Re: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- From: Larry Seltzer <Larry@xxxxxxxxxxxxxxxx>
- Date: Tue, 2 Jan 2007 06:37:25 -0500
licensing process where a VMWare image of a hacked licensing server wasThis was I believe part of a recently published way to circumvent the
used.
I'm sure it's irrelevant to the thread, but here's that story:
http://www.microsoft-watch.com/content/vista/another_vista_activation_cr
ack_appears.html
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer@xxxxxxxxxxxxx
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of kevin
fielder
Sent: Tuesday, January 02, 2007 6:15 AM
To: jammer128@xxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
I have no idea if the below is expected behavior or not, but for
business / education etc usage you can set up a server that deals with
license management and activation - thus only that and not all internal
machines needs to be able to 'phone home'. The internal machines just
need to be able to talk to the license management server (sorry can't
recall what M$ actually call this server).
This was I believe part of a recently published way to circumvent the
licensing process where a VMWare image of a hacked licensing server was
used.
cheers
K
________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Jason
Miller
Sent: 02 January 2007 07:45
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Vista Reduced Function mode triggered
lol i want to see this happen in a .edu unit where you can only access
the internet by going through a limited HTTP proxy that does not allow
the connect function, think it would give humourous results. unless it
'phones home' by visiting a page and printing said info, which in that
case it would probably be simple enough to modify the server it goes to
and make it think its going to microsoft, in that event you could easily
get cd keys if thats how it verifies its a real vista copy.
On 1/1/07, Geo. <geoincidents@xxxxxxx> wrote:
It just can't be that simple. There has to be more to what happened
to the guy. Lots of computers are offline for several days at a
time, it's inconceivable that they didn't test that.
Ok, as complete as I can be in the few minutes I have to post this.
During those three days I did a lot of poking around, stopping and
starting services, switching from wired to wireless and back, trying
to view high def video (which I still am not able to do in any video
player except WMP for some reason) installing codecs and software,
running into the event ID 4226 tcp security connect limit, etc.
However I never got any notification of deactivation or any problem of
that sort. Then on the third day suddenly solitaire would not start up
and I couldn't get into network properties. I did a bunch of rebooting
and trouble shooting trying to figure that out but got nowhere.
So I went back to trying to get high def video to work in Media player
classic and figured perhaps it was trying to download a codec so Istarting to work again.
removed the routes. It didn't help the video but I quickly found
network properties started working. So then I tried solitaire and it
worked. This was all directly after removing the routes, there wasn't
but a few minutes between letting it talk to the net and these apps
I decided this was probably reduced functionality in action but since
I had never seen it before I needed some way to trigger it so I could
compare since it would take 3 days to reproduce with route blocking. I
disabled the software licensing service since it claims disabling that
service will kick off reduced functionality mode. Nothing happened
immediately but 24 hours later solitaire and network properties (and
now control panel) would not start up. It was exactly the same apps
and behavior. I enabled and started the software licensing service and
in seconds things returned to fully functional just like removing theroutes did.
So it's possible the routes didn't trigger it, but removing them sure
cured it quickly so that is my guess at this point. Further testing is
needed. I won't be testing it for a couple days as I need the laptop
connected to other networks to try some other software I need to test.
(that tcp limit may prove a problem for network monitoring)
Geo.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- From: kevin fielder
- [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- Prev by Date: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- Next by Date: Re: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- Previous by thread: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- Next by thread: Re: [Full-disclosure] Fwd: Vista Reduced Function mode triggered
- Index(es):
Relevant Pages
|
