Windows 7 Ultimate has been cracked. The pirate milestone, reached almost three months before Windows 7 is set to hit General Availability on October 22, 2009, was achieved via OEM instant offline activation that passes Windows Genuine Advantage validation and keeps the operating system permanently activated. Previous cracks weren't as solid: while they may be working now, they can easily be disabled by Microsoft. This one won't be so easy.

Both 32-bit and 64-bit Windows 7 Ultimate can now easily be activated, according to My Digital Life. For Windows 7 Professional, Windows 7 Home Premium, Windows 7 Home Basic, and Windows 7 Starter, the OEM-System-Locked Preinstallation (SLP) keys haven't been leaked, so they cannot be OEM-activated yet. It won't be long before easy-to-use Windows 7 activation toolkits start appearing in the wild.

The story begins with a Windows 7 Ultimate OEM DVD ISO from Lenovo leaking to a Chinese forum. The boot.wim file was then used to retrieve the OEM-SLP product key and OEM certificate for Windows 7 Ultimate. The SLP is a procedure used by Microsoft to preactivate the Windows operating system for mass distribution by major OEMs. Windows 7 and Windows Server 2008 R2 use SLP version 2.1, which is backwards-compatible with version 2.0, the version Windows Vista and Windows Server 2008 use. As such, after the OEM certificate and OEM product key were extracted, it was discovered that Windows 7 uses the same digitally signed OEM certificate, which has an .xrm-ms extension, that Vista uses.

The extracted Windows 7 Ultimate OEM-SLP product key can be used to activate an installed Windows 7 Ultimate system, and since the product key appears to be a master OEM-SLP product key for Windows 7 Ultimate, it can activate Windows 7 Ultimate from any OEM. Furthermore, even if the user already has a retail version of Windows 7 Ultimate installed, it can be converted to an OEM version with two simple commands, and then activated.

This is a major breakthrough for the Windows piracy world and a huge blow to Microsoft. Even if it was imminent, the fact that it has occurred so soon means pirates will have activated copies of Windows 7 a good week before even MSDN and TechNet subscribers get their hands on the RTM build on August 6, not to mention all the other groups Microsoft plans to give the build to. The Windows 7 RTM and Windows Server 2008 RTM build was compiled on July 13, 2009 and the official announcement was made on July 22, 2009.

Update

"We’re aware of reports of activation exploits that attempt to circumvent activation & validation in Windows 7, and we can assure customers that Microsoft is committed to protecting our customers and partners from counterfeit and pirated software," a Microsoft spokesperson told Ars. "Microsoft strongly advises customers not to download Windows 7 from unauthorized sources and downloading Windows 7 from peer-to-peer Web sites is piracy, and exposes users to increased risks - such as viruses, Trojans and other malware and malicious code—that usually accompany counterfeit software. These risks can seriously harm or permanently destroy data and often expose users to identity theft and other criminal schemes."