General discussion

Locked

Windows 2000 Source Code Released?

By Joseph Moore ·
Apparently, the source code for NT and Win2K has been released and is circulating. There is a post on Neowin.net about this:
http://www.neowin.net

So, if this is true, what could it really mean? The worse case scenario that I can think of is people getting the source, examinging it, and finding new problems that have not been found before. Making viruses/worms that exploit these newly found problems.

Total havoc, chaos, and the destruction of the Internet as we know it!!!!

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Old archived story re-circulated?

by wordworker In reply to Windows 2000 Source Code ...

From what I saw on slashdot, it looks like that's a recycled thread from a few years ago. If it is true - holy crap, not a good thing.

Collapse -

Microsoft Has Confirmed It's True

by Joseph Moore In reply to Old archived story re-cir ...

Nope, this is the real deal. The estimates are that 13.5 million lines of code for Win2K (out of an estimated 35 million lines) were released. It is a post Win2K Gold source code released, with some references to Whistler (WinXP) in the notes.
http://www.betanews.com/ has additional info.
This is just really not a good week for our friends in Redmond!

Collapse -

Possible Source Code File List

by Joseph Moore In reply to Microsoft Has Confirmed I ...

http://tinyurl.com/34ch8
That is being claimed as the file list for what was released.

Collapse -

Think about it though

by LordInfidel In reply to Microsoft Has Confirmed I ...

A. MS did not release it to the general public.

B. There is nothing to say that this is not a trojanized source code release.

C. there are no official MD5 checksums to verify the package against.

I would stay extremely far away from this. As the old adage says, only download software from known trusted sources, and only install it after you have verified the checksums to those posted on the official download site.

Collapse -

Wait one!

by GuruOfDos In reply to Think about it though

This ain't executeable...it's SOURCE code, which needs to be compiled or interpreted before it is a working binary.

Source code at the end of the day is just text. Yes, special text, with correct programming syntax, etc., but nevertheless...just text!

Now any programmer worth his or her salt can turn it into executeable code, or at the very least, browse it to see 'how Windows works'.

Of course, any half decent hacker would have already decompiled Windows and already know the exploits! I have myself decompiled certain chunks of earlier Windows code to rectify glaring bugs I have found over the years, and it's not exactly rocket science.

Collapse -

Your right it is Source

by LordInfidel In reply to Wait one!

BUT.... What better place to put trojan code.

This has happened many times before in the linux world. Where the source has been tampered with, you download it without checking the signatures, you compile it and whamo, you now have yourself a trojaned binary.

MS put out a press release stating that they did not release the source.

Only an idiot would actually trust that this is a untampered source tree. (not calling you an idiot, i'm just saying use some common sense)

Collapse -

For sure...

by GuruOfDos In reply to Your right it is Source

And by the same token, who is to say that Microsoft DIDN'T release this code. They may have deliberately 'spiked' it so that anyone compiling it and using it can be traced. I've known that to happen before.

In the glory days of VB3 and VB4, we had maybe two or three programmers besides myself. They were mostly students working in the summer holidays. Several other people worked in collaboration with me on one or two products and we found several interesting things. Despite compiling the source, and VB only 'partially' compiled back in those days, it was always possible to trace an exe back to the original programmer. Coding 'style' and programming technique always ended up affecting the speed of a program and there were several 'tools' to get a programmers 'signature' out of a compiled exe file!!

Perhaps this is their game. I think they have given up on chasing illegal copies of their bloatware...the more desktops they have their software running on, the better eh? What they are after is the people willing to blatantly steal code.

Why am iI hearing 'cons-piracy theory' at every turn?!!!

Collapse -

I agree with caution

by Joseph Moore In reply to Think about it though

LordInfidel, I agree that anyone who gets the source code should be cautious. Personally, I have not found it yet, but I have been in conversations today with someone who claims to have it. I've sent him a few queries on things to look for, and he has graciously sent back a few answers. I am curious on if the DLL that the ANS.1 vulnerability is within the released source code, so I've had him look for it by searching the plain-text code. So far, nothing.
I don't think I will acutally download the source code, for the very reasons you state. By now, there are probably versions of the source code that people have stuffed trojan files into, making them look like innocent source code files. Double-click one and Wham! Trojan on your system.
As always, I am paranoid. So, I would rather have someone else get the code and look things up for me. And luckily, that is what is happening.
Plus, would it be illegal to have the source code?

