دیکد کردن DigitalProductId و مشاهده Product Key در سیستم لوکال و ریموت

شاید در بسیاری از مجموعه نرم افزار ها دیده باشید که در آن ابزاری وجود دارد که با آن بتوان Product Key ویندوز خود را ببنید . اینجا می خوام کد های مورد نیاز برای دیدن این سریال رو بهتون بدم

این سریال همیشه در مقداری با نام DigitalProductId از نوع REG_SZ در زیر شاخه ی HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion وجود دارد حال اگر ما بتوانیم به این مقدار دسترسی پیدا کنیم و مقادیر آن را رمزگشایی کنیم می توانیم سریال نامبر ویندوز را ببینیم .

کد های زیر برای این کار نوشته شده

با زبان Powershell

function Get-WindowsKey {
## function to retrieve the Windows Product Key from any PC
param ($targets = “.”)
$hklm = 2147483650
$regPath = “Software\Microsoft\Windows NT\CurrentVersion”
$regValue = “DigitalProductId”
Foreach ($target in $targets) {
$productKey = $null
$win32os = $null
$wmi = [WMIClass]“\\$target\root\default:stdRegProv”
$data = $wmi.GetBinaryValue($hklm,$regPath,$regValue)
$binArray = ($data.uValue)[52..66]
$charsArray = “B”,”C”,”D”,”F”,”G”,”H”,”J”,”K”,”M”,”P”,”Q”,”R”,”T”,”V”,”W”,”X”,”Y”,”2″,”3″,”4″,”6″,”7″,”8″,”9″
## decrypt base24 encoded binary data
For ($i = 24; $i -ge 0; $i–) {
$k = 0
For ($j = 14; $j -ge 0; $j–) {
$k = $k * 256 -bxor $binArray[$j]
$binArray[$j] = [math]::truncate($k / 24)
$k = $k % 24
}
$productKey = $charsArray[$k] + $productKey
If (($i % 5 -eq 0) -and ($i -ne 0)) {
$productKey = “-” + $productKey
}
}
$win32os = Get-WmiObject Win32_OperatingSystem -computer $target
$obj = New-Object Object
$obj | Add-Member Noteproperty Computer -value $target
$obj | Add-Member Noteproperty Caption -value $win32os.Caption
$obj | Add-Member Noteproperty CSDVersion -value $win32os.CSDVersion
$obj | Add-Member Noteproperty OSArch -value $win32os.OSArchitecture
$obj | Add-Member Noteproperty BuildNumber -value $win32os.BuildNumber
$obj | Add-Member Noteproperty RegisteredTo -value $win32os.RegisteredUser
$obj | Add-Member Noteproperty ProductID -value $win32os.SerialNumber
$obj | Add-Member Noteproperty ProductKey -value $productkey
$obj
}
}

از آنجایی که مقدار DigitalProductId در شاخه HKEY_LOCAL_MACHINE وجود دارد پس می توان آن رابه صورت ریموت با وصل شدن به سیستم داخل شبکه مشاهده کرد کافیست بعد از اجرای این کد در powershell ویندوز از فرامین

Get-WindowsKey

برای دیدن سریال نامبر سیستم لوکال و از فرمان

Get-WindowsKey PC10

برای دیدن سریال سیستم داخل شبکه استفاده کرد
با استفاده از زبان vbscipt

Function GetProductKey(ByVal digitalProductId)
Dim raw
Dim val(15)

map = “BCDFGHJKMPQRTVWXY2346789″
key = “”
j = 0

With (WScript.CreateObject(“WScript.Shell”))
raw = .RegRead(digitalProductId)
End With

For i = 52 To 66
val(j) = raw(i)
j = j + 1
Next

For i = 24 To 0 Step – 1
k = 0
For j = 14 To 0 Step – 1
k = (k * 256) XOR val(j)
val(j) = k \ 24
k = k Mod 24
Next
key = Mid(map, k + 1, 1) & key

If i Mod 5 = 0 And i <> 0 Then
key = “-” & key
End If
Next

WScript.Echo key
End Function

GetProductKey(“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId4″)

