows Genuine Advantage" thingy" ?? there is no such setting in the "tools" dropdown menu on 6.0.2800.XXXXXXX cant remember the rest,lol. but i dont have this setting. is it an sp2 thing? also, all i really care about downloading directly from windows is the critical updates and driver updates. i know the critical updates work, but what about the hardware/driver updates when set to automatic updating? thanks

Instructions:


Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

java script:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check."

Microsoft wake up

ok, tried it, went to the site, http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us , then cleared the stuff in the address window and pated in this,java script:void(window.g_sDisableWGACheck='all') , then hit enter. it then says " Checking for the latest updates for your computer..." and, HOLY S%$T it worked this time!! last night it said the page cannot be displayed thing, worked like a charm. must have been doing something wrong, so thanks dutchie!!

on a side, how are you guys sccessfully changing the keys? i get the keys, then use the little app to install them, the windows activation box comes up and says already activated, then i hit ok on the insertion app and it says to reboot. but, i also have a key checker and when i run it, it brings up the original key i installed with. am i missing a step somewhere??

There are many key changers by name but cannot perform the required task. Look for this one. "Jellybean's XP Key Changer and Viewer" using google.com
gOOd LUCK

I have been searching for answer without luck, so Iam trying here.

I have successfully changed the product key, windows update works just fine.

But when I restart the computer the old key come up and I need to change it again before doing update or download.

Anyone know why and how to solve this problem?
Tried on computer with SP1 and the problem is the same.


For now I just put a script in startup which changes the key, but I would like to solve this problem without script.

Also manually changing the registry works just fine. You only need to change some bytes in DigitalProductId and it works fine.

DigitalProductId actually contains PID in binary (1=41 ... 9=49) not regarding ProductId in registry. Genuine sends DigitalProductId, I have sniffed it out.

I've never heard of this behavior. Look at http://www.magicaljellybean.com/ for a utility called "key finder". Same product has menu option to change key. use it, reboot and key should be to new value from that point onward. If problem persists, you have something I've never heard of.

"restart the computer the old key come up"

Last try. You must be in "administrator" Log on?

the old key changers were blocked by sp2.

none of them work anymore and it is always going to rewrite the old key back in.

I don't know why yuou would need a key changer program. Just do it using regedit. Works fine.

@Heywood_Jablowme: Such a utility is certainly not required. It just makes the process easier and offers other added benefits.

magnus33 Quote: "it is always going to rewrite the old key back in."

It never rewrite the old key in my case. Even with lastest Update.

That's strange.
I have changed the key as administrator, tried several keys, everytime after restart the old key come back.

Funny is, if I do this in safe mode, then restart the system and return in safe mode, the new key is there... But after when I login in normal mode, the old key comes back

Maybe my antivirus or antispyware service is changing the key...

I just use a utility that auto changes the MSOOBwhatever thing and brings up the "You must activate this copy of windows, Select do so by phone, change key, update, close and bang... good to go, no reboot needed,

Now all I need is a legit key lol

I'm not knocking the key changer programs, but if you're having problems, maybe it's better to do it manually with regedit.

lol.

come on guys think about this.

all the key changers do its automate the reg edit commands so people don't have to type them in.

the old ways to changing the key before windows xp sp2 no longer work after the fact.

now i do know keys can be genrated to get around the problem but i haven't fooled around with it.

@magnus33: I'm certainly well aware of what these programs are doing in the background.

Also, when I say other added benefits, naturally that depends on the program. However, I know of one, for example, that backs up the activation information, encrypts a product key to keep it safe instead of being plain text, etc.

i should have mentioned that new free programs are out that can change the xp2 key.

of course one still has to find a good key.

i am begining to wonder if the flaw in on keygen could be the lack of use of computer pid.

and me bad i quoted the wrong guy taco...lol.

"flaw in the keygen"
As highlighted in earlier thread by cbruscato, the current keygen generates an obvious and repeat number 23 on all keys. xxxxx-640-xxxxxxx-23xxx
This pattern can be easily filtered by Microsoft.

It is far easier to do a bypass of any checks (Future ones too) than to make a keygen that mirrors the Microsoft list.

I think I worked it out.

I was using regedit, tried with msoob /a.... same problem


Seems the problem is in not valid PID.

