Reported OEM BIOS Hacks
I know many of you are aware of reports of hacks that attempt to exploit our OEM BIOS based activation. We're aware of this type of hack and I wanted to take a minute to describe how these work and how we plan to respond.
First, what is OEM BIOS based activation?
Here's a little more information on how OEM BIOS based activation works. This form of product activation is also known as OEM Activation or just OA, which is how Microsoft refers to it and how I will refer to it in this post. Back at the launch of Windows XP when Microsoft introduced Windows Product Activation, we recognized that as easy as end-user activation is, it still represented an extra step. In an effort to reduce the impact of even that extra step but maintain the overall effectiveness of product activation, Microsoft worked with OEMs to develop an implementation that would work best for them and their customers while keeping the goals of product activation clearly in focus. As we looked to develop a solution, it was important to ensure that product activation technology could still deliver an acceptable degree of protection, while at the same time, reduce the need for an extra step by the end user. A couple of key factors stand out as enabling the OA 1.0 solution that was delivered in Windows XP.
Large OEMs tend to ship large numbers of PCs with Windows preinstalled. They also have the ability during their manufacturing processes to identify systems that will ship with Windows pre-installed.
Also, because of the direct relationship Microsoft has with those OEMS, the company has a higher degree of confidence that a genuine COA will be attached to each PC and that there will be accurate reporting of the number of units shipped preinstalled with Microsoft Windows.
These factors lead Microsoft and the major OEMs to place a marker in the BIOS of the OEM's motherboard to identify OEM systems that were to be pre-installed with licensed copies of Windows XP. This marker, which is added to a specific location in the BIOS of the motherboard, enables a copy of Windows XP to look for that known value in the BIOS of the motherboard and, when found, confirm it was booting on a PC that was sold by a specific OEM and licensed to boot Windows.
Not the first time
Over the years we've seen examples of BIOS editors that, with some work, allowed people to make an edited BIOS appear to be an OEM BIOS. In Windows XP this kind of BIOS editing wasn't as difficult as it is in Windows Vista and frankly, because there were easier ways to pirate Windows XP, I don't think much attention was ever paid to it. However, because Windows Vista can't be pirated as easily as Windows XP, it's possible that the increased pressure will result in more interest in efforts to hack the OEM Activation 2.0 implementation.
Windows Vistas OEM Hacks
There appear to be two primary variants of OA 2.0 hacks circulating. One is similar to the XP approach I described above where actual editing of the BIOS on the motherboard is done to make the motherboard appear to be from an OEM. It is a pretty labor-intensive process and quite risky. If you mess up editing the BIOS of any motherboard, you can quite easily render it permanently useless. So while this method works today, it's potentially hazardous and really doesn't scale well to large numbers of systems, which makes it less of a threat.
The second variant does not change anything in the BIOS itself, but uses a software-based approach to fool the OS into thinking it's running on OA 2.0-enabled hardware. And while this method is easier to implement for the end user, it's also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard.
I do want to say something here about how we plan our responses. As I've said in the past, we focus on hacks that pose threats to our customers, partners and products. It's worth noting we also prioritize our responses, because not every attempt deserves the same level of response. Our goal isn't to stop every "mad scientist" that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims. This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers.
Comments
Anonymous
April 10, 2007
PingBack from http://www.thexboard.de/blog/?p=16Anonymous
April 10, 2007
The comment has been removedAnonymous
April 10, 2007
The comment has been removedAnonymous
April 11, 2007
Alex Kochis, a Microsoft Senior Product Manager, Windows Genuine Advantage blogs yesterday regardingAnonymous
April 11, 2007
The comment has been removedAnonymous
April 11, 2007
The comment has been removedAnonymous
April 11, 2007
About time you responded So, when will the ban go into affect? Vista needs to ban more methods than just the old token.dat one. Timerstop, etc all need to be banned in addition to this one.Anonymous
April 11, 2007
Schon seit längerer Zeit exisieren Möglichkeiten, um die die Aktivierung von Windows Vista zu umgehen. Da Microsoft an OEM-Partner Lizenzschlüssel ausliefert, die nicht aktiviert werden müssen, lassen sich über diesen Weg alleAnonymous
April 11, 2007
So it means that the simulation way to fool OA-2.0 would be broken one day? And it's interesting to call them "mad scientist".Anonymous
April 12, 2007
The comment has been removedAnonymous
April 12, 2007
Thursday is now officially Delay Day. Both Apple and Microsoft took their lumps for delaying productsAnonymous
April 12, 2007
Thursday is now officially Delay Day. Both Apple and Microsoft took their lumps for delaying productsAnonymous
April 12, 2007
The comment has been removedAnonymous
April 12, 2007
Lleva algún tiempo circulando a través de Internet un crack que evita el proceso de activación de Windows Vista.La efectividad del crack ha sido reconocida por Alex Kochisen, Senior Product Manager de Microsoft, que ha admitido la existencia de un falloAnonymous
April 14, 2007
The comment has been removedAnonymous
April 16, 2007
The comment has been removedAnonymous
April 20, 2007
Ürün müdürlerinden Alex Kochis, Windows Genuine Advantage blog sayfalarında , yapılan hack işlemi hakkındaAnonymous
December 05, 2007
The comment has been removedAnonymous
August 02, 2009
The comment has been removed