Ben says: "Brute force Vista attacks will cause Microsoft headaches. It's ugly, but it appears to work and could create huge problems for microsoft and their malware."
It is a simple brute force attack, dumb as a rock that just tries keys. If it gets one, you manually have to check it and try activation. Is is ugly, takes hours, is far from point and click, but it is said to work. I don't have any Vista installs because of the anti-user licensing so I have not tested it personally.
The method of attack has got to be quite troubling for MS on many grounds. The crack is a glorified guesser, and with the speed of modern PCs and the number of outstanding keys, the 25-digit serials are within range. The biggest problem for MS? If this gets widespread, and I hope it will, people will start activating legit keys that are owned by other people
It won't take long for boxes bought at retail to be activated before they are bought, and the people who plunk down money for the mal^h^h^hsoftware for real get 'you are a filthy pirate' messages. Won't that be a laugh riot at the MS phone banks in Bangalore.
Reader comment:
Ian says:
The number of people on the planet is a bit over 6 billion. Let's say for argument sake that there are 10^10 people alive. Let's ignore the actual character set used for Vista keys and assume for argument sake that it just uses decimal digits*. That gives a keyspace of 10^25 keys. So, if every person on the planet brute forced a key they would only have used 10^-15 of the keyspace. Assuming that Vista keys are randomly distributed in the keyspace the probability under these conditions that a forced key will match a legitimate one is vanishingly small (the birthday paradox means that it'll be greater than the naive 10^-15 but I haven't time to calculate it because m'dinner's arrived.). Obviously the real keyspace is even bigger, probably on the close order of 36^25 (8 x 10^38).
* This is just to simplify whipping up an example and saves me from having to find the actual character set used in Vista keys.