Can you really get Windows and Office for free? These hackers say yes

A group of developers who call themselves Massgrave have successfully hacked Microsoft's activation tools for Windows and Office. The collective has uploaded a set of PowerShell scripts to their repository on GitHub, where anyone can download and use the tools to activate any edition of Windows or any perpetual-license Office edition without paying Microsoft's licensing fees.

The most recent update includes a module that the group claims will allow users to install Windows 10 security updates after the end of support in October 2025, without paying the hefty fees that Microsoft charges for an Extended Security Update subscription.

Also: Can't quit Windows 10? Microsoft will charge for updates next year. Here's how much

In a long blog post, a Massgrave developer explained how the group was able to reverse-engineer Microsoft's antipiracy mechanism, the Software Protection Platform. Using a variety of techniques, the scripts can activate PCs running Windows 7/8.x/10/11 and their corresponding server versions. The scripts also support activation of Office 2010 and later versions, but only for the perpetual-license products and not for Microsoft 365 subscriptions. This chart includes details of how each activation method works.

Running the script requires only the barest of technical knowledge. If you can open a PowerShell window and paste in a command, you can use the tool's simple menu-driven interface, which is shown below:

I tested the software with a fresh installation of Windows 11 in a virtual machine, without using a product key, and used the MAS script's HWID mechanism to create what appeared to be a valid digital license. Next, I transferred the virtual hard disk to a new virtual machine, simulating the kind of casual copying that product activation is designed to prevent. Windows reported that the PC wasn't properly activated, so I ran the MAS script and upgraded using the TSForge method. It worked perfectly.

Next, for good measure, I fired up a fully updated and activated Windows 10 machine and used the TSForge method to grant this virtual PC three years' worth of Extended Security Updates for free. That subscription should have cost me $427. (However, I won't know until the end of this year whether that subscription works.)

Also: Is your Windows license legal? Should you even care?

Finally, I used the link provided by Massgrave to download Microsoft's official click-to-run installer for Office 2024 Pro Plus. After the installation was completed, I ran TSForge again, choosing the option to activate Office. When the script was completed, I opened Word and confirmed that the product was successfully activated, again without any charge.

Is this legal?

At this point, you're probably asking, Is this legal? LOL, of course it's not. The pseudonymous developers freely acknowledge that they're engaging in piracy: "MAS project doesn't accept donations and it's free. It's because it's a community project and involves many contributors, splitting donations is not practical, and also because profiting from piracy is not good." A separate link from this repository goes to the group's "non-piracy site."

After you successfully activate Windows or Office, the progress messages even describe one step as "Installing Forged Product Key Data."

Will you get caught? 

So, maybe the next question is, Will I get caught?

If a business tried using these tools to save $427 per PC to keep getting security updates for another three years, they'd be in a world of hurt if they were audited. However, for individuals and small businesses, there's little risk of consequences outside of whatever moral qualms one might or might not feel over the ethics of software piracy. 

Also: Windows 11 update breaks File Explorer - among other glitches

For the past decade, Microsoft has been incredibly generous with handing out digital licenses, and these hacks mostly work by writing a perfectly legitimate-looking digital license to the encrypted system store. A PC activated using one of these scripts is indistinguishable from one with a properly issued digital license.

Is it safe?

And then there's the big question: Is it safe? I can't answer that one, but I can predict with confidence that these scripts will be cloned by unsavory hackers who will add malware to the package and take advantage of naive end users looking for a bargain. The scripts I saw on GitHub looked harmless, but even the developers admit that bad actors are waiting in the wings. "Be cautious," they advise, "as some spread malware disguised as MAS by using different URLs in the IRM command."

(This certainly isn't the first time Microsoft has had to deal with outsiders targeting its activation mechanisms. My 2010 post, "Confessions of a Windows 7 pirate," covered much of the same ground.)

Also: Don't ignore Microsoft's February Patch Tuesday - it's a big one for all Windows 11 users

Microsoft will no doubt develop countermeasures to make some of these tricks more difficult to execute, but canceling these pirated licenses will be nearly impossible because it's so difficult to tell a legit digital license from a forged one. As these developers note in their FAQ:

Now a question, can Microsoft block the new requests or revoke already established digital licenses?

Revoking the licenses would be too extreme and will face many complications and create a risk of voiding valid licenses. However, they can very easily block the new activation requests for new hardware coming from the methods mentioned here.

The impact on Microsoft's finances will be small, I predict, but not zero. Most Windows revenue comes from licenses sold through huge OEMs like Dell, HP, and Lenovo, and from enterprise licensing agreements. And the company has successfully shifted most of its Office business to cloud-based subscription products like Microsoft 365, which are immune from these sorts of exploits.

Still, Redmond can't simply turn a blind eye to a piracy scheme like this one, especially when the activation code is stored on GitHub, a Microsoft-owned property. Reached for comment, a Microsoft spokesperson told me: "We are aware of these claims and will take appropriate action against any unauthorized use of our software and services."

Let the cat-and-mouse game begin.