75 comments

[ 2.2 ms ] story [ 133 ms ] thread
Great, now we only need activation codes for WinRar free trial :p
Winrar keygens have been around forever
There are other great alternatives for Winrar, like 7zip.
There are other great alternatives for Windows XP, too, but some people don't want or can't use alternatives.
LOL, just told somebody that this morning.
7-zip does recovery records now?
Coincidentally, RAR support will be included in Windows 11: https://www.engadget.com/windows-11-finally-gets-native-rar-...
The original source (https://blogs.windows.com/windowsdeveloper/2023/05/23/bringi...) states:

> We have added native support for additional archive formats, including tar, 7-zip, rar, gz and many others using the libarchive open-source project. You now can get improved performance of archive functionality during compression on Windows.

It doesn't mention unarchiving/decompressing, maybe I'm being nitpicky, but at a glance, it seems to only be about compression? That'd be horrible though, but more horrible changes that that have gone through lately so I guess you never know...

That will probably turn out to have been a mistake. RAR should not be easy to use. TAR and CPIO would have been better formats to support out of the box.
Since it's "libarchive" support, good news, we get those too.
Yeah, I saw that.

My worry is that this will just make drive-by malware easier.

Antimalware engines have already had to support unpacking somewhat arbitrary things, sometimes with serious comedic effects when people fuzzed those unpackers; I don't see this significantly increasing the burden of their examination, signed binaries are no more dangerous after this than before, and unsigned binaries could already bring their own arbitrary unpacker.

(At least quickly thinking about it; I could easily have overlooked some complexity, but barring an unpatched libarchive exploit, I don't think this markedly increases attack surface...and at that point, you could probably make similar arguments about adding any new file format?)

> RAR should not be easy to use

Why is that?

Using ollydbg to make a crack for WinRar so that the popup does not appear was my very first reverse engineering application.. Fun times.

Now the floodgates of the masses have opened to computing, and look at us

WinRar had an open backdoor for years wonder that's why it was free lmao
It had a bug caused by a third party ACE library that was closed as soon as it was discovered. The ACE library was 15 years old, not knowledge of the exploit. TBF after so many years of people taking the piss of the trial version, if they're still using it in 2023 without paying the one time $30 that's pretty much scumbag Steve and the reason it's free.
That's cool. Had they already patched long strings of single digits by then?
I'll never get FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 out of my head.
I’m curious if the first five letters were meant to imply “F*** Genuine Windows” or if that’s just a coincidence.
I always thought the GW was short for George W. Bush. Not a popular figure when XP came out.
My headcanon is it was FuCK GateWay, as in the PC OEM the volume-license key was generated for
That famous Kylie Minogue song
Windows XP was my first time I actually felt like I had "hacked" something. My old lab had a machine that needed XP to run the software for the pipetting robot and the key was lost. A bit of googling and some rainbow tables tool later I was able to recover it. Still remember how surprised I was at how fast it was to crack whatever hash they were using.
Do you mean the key for XP? If so, you can recover it using a command or through the registry.

You can use rainbow tables to crack passwords for XP which was super quick though!

(comment deleted)
Ah it was the password for the admin account and not the key!
Afaik you could just set a new admin pw using a livecd and some tool.

I wonder if that’s still possible.

Not only is it still possible, there's even a supported first-party tool to do so,

https://learn.microsoft.com/en-us/microsoft-desktop-optimiza...

This only works for local accounts, though similarly trivial techniques apply to Active Directory accounts if you have "live CD" access to a domain controller.

Just to be clear, in neither case is this a security vulnerability; under the "live CD" assumption — specifically, that you're able to make even a single arbitrary registry edit — there are far simpler ways to completely bypass Windows security that require neither tools nor understanding of the (AFAIK undocumented) HKEY_LOCAL_MACHINE\SAM registry hive.

For example, make the registry edit given by the

  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  Image File Execution Options\sethc.exe"
  /v Debugger /d C:\Windows\System32\cmd.exe /f
command (without line breaks).

Then, at any login, lock, or "Ctrl+Alt+Delete" screen, pressing the Shift key five times pops up a shell running as NT AUTHORITY\SYSTEM[1].

This has immediate effect — you don't even need to reboot or log out.

[1] https://learn.microsoft.com/en-us/windows/win32/services/loc...

