In an unexpected twist, a Microsoft support engineer resorted to running an unofficial ‘crack’ on a customer’s Windows PC after a genuine copy of the operating system failed to activate normally.
It seems, this isn’t the first time either that IT professionals have employed such workarounds when under pressure to timely close out support tickets.
A ‘crack’ is worth a thousand support tickets
A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer “crack” his copy using unofficial tools that bypass the Windows activation process.
Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels:
“I can’t believe it. My official Microsoft Store Windows 10 Pro key wouldn’t activate. Support couldn’t help me yesterday,” tweeted the technologist.
“Today it was elevated. Official Microsoft support (not a scam) logged in with Quick Assist and ran a command to activate windows… BRO IT’S A CRACK. NO CAP.”
“It’s literally easier to crack windows than to pay for it,” exclaimed Pyburn.
Microsoft Product Activation, as commonly seen in Windows and Office products, is Microsoft’s DRM technology to ensure users are running company’s genuine products as opposed to pirated versions, and are compliant with the license terms.
Windows XP-era users may also be familiar with Windows Genuine Advantage (WGA), a validation process that Microsoft earlier enforced to automatically ‘deactivate’ pirated OS copies.
“Activation helps verify that your copy of Windows is genuine and hasn’t been used on more devices than the Microsoft Software License Terms allow,” according to Microsoft.
Microsoft’s official Windows activation methods involve either the customer entering a 25-character product key when prompted, or signing in with their Microsoft account to apply a digital license. In some cases, customers may also call the customer care to “activate by phone.”
By contrast, software “cracks” and stolen product keys are commonly used by users looking to pirate software—something which is forbidden both by a company’s licensing terms and by law in most jurisdictions.
The Microsoft support engineer in this case, ran the following PowerShell command on the customer’s Windows PC (URL slightly modified to prevent execution):
irm hxxps://massgrave[.]dev/get | iex
The command establishes a connection to massgrave.dev, an unofficial repository of Windows and Office “activator” scripts that may slip under the radar of most antivirus products.
Further, the Invoke-Expression aka iex command runs the downloaded script, as seen by BleepingComputer:
“Working in IT I can 100% believe this lmao, commented one user.
“They’re probably as dumbfounded by the issue as you and/or don’t have a better solution and it solves the problem/resolves the ticket so they’re happy.”
Cracks, warez, pirated software pose risks
Using “warez,” cracks, and other unofficial means to bypass software copy protection are often frowned upon. Other than falling in a legal gray area and being akin to pirating software, these methods pose a security risk. For example, third-party scripts claiming to be software ‘cracks’ may instead be malware.
To clarify if what Microsoft support agent had run was indeed a crack, Pyburn reached out to Massgrave’s staff via Discord.
Not only did the website staff reply affirmatively to the technologist’s question, they further claimed, it wasn’t the first time they’d heard of a Microsoft engineer doing this.
“This is the second time someone reported here that it’s being used by Microsoft support agents. It’s not official and not legal,” writes WindowsAddict, a Massgrave staff member.
Naturally, such workarounds when employed by a software company’s support staff would leave just about anyone startled.
“I can not believe Microsoft’s answer to a broken activation system is to crack windows via official support channels,” says Pyburn.
“…AND IT WAS OFFICIAL SUPPORT. The entire reason I paid was to avoid rootkits and other malware COMPLETELY. Then they crack it for me.”
BleepingComputer approached Microsoft for comment in advance of publishing.
“We strive to provide best-in-class support for our customers. The technique you described would be against our policy,” a Microsoft spokesperson told BleepingComputer.
“We are investigating this occurrence and will take appropriate steps to ensure proper procedures are followed regarding customer support for our products and services.”
Update March 17th, 1:13 AM ET: Added statement from Microsoft received after press time.