# !!!Microsoft allows bypass of Vista activation !!!



## go4saket (Mar 19, 2007)

[FONT=Arial,Sans-serif]*Microsoft always says it opposes "software pirates" who sell thousands of  unauthorized copies of Windows.*

But the Redmond company has made  things a lot easier for pirates by adding a line to the Registry that can be  changed from 0 to 1 to postpone the need to "activate" Vista  indefinitely.
[/FONT][FONT=Arial,Sans-serif]
*Activation doesn't stop true  software piracy *

As most Windows users know,  Microsoft has required "product activation" since the release of Windows XP in  2001. XP must be activated by communicating with servers in Redmond within 30  days of installation. By contrast, Microsoft Office XP, 2003, and 2007 require  activatation before the package is used 5 to 50 times, depending on the version,  according to a company FAQ.  If a PC has no Internet connection, a user may activate a product by dialing a  telephone number in various countries.

The activation process will  complete successfully _*only*_ if the software has not been previously  activated, such as on a different machine. If activation isn't completed within  the trial period, Microsoft products temporarily shut down some of their  features. MS Office loses the ability to edit and save files. After Vista's  activation deadline runs out, the user can do little other than use Internet  Explorer to activate the operating system or buy a new license.

Microsoft  describes its product activation scheme as a way to foil software pirates.  However activation does nothing to stop mass piracy. The Redmond company  actually included in Windows XP a small file, *Wpa.dbl,* that makes it easy  for pirates to create thousands of machines that validate perfectly.

Far  from stopping software piracy, product activation has primarily been designed to  prevent home users from installing one copy of Windows on a home machine and a  personal-use copy on a laptop. Buying a copyrighted work and making another copy strictly for personal  use is specifically permitted to consumers by the U.S. Copyright Act and the  copyright laws of many other countries.

For example, courts have  repeatedly ruled that consumers can make copies of copyrighted songs or  television programs for personal use (not for distribution or resale). This  principle is legally known as "fair use." The home edition of Microsoft Office  2007 reflects this principle, allowing consumers to activate _*three  copies*_ of a single purchased product. Microsoft Windows XP and Vista,  however, allow only one activation.

Surprisingly, Microsoft has embedded  into its new Vista operating system a feature that makes things easier than ever  for true, mass software pirates. These tricksters will be able to produce  thousands of Windows PCs machines that won't demand activation indefinitely — at  least for a year or more.

*Leaving the  activation barn door open *

The  upgrade version of Windows Vista allows itself to be clean-installed to a new  hard drive. The new Microsoft operating system completely omits any checking for  a qualifying previous version of Windows. This allows the upgrade version of  Vista to successfully upgrade over a nonactivated, trial version of  itself.

After my article appeared, ZDnet blogger Ed Bott summarized the  secret in a post. He flatly states, "You satisfied every condition of the license  agreement and aren't skating by on a technicality. The fact that you have to use  a kludgey workaround to use the license you've purchased and are legally  entitled to is Microsoft's fault."

In my own piece, I had speculated that  clean-installing the upgrade version of Vista "probably violates the Vista EULA  (End User License Agreement)." But more and more computer experts are saying  that the procedure is fully compliant with the EULA and, in any event, is  perfectly legal.

I reported  that Microsoft includes in Vista a one-line command that even novices can use to  postpone the product's activation deadline three times. This can extend the  deadline from its original 30 days to as much as 120 days — almost four  months.

PCWorld.com posted a report on my story. The magazine quotes a Microsoft spokeswoman as saying that extending  Vista's activation deadline as I described it "is not a violation of the Vista  End User License Agreement." I'm glad that's clear.

The feature that I've  revealing today shows that Microsoft has built into Vista a function that allows  anyone to extend the operating system's activation deadline not just three  times, but many times. The same one-line command that postpones Vista's  activation deadline to 120 days can be used an indefinite number of times by  first changing a Registry key from 0 to 1.

This isn't a hacker exploit.  It doesn't require any tools or utilities whatsoever. Microsoft even documented  the Registry key, although obtusely, on its Technet  site.

