Wednesday, 28 November 2007

WinXP CDKey Extractor

Magical Jelly Bean Keyfinder

This is a small free ware utility that retrieves your Product Key (cd key) used to install windows from your registry. It has the options to copy the key to clipboard, save it to a text file, or print it for safekeeping. It works on Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Office 97, and Office XP.

This version (v1.41) is a quick update to make it work with Windows Server 2003.

You can download it from THERE (251kb) or visit the author's website for more download links:

Note: This tool does not seem to be able retrieve the Office 2003 CD Key. However, a new version of this tool - v1.5B3 - does have the capability of seeing the Office 2003 CD Key, and also enables you to directly change the existing CD Key to another one.

You can download v1.5B3 from THERE or from HERE (254kb)

Note that this tool is NOT a cracking tool, and it does NOT generate a serial for you. All it does is to extract your existing CD Key.

CD Key Reader

CD Key Reader is another small tool that can find and display registration information for Microsoft tools and software that is installed on your computer (i.e. Windows, Office and so on).

You can download it from the author's website (43kb):

BTW, there are quite a few other tools that do the same trick. If you know of a good one please add a coment to to the post.

Ref :

; -----
; Windows XP CD-KEY Extractor (ASM) by Napalm
; Original C++ Version by Smith
; -----
; Please remember this would look simpler without the comments

[BITS 32]
%include ""

; Imports
iextern lstrlen, 4
iextern GetStdHandle, 4
iextern WriteFile, 20
iextern RegOpenKeyExA, 20
iextern RegQueryValueExA, 24
iextern RegCloseKey, 4
iextern Sleep, 4
iextern GetAsyncKeyState, 4
iextern ExitProcess, 4

; Constants
%define REG_BINARY 3
%define KEY_READ 0x20019
%define VK_ESCAPE 27
%define FALSE 0
%define TRUE 1
%define HKEY_LOCAL_MACHINE 0x80000002
%define MAX_DATASIZE 164

section .data
szTitle db "Windows XP CD-KEY Extractor (ASM) by Napalm",10,"Original C++ Version by Smith",10,10,0
szError db "Unable to retrieve cd key!",10, 0
szQuit db "Press escape to quit...",0
szKeyChars db "BCDFGHJKMPQRTVWXY2346789",0
szRegKey db "SOFTWARE\MICROSOFT\Windows NT\CurrentVersion",0
szRegValue db "DigitalProductId",0

section .bss
lpRawData resb MAX_DATASIZE
szFinalKey resb 32

section .text
global _start
icall OutputString, szTitle
icall GetWindowsCDKey, szFinalKey, TRUE
test eax, eax
jz .ShowError
icall OutputString, szFinalKey
jmp .ShowQuit
icall OutputString, szError
icall OutputString, szQuit
icall Sleep, 10
icall GetAsyncKeyState, VK_ESCAPE
test eax, eax
jz .WaitForKey
icall ExitProcess, 0

lpszBuffer equ 8
bUseFormat equ 12
enter 0, 12
hKey equ 4
bStatus equ 8
dwDataLen equ 12

; Set Return Error State
mov dword [ebp-bStatus], FALSE

; Open Registry Key
lea ebx, [ebp-hKey]
test eax, eax
jnz .ErrorRet

; Get Registry Value
lea ebx, [ebp-dwDataLen]
mov dword [ebx], MAX_DATASIZE
xor ecx, ecx
icall RegQueryValueExA, dword [ebp-hKey], szRegValue, ecx, ecx, lpRawData, ebx
test eax, eax
jnz .ErrorRet

; Close Registry Key
icall RegCloseKey, dword [ebp-hKey]

; Get Encrypted Key
mov edi, lpRawData
mov esi, edi
add esi, 52
mov ecx, 15
rep movsb

; Decrypt Key
mov ecx, 24; Set Loop1 counter "i"
mov edi, dword [ebp+lpszBuffer]; Note: The key is decrypted backwards;)
add edi, ecx ; EDI now points to the End of the resulting key
xor edx, edx ; Zero EDX
cmp edx, dword [ebp+bUseFormat]
jz .StartDecrypt; Jump if bUseFormat is 0(FALSE)
add edi, 4 ; Add 4 so there is room for the dashes
inc edi
mov byte [edi], 10; Add line return to end of key
dec edi
push ecx ; Preseve ECX for Loop1 (Loop counter)
mov ecx, 14 ; Set Loop2 counter "c"
mov esi, lpRawData; Set source pointer to lpRawData
;nCur = 0
mov ebx, 0; EBX is "nCur" in original C++ file
; nCur = nCur * 256
shl ebx, 8
; nCur ^= lpRawData[c]
xor edx, edx; Clear edx since we only set DL in next line
mov dl, byte [esi+ecx]; Set DL to source input char
xor ebx, edx
; lpRawData[c] = nCur / 24;
xor edx, edx; Division in ASM in simple yet looks complicated
mov eax, ebx; Pseudo: EAX:EDX DIV SRC = EAX:EDX (EAX=Quotient, EDX=Remainder)
mov ebx, 24
div ebx; So this is: EAX / 24
mov byte [esi+ecx], al; Put Quotient back into lpRawData
; nCur %= 24
mov ebx, edx; Put Remainder into EBX "nCur"
dec ecx
cmp ecx, -1
jne .DecryptLoop2; Continue loop while ECX greater than -1
pop ecx ; Restore Loop1 counter
; *lpszResult-- = "BCDFGHJKMPQRTVWXY2346789"[nCur];
mov esi, szKeyChars; Set source pointer to KeyChars
mov al, byte [esi+ebx]; Get key char for EBX "nCur"
mov byte [edi], al; Set resulting char in final key string
dec edi ; Remove 1 from the pointer
; Next we split the following C++ line up
; if(((i % 5) == 0) && (i > 0) && bUseFormat) *lpszResult-- = '-';
xor edx, edx
; && bUseFormat
cmp edx, dword [ebp+bUseFormat]
jz .NoDashes; Jump if bUseFormat is 0(FALSE)
; && (i > 0)
cmp ecx, edx
jz .NoDashes; Jump if ECX "i" is Zero
; ((i % 5) == 0)
mov eax, ecx; Set EAX to ECX
mov ebx, 5
div ebx ; We divide EAX "i" by EBX "5"
xor eax, eax; Set EAX to Zero
cmp edx, eax
jnz .NoDashes; Jump if EDX(Quotient) is Zero
; *lpszResult-- = '-';
mov byte [edi], '-'
dec edi
dec ecx
cmp ecx, -1
jne .DecryptLoop1
; bStatus = TRUE;
mov dword [ebp-bStatus], TRUE

mov eax, [ebp-bStatus]
ret 8

lpszString equ 8
enter 0, 0
icall lstrlen, dword [ebp+lpszString]
push eax
icall GetStdHandle, STD_OUTPUT_HANDLE
pop ebx
xor ecx, ecx
icall WriteFile, eax, dword [ebp+lpszString], ebx, ecx, ecx
ret 4
Ref :

No comments:

Post a Comment