Collapse -

Coincednatally, Yes

by LordInfidel In reply to I agree with caution

It would be illegal for you to have a copy of the source.

I was involved with a discussion on Bugtraq about this, (taking the same high road). After I made the comment about "I wonder if M$ is monitoring Bugtraq to see who has downloaded the source"

The moderator sent me an e-mail saying he was killing the thread.... (hmmmmm......) His statement was he was agreeing with me that there is no way of knowing what the chain of trust is and thereby it should not be downloaded. But He went on to say that he was going to bounce everything dealing with this subject....

Collapse -

Source from Mainsoft?

by Joseph Moore In reply to Windows 2000 Source Code ...

So now it is being reported that a company called Mainsoft is where the source code came from. Here is the article from Betanews:
http://tinyurl.com/3g5um

They are a Microsoft partner that does get source code. The article says that a Linux machine that was from Mainsoft had the code on it, and they have some proof. I looked around, and found a post with some of this proof. The following is NOT Windows source code. Instead, it came from the "core dump" file that is referenced by Betanews. This is a Linux crash file from the VI editor, apparently.
Anyway, the post I saw had this posted as proof that Mainsoft is where this source code came from.
I acutally found the whole core dump file posted online, but I am only gonna post the dump pieces of (what I think are) relevance:

vi nlmain.c LESSOPEN=|/usr/bin/lesspipe.sh %s USERNAME=eyala HISTSIZE=1000 HOSTNAME=voltaire LOGNAME=eyala INIT_VERSION=sysvinit-2.78 MAIL=/var/spool/mail/eyala MACHTYPE=i386 TERM=xterm HOSTTYPE=i386-linux PATH=.il2/users/eyala/bin:/project/bin:/project/bin.linux:/bin:/etc:/sbin:/usr/sbin:/usr/ucb:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/u/tools/sys/bin:/usr/atria/bin CONSOLE=/dev/console KDEDIR=/usr HOME=/il2/users/eyala INPUTRC=/etc/inputrc PREVLEVEL=N RUNLEVEL=5 SHELL=/bin/tcsh XAUTHORITY=/il2/users/eyala/.Xauthority USER=eyala GDM_LANG=en_US AUTOBOOT=YES VENDOR=intel GROUP=floppy QTDIR=/usr/lib/qt-2.1.0 BOOT_IMAGE=linux_mvfs DISPLAY=:0.0 LANG=en_US HOST=voltaire OSTYPE=linux GDMSESSION=KDE PWD=/usr/ms/win2k_sp1/private/security/msv_sspi

REPLYTO=eyala@mainsoft.com
ORGANIZATION=Mainsoft Co. Ltd.

So we have a username, eyala. It is all over the dump. Ok, I looked up Mainsoft (mainsoft.com), and like Betanews reported, there is the following employee:
"Eyal Alaluf is Mainsoft's Director of Technology, a position he has held since January 2000."

Sure matches up. The posting does list that it is for Win2K SP1, which was out way after Jan 2000. Heck, as I remeber, Win2K was originally release Feb 2000. So, Eyal Alaluf was an employee there at the right time.

And Mainsoft has the following statement about Microsoft, under their Corporate -- Partners -- Microsoft section:
"Mainsoft has been a long-time partner of Microsoft since 1994, when Mainsoft and Microsoft first entered into a source code licensing agreement whereby Mainsoft gained access and distribution rights to Windows operating system source code. "

So, they really do get the source code.

Now, I guess the only real question is, how did the Linux hard drive get out of Mainsoft, and who found it? Is this an instance of dumpster diving striking gold?
Did Eyal Alaluf get a new computer recently, and his old one (with the source code) was tossed?
Hmmm....

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums