Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Disable Office v.X network serial number check Desktop
Despite the title, this isn't a tip about software piracy. I run MS Word on my Tibook and on my desktop G4. One great advantage of OSX is that, once launched, you just leave your apps running until you need them. With virtual memory and lots of RAM, there is little reason not to.

However, if I leave the same serial number install of MS Word running on both machines then Microsoft believes that I am a pirate and insists on deactivating one of the running programs. They do this by an illegal and unauthorized use of the bandwidth on my network.

Read the rest of the article for an AppleScript that disables this check...

[Editor's note: I debated a while before deciding to publish this hint, but the presence of the network serial number check does make it harder to use Office if you have two machines -- even if you never break the terms of the license agreement regarding simultaneous use. I do not condone nor support software piracy, but I do believe that I should be able to use the software as I wish within the terms of the agreement. In addition, this hack has been published on many of the other Mac sites, so this isn't new information...]

Create the following AppleScript:
try
set theConfirmation to (do shell script
"/sbin/ipfw add 0 deny tcp from any to any 3464" password
"MyPassword" with administrator privileges)
set theConfirmation to (do shell script
"/sbin/ipfw add 0 deny udp from any to any 2222" password
"MyPassword" with administrator privileges)
on error
beep
end try
Obviously, "MyPassword" has to be your password.

The best uses of the script are:
  1. Make it a compiled script and then run it via Script menu as needed.
  2. Make it a "run only" and "don't show startup screen" script, and then add it to your startup items.
Repeat: I don't condone software piracy and I only use this script as I described above.
    •    
  • Currently 2.67 / 5
  You rated: 1 / 5 (12 votes cast)
 
[159,396 views]  

Disable Office v.X network serial number check | 38 comments | Create New Account
Click here to return to the 'Disable Office v.X network serial number check' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
random port numbers
Authored by: Severian on Apr 06, '02 04:47:14PM
The behavior of the MS Database Daemon (PID Sniffer) is pretty well known by now. It uses UDP port 2222 to announce its presence and to find other daemons running on the local network. Then the various Office apps use a random TCP port in the range 3000-3999 to listen for other copies with the same serial number. Blocking these ports with your firewall is a prudent thing to do, whether or not you are trying to use multiple copies with the same serial number. Even if you are only using a single copy, it's possible for a hacker to sniff out your daemon and then terminate your MS Office apps by faking a serial number collision. If you have made any unsaved changes, they would be lost. For this reason alone, Microsoft should be roasted over a slow fire for implementing such a dangerous "anti-piracy" scheme. Since the applications use a random port number, you will actually have to block all TCP ports in the range 3000-3999. Blocking the port 3464 as you did will only be effective one time in a thousand. Here are the relevant lines from my firewall configuration file:
wcmd="/sbin/ipfw"
# Block MS Office PID Sniffer
$fwcmd add deny udp from $oip to any 2222 out
$fwcmd add deny log udp from any to $oip 2222 in
$fwcmd add deny tcp from $oip to any 3000-3999 out
$fwcmd add deny log tcp from any to $oip 3000-3999 in
This will silently block any outgoing connections from the daemon, and also block incoming connections while logging the attempts in system.log. Converting these lines to AppleScript is an exercise left for the reader.

[ Reply to This | # ]
Even easier in 10.2
Authored by: heavyboots on Oct 18, '02 02:29:21PM

As near as I can tell, if you don't want open listening ports through your cable modem connection, you can now just use 10.2's built-in Firewall and make a new "Other" Firewall item called "MS Office" that blocks 2222, 3000-3999. Correct?



[ Reply to This | # ]
Even easier in 10.2
Authored by: symphonitron on Jul 25, '03 11:33:05AM

Actually you just need to go to the computer that gives you the error and turn on the firewall settings. ALL ports will be blocked EXCEPT those which you mark in the checklist, so you don't need to create a new one. The problem goes away immediately after you turn on the firewall.



