Two methods of avoiding Windows Vista product activation

A few months back, I wrote about how Windows Vista product activation works for volume license customers.  Last night I was searching to find out what the grace period is before activation is required and I stumbled across some interesting articles. You see, it turns out that there are three main problems with product activation:

  • Corporate IT departments want to produce customised Windows builds.  These builds must be valid when deployed to client PCs (i.e. the product activation period must not have expired!) and, as the product activation timer is ticking away during the customisation process, there needs to be a method to “rearm” product activation.
  • OEMs want to ship pre-activated versions of the operating system (an arrangement with which I’m sure Microsoft are happy to comply as they need OEMs to preload their operating system and not an alternative, like, let’s say… Ubuntu Linux!), so Microsoft provides these so-called Royalty OEMs with special product keys which require no further activation, under as scheme known as system-locked pre-installation (SLP) or OEM activation (OA) 2.0.
  • Anti-piracy measures like product activation is that they are to hackers like a red rag is to a bull.

The net result, it seems, is two methods to avoid product activation.  The first method, can be used to simply delay product activation, as described by Brian Livingston at Windows Secrets. It uses an operating system command (slmgr.vbs -rearm), to reset the grace period for product activation back to a full 30 days.  The Windows Secrets article also describes a registry key (HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL\SkipRearm) and claims that it can be set to 00000001 before rearming, allowing the rearm to take place multiple times (this registry key is reset by the rearm command, which is also available by running rundll32 slc.dll,SLReArmWindows); however, Microsoft claims that the SkipRearm key is ineffective for the purpose of extending the grace period as it actually just stops sysprep /generate (another command used during the imaging process) from rearming activation (something which can only be done three times) and does not actually reset the grace period (this is confirmed in the Windows Vista Technical Library documentation).  Regardless of that fact, the rearm process can still be run three times, giving up to 120 days of unactivated use (30 days, plus three more rearms, each one providing an additional 30 days). That sounds very useful for both product evaluation and for corporate deployments – thank you very much Microsoft.  According to Gregg Keizer at Computer World/PC World Magazine, a Microsoft spokesperson has even confirmed that it’s not even a violation of the EULA.  That is good.

So that’s the legal method; however some enterprising hackers have a second method, which avoids activation full stop.  Basically it tricks the operating system into thinking that its running on a certain OEM’s machine, before installing the relevant certificate and product key to activate that copy of Windows.  The early (paradox) version involved making hex edits to the BIOS (hmm… buy a copy of Windows or turn my PC into a doorstop, I know which I’ll choose) but the latest (vstaldr) version even has an installer for various OEMs, and if that doesn’t work then there is a list of product keys which can be installed and activated using two operating system commands:

slmgr.vbs -ipk productkey
slmgr.vbs -ato

I couldn’t possibly confirm or deny whether or not that method works… but Microsoft’s reaction to the OEM BIOS hacks would suggest that this is not a hoax.  Microsoft’s Senior Product Manager for Windows Genuine Advantage (WGA), Alex Kochis, describes the paradox method as:

“It is a pretty labor-intensive [sic] process and quite risky.”

(as I indicated above).  Commenting on the vstaldr method, he said:

“While this method is easier to implement for the end user, it’s also easier to detect and respond to than a method that involves directly modifying the BIOS of the motherboard”

Before continuing to hint at how Microsoft may respond:

“We focus on hacks that pose threats to our customers, partners and products.  It’s worth noting we also prioritize our responses, because not every attempt deserves the same level of response. Our goal isn’t to stop every ‘mad scientist’ that’s on a mission to hack Windows.  Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims.   This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers.”

Which I will paraphrase as “it may work today, but don’t count on it always being that way”.

Ask for genuine Microsoft softwareNote that I’m not encouraging anybody to run an improperly licensed copy of Windows.  That would be very, very naughty. I’m merely pointing out that measures like product activation (as for any form of DRM) are more of an inconvenience to genuine users than they are a countermeasure against software piracy.

Disclaimer

This post is for informational purposes only. Please support genuine software.

4 thoughts on “Two methods of avoiding Windows Vista product activation


  1. Damien,
    Did you actually read this post before you left your comment?

    The whole point of writing this was not “ooh look, here’s how to avoid paying for something” but that that there are legitimate (and supported) reasons to delay activation; and that hackers will always find a way around the process.

    As for MSDN:

    “The MSDN End User License Agreement (EULA) allows each person with an MSDN license to use all of the software that is included in the subscription for development, test, and demonstration purposes only.”

    So, to use an MSDN license to upgrade your PC would be illegal, unless it was for development, test or demonstration purposes. For an organisation developing a build for an enterprise rollout, they could not use MSDN (because the images, once activated, would be for production use). Neither is that applicable for OEMs, nor for hackers who just want to find a method to get it for free.

    The most cost-effective method to buy Vista is either an upgrade license (and there is a separate discussion about whether it contravenes the EULA to perform a fresh install from upgrade media – I believe there is a method to do this), or an OEM copy (for which a hardware purchase will be required, but I understand that hardware does not need to be a whole system).

    Mark


  2. A couple things about your comments that I have to clear up:

    An MSDN subscription is designed for developers that develop solutions [to run] on Microsoft operating systems or that build upon other Microsoft solutions. This is targetted to a development team or organization.