با استفاده از زبان Jscipt

var ProductKey = ProductKey || {
DecodeProductKey : function(digitalProductId) {
var map = (‘BCDFGHJKMPQRTVWXY2346789′).split(”),
key = [], raw, i, j;
with (new ActiveXObject(‘WScript.Shell’))
raw = RegRead(digitalProductId).toArray().slice(52, 67);
for (i = 24; i >= 0; i–) {
var k = 0;
for (j = 14; j >= 0; j–) {
k = (k * 256) ^ raw[j];
raw[j] = Math.floor(k / 24);
k %= 24;
}
key = map[k] + key;
if ((i % 5) == 0 && i != 0) key = ‘-‘ + key;
}
return key;
},
GetProductKey : function() {
var key = ‘HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\DigitalProductId';
return this.DecodeProductKey(key);
}
};

WScript.echo(ProductKey.GetProductKey());

با استفاده از زبان c++

#include <windows.h>
#include <iostream>

using namespace std;

#pragma comment (lib, “advapi32.lib”)

void main() {
HKEY Registry;
BYTE *DigitalProductId = 0;
DWORD RawLength;
BYTE raw[15];
char key[30];
const char *key_map[] = {
“B”,”C”,”D”,”F”,”G”,”H”,”J”,”K”,”M”,”P”,”Q”,”R”,
“T”,”V”,”W”,”X”,”Y”,”2″,”3″,”4″,”6″,”7″,”8″,”9″,
};
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
“SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion”,
0,
KEY_QUERY_VALUE,
&Registry) == ERROR_SUCCESS) {
RawLength = 164;
DigitalProductId = new byte[RawLength]; //allocate memory
memset(DigitalProductId, 0, RawLength); //memory initialization
if (RegQueryValueEx(Registry,
“DigitalProductId”,
NULL,
NULL,
DigitalProductId,
&RawLength) == ERROR_SUCCESS) {
memcpy(raw, DigitalProductId + 52, 15); //raw key
if (DigitalProductId) delete []DigitalProductId; //release memory
RegCloseKey(Registry);
}
}
memset(key, 0, sizeof(key));
for (int i = 24; i >= 0; i–) {
int k = 0;
for (int j = 14; j >= 0; j–) {
k = (k * 256) ^ raw[j];
raw[j] = k / 24;
k %= 24;
}
strcat_s(key, key_map[k]);
if (!(i % 5) && i) strcat_s(key, “-“);
}
cout << _strrev(key) << endl;
}

با استفده از Python- v3

from winreg import (
HKEY_LOCAL_MACHINE, CloseKey, OpenKey, QueryValueEx
)

def DecodeProductKey(digitalProductId):
_map = list(‘BCDFGHJKMPQRTVWXY2346789′)
_key = list(range(0, 29))
_raw = list(digitalProductId)[52:-97]
i = 28
while i >= 0:
if (i + 1) % 6 == 0: _key[i] = ‘-‘
else:
k = 0
j = 14
while j >= 0:
k = (k * 256) ^ int(_raw[j])
_raw[j] = k / 24
k %= 24
_key[i] = _map[k]
j -= 1
i -= 1
return ”.join(map(str, _key))

if __name__ == ‘__main__':
with OpenKey(HKEY_LOCAL_MACHINE, r’SOFTWARE\Microsoft\Windows NT\CurrentVersion’) as ok:
v,t = QueryValueEx(ok, ‘DigitalProductId’)
print(DecodeProductKey(v))

با استفاده از MC++

using namespace System;
using namespace Microsoft::Win32;
using namespace System::Reflection;
using namespace System::Collections;

[assembly: AssemblyVersion("2.0.0.0")];

static String^ DecodeProductKey(array<Byte>^digitalProductId) {
array<Char>^_map = (gcnew String(“BCDFGHJKMPQRTVWXY2346789″)) -> ToCharArray();
array<Char>^_key = gcnew array<Char>(29);
ArrayList^ _raw = gcnew ArrayList();
for (Int32 i = 52; i < 67; i++)
_raw -> Add(digitalProductId[i]);
for (Int32 i = 28; i >= 0; i–) {
if ((i + 1) % 6 == 0) _key[i] = ‘-‘;
else {
Int32 k = 0;
for (Int32 j = 14; j >= 0; j–) {
k = (k * 256) ^ (Byte)_raw[j];
_raw[j] = (Byte)(k / 24);
k %= 24;
_key[i] = _map[k];
}
}
}
return gcnew String(_key);
}

void main() {
RegistryKey^ rk =
Registry::LocalMachine -> OpenSubKey(“SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion”);
array<Byte>^ data = array<Byte>(rk -> GetValue(“DigitalProductId”));
Console::WriteLine(DecodeProductKey(data));
rk -> Close();
}