But dishonest PC sellers could use the procedure to install  thousands of copies of Vista and sell them to unsuspecting consumers or  businesses as legitimately activated copies. This would certainly violate the  Vista EULA, but consumers might not realize this until the PCs they bought  started demanding activation — and failing — months or years later.

The  following describes the Registry key that's involved.

*Step 1.*  While running a copy of Windows Vista that hasn't yet been activated, click the  Start button, type *regedit* into the Search box, then press Enter to  launch the Registry Editor.

*Step 2.* Explore down to the following  Registry key:

*HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \  CurrentVersion \ SL*

*Step 3.* Right-click the Registry key named  *SkipRearm* and click Edit. The default is a Dword (a double word or 4  bytes) with a hex value of 00000000. Change this value to any positive integer,  such as 00000001, save the change, and close the Registry Editor.

*Step  4.* Start a command prompt with administrative rights. The fastest way to do  this is to click the Start button, enter *cmd* in the Search box, then  press Ctrl+Shift+Enter. If you're asked for a network username and password,  provide the ones that log you into your domain. You may be asked to approve a  User Account Control prompt and to provide an administrator  password.

*Step 5.* Type _*one*_ of the following two  commands and press Enter:

*slmgr -rearm*
or
*rundll32  slc.dll,SLReArmWindows*

Either command uses Vista's built-in Software  Licensing Manager (SLMGR) to push the activation deadline out to 30 days after  the command is run. Changing *SkipRearm* from 0 to 1 allows SLMGR to do  this an indefinite number of times. Running either command initializes the value  of *SkipRearm* back to 0.

*Step 6.* Reboot the PC to make the  postponement take effect. (After you log in, if you like, you can open a command  prompt and run the command *slmgr -xpr* to see Vista's new expiration date  and time.)

*Step 7.* To extend the activation deadline of Vista  indefinitely, repeat steps 1 through 6 as necessary.

Any crooked PC  seller with even the slightest technical skill could easily install a command  file that would carry out steps 1 through 6 automatically. The program could run  *slmgr -rearm* three times, 30 days apart, to postpone Vista's activation  deadline to 120 days. It could then run *skip -rearm* every 30 days, for a  period of months if not years, by first resetting the *SkipRearm*  key.

The program could be scheduled to check Vista's activation deadline  during every reboot, and to remind the user to reboot once a month if a deadline  was nearing. The buyer of such a PC would never even see an activation reminder,  much less be required to go through the activation process.

If you happen  to buy a Vista PC from a little-known seller, and the price was too good to be  true, use Vista's search function to look for the string *SkipRearm* in  files. You may discover that your "bargain" computer will mysteriously start  demanding activation in a year or two — but your product key won't be  valid.

I asked Microsoft why *SkipRearm* is included in Vista if it  can be used to create machines that appear not to need activation for long  periods. A Microsoft spokewoman replied, "I connected with my colleagues and  learned, unfortunately, we do not have information to share at this time." (I  can't identify the speaker because the policy of Waggener Edstrom, Microsoft's  public-relations firm, prohibits the naming of p.r. spokespersons.)

In my  testing of Microsoft's back-door loophole, I've found that the technique can be  used to postpone the activation deadline one year or longer. It may or may not,  however, work forever, as I describe below.

*Why does SkipRearm even exist in Vista?  *

The Vista development teaam apparently inserted  the SkipRearm loophole to help major corporations work around Microsoft's new  Volume Licensing Agreement. This new program, which the Redmond company calls  "Volume Licensing 2.0," requires buyers to set up a Key Management Service (KMS)  host, as described by a Microsoft FAQ.  Companies must choose from two types of digital keys and three different methods  of activation to validate thousands of individual Vista machines within the  corporate LAN.

Activation of Windows XP, by comparison, requires merely  that volume purchasers use a single product key. Corporate buyers obtain a  unique key when signing a Volume Licensing Agreement. Microsoft has said,  however, that most Windows XP piracy involves stolen product keys that are used  by others to activate unauthorized machines.

