微软WGA正版验证启动24小时内被攻破
微软在其下载和更新的网站上加入了正版验证(WGA,Windows Genuine Advantage),今天在网上发现了一个网站,他们声称已经破解了微软网站上的正版验证,使用者只需下载一个叫做Trixie的欺骗程序和一段javascript脚本,即可绕过微软网站上的正版验证从而下载正版用户才能下载的更新。
破解方式分为IE用户群和Mozilla Suite/Firefox用户群:
IE用户只需要下载安装Trixie后将欺骗的JS脚本放在Trixie软件中的scripts\目录下,软件打开IE在“工具”中选择“Trixie”选项,即可看见WGA Workaround。然后再访问微软的下载网站和更新网站即可绕过正版验正。
分析了一下,微软的正版验证主要是采用了javascript管理,而对于客户端的javascript是很不保险的。Trixie的原理主要正是依靠了javascript来欺骗验证程序。相信微软在发现这一漏洞后会对其WGA验证程序加以改进。
网站地址:
http://www.extended64.com/blogs/rafael/archive/2005/07/27/1026.aspx
原文如下:
Windows Genuine Advantage + Javascript = Workaround
(July 28, 07:03AM EST) Thanks for all the emails, I updated the IE script with user-submitted scripts to resolve the freezing and also bypass WGA on Microsoft/Windows Update. Do not email me about "simpler" methods (eg. Manage Add-ons, BLOCKED SCRIPT)! I know about this already...
Continue. Continue. Click. Click. Click. Sigh, my fingers could do without the extra clicking, hence why I came up with greasemonkey and trixie scripts for bypassing WGA on Microsoft's download pages.
For Internet Explorer users:
- You'll need to download trixie and the relevant user script [Thanks Mark S., MacMonkey]. Simply download the .js file and drop it into trixie's scripts\ folder.
- Fire up Internet Explorer (32-bit) and click Tools > Trixie Options. You should see WGA Workaround. If it's not already checked, check it. Uncheck the others if you don't want to use them (recommended).
- Visit Microsoft Downloads or Microsoft Update to test it out!
For Mozilla Suite/Firefox users:
- You'll need to download greasemonkey and the relevant user script. Simply download the .js file to a temporary location (like the Desktop), drag it onto a Mozilla Suite/Firefox window and click Tools > Install User Script. Keep the defaults.
- Visit Microsoft Downloads to test it out! NOTE: Microsoft Update does not support Firefox.
For Opera users:
- The script for Firefox above works as-is in Opera. Instructions later.
For Konqueror/lynx users:
- You're kidding, right?