(comment deleted)
Can someone explain what have been cracked there ? I can't remember xp needing to be online activated back then, and for sure I didn't.
Windows XP does need activation involving Microsoft. Typically via online activation, but you could also activate it via phone, and possible some other communication methods.
Im 100% sure I never activated XP, installed through the famous FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 quoted before.

And back in the days, as a teenager, I typed "format c:" every week-end ;)

Maybe it's the later builds that need activation ?

Might have been a volume license that doesn't need activation or a cracked installation CD.
Thanks guys for the explanation :) Make sense.
The leaked keys were blacklisted down the line. Online and phone activation didn't work for them anymore. They regularly updated their list of banned keys as well.

Activation became a hard requirement further down the line, I think the process got more strict during one of the service pack upgrades.

It's possible your installs were all automatically activated over the internet. I think the hardware ID and the serial number were some kind of combined identifier and if your computer(s) were part of "the good list", your fingerprint may have been whitelisted so that automatic online activation never caused a problem.

Edit: I was wrong.

Volume License and some OEM didn't need activation, but any "retail" versions - Home/Pro in a box for instance - did require activation.

Activation was delivered as an optional "feature" that would be installed alongside all the other Windows updates, unless you opted out of it (or it was already slipstreamed into the install disk).

From what I remember this was pushed around the time of SP2, but if you had a launch-day install disk and reformatted your disk that often then you probably never got as far as receiving that update.

Edit: I was confidently incorrect. It was some OEM/volume license versions that did not require activation.

Only XP Home required this.

XP Pro did not need online activation.

That's likely why some people are saying they never had to do it.

I remember a week spent working on a corporate helpdesk in 2004 when phoning up to activate windows was a thing. I think it was the volume license key that didn't need activation -- the one we used in the "gold masters". For some laptops which were off to places where the corporate network didn't reach, they had retail xp profiessional installed.
I am sorry you are correct and I was mistaken.
You're clearly not chatgpt then!

This morning it confidently told me that BFD packets from a cisco IOS device would be tagged EF. I asked if it were sure it wasn't CS6, then it apologised and said it was CS6. Then I asked if it was sure it wasn't AF31 and it agreed it was AF31.

> Can someone explain what have been cracked there

Making keygen is the ultimate cracker's job, bruteforcing one key is significantly easier task.

Seems like quite a lot of people are misremembering how Activation and similar technologies worked.

Retail versions of Windows XP required Activation by internet or phone.

Volume Licensing customers could bypass Activation with a Volume Licensing key - like the infamous key mentioned by others here that began "FCKGW-". This was a valid key prior to Service Pack 1 (SP1). SP1 blocked it and several other "widely known" keys.

Windows Vista and later made Activation mandatory for Volume Licences to stop this sort of key abuse.

Someone has mentioned Windows Updates imposing the Activation requirement - they are probably thinking of Windows Genuine Advantage (WGA) - https://en.wikipedia.org/wiki/Windows_Genuine_Advantage.

WGA was a separate technology to Activation. It added further checks to detect various types of pirated copies.

One thing that's often overlooked about Activation is that it was only intended to deal with "casual piracy" - where people buy or obtain a genuine copy of Windows, but then try and use it on more PCs than the licence permits.

(comment deleted)
Can I just take a minute to reminisce on how it seems XP and 7 were the best MS OSes out there and everything before or since has been inferior to those few glorious years of XP and 7.

Sure it had issues but at least it wasn't an actively hostile bloated piece of adware it is now.

I think people who say such things may just idolize the time ('the good old times')
What feature does windows 10 have that 7 didn't, that you find useful?

Personally the only thing I can think of is the slightly better calculator.

WSL.
The only useful feature of windows 10 is linux?
It’s not the only useful new feature but certainly the best one for most people on HN. Combining windows and Linux so well is great.
maybe, but they were also warmly received at the time they were released too.
Not me. I miss XP because of its stability and consistent UI. I miss 7 for similar reasons. Vista was a flop and I don't miss it even though "Vista times" were very nice for me. 10 and 11 have been unmitigated disasters.
> I miss XP because of its stability

Ah yes, the grand stability of plugging in the wrong USB accessory into the wrong USB port and the computer crashing. Great times :)

I don't remember this being the case. Keep in mind driver issues are not XP specific.
The stability only came with Service packs though. Initial XP had terrible security. I remember installing an out of the box xp in early 2000 and without doing anything it was infected by malware within 15 minutes of being put online.
The stability of connecting a fresh XP install to internet and immediately getting exploited.
You think XP was better than 2k? For me, nothing beats Windows 2000. I kept coming back to it even with SP3 and later.
Same for me, Windows 2000 had the stability of Windows NT4, but with added support for USB stuff.