با استفاده از C#

using System;
using Microsoft.Win32;
using System.Reflection;
using System.Collections;

[assembly: AssemblyVersion("2.0.0.0")]

namespace ProductKey {
internal sealed class Program {
internal static String DecodeProductKey(Byte[] digitalProductId) {
Char[] map = (“BCDFGHJKMPQRTVWXY2346789″).ToCharArray();
Char[] key = new Char[29];
ArrayList raw = new ArrayList();
for (Int32 i = 52; i < 67; i++)
raw.Add(digitalProductId[i]);
for (Int32 i = 28; i >= 0; i–) {
if ((i + 1) % 6 == 0) key[i] = ‘-‘;
else {
Int32 k = 0;
for (Int32 j = 14; j >= 0; j–) {
k = (k * 256) ^ (Byte)raw[j];
raw[j] = (Byte)(k / 24);
k %= 24;
key[i] = map[k];
}
}
}
return new String(key);
}
internal static void Main() {
using (RegistryKey rk =
Registry.LocalMachine.OpenSubKey(@”SOFTWARE\Microsoft\Windows NT\CurrentVersion”)) {
Byte[] val = rk.GetValue(“DigitalProductId”) as Byte[];
Console.WriteLine(DecodeProductKey(val));
}
}
}
}

با استفاده از IronPython

from System import Array, Char, Console
from Microsoft.Win32 import Registry

def DecodeProductKey(digitalProductId):
_map = (‘BCDFGHJKMPQRTVWXY2346789′).ToCharArray()
_key = Array.CreateInstance(Char, 29)
_raw = digitalProductId[52:-97]
i = 28
while i >= 0:
if (i + 1) % 6 == 0: _key[i] = ‘-‘
else:
k = 0
j = 14
while j >= 0:
k = (k * 256) ^ _raw[j]
_raw[j] = k / 24
k %= 24
_key[i] = _map[k]
j -= 1
i -= 1
return _key

 if __name__ == ‘__main__':

with Registry.LocalMachine.OpenSubKey(r’SOFTWARE\Microsoft\Windows NT\CurrentVersion’) as rk:
Console.WriteLine(DecodeProductKey(rk.GetValue(‘DigitalProductId’)))

با استفاده از Iron Ruby

require ‘System’

Registry = Microsoft::Win32::Registry

def DecodeProductKey(digitalProductId)
_map = (“BCDFGHJKMPQRTVWXY2346789″).split(”)
_key = []
_raw = []
for i in 52..67 do
_raw.Add(digitalProductId[i])
end
i = 28
while i >= 0
if (i + 1) % 6 == 0
_key[i] = ‘-‘
else
k = 0
j = 14
while j >= 0
k = (k * 256) ^ _raw[j]
_raw[j] = k / 24
k %= 24
_key[i] = _map[k]
j -= 1
end
end
i -= 1
end
return _key.to_s
end

rk = Registry.LocalMachine.OpenSubKey(‘SOFTWARE\Microsoft\Windows NT\CurrentVersion’)
puts DecodeProductKey(rk.GetValue(‘DigitalProductId’))
rk.Close()

با استفاده از VB.net

Imports System
Imports Microsoft.Win32
Imports System.Reflection
Imports System.Collections

<assembly: AssemblyVersion(“2.0.0.0″)>

Namespace ProductKey
Class Program
Friend Shared Function DecodeProductKey(ByVal digitalProductId As Byte()) As String
Dim map As Char() = (“BCDFGHJKMPQRTVWXY2346789″).ToCharArray()
Dim key As Char() = New Char(28) {}
Dim raw As New ArrayList()
For i As Int32 = 52 To 66
raw.Add(digitalProductId(i))
Next
For i As Int32 = 28 To 0 Step – 1
If (i + 1) Mod 6 = 0 Then
key(i) = “-“C
Else
Dim k As Int32 = 0
For j As Int32 = 14 To 0 Step – 1
k = (k * 256) Xor CByte(raw(j))
raw(j) = CByte(k \ 24)
k = k Mod 24
key(i) = map(k)
Next
End If
Next
Return New String(key)
End Function
Shared Sub Main()
Using rk As RegistryKey = _
Registry.LocalMachine.OpenSubKey(“SOFTWARE\Microsoft\Windows NT\CurrentVersion”)
Dim val As Byte() = TryCast(rk.GetValue(“DigitalProductId”), Byte())
Console.WriteLine(DecodeProductKey(val))
End Using
End Sub
End Class
End Namespace

iran javidan