Bill Gates fan leaks source code for a bunch of Microsoft OSes including Windows XP

[Delicieuxz]

Microsoft have said they are investigating the matter.

 

Windows XP Source Code Reportedly Leaked, Posted to 4chan

Windows XP Source Code Allegedly Leaked Online As A Torrent File

Windows XP source code reportedly discovered online

The Windows XP source code was allegedly leaked online

 

Quote

Published as a torrent file on bulletin board website 4chan, the 43GB data dump is said to have been compiled over the course of the last few months by the leaker.

 

The collection also includes source code for Windows 2000 and multiple versions of Windows CE, MS DOS, Windows Embedded and Windows NT - but all of which have a smaller modern install base than XP.

 

The individual responsible for the leak also appears to bear Bill Gates a distinct grudge, dedicating a whole section of the torrent file to videos slandering the Microsoft founder.

 

Quote

The torrent also includes a media folder containing a bizarre collection of conspiracy theory videos about Bill Gates.

 

In addition to the torrent, a smaller 2.9GB 7zip file containing only the source code for Windows XP and Windows Server 2003 is being distributed online as well.

 

The leaker states that the Windows XP source has been passed around privately between hackers for years, but was released publicly for the first time today.

 

Quote

Users on 4Chan posted screenshots of the allegedly leaked source code of Windows XP and the iconic Bliss Background of the Windows operating system. In addition to the 43GB file, a file with 7zip extension containing the source code of Windows XP or Windows Server 2003 has spread on the internet by 4Chan users and Redditors and is now available as a torrent file on several platforms.

Here are the contents of the leaked file:

• MS DOS 3.30
• MS DOS 6.0
• Windows 2000
• Windows CE 3
• Windows CE 4
• Windows CE 5
• Windows Embedded 7
• Windows Embedded CE
• Windows NT 3.5
• Windows NT 4

 

 

So close, yet it's still not Windows Vista or 7 - and that Windows Embedded 7 folder appears to be only 12.8 MB in size. Maybe next time.

 

I'm curious how comprehensive the code is. If only there was a way to turn it into a legal open-source project that could free people from Windows 10.

[Mark Kaine]

windows Vista was really good, snappy, clean UI, and barely any issues.

 

The only issue it had that it would randomly "update" about every 6 months even when updates where off...and then it ran like shit lol... thank goodness I had a "recovery cd"  that fixed it every time.

 

XP also wasn't bad! (win 98 too)

 

So what are the implications of this news, "open source" windows? I can't imagine microsoft being happy about that?

 

 

[Trik'Stari]

I'd love to see an Open Source version of Windows get off the ground and become exceedingly popular.

 

If only to piss off the Linux fanboys lol.

[Delicieuxz]

1 minute ago, Mark Kaine said:

windows Vista was really good, snappy, clean UI, and barely any issues.

 

The only issue it had that it would randomly "update" about every 6 months even when updates where off...and then it ran like shit lol... thank goodness I had a "recovery cd"  that fixed it every time.

 

XP also wasn't bad! (win 98 too)

 

So what are the implications of this news, "open source" windows? I can't imagine microsoft being happy about that?

I love Windows Vista and it's been my best Windows experience. I had a good computer for it, though, and didn't encounter any of the issues people with less powerful PCs or who didn't have drivers for their hardware did.

 

The Twitter thread linked-to in the OP talks a bit about the security implications of the leak.

 

I don't foresee Microsoft allowing an open-source Windows built from leaked source code to be hosted on GitHub or elsewhere. That would be wonderful, though.

[TheCoverUp]

just downloaded it...seems to be legit!

[minibois]

The implications this could have might be interesting.

I wonder if these people can compile the code though.

2 minutes ago, TheCoverUp said:

just downloaded it...seems to be legit!

[TheCoverUp]

but I cannot give the link.... It will be against community rules

[Doobeedoo]

Hah, interesting. Of course not surprised for older versions. 

[fred82]

proud of my friend who discovered this

[jagdtigger]

1 hour ago, TheCoverUp said:

but I cannot give the link.... It will be against community rules

PM.....

[TetraSky]

Could be good news for Linux projects like Wine.

Could be bad news since bad actors may look through it to find a vulnerability.

 

All in all... How the fuck did that end up leaking. A disgruntled employee?

[TheCoverUp]

3 minutes ago, TetraSky said:

How the fuck did that end up leaking

It was actually circulated among hackers for the past 6~7 years. 

[Quinnell]

4 hours ago, minibois said:

The implications this could have might be interesting.

I wonder if these people can compile the code though.

looks like your average Rainbow Six Siege attacker crew

[Nayr438]

5 minutes ago, TetraSky said:

Could be good news for Linux projects like Wine.

Could be bad news since bad actors may look through it to find a vulnerability.

 

All in all... How the fuck did that end up leaking. A disgruntled employee?

It's actually not the first Windows leak, but it may be the first full one.

The development team however behind Wine, says they would rather never look at any part of the Windows Source Code, as it could add in the possibility of accidentally copying or rewriting something from the source. Wine needs to be made without any reference to the original Windows Source code for legal reasons.

