How would you make Daz's loader ineffective against WAT?

Discussion in 'Windows 7' started by mydigitallifeforum, Jul 26, 2010.

  1. mydigitallifeforum

    mydigitallifeforum MDL Junior Member

    Apr 25, 2010
    81
    7
    0
    Daz's loader is great. It has "stolen" millions of customers away from Microsoft. It does the exploit thing before Windows start so it's harder for Microsoft to prevent. What do you guy think Microsoft will do to make Daz's loader ineffective against Windows Activation Technologies?

    Imagine yourself as a programmer working for Microsoft. What would you do?
     
  2. Valoni

    Valoni MDL Junior Member

    Aug 5, 2009
    65
    22
    0
    LOL!

    asnwer is simple "hope no another loader - becase chief screaming over me"...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Phazor

    Phazor MDL Expert

    Sep 1, 2009
    1,145
    517
    60
    #3 Phazor, Jul 26, 2010
    Last edited: Jul 26, 2010
    So now we are supposed to discuss how to ruin months of development?

    You got to be kidding...

    *shakes head*
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. BobSheep

    BobSheep Moderator
    Staff Member

    Apr 19, 2010
    2,326
    1,358
    90
    That sort of question makes me think you might be a M$ spy.
    Are you?
     
  5. bluealien

    bluealien MDL Member

    Mar 2, 2010
    115
    19
    10
    I seriously doubt anyone will discuss publicly how to defeat any form of activation. It may be theoretically possible but extremely difficult for ms to implement and could cause problems for actual customers who bought a license.
     
  6. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,293
    66,086
    300
    #6 Daz, Jul 26, 2010
    Last edited: Aug 26, 2010
    It already passes WAT and I already have another working method which also passes WAT. Why show MS all my cards at once when they can't eliminate the loader as it is? :p

    You have to understand the loader runs outside of Windows so to Windows it's just a file on the HDD and nothing more. It looks like a system that was sold with SLIC activation.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. secr9tos

    secr9tos MDL Addicted

    Jul 28, 2009
    999
    133
    30
    #7 secr9tos, Jul 26, 2010
    Last edited: Jul 26, 2010
    Dump the bios either by copying some specific regions of the MBA or using raw I/O on the CMOS itself. Finally I would put the dumper in a driver which has a polymorphic encryption, anti-debug methods & uses rootkit technology e.g like ShadowWalker to hide the code pages, in addition open an SSL tunnel to validation server & forward all network traffic directly to NDIS layer which would bypass all TCP/IP filters. This would slow reverse engineering tremendously down & would be really difficult to defeat. ;):p
     
  8. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,938
    10,474
    340
    #8 Yen, Jul 26, 2010
    Last edited: Jul 26, 2010
    Dump the bios to scan for a SLIC? All the bioses are compressed and there is no unique way to program ACPITables...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. secr9tos

    secr9tos MDL Addicted

    Jul 28, 2009
    999
    133
    30
    Compare the dumped BIOS with the original one & check if the OS is activated as OEM. If the BIOS does not support SLIC 2.1 according to the vendor, flag the PC as non-genuine.
     
  10. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,938
    10,474
    340
    You would need a database and a extra server to host all original bioses or an hash of it....impossible. Also there are official SLICed bioses (remember marker tools?)
    It would be sufficient to read the bios string only and to check against a database......this idea we have had already......with extra effort (database of M$) it would be possible to detect all modifications...ODIN as well...:p .. but not SLIC'ed bioses by marker tools..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,293
    66,086
    300
    Theres a ton of compressed BIOS's too, this being the core reason why MS can't take aim correctly. A lot of BIOS manufacturers are sloppy and theres no way MS could depend on them so that they could develop a tool which supports each system since SLIC activation come into play.

    I hate discussing this subject anyway and I will say no more on it. I know MS looks at this forum and I'm not giving them any free ideas.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. secr9tos

    secr9tos MDL Addicted

    Jul 28, 2009
    999
    133
    30
    With a combination of hooking, DKOM & TLB modification you can hide nearly everything...
     
  13. xrdguy

    xrdguy MDL Novice

    Feb 17, 2010
    46
    6
    0
    This discussion is dumb to begin with. I dont want MS to know how to defeat loader. Daz did excellent work with his loader and I dont want to ruin my copy of win 7. If MS wants then let them do the work to find solution in their favor, which I wish they never find. Person who started this thread seems to be MS looser employee or some dumb joker.
     
  14. urie

    urie Moderator
    Staff Member

    May 21, 2007
    8,644
    3,003
    300
    I agree it would cost M$ and OEM companies more to setup database than i would in the cost of lost sales.
     
  15. Alien1

    Alien1 MDL Novice

    Feb 19, 2010
    15
    2
    0
    Well truly the only efficient way to defeat Daz's loaders and others of this sort, is for Redmond to give the OS away for free. This would defeat it fast and easily.
     
  16. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,801
    44,845
    150
    Well I was worried in Win 7 OEM actvation would be whitelisted to certain HW, but I don't see that happening as that is a lot of PC configs to make a database of and you screw the legit user for replacing/upgrading things in their OEM machine.

    Another thing I have noticed that would make comparing BIOSs difficult is some PCs ship with 2.0 and the manufacturer makes an official BIOS update that enables SLIC 2.1.
    I was using Daz Loader on my dad's laptop (as legit key somehow went into notifications mode). then updated his BIOS and all of a sudden it has SLIC 2.1.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,065
    270
    MS hasn't found a Daz loader since 1.7.6 for me and that was quite a few months ago so I'm not worried and with Daz having a back up plan I'm even less worried or not at all :p...lol
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. mydigitallifeforum

    mydigitallifeforum MDL Junior Member

    Apr 25, 2010
    81
    7
    0
    Nope, not a Microsoft spy... But sometimes I wish I were ;)

    I just wanted to see the programmers (MDL has lots of good ones) to point out
    any potential weaknesses in Daz's loader which MS might possibly be used to make
    it ineffective against WAT. And I thought it would help giving Daz extra ideas to
    make the loader into perfection.

    I have a lot of respect for Daz's loader, and this is what I previously wrote:

     
  19. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,065
    270
    He's got a pretty cool name for an MS spy but notice he didn't ask how loader worked only how it could be beat so I think he just had some curiousity that manifested as a slightly uncomfortable query into how what we have that works could potentially not work :p...lol
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. sam3971

    sam3971 MDL Guru

    Nov 14, 2008
    2,220
    303
    90
    @timesurfer: I still would not tell him everything because you never know though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...