[ Reply to This | # ]
New Issue??
Authored by: 128K Mac on Apr 06, '02 05:18:00PM
This has been much discussed before, i.e., disabling the "problem" which creates difficulty in quitting Office v. X applications. It's also been dealt with as a software piracy issue.

RE the issue of the Microsoft license involved. I believe MS has expressed concerns about this issue. See this MacFixit note, which replaces what used to be their tip for dealing with the situation: (requires "membership")
At Microsoft's request, we have removed this information. Microsoft admits that there is nothing illegal in what we described, that it has a legitimate value, and that information on their own site provided the key step for what needed to be done. Still, they asked that we remove it so as to prevent the dissemination of information that could be used to promote software piracy. We concurred. -- MacFixIt Editor
(The information "provided by Microsoft" is indeed on their web site and lists the port numbers that need to be blocked.)

**********************

How about macosxhints story #1 or story #2?

*********************

It appears there are various interpretations which have changed over time. Perhaps using a script instead of writing a rule from Terminal is different? Depends on who's "interpreting" the license or what their concern is?

Or this MacFixitForum thread

And since there's "nothing illegal about it"...........

Etc. etc.....

[Editor's note: I edited these comments to convert some http:// references into HTML tags (to narrow the comment's widths), as well as to remove a section of text that was copy and pasted from a source (MacFixIt) where it is no longer available for viewing. -rob.]

[ Reply to This | # ]
New Issue??
Authored by: robg on Apr 06, '02 06:11:32PM

Not necessarily a new issue, but the first time it's been directly discussed as a hint. If Microsoft asks me to remove it, I'll certainly consider it, but for now, I've heard nothing from them.

-rob.



[ Reply to This | # ]
New Issue??
Authored by: 128K Mac on Apr 06, '02 07:07:44PM

Interesting.

BTW, you forgot to note my original post was "Edited." Don't want anyone to get the strange idea I know html or something.

Jerry



[ Reply to This | # ]
My bad...
Authored by: robg on Apr 06, '02 10:20:06PM

I've added the edited tag. Sorry for omitting this the first time.

-rob.



[ Reply to This | # ]
Where was that?
Authored by: bankmann@mac.com on Apr 08, '02 02:05:34AM

"(The information "provided by Microsoft" is indeed on their web site and lists the port numbers that need to be blocked.)"
- you said... (128K Mac or Rob)

Where exactly does MS provide this information?
It doen't seem to be on Mactopia, at any rate...



Bankmann



[ Reply to This | # ]
New Issue??
Authored by: artist_ph on Apr 04, '03 09:19:00AM

Hi.

I am new to Mac. How do you use apple scripts? Help please...

---
John Mateos Ong
www.imagine-nation.org



[ Reply to This | # ]
Don't disable ports 3000-3999
Authored by: Anonymous on Apr 06, '02 06:20:29PM

There is really no need to close the TCP ports in the 3000-3999 region.

If you close UDP 2222, then no other computers will know which TCP port your copy of word has chosen to listen to (in the 3000-3999 range), because that info is broadcasted in the UDP packets. The protocol is thus: Your copy of word spews it's serial number (encoded) and the TCP port it is listening on in a packed on UDP 2222. Other copies of word on the network get this packet and then respond the your copy of word on the specified TCP port if they have the same serial. Then one copy shuts down.

So no need to block the TCP port range, because other copies of word will never even hear about your copy and thus won't try to contact it.

Sure, some 1337 hax0r could try to crash your copy of word by trying every serial number on all 1000 TCP ports, but that's more or less unlikely.

The reason I recommend against blocking the TCP ports is that things may run on TCP 3000-3999, and you don't want to inadverterntly break those.



[ Reply to This | # ]
Don't disable ports 3000-3999
Authored by: tsaar on May 21, '02 03:44:50PM

Hmm, interesting

But I guess the L337 H4x0r does not have to try I guess.

If he does a portscan on 3000 - 3999 first he'll know what ports you're listening on.....

