Research group MASSGRAVE introduced exploit TSFORGE, which allows users to activate any version of Windows 7 and all Microsoft Office releases starting from Office 2013. This dangerous vulnerability threatens the entire system of digital licenses in Windows since 2007.
Microsoft employs the Software Protection Platform (SPP) system to verify licenses. Various methods to bypass this protection have emerged over the years, such as emulating KMS servers and patching bootloaders. However, until now, no one has been able to directly hack the activation mechanism itself. The new vulnerability enables changing licenses without impacting the core system and evading built-in protective measures.
Researchers discovered that SPP stores license information in encrypted files Data.dat and tokens.dat, with Windows 7 utilizing separate storage. They learned that Windows does not recheck the entered information after activation. By altering specific data in files, the system considers itself activated even after rebooting.
The vulnerability’s first signs emerged in 2023, revealing that activation confirmation codes (CID) could be falsified, enabling activation of Windows and Office without connecting to Microsoft servers. Researchers further uncovered that the keys’ authenticity checks do not validate data post-recording. The MassGrave team deciphered activation keys, compared them to earlier Windows versions, and successfully bypassed all modern systems.
TSFORGE permits activation of any Windows version without key entry, bypasses hardware-based activation, and emulates KMS Activation sans server connection. Consequently, scripts can activate multiple devices with a single activation without restrictions.
The main challenge for Microsoft stems from this method not relying on commonly blocked “black” keys. The vulnerability is tied to fundamental SPP features, potentially necessitating a comprehensive licensing system review for elimination.
Microsoft has refrained from commenting on the situation, but it appears the company will need to swiftly implement measures. Probable options include enhanced cloud control, transitioning to account-bound licenses, or abolishing local checks in favor of server decisions. In any scenario, the battle against illegal Windows activation is escalating to a new stage.