Microsoft support ‘cracks’ Windows for customer after activation fails

In an unexpected twist, a Microsoft support engineer resorted to running an unofficial ‘crack’ on a customer’s Windows PC after a genuine copy of the operating system failed to activate normally.

It seems, this isn’t the first time either that IT professionals have employed such workarounds when under pressure to timely close out support tickets.

A ‘crack’ is worth a thousand support tickets

A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer “crack” his copy using unofficial tools that bypass the Windows activation process.

Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels:

“I can’t believe it. My official Microsoft Store Windows 10 Pro key wouldn’t activate. Support couldn’t help me yesterday,” tweeted the technologist.

“Today it was elevated. Official Microsoft support (not a scam) logged in with Quick Assist and ran a command to activate windows… BRO IT’S A CRACK. NO CAP.”

Microsoft’s support chat session with Pyburn involved engineer running a crack (Twitter)

“It’s literally easier to crack windows than to pay for it,” exclaimed Pyburn.

Microsoft Product Activation, as commonly seen in Windows and Office products, is Microsoft’s DRM technology to ensure users are running company’s genuine products as opposed to pirated versions, and are compliant with the license terms.

Windows XP-era users may also be familiar with Windows Genuine Advantage (WGA), a validation process that Microsoft earlier enforced to automatically ‘deactivate’ pirated OS copies.

“Activation helps verify that your copy of Windows is genuine and hasn’t been used on more devices than the Microsoft Software License Terms allow,” according to Microsoft.

Microsoft’s official Windows activation methods involve either the customer entering a 25-character product key when prompted, or signing in with their Microsoft account to apply a digital license. In some cases, customers may also call the customer care to “activate by phone.”

Typical Microsoft Windows 10 activation dialog prompting for a key (Microsoft Community)

By contrast, software “cracks” and stolen product keys are commonly used by users looking to pirate software—something which is forbidden both by a company’s licensing terms and by law in most jurisdictions.

The Microsoft support engineer in this case, ran the following PowerShell command on the customer’s Windows PC (URL slightly modified to prevent execution):

irm hxxps://massgrave[.]dev/get | iex

The command establishes a connection to massgrave.dev, an unofficial repository of Windows and Office “activator” scripts that may slip under the radar of most antivirus products.

Further, the Invoke-Expression aka iex command runs the downloaded script, as seen by BleepingComputer:

Windows 10 activation script from Massgrave.dev

“Working in IT I can 100% believe this lmao, commented one user.

“They’re probably as dumbfounded by the issue as you and/or don’t have a better solution and it solves the problem/resolves the ticket so they’re happy.”

Cracks, warez, pirated software pose risks

Using “warez,” cracks, and other unofficial means to bypass software copy protection are often frowned upon. Other than falling in a legal gray area and being akin to pirating software, these methods pose a security risk. For example, third-party scripts claiming to be software ‘cracks’ may instead be malware.

To clarify if what Microsoft support agent had run was indeed a crack, Pyburn reached out to Massgrave’s staff via Discord.

Not only did the website staff reply affirmatively to the technologist’s question, they further claimed, it wasn’t the first time they’d heard of a Microsoft engineer doing this.

“This is the second time someone reported here that it’s being used by Microsoft support agents. It’s not official and not legal,” writes WindowsAddict, a Massgrave staff member.

Massgrave Discord staff suggests Microsoft support often uses these tools

Naturally, such workarounds when employed by a software company’s support staff would leave just about anyone startled.

“I can not believe Microsoft’s answer to a broken activation system is to crack windows via official support channels,” says Pyburn.

“…AND IT WAS OFFICIAL SUPPORT. The entire reason I paid was to avoid rootkits and other malware COMPLETELY. Then they crack it for me.”

BleepingComputer approached Microsoft for comment in advance of publishing.

“We strive to provide best-in-class support for our customers. The technique you described would be against our policy,” a Microsoft spokesperson told BleepingComputer.

“We are investigating this occurrence and will take appropriate steps to ensure proper procedures are followed regarding customer support for our products and services.”

Update March 17th, 1:13 AM ET: Added statement from Microsoft received after press time.

Comments

GT500 – 2 days ago
Good old KMS. The source of so many ransomware infections in the past… And probably miners, but when your PC’s performance has tanked and you don’t know why most people assume it’s time to buy a new PC, or just live with it until it’s time to upgrade.
nauip – 2 days ago
Chances are the MS Tech used the HWID bypass. It’s permanent (unlike the KMS that occasionally gets cleaned) because it doesn’t require an executable. It also frequently survives a re-install in my experience.
xafase – 2 days ago
Issue was resolve and ticket was closed. The tech doesn’t care. They aren’t paid to care. They are paid to close tickets.

Bonus point! If ChatGPT told the tech to do that.
lonegull – 2 days ago
The short time I endured doing tech support they actively encouraged you to start the customer on any action to get them off the call ASAP.

Quite a mess at Microsoft if they can’t activate their own product. Had an experience with a new printer where even the manufacturer tech support couldn’t make it work. The tech said couldn’t find the ‘advanced drivers’ in Windows (still don’t know what they are) and told me to contact Microsoft or the OEM. Kept telling them I built the system (I am the OEM) and it isn’t a MicrosoftWindows problem, but they wanted me off the call. Returned the printer for a refund.
EndangeredPootisBird – 2 days ago
I would think that out of anyone, people at Microsoft would know that cracks are the most common attack vector of malware.
speedingcheetah – 2 days ago
This is just, weird. You do realize though, that any product key off any old computer, even brand name OEM ones, works still to fully and seemingly legitly/legally activate Windows 10 and 11. I have used keys from long dead and recycled Win 7, even Vista machines, both laptops and desktops, to activate Windows 10/11 on many modern builds. Where i used to work, even years back, dig out of the scrap pile old COA stickers still stuck to the bottom of old scraped Dell and HP business laptops, or desktops, and the keys have worked fine to activate and shows as “Activated with digital license” in the Activation page of Settings. It even does something to add the key to your MS account, and if you wipe and re-install the PC, and soon as you log into your MS account, it auto activates the OS for you. Microsoft so desperate for users to move off 7 back in the day, to 8 and newer versions, they let old key still work, claimed later on that will no longer be possible, and you for sure have to start paying to upgrade, but alas, they never disabled the ability to use old Win 7 keys to activate their current OS.
Mr.Tom – 1 day ago
You don’t need a Mic Acct for it to auto-activate. Once you’re “activated with a digital license”, you can wipe it and reinstall without an account and it self activates. But what’s cool with activation “tied to your Mic Acct”, if you build a new computer and even move your old drive to the new motherboard, your windows activates with the new motherboard.
luvr – 2 days ago
Yet another proof that DRM = “Digital Restriction Malware”.