<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Arial Narrow";
        panose-1:2 11 5 6 2 2 2 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p.charchar2char, li.charchar2char, div.charchar2char
        {margin-top:0in;
        margin-right:0in;
        margin-bottom:8.0pt;
        margin-left:0in;
        line-height:12.0pt;
        font-size:10.0pt;
        font-family:Verdana;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:873225059;
        mso-list-type:hybrid;
        mso-list-template-ids:479132936 -202844574 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:\F0F0;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;
        mso-fareast-font-family:"Times New Roman";
        mso-bidi-font-family:"Courier New";}
@list l0:level2
        {mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level4
        {mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level7
        {mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>There
is lot of hype about WGA (Windows Genuine Advantage) when Microsoft builds
functionality in its few of the public beta products to conduct a genuine
product check before the product gets installed. MS products or tools with WGA
check enabled can only be installed on a valid / genuine copy of MS Windows XP.
Incase it is a pirated copy then the product denies to install. <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>If
you are aware of Microsoft WGA validation then you can directly jump in to the
PoC section otherwise it is advisable to read on WGA and what it does before
reading the PoC. <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>To
know more about WGA, refer to the following Microsoft link:<o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><a
href="http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en">http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en</a><o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><b><font
size=3 face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow";
font-weight:bold'>Defeating Microsoft WGA Validation Check - Proof of Concept
(PoC)<o:p></o:p></span></font></b></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>This
PoC explains how Microsoft WGA validation check can be defeated and any
Microsoft product with the WGA validation feature can be run and installed on
machines running pirated copy of Windows XP. To bypass WGA validation check,
one can run &#8220;<b><span style='font-weight:bold'>GenuineCheck.exe</span></b>&#8221;
file on a machine running a copy of an authentic Windows XP for generating a
key code. This key code generated on the machine running genuine copy of Win XP
can be used to circumvent the WGA check on the machine running a pirated copy
of Win XP. <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>A
detailed approach can be downloaded from the following link &#8211; <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><a
href="http://www.hackingspirits.com/vuln-rnd/defeating-wga-check.zip">http://www.hackingspirits.com/vuln-rnd/defeating-wga-check.zip</a><o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>Microsoft
in its reply to my mail specified that &#8220;The generated code is partly made
up of a timestamp, which would prevent use after a short period&#8221;.
However, I checked this on a pirated copy of Windows XP Pro and installed
couple of public beta products and tools for testing purpose. They are still up
and running since past 1.5 months. <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'>Incase,
anyone is going to try this out on their pirated versions of Win XP then do let
me know if the installed product make noise after certain time period. <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><font size=3
face="Arial Narrow"><span style='font-size:12.0pt;font-family:"Arial Narrow"'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><font size=3 face=Wingdings><span
style='font-size:12.0pt;font-family:Wingdings'><span style='mso-list:Ignore'>&eth;<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><font face="Arial Narrow"><span
style='font-family:"Arial Narrow"'>Debasis Mohanty<o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-align:justify;text-indent:-.25in;
mso-list:l0 level1 lfo2'><![if !supportLists]><font size=3 face=Wingdings><span
style='font-size:12.0pt;font-family:Wingdings'><span style='mso-list:Ignore'>&eth;<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;
</span></font></span></span></font><![endif]><font face="Arial Narrow"><span
style='font-family:"Arial Narrow"'><a href="http://www.hackingspirits.com/">www.hackingspirits.com</a>
<o:p></o:p></span></font></p>

</div>

</body>

</html>