The weakness was first discovered by the famous (underground) group Paradox which discovered a way to emulate so called “Royality OEM2″ which require no activation at all. Those special OEM versions are only issued to major computer manufacturers such as Dell and Asus to take the hassle of activating the operating system away from their clients. These manufacturers embed license information into their hardware products which is equivalent to a online or phone registration.

This is called system-locked pre-installation 2.0 (SLP 2.0) and it consists of three key elements: (taken directly from the Paradox info file)

• The OEM’s hardware-embedded BIOS ACPI_SLIC information signed by Microsoft.
• A certificate issued by Microsoft that corresponds to the specific ACPI_SLIC information.
• A special type of product key that corresponds to the installed edition of Windows Vista.

“If all three elements match Windows Vista’s licensing mechanism considers the given installation a valid system-locked pre-activated copy (that does not require any additional product activation procedures).”

Which means they had to create a tool that would emulate an SLP 2.0 system fulfilling all three key elements. This process introduced by Paradox could be described as rather complex for the average user.

Thankfully a group called Clony created a one click activation from this information. The process would be the following:

• Install RTM or Retail Vista without product key
• Execute a single file and follow the instructions
• Reboot Windows Vista

Now this does not sound complicated at all, does it ? In case you are wondering where to get those activation files. I do not want to link directly to them because it could mean serious trouble.

Please rest assured that this method to bypass Vista activation does not tinker with your bios at all. It is a pure software emulation of a OEM bios.

The author of the keygen admitted today that the method that he posted was a hoax. The problem is not that it is not possible to create a valid Windows Vista key – it lies in the fact that it simply takes to long to generate a working key that can be used to activate Windows Vista online. This means, the method is working but not very practicable.

The question remains why the author admitted the hoax just one day after publishing the method. He admitted in the forum that he did not like the prospect of a lawsuit which is totally understandable. Thanks Irish and Andre for letting me know about this.

It seems that the process requires to replace the Software License Manager for Windows Vista – slmgr.vbs – with an altered version that makes the process possible. It is currently not possible to download the needed files from the website that published the method first. The forum does not accept new registrations at this point and the main page contains only a summary of the process without a download link.

I personally think that it is interesting that this method is working at all but would advise everyone to be very cautious about it.

source: keznews.com

Update:

Adrian corrected my assumption that the bruteforce attack would hammer Microsoft servers to check the keys. This is apparently not the case. Keys are generated on the local pc and the user has to try the activation with the key manually. This is the only time the Microsoft server is contacted.