    A TechNet Plus subscription is designed for an IT department/firm for deployment testing of Microsoft products and solutions.

    (both of the above are designed solely for testing and development but meet the needs of their target market respectively)

    An Action Pack Subscription is designed for resellers/consultants and other Microsoft partners that sell or otherwise recommend Microsoft products and solutions. Action Pack Subscribers MUST be, at the very least, registered as a Microsoft Partner (registered partner status is free). This is targetted to an organization, but must only be used at an organization’s head office. Certified or Gold Certified Partners pay a fee to subscribe (and must meet other qualifications) and get a software subscription included with their fee, so they don’t need to subscribe to the Action Pack. An Action Pack subscription is designed for production-use computers for day-to-day operations within that organization.

    All subscribers to any of these programs must also have a Windows Live ID. Proper licensing has to be taken into account with each program as per # of seats/users, or systems.

    All other organizations must subscribe via standard Volume Licensing programs from Microsoft. Microsoft also makes available the Technology Adoption Program (TAP), where large organizations looking to capitalize on their IT investment can test out pre-release versions of technology previews (during alpha and beta stages) without needing MSDN or TechNet Plus subscriptions. (note: I don’t know all the details about TAP, but it’s supposedly only available for very large organizations, and they either must avail to Microsoft for access to the program by being a steady customer on good terms, or Microsoft chooses them).

    “The most cost-effective method to buy Vista is either an upgrade license (and there is a separate discussion about whether it contravenes the EULA to perform a fresh install from upgrade media – I believe there is a method to do this)”

    Actually, the most cost effective way is to buy it with a new computer wherein you’ll get a much better experience since the hardware would be tested with the operating system before being delivered to you, but that leads into the next statement:

    “or an OEM copy (for which a hardware purchase will be required, but I understand that hardware does not need to be a whole system).”

    That’s not true anymore. OEM copies DO NOT have to be sold with hardware (at least not in North America, but you should check with your local licensing rules). The only stipulation is that they have to be preinstalled on a computer before being delivered to a customer. The reasoning behind this is because Microsoft doesn’t offer support on OEM copies. OEM software is covered by the OEM (the company that built the computer), because Microsoft doesn’t make computers, nor do they make the majority of computer hardware on the market, so they can’t possibly be expected to test every driver for every device out there. When you buy Retail software (either Upgrade or Full Version products), you get that support with Microsoft, and that’s what you’re paying extra money for. Also, with Retail software you get transfer rights. You can transfer Retail software from one computer to the next, but you can’t use it on more than one system at a time (Vista’s new activation will make sure of that). OEM copies ARE NOT TRANSFERABLE, and can’t be activated on a different system. If you resell a [possibly used] computer that came with OEM software, that OEM software has to go with it, including all manuals, discs, certificates of authenticity, and product keys. This isn’t usually a big deal though, because you’re offering extra value with the computer by selling it with genuine software, so you’ll make extra money which can go towards buying a new genuine license for your new system.

    There are some computer stores that are offering OEM copies to customers when the customers buy computer components and want to assemble the computer themself. Microsoft has said that although this practise is not what they had intended with OEM copies, they do see the need to address these consumers needs. This is ONLY TRUE of Windows operating systems, and NOT productivity software, such as Office. OEM copies can be sold from one System Builder to another so long as the accompanying outer packaging is intact (it has the System Builder License Agreement on it). In this scenario, the end-user is also a “System Builder” (or OEM, if you like). Of course, this also means that said end-user doesn’t get support from Microsoft and must get support from the person that installed the software, which is in fact himself, so if there are problems, the end-user must fix the problem themself. For people that are constantly upgrading their system with individual components year after year, Microsoft recommends Retail software, since OEM software must be included/resold with a “complete, operating computer”. For someone that is replacing say, just a motherboard, that accounts for a “different computer” in Microsoft’s eyes, and as such, you can’t re-activate an OEM copy. Since a Retail copy has transfer rights, it’s the only logical choice.

    I know it’s confusing, but the rules for consumers are:

    Are you upgrading a current system? Buy a Retail Upgrade copy. A Windows installation must be already installed on your computer (that can be a trial copy of Vista though).

    Are you buying a completely assembled computer? It likely comes bundled with an OEM copy. Check to be sure which version it is. Your computer manufacturer/OEM/system builder supports Windows, NOT Microsoft.

    Are you assembling your own computer to last you until you need a completely new one? Buy an OEM copy. Do you need support from Microsoft? Buy a Retail Full Version.

    Are you assembling a computer and planning on constantly upgrading it and don’t want to be stuck with a copy that won’t activate after upgrading? Buy a Retail Full Version, or if you’re not sure that Vista is right for you, (hint, hint) buy a Retail Upgrade, and install the trial version by not entering a product key, then “Upgrade” to the full version overtop of the trial (every “clean” install afterwards has to be installed twice too, in the same manner)

    I hope that helps.


  3. Oh and one other thing: Microsoft has publicly stated that the allowance of a Retail Upgrade copy of Windows Vista to install a clean trial copy, and then “Upgrade” to a full version is actually intentional. Seems odd, I know (since they’re suckering users into buying Full Versions), but there it is. Retail Full Versions obviously don’t have to install the trial first. Upgrades (in any form) take about 1.5hrs to complete, whereas clean installs, including the trial, only take about 10-20mins.

Leave a Reply