The thing is: it's just not nice to have 'uncontrolled' listening ports opened up by any program when you are connected to the net 'barenaked' like I am.....

I'm blocking 3000 - 3999 (even if it screws up my ability to use active FTP sessions.....)



[ Reply to This | # ]
Just another display of Microsofts blatant security-unawareness
Authored by: jluster on Apr 07, '02 12:26:25AM

This is just another display of M$' blatant security unawareness. And just another proof that most people will uncritically install just about everything on their machines, not knowing what it does and how it works.

With literally thousands of Office X installations directly accessible through the 'net and Microsoft's track record of producing insecure daemons, no one in his or her right mind should leave this hole open. This is M$ for you, and this is also Joe R. User for you, who trusts everything to "behave", regardless of it origin as long as it has a shiny website.

I am amazed, that especially we Mac users seem to feel so safe from any threat that we don't want to learn from the past, especially the stuff that happened to just about every M$ product so far - it was used for a number of heinous attacks.



[ Reply to This | # ]
Just another display of Microsofts blatant security-unawareness
Authored by: eno on Apr 07, '02 04:56:27AM
Bad move on MS's part to implement this kind of network checking. Why? Because it's a security hole and an inconvenience to legitimate users.

They did it because they're obsessed with software piracy. But have they stopped it? Anyone who wants to use multiple copies of Office v.X with the same (probably pirated) SN will find out how to circumvent the "protection" by spending a minute or two watching the output of tcpdump (man tcpdump) or by doing a google search.

The end result? Piracy goes on unaffected, but legitimate users are inconvenienced and handed another MS-made security vulnerability. Oh, and people hate MS more, both legit users and pirates, who become even more determined to beat them.

Sigh. Stupid, stupid, stupid MS.

[ Reply to This | # ]
Just another display of Microsofts blatant security-unawareness
Authored by: jluster on Apr 07, '02 04:51:13PM

If there's one thing to be learned from the past, then it's the fact that every move, no matter how bold, how stupid or how endangering to users, will be forgotten in no time flat. Microsoft's bad rep is old - but only with those who know [tm] and does not really impact sales.

Same for Apple. Did the hundreds of cease-and-decist's, Apple's legal department has sent out in the last few months, in any way decrease the loyalty, Apple's user base shows? Did any of their moves, from a forced networked registration, over the "no themes" movement, etc. impact Apple's sales? I don't honestly think so.

This is why Microsoft will keep doing those things. My machine is locked down, anyways, so this Auto-Discovery (if I'd use Office, which I don't) is not really a threat to me, and the userbase they endanger, will forgive them to a large extend. Simply because somehow M$ managed to make them believe that this is the way it has to be, and that security holes and privacy violations are something normal they have to deal with.

Fortunately, we are different. We're Mac users. And the only way to show Microsoft that WE are different, is to talk about those holes. Publically. Call the press, let them know. Inform the media. In the light of current Microsoft/DOJ-battles, the media LOVES to hear about this stuff from someone they can quote.



[ Reply to This | # ]
Just another display of Microsofts blatant security-unawareness
Authored by: seedy on Apr 08, '02 10:12:20AM

I thought one could avoid the Apple registration by selecting "Not ready to connect to the internet" and then deleting the registratioon file before going online. Or does it register anyhoo?

Problem with Microsoft is that Word is going to join Kleenex and Velcro as the common usage for word processor. Since it already dominates, excepting us perceptive types who hate having helpful hints lobbed in our way, some people who don't want to or can't pay MS's inflated price and NEED to have it for whatever reason will steal it, or borrow it or whatever.

And since it's way overpriced, they'll feel justified, just as people do with music CD's that are way overpriced. Both the music industry and Microsoft are slowly cutting their own necks, but don't tell them that. Let's watch the blade start to sink into the skin before we speak.



[ Reply to This | # ]
Re: Apple registration
Authored by: Krioni on Dec 12, '03 10:51:16AM

Actually, to skip Apple's registration, just press Command-Q on your keyboard. Registration skipped, and install process continues. Whew, that was hard.

And, yes, you can also decline to send in the registration as another poster pointed out.

The other complaints about Apple are legitimate, but this one is just not true.



[ Reply to This | # ]
Beware the Jolly Roger Label
Authored by: el bid on Apr 10, '02 10:00:41AM
Editor's note: ... I do not condone nor support software piracy

I think we really all need to wake up and realise that this word "piracy" has been foisted on us by a pressure group that wants to force our thinking about the use of digital information in a particular direction.

Whether you incline in that direction yourself is beside the point. Loaded words with a hidden agenda in no way aid the debate -- probably one of the most important debates in the IT sector at present -- about the future of copyright and other so-called "intellectual property rights".

As ever, Richard Stallman is lucid and thought provoking on this point (at http://www.gnu.org passim, but see particularly ../philosophy/words-to-avoid.html).

We don't have to agree with him on every (or indeed any) point (at least not unless you happen to be sitting across the lunch table from him, as I was a couple of weeks ago, when disagreement is not an option!). But I do think the world is better off for having him around, and there's not much point having him around unless we try to understand what he's telling us.

--
el bid



[ Reply to This | # ]
Quickeys 1.5
Authored by: Anonymous on Apr 11, '02 06:41:20AM

Quickeys 1.5 also has a network sniffer. Can the same script be modified to deal with it? Or does each sniffer have its own tricks? I can't have QK running on my desktop and my iBook at the same time, and this is very inconvenient.



[ Reply to This | # ]
There it was, at last...
Authored by: bankmann@mac.com on Apr 25, '02 01:42:19PM

... and sort of in reply to Heath's personal mail...

I've been scouring the Microsoft web.
The information about this issue wasn't easily found.
But here's the link to what little there is:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-002.asp


Bankmann



[ Reply to This | # ]
Block MS Office serial number @ port 2222
Authored by: paulshew on Oct 25, '02 05:36:50AM

Simple and effective AppleScript to solve the MS Office serial number problem. This is an attempt to improve on previous scripts listed here.

try
     set theConfirmation to
     (do shell script "/sbin/ipfw 
     add 0 deny udp from any to any 2222" 
     password "ADMIN_PASSWORD_HERE" 
     with administrator privileges)
on error
     beep
end try

Enter your own admin_password, and "set" command all belongs on one line. Save the script as a compiled application, and then add it to your login items. This script makes it easy to maintian the system when you upgrade -- as I just experienced with Jaguar. No more fooling with IPFW config files.

I use my desktop and notbook simultaneously, and without this, I can't even check my email (which I do on my notebook) while contunuing work in Word or Excel (which I do on my desktop).



[ Reply to This | # ]
Script disables Firewall control panel
Authored by: bradleymark on Nov 13, '02 08:24:20PM

The scripts work, though I haven't removed the 3000-3999 block. Only problem is I can't access the firewall control panel once the script application is run. It tells me I have to disable my "other" firewall software.

Are my firewall settings still ok? Or completely replaced by this script?

Thank you.



[ Reply to This | # ]
Doesn't work?
Authored by: endquote on Nov 16, '02 04:26:57PM

On Jaguar with Office SR1, none of this seems to work. I've blocked both 2222 and 3000-3999 via the firewall config and ipfw, but all Office apps seem to quit anyway. I wonder if the port has changed? I should bust out a portscanner or something...



[ Reply to This | # ]
Doesn't work?
Authored by: swanksalot on May 21, '03 11:07:40AM

Doesn't seem to work for me either. How does one 'sniff' ports anyway?