Windows 2000 was the best version I ever used, though I admit I'd switched to Linux pretty soon after it was released.

Windows 2000 was such a good OS. Incredibly stable, reasonably performant, great aesthetics and a reasonably consistent interface throughout.
Each version of Windows has had its upsides and downsides.

My favorite in terms of looks and behavior is Windows 2000, and it's still in the top 5 when I think of desktop UIs that don't try to grab the user's attention. It was also much lighter on resources than XP, and didn't have poorly-animated dogs hiding behind the menus.

But oh man, let me tell you, the first time I experienced one of the newer versions restart its graphics driver without losing state was magical. I can't remember how many hours I lost to blue screens with a stack trace deep inside some ATI/nVidia dll, and to this day I can get a kernel panic in Linux if I tickle the GPU the right way, but modern Windows has proper GPU driver isolation and they did it without wrecking performance.

I wish it were somehow possible to run the pre-XP interface on the modern OS.

Im not a fan of the transition away from information density to giant touch buttons controlling interface design, BUT turning off transparency and animations is two clicks, and, although maybe my computer is powerful enough (despite not being technically compatible), Windows 11 is pretty snappy with effects turned off. And realistically, turning off most animations has been a recommendation for every version of Windows for decades.
Every Windows release since the dawn of time have been hated up until the next release was made. Windows 7 was hated until Windows 8 was released, then suddenly Windows 7 was great. Except Vista maybe, which was hated no matter what.
That's not true. 95 and 98 were well received. ME was garbage. XP was liked, mainly because it wasn't ME and also the first consumer NT kernel. Vista was hated for many good reason. 7 was liked mostly because it wasn't Vista. 8 was despised because it had a lot of just bad UI choices. 10 was liked because it undid all of that.

So it kind of flip flops. Microsoft makes a bunch of changes that everyone hates. Then they roll back a lot of them in the next OS.

That being said, 11 is shaping up to be a debacle. But don't worry, 12 will drop all the things you hate about 11 but keep things they really wanted to include.

>Microsoft makes a bunch of changes that everyone hates. Then they roll back a lot of them in the next OS.

That doesn't really describe Vista to 7. Windows 7 was largely Vista Service Pack 3, with some interface tweaks to give it is own visual marketing identity.

The Kernel Version Numbers are a better hint at what is going on than the marketing releases, or the service packs. Windows 2000 was NT5, XP was NT 5.1 (which was mostly a dos compatibility layer on top of 2000, so it could run consumer games and such.) Vista was NT6, 7 was NT6.1, 8 was NT6.2 8.1 was NT6.3.

Kernel Version numbers are also kind of sus because they often choose numbers based on what programs are checking for rather than anything else. Windows 10 uses 10.x, skipping right over 7, 8, and 9.

Like the reason we don't have a "Windows 9", because programs check for that to see if they're running on Windows 95 or 98 because it uses the 9x kernel.

Vista to 7 was significant. An operating system is more than just the kernel.

Vista to Vista SP2 was more significant of a performance improvement than Vista SP2 to 7 RTM.

What you described was a combination of marketing and a change in behavior. They skipped 7 because it would be confusing for 10 to be NT 7. They skipped 8 for the same reason, and 9 for the reason you described.

Nothing about those choices changes that from 2000 to 8.1 there were only one major kernel build number changes, and it was from XP to Vista. Although unpopular, Vista was the biggest leap between any two versions, and part of its lack of popularity was that it was a breaking change that broke most drivers. It also didn't help that they were certifying underpowered machines as compatible.

The conversation I started was about the frequency of major build number increments, not what number they chose to signify a change.

The activation algorithm had been cracked in 2009, since then keygen binaries have been floating around. And it had been open sourced in 2019. The register seems again a bit late to the party