In an unexpected twist, a Microsoft support engineer resorted to running an unofficial “crack” on a customer’s Windows PC after a genuine copy of the operating system failed to activate. Normally.
It also appears not to be the first time that support professionals have used such workarounds when under pressure to close support tickets in a timely manner.
A “crack” is worth 1000 support tickets
A South Africa-based freelance technologist who paid $200 for a genuine copy of Windows 10 was surprised to see a Microsoft support engineer “crack” his copy using unofficial tools that circumvent the process. Windows activation.
Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels:
“I can’t believe this. My official Microsoft Store Windows 10 Pro key was not activating. Support couldn’t help me yesterday.” tweeted the technologist.
“Today it was brought up. Official Microsoft Support (not a scam) connected with Quick Assist and ran a command to activate Windows… BRO THIS IS A CRACK. NO CAP.”
“It’s literally easier to break windows than to pay for it,” exclaimed Pyburn.
Microsoft Product Activation, as commonly seen in Windows and Office products, is the GDN technology to ensure users are running the company’s genuine products as opposed to pirated versions, and complying with license terms.
Windows XP era users may also be familiar with Genuine Windows Advantage (WGA), a validation process that Microsoft previously applied to automatically “disable” pirated operating system copies.
“Activation verifies that your copy of Windows is genuine and hasn’t been used on more devices than the Microsoft software license terms allow.” according Microsoft.
Microsoft’s official Windows activation methods involve either the customer entering a 25-character product key when prompted, or logging in with their Microsoft account to apply a digital license. In some cases, customers can also call customer service at “activate by phone.”
In contrast, software “cracks” and stolen product keys are commonly used by users seeking to pirate software, which is prohibited both by a company’s license terms and by law in most jurisdictions.
In this case, the Microsoft Support Engineer ran the following PowerShell command on the customer’s Windows PC (URL slightly modified to prevent execution):
mri hxxps://massgrave[.]dev/get | iex
The command establishes a connection with massgrave.devan unofficial deposit Windows and Office “activator” scripts that can go under the radar of most anti-virus products.
Moreover, the Invoke-Expression a.k.a iex The command runs the downloaded script, as seen by BleepingComputer:
“Working in IT, I can believe 100% in this lmao, commented an user.
“They’re probably as stunned by the problem as you are and/or don’t have a better solution and this solves the problem/solves the ticket so they’re happy.”
Cracks, warez, pirated software present risks
The use of “warez”, cracks and other unofficial means to circumvent software copy protection is often frowned upon. In addition to falling into a legal gray area and akin to software piracy, these methods pose a security risk. For example, third-party scripts claiming to be software “cracks” may instead be malware.
To clarify whether what the Microsoft support agent ran was indeed a crack, Pyburn reached out to Massgrave staff via Discord.
Not only did the website staff answer yes to the technologist’s question, but they added that this wasn’t the first time they’d heard of a Microsoft engineer doing this.
“This is the second time someone has reported here that it is used by Microsoft support agents. It is neither official nor legal”, writing windows addict, a Massgrave staff member.
Naturally, such workarounds, when employed by the support staff of a software company, would leave just about anyone in awe.
“I can’t believe that Microsoft’s response to a faulty activation system is to crack Windows through official support channels,” says Pyburn.
“…AND IT WAS OFFICIAL SUPPORT. The only reason I paid was to COMPLETELY avoid rootkits and other malware. Then they cracked it for me.”
BleepingComputer approached Microsoft for comment before publication. We have not yet received a response.