[ Reply to This | # ]
Buy It
Authored by: hackamacj on Nov 17, '02 08:17:44PM

Now I know there is some old fashioned way in saying buy the program, although I do believe that I have some advantage, now if you are a student you might be able to accomplish this. I recently saw an order that we placed to Dell Computers for, get this, Office V.x site license, so the whole world could run this version of the program with no conflict and if you want to know the price $50. I have no clue how you can actually order it from dell, but I tell you for 50 bucks to have Office V.x running on both computers that I have, every single computer at school, and of course everybody elses, I would surly pay the 50 bucks.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: rienzio on May 23, '03 02:32:49PM

IT is simple as turning on the GODDAMN FIREWALL!!! Just as long as you don't have anything that allows ports 2222 and 3000-3999 any friggin piece of software that sniffs for other instances can be run on a LAN without any problems. ITS JUST THAT EASY.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: lucT on Jul 14, '03 01:22:34PM

Anybody can telle me if this is supposed to work with Jaguar 10.2.3 Prefs system sharing ? For me, it does not seem to work at all..



[ Reply to This | # ]
CIAC's page on this topic
Authored by: Anonymous on Jul 14, '03 12:31:40PM

"Microsoft Office for Macintosh OS X has an antipiracy mechanism that secretly opens network service ports on a Macintosh system and broadcasts version information to other systems on a single subnet. The problem is that open network services provide attack points for intruders and need to be controlled by users..."

http://www.ciac.org/ciac/techbull/CIACTech02-003.shtml



[ Reply to This | # ]
OS X newb
Authored by: alexdagrate on Sep 04, '03 01:00:27PM

ok, i really dont know how to use applescript but i am using office on a home lan with two computers... any help on setting this up? any help on whether these hints still work on jaguar 10.2.6?



[ Reply to This | # ]
another option: application-based firewalls
Authored by: voldenuit on Sep 04, '03 04:06:45PM

I would like to point out another option for those who dislike those misbehaved applications that will phone home or do what OfficeX does.

They allow you to set up rules for network access application by application. And because you probably cannot think of any good reason why you should allow some rude spreadsheet-program to use the network at all, you can select the apps that need to use the net for a living such as mail clients, web browsers etc.

The implementations I am aware of are sharewares:

little snitch
http://www.obdev.at/products/littlesnitch/

firewalk X
http://www.pliris-soft.com/products/firewalkx/

I agree with the previous posters that it is both stupid and rude to market products that will use ones own network ressources without asking. Raising awareness and complaining loudly to marketing should push this issue the same way where spyware already is: considered bad practise and a sufficient reason not to use a product.

German commercial law has the notion of "Treu und Glauben", a behavior you would reasonably expect from an honorable professional and I feel that things such as naive and brittle network-serial lookups are definitely not something one would tolerate from a business partner.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: voldenuit on Jan 20, '06 11:52:29AM

The only way to automatically include a firewall rule to stop Office from broadcasting packets we don't want to see on the network so far were written in Applescript and required to store the admin password in cleartext in the script if you don't want the user to type it in on every restart.

That didn't quite fit my idea of elegance and security.

For machines running Tiger, the solution is quite simple:
create the file

/etc/rc.local :

#!/bin/sh

# block serial check for M$ Office:

/sbin/ipfw add 0 deny udp from any to any 2222

and it works beautifully.

It should be owned by root and be executable:

sudo chown root:wheel /etc/rc.local
sudo chmod 755 /etc/rc.local

For Panther, I've created a system-wide StartupItem.

In case someone wants to do the same, I've put the whole thing here as a file attachment in this thread in the forums:

http://forums.macosxhints.com/showthread.php?t=50342

It contains two files:


/Library/StartupItems/Office_fix/Office_fix

#!/bin/sh

# block serial check for M$ Office:

/sbin/ipfw add 0 deny udp from any to any 2222


/Library/StartupItems/Office_fix/StartupParameters.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Description</key>
<string>Office_fix</string>
<key>Messages</key>
<dict>
<key>start</key>
<string>Starting Office_fix</string>
<key>stop</key>
<string>Stopping Office_fix</string>
</dict>
<key>OrderPreference</key>
<string>Last</string>
<key>Provides</key>
<array>
<string>Office_fix</string>
</array>
<key>Requires</key>
<array>
<string>NetworkExtensions</string>
</array>
</dict>
</plist>

File ownership and permissions are the same as for the rc.local file.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: jarrellgriarte on Feb 12, '06 09:34:54AM

Would it be possible to tell me step by step how to do this? I'm fairly new to Mac.