[wanderingfool2]

53 minutes ago, TetraSky said:

Could be good news for Linux projects like Wine.

Could be bad news since bad actors may look through it to find a vulnerability.

 

All in all... How the fuck did that end up leaking. A disgruntled employee?

The devs. on WINE wouldn't touch it with a 10 foot pole because it would end their project if it came out that they did (legally).  Even as it stands, the development cycle of things such as WINE are as followed (not sure if it's changed)

1. Dev. one looks at the API calls, disassembles it and writes a document that describes what it does [but not the code]

2. Dev. two takes the documentation (not having seen anything about the disassembled info) and puts it into code

That way there is a larger barrier between them and lawsuits.

 

From what I've heard about Microsoft's source code is that very few people have access to the full thing.  Most are just given permissions for the sections they are responsible for (to prevent this sort of thing)

 

 

It always scares me when things like this come out.  While a lot of XP code isn't used in Windows anymore, there are sections that have been reused (and this could really make it easier to find the flaws that might be inherently in some of the older protocols that still are supported)

[Bombastinator]

4 hours ago, TheCoverUp said:

just downloaded it...seems to be legit!

There’s a confusion I am having you might be able to clear up then: the list of included stuff stops at nt4, but people are talking about XP and vista which were later. NT4 is antique.  I was thin when people were using NT4.

[jagdtigger]

3 minutes ago, wanderingfool2 said:

It always scares me when things like this come out.  While a lot of XP code isn't used in Windows anymore, there are sections that have been reused (and this could really make it easier to find the flaws that might be inherently in some of the older protocols that still are supported)

Nah it aint that bad, the bad guy arent the only ones who are wetting this code pretty thoroughly.....

[TheCoverUp]

1 minute ago, Bombastinator said:

There’s a confusion I am having you might be able to clear up then: the list of included stuff stops at nt4, but people are talking about XP and vista which were later. NT4 is antique.  I was thin when people were using NT4.

there is a file in mega with xp sp1. but I cannot tell how to access it.

[Kisai]

5 hours ago, Trik'Stari said:

I'd love to see an Open Source version of Windows get off the ground and become exceedingly popular.

 

If only to piss off the Linux fanboys lol.

That's called ReactOS.

 

And no, this source code leak has been around for years. How much of that wound up in Wine or ReactOS by accident, nobody will know unless they start comparing files.

[wanderingfool2]

4 minutes ago, jagdtigger said:

Nah it aint that bad, the bad guy arent the only ones who are wetting this code pretty thoroughly.....

Having non-bad guys looking at it to doesn't mitigate the fact that vulnerabilities could be found easier now.  Look at the pad with zero's issue that allowed access to the domain controller, had that been found first by a malicious person and distributed it would have been a nightmare

[jagdtigger]

16 minutes ago, Kisai said:

How much of that wound up in Wine or ReactOS by accident, nobody will know unless they start comparing files.

If i would have to guess i would say 0, neither of them want to get their projects shot down.

 

17 minutes ago, wanderingfool2 said:

Having non-bad guys looking at it to doesn't mitigate the fact that vulnerabilities could be found easier now.

Easier for both sides, they still have equal odds it just takes less time to find something.

[wanderingfool2]

6 minutes ago, jagdtigger said:

Easier for both sides, they still have equal odds it just takes less time to find something.

...and you don't see a problem in that?  If a bad actor can now potentially scan the code or look at how a protocol was implemented to find a vulnerability it opens the door to potential abuse.  While a white hat might report it and a patch would be created that sort of thing takes time. If an issue with how the protocol was implemented is noticed a quick patch might not be possible (again the padding zeros only has a stop gap and it's been admitted the full patch might break compatibility with some devices). 

[Kisai]

5 minutes ago, jagdtigger said:

If i would have to guess i would say 0, neither of them want to get their projects shot down.

 

I'd almost be willing to bet money that all the improvements to Wine and ReactOS in the last 8 years were due to leaks from the source code being "researched" by people who have access to it. The literal code? Nah. But source code with the same optimization flags compiles to the exact same thing, no matter how you mangle the function names.

 

The thing is, once you've seen the source code to something, you can't "unsee" it. So unless someone goes on a fishing expedition to find out who had access to the source code and who has worked on ReactOS or Wine, and communicated with each other, you really can't say "nobody", because it's far more likely people who worked on an open source project re-implementation of something to have knowledge about something they're not supposed to have by some manner of reverse engineering to begin with.

[jagdtigger]

3 minutes ago, wanderingfool2 said:

...and you don't see a problem in that?

Um no? If this were so dangerous open source would not exist. Security through obscurity should die in the flames of hell.

[wanderingfool2]

1 minute ago, jagdtigger said:

Um no? If this were so dangerous open source would not exist. Security through obscurity should die in the flames of hell.

There is a huge difference between open source vs the source of a closed source being leaked.

 

Might I also remind you of heartbleed...and open source where there wasn't enough eyes on the code, and got massively exploited when the patch came out (because everyone was able to easily see the change and easily implement an exploit).