OEM BIOS Emulator Bypasses Vista Activation

While there are known methods of bypassing Windows Vista activation requirements, a new technique turns out to be the easiest and most effective so far in defeating Microsoft's Windows Genuine Advantage (WGA) technology.

Previously published techniques include using a fake Key Management Service (KMS), which emulates a real KMS that's required by some enterprises that roll out a large number of Vista desktops. In those instances, Vista needs to be reactivated at least every 180 days, which is done by Vista communicating with the KMS. Another technique involves regularly using a Vista feature known as "skiprearm," which basically resets a timer in Vista to make it keep working in the 30-day grace period typically allowed by Microsoft before Vista must be officially activated.

The latest technique relies on Vista's OEM BIOS-based activation methods. In simplified terms, Microsoft allows OEMs to activate Vista (as they could Windows XP) by inserting special data in the system's BIOS. When the OS finds that data, it considers the system to be legitmately licensed to run the OS.

Now code has been published that can mimic the special BIOS data. The code doesn't actually overwrite or flash the BIOS with new settings. Instead, a driver is loaded that emulates an OEM BIOS complete with the special BIOS data. So once the code is installed, no further action is required by the user to keep Vista activated. The code presents a considerable piracy risk to Microsoft.

While Microsoft might overlook some hacks, such as convoluted methods of physically modifying BIOS firmware to fool technology such as WGA, the company does apparently intend to address the new BIOS emulation hack in one way or another. Alex Kochis, senior product manager at Microsoft, wrote in a blog entry that "Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims. This means focusing on responding to hacks that are scalable and can easily be commercialized, thereby making victims out of well-intentioned customers."