How do you create a file under /etc and what programs are used.
I am assuming the following lines are written in Terminal

sudo chown root:wheel /etc/rc.local
sudo chmod 755 /etc/rc.local

but where to these lines get written?

#!/bin/sh

# block serial check for M$ Office:

/sbin/ipfw add 0 deny udp from any to any 2222


I wrote them in text editor and tried to save it under /etc/rc.local but I received a message saying I cannot modify the folder.

I would like to be able to understand my mac a little more and would appreciate any help.

Thanks



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: boydwick on Jan 03, '07 04:05:06PM
To make the file in terminal, type the following one line at a time (<return> means hit the return key) at the command line:

cd /etc <return>
sudo vi rc.local <return>

At this point you will be asked for your administrative password. Type it in and hit the <return> key.

Once the file is open, hit the <i> key on your keyboard and paste or type in the following (provided in voldenuit's post above):

#!/bin/sh

# block serial check for M$ Office:

/sbin/ipfw add 0 deny udp from any to any 2222

When you have finished pasting or typing them in, hit the <esc> key on your keyboard followed by the <shift> <:>, <w>, and <q> keys, then hit <return>.


Make sure to set the file ownership and permissions as voldenuit suggests by typing in the following one at a time followed by a <return>:

sudo chown root:wheel /etc/rc.local <return>

sudo chmod 755 /etc/rc.local <return>

That should do it.

You probably don't want to enable the root user in terminal for any of this, but just in case:

http://docs.info.apple.com/article.html?artnum=106290

For help learning commands for the basic shell editor "vi":

http://www.cs.colostate.edu/helpdocs/vi.html


[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: apfhex on Jun 09, '08 02:08:08PM

I know this is an old hint but I am in a situation where I'm still using Office v.X and voldenuit's + boydwick's posts where fantastic in resolving this issue.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: bruceluis on Dec 15, '09 02:05:13PM

Hi guys
This is an old article, but is the ONLY ONE I could found on this issue. I NEED HELP, I have my laptop and desktop running office all the time and they are connected in a network.
I know I'm not breaking any laws. This is my configuration:
Microsoft Office 2008 12.2.3
Mac OS X 10.5.8
2.66 GHz Quad-Core Intel Xeon
3 GB 1066 MHz DD3



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: bruceluis on Dec 15, '09 02:05:54PM

please step by step, newbie here



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: ehalusic on Jan 01, '10 02:41:39PM

This is a really easy fix for this problem:
-Click on the Apple logo in the top right corner
-Click system preferences
-Click security (top line)
-Click the firewall tab
-Click "Set access for specific services and applications"
-Click the +
-Choose the office programs you want to use and add them to the list
-Change the office applications to "Block incoming connections"

Done. You will have to repeat this on the other computers using the software as well.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: Idaho Bob on Jan 15, '10 02:14:37PM

Thank you, Thank you, Thank you!

I'm using OSX 10.6.2, and the security settings window is a little different than you described, but close enough for me to figure it out. I've been really steaming about the inability of my wife and I to both be on MS Word and the Web on our respective lap tops at the same time, even though we are using two separate (legal) product keys. The fire wall settings seem to have cleared up the nonsense.



[ Reply to This | # ]
Disable Office v.X network serial number check
Authored by: dhiren123 on Mar 02, '12 02:27:45PM

I have just happened to figure out an easy and hassle free way of using microsoft word without having to get that error message again.
This is for MAC users.

System Preferences > Security > Firewall > Turn it on > Go to Advanced > Add Microsoft Word in the list (if not previously added > change the setting by clicking on the arrows to "Block all incoming connections" > After you're done, click OK

Switch on Word after this, your problem shouldn't persist any longer.

Make sure your Firewall is turned ON at all times.

Cheers!



[ Reply to This | # ]