Does anyone know if pasting java script:void(window.g_sDisableWGACheck='all') into the windows update address bar still works?
Had a major nightmare yesterday and had to reinstall, was dead chuffed when I found I couldn't update. Outrageous Microsoft expecting me to have a genuine copy

There is nothing wrong the "23". My employer partners with MS, our PID from the VLK looks like xxxxx-640-xxxxxxx-23xxx and being pure WGA from MS, passes the new windowsupdate-custom wga check.
My take on all of this is that the PID is high level/coursegrain check.
- It Used to be any 64x pid would look like a legit VLK,
- then it became only 640 pids
- then only 640 pids that might have come from MS keys (the 23 not a deciding factor)
- and now finally to today where the update process sends your install key to MS to check against its database to see if it issued that key - if not , key must be a kegen'd pirate copy.

yeah the 23 is a part of the vlk not a flaw in the keygen.

but i don't think its a database check either.

i can make a key that shows up valid but shows up as not belonging on this system.
i suspect the flaw is the keygen doesn't take into acoutn the system hardware code like a real keygen does.

after alittle checking i can tell you what its not.

its not a key check against a data base unless there checking it against something beyond the key.

the keys can be made that are valid but somehow the check knows there not supose to be on this system.

a hint would be now any key from 640 to 649 works on the system without windows telling you its not real.

but a check on windows update will show the key as invald do to not being made by them or not eing a vlk key that shouldn't be on the system.

Check it out:

http://microsoft.weblogsinc.com/entry/1234000533052770

Quote:

Microsoft has updated the Windows Genuine Validation tool to circumvent the hack exposed last week that allowed the system to be bypassed with a snippet of JavaScript code. The Validation is now a two-step process that first generates a code and then has you copy and paste that code to complete the process.

WGA just updated so that the JS hack won't work. But you can still disable the add-on

The following is a direct copy/paste from another board I am reposting here because I thought those here might appreciate the information.
Any beratting or credit goes to "zebby69"

http://www.betabbs.com/index.php?showtopic=70555


==============
How to check if your 'genned' or 'found' vlk serial passes WGA (in the safest way possible)

1. Download GenuineCheck.exe from Microsoft
CODE
http://download.microsoft.com/download/5/a...enuineCheck.exe

2. Get WinKeyFinder here
CODE
http://www.winkeyfinder.com/Downloads-inde...etit-lid-17.htm

//Preparation
3. Completely block WinKeyFinder from accessing the Internet with your firewall.
A little explanation is in order:
I'm not sure that WinKeyFinder is fishing for valid WinXP serials, but I am sure that it doesn't need
Internet access to change the Windows serial, and I don't like the fact that it doesn't try to
access the Internet if you use it on Windows 2000... This combination makes me suspicious.
So better safe than sorry, block it completely (other than that, it's the best little program to easily change your serial)

4. Block GenuineCheck.exe from accessing these 2 locations:
mpa.one.microsoft.com (tcp https connection over port 443)
genuine.microsoft.com
Don't block it completely as it needs Internet access to produce your key hash!
//Preparation finished

Now that you have prepared your system, get your list of serials and go like this:
5. Use WinKeyFinder to change the system serial to the first one to test. Don't reboot.
6. Run GenuineCheck.exe. When it's finished it will give you, your key hash in the form of a 7-letter string.
7. Get that hash and append it to the end of this URL where it says "Hash="
QUOTE
http://www.microsoft.com/downloads/details...aylang=en&Hash=
The blue color FamilyID corresponds to MS Antispyware.
Any Windows Genuine download will do.
Other FamilyIDs could be
4b4aba06-b5f9-4dad-be9d-7b51ec2e5ac9 (baseline security analyzer) or
fad44098-8b73-4e06-96d4-d1eb70eacb44 (journal viewer) or
15373c73-d5f6-4af0-b583-d633cb021612 (desktop backgrounds for windows) etc.
You can find as many of these by going to
http://www.microsoft.com/downloads/Popular...en&categoryid=7

8. Paste the address you have created in 7 to your browser address bar
and hit enter.
If you get a download button in a "Thank You For Using Genuine Windows" caption, your key is OK!
If you get ANY other page you didn't pass WGA.

Repeat steps 5-8 for as many keys as you want to test.

When finished testing, Use WinKeyFinder one last time to change back to your original key,
or use a good one from your tested and reboot :smile: