In an unexpected twist, a Microsoft support engineer resorted to running an unofficial ‘crack’ on a customer’s Windows PC after a genuine copy of the operating system failed to activate normally.
It seems this isn’t the first time IT professionals have employed such solutions when under pressure to close support tickets in a timely manner.
A ‘crack’ is worth a thousand support tickets
A South African-based independent technologist who paid $200 for a genuine copy of Windows 10 was shocked to find that a Microsoft support engineer “cracked” his copy using unofficial tools that circumvented the Windows activation process.
Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels:
“I can’t believe it. My official Windows 10 Pro key from the Microsoft Store wouldn’t activate. Support couldn’t help me yesterday,” tweeted the technologist.
“Today it rose. Official Microsoft support (not a scam) logged in with Quick Assist and ran a command to activate Windows… BROTHER IT’S A CRACK. NO CAP.”
“It’s literally easier to open windows than to pay for it,” Pyburn exclaimed.
Microsoft Product Activation, as commonly seen in Windows and Office products, is Microsoft’s DRM technology to ensure that users are running genuine Microsoft products instead of pirated versions, and that they abide by the terms of the Microsoft Product Activation. license.
Windows XP-era users may also be familiar with Windows Genuine Advantage (WGA), a validation process Microsoft previously implemented to automatically ‘deactivate’ pirated copies of the operating system.
“Activation helps verify that your copy of Windows is genuine and hasn’t been used on more devices than the Microsoft Software License Terms allow,” according to Microsoft.
Microsoft’s official Windows activation methods involve the customer entering a 25-character product key when prompted, or signing in with their Microsoft account to apply a digital license. In some cases, customers can also call customer service to “activate by phone.”
In contrast, software “cracks” and stolen product keys are commonly used by users seeking to pirate software, something that is prohibited by both a company’s license terms and the law in most jurisdictions.
In this case, the Microsoft support engineer ran the following PowerShell command on the customer’s Windows PC (URL slightly modified to prevent execution):
irm hxxps://massgrave[.]develop/get | iex
The command establishes a connection to massgrave.devan unofficial repository of Windows and Office “activator” scripts that may go undetected by most antivirus products.
Also, the invocation expression alias iex The command runs the downloaded script, as seen by BleepingComputer:
“Working in IT I can believe this 100% lmao, commented an user
“They’re probably just as flabbergasted by the problem as you are and/or don’t have a better solution and fix the problem/resolve the ticket so they’re happy.”
Cracks, warez, pirated software pose risks
The use of “warez”, cracks and other unofficial means to circumvent the copy protection of software is often frowned upon. In addition to falling into a legal gray area and being similar to software hacking, these methods pose a security risk. For example, third-party scripts that claim to be software “cracks” may be malware.
To clarify whether what the Microsoft support agent had run was actually a crack, Pyburn reached out to Massgrave’s staff via Discord.
The website staff not only answered the technologist’s question in the affirmative, but also stated that this was not the first time they had heard of a Microsoft engineer doing this.
“This is the second time someone has reported here that Microsoft support agents are using it. It’s not official or legal,” he writes. WindowsAddict, a member of the Massgrave staff.
Naturally, such solutions when employed by the support staff of a software company would leave anyone surprised.
“I can’t believe that Microsoft’s response to a broken activation system is to break windows through official support channels,” says Pyburn.
“…AND IT WAS OFFICIAL SUPPORT. The only reason I paid was to TOTALLY prevent rootkits and other malware. Then they cracked it for me.”
BleepingComputer reached out to Microsoft for comment ahead of publication.
“We strive to provide best-in-class support to our customers. The technique you described would be against our policy,” a Microsoft spokesperson told BleepingComputer.
“We are investigating this fact and will take appropriate steps to ensure proper procedures are followed with regard to customer support for our products and services.”
Update March 17, 1:13 am ET: Added statement from Microsoft received after press time.
