The unknown hacker who claimed last week that a tool he'd created could generate valid Windows Vista activation codes has admitted that the crack was cracked.
"Fact is the brute-force keygen is a joke, I never intended for it to work," the individual identified only as Computer User wrote on the KezNews website over the weekend. "I have never gotten it to work, everyone should stop using it! Everyone who said they got a key is probably lying or mistaken!"
Watchers should have seen the confession coming. On Friday, Computer User issued an online apology and professed his love for Vista. "I apologise for exposing the work-around in question. I regret the fact that it has been leaked all over the Net, which I guess was to be expected. I simply love Windows Vista, and I happened to stumble upon this trick. Everyone should stop using the brute force KeyGen altogether because it takes away from legitimate customers."
Others writing on the same thread were leery of Computer User's new-found religion, and either called his revelation into question or wondered if it had been issued because he had been spooked by legal threats.
"It's not fake, it's not impossible, but it's near impossible," wrote a user identified as ecko, who posted another message reading: "It's not a hoax, but it takes so long you'll be wasting your time trying." Last week, a KezNews poster calculated that that it would take Computer User's KeyGen 1.35 quintillion years to check all possible 25-character combinations that make up a Vista product activation key.
"Are you scared of getting into trouble?" asked tyga45.
Computer User replied to that question Saturday. "Well, actually yes, I am worried about getting into trouble. I'd prefer a job rather than a lawsuit," he wrote. "I don't think there is anything they can do. I only posted a bit of source code. But I'd wish people would stop using it, and I think it'll be deleted from the site soon." As of Monday, KezNews still included links to several sites where KeyGen could be found.
But some users remained adamant that the brute force utility had cranked out one or more valid Vista keys. "it was successful in retrieving 3 Keys with only 1 working," wrote salmypal. "Since [Computer User's confession] came out, it has been running non-stop and has retrieved 2 more keys that are not valid."
Vista's activation, part of Microsoft's overall Windows Genuine Advantage (WGA) anti-counterfeit programme, validates the licence's product key to make sure that a key is used only once. If Vista is not activated within 30 days of its first-time use, or is activated with a bogus key, it drops into a crippled state.
Last week, Alex Kochis, senior product manager of WGA, said that even if the crack produced a seemingly valid key, Microsoft's activation servers would probably reject it because they "perform a more rigorous analysis of the keys that are sent up than the local key logic does”.