The new KMS requirement is  intended to discourage such piracy, but it places a heavy burden on corporate IT  administrators. For example, Microsoft provides a tool called System Preparation  (*sysprep.exe*) to prepare Vista machines for use. If a system can't be  completely prepped within 30 days after installation, an admin can run the  command *sysprep /generalize* to postpone the activation deadline another  30 days. However, like the *slmgr -rearm* command, *sysprep  /generalize* will only succeed three times.

To work around this, as a  Technet  document states, "Microsoft recommends that you use the *SkipRearm*  setting if you plan on running Sysprep multiple times on a computer." This is  echoed by Microsoft Knowledge Base article 929828.

Contributing  editor Susan Bradley points out, "The good guys have to go through this stupid  implementation of a KMS deployment because of bad guys abusing the system." She  strongly feels that users should comply with Microsoft's EULA provisions. "The  operating system license has always been a one-machine install. ... Many of us  forget the multiple-install rule [for Microsoft Office] since we are so used to  the one license, one install rule," she adds.

In its TechNet documents,  Microsoft recommends the repeated use of *SkipRearm.* How many times is  "multiple times"? My testing revealed that the answer is, well,  indefinite.

• *On a copy of Vista Ultimate* that Microsoft released  in New York City on Jan. 29, I found that changing *SkipRearm* from 0 to 1  allowed the command *slmgr -rearm* to postpone Vista's activation deadline  eight separate times. After that, changing the 0 to 1 had no effect, preventing  *slmgr -rearm* from moving the deadline. The use of *slmgr -rearm* 3  times, plus using *SkipRearm* 8 times would eliminate Vista's activation  nag screens for about one year (12 periods of 30 days).

• *On a copy of  the upgrade version of Vista Home Premium* that I bought in a retail store on  Jan. 30, *slmgr -rearm* also worked 3 times and *SkipRearm* worked 8  times before losing their effect. This combination would, as with Vista  Ultimate, permit a one-year use of Vista without nag screens appearing.

•  *On a copy of the full version of Vista Home Premium* that I bought in a  retail store on Mar. 14, *SkipRearm* had no effect on extending the use of  *slmgr -rearm* at all. This suggests that Microsoft has slipstreamed a new  version into stores, eliminating the *SkipRearm* feature in Vista Home.  That could mean that changing the key from 0 to 1 will now work only in the  business editions of Vista — Business, Enterprise, and Ultimate — so  corporations can use the loophole.

Where is the usage count of *slmgr  -rearm* stored? Where is the usage count of *SkipRearm* stored? These  bytes won't be hard for expert users to find. The use restrictions may be easily  lifted. If so, this would allow crooked PC sellers to truly create machines that  would never need activation, ever.

*The  financial impact of SkipRearm on Microsoft *

I'd  like to repeat here that I'm not advocating that anyone use the above technique  to violate Microsoft's EULA or avoid paying for Vista. Any company that used  *SkipRearm* to install Vista on multiple machines for as long as possible  would have little defense against a surprise inspection by the Business  Software Alliance. This coalition of software makers, which includes  Microsoft, investigates reports of unlicensed software and obtains warrants to  conduct audits.

As a journalist, my job is to report the facts.  *SkipRearm* was specifically built into Vista to be used. Microsoft  executives made Vista's activation overly complex and cumbersome. So the  development team apparently invented a Registry key to lift the burden of  Vista's activation deadline, for at least a year and probably more.

The  technique is so powerful and basic, however, that hackers around the world may  soon use the feature to install millions of extra copies of Vista without buying  them. This could have a major impact on Microsoft's revenues. The company's  employees and shareholders might want to be aware of this.

Product  activation does little or nothing to stop mass software piracy. It's become so  convoluted, the way Microsoft has implemented it, that it's more of an  irritation to legitimate users than a worthwhile antipiracy measure. In my  opinion, Microsoft should concentrate on legal action against true pirates  instead of inventing more ways to drive honorable users bonkers.

 Source : Newsletter from [/FONT]Brian Livingston


----------



## Rollercoaster (Mar 19, 2007)

as if there r not enough ways to bypass vista activation :


----------

