Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A script to decrypt windows product keys written in python
import _winreg
def DecodeKey(rpk):
rpkOffset = 52
i = 28
szPossibleChars = "BCDFGHJKMPQRTVWXY2346789"
szProductKey = ""
while i >= 0:
dwAccumulator = 0
j = 14
while j >= 0:
dwAccumulator = dwAccumulator * 256
d = rpk[j+rpkOffset]
if isinstance(d, str):
d = ord(d)
dwAccumulator = d + dwAccumulator
rpk[j+rpkOffset] = (dwAccumulator / 24) if (dwAccumulator / 24) <= 255 else 255
dwAccumulator = dwAccumulator % 24
j = j - 1
i = i - 1
szProductKey = szPossibleChars[dwAccumulator] + szProductKey
if ((29 - i) % 6) == 0 and i != -1:
i = i - 1
szProductKey = "-" + szProductKey
return szProductKey
def GetKeyFromRegLoc(key, value="DigitalProductID"):
key = _winreg.OpenKey(
_winreg.HKEY_LOCAL_MACHINE,key)
value, type = _winreg.QueryValueEx(key, value)
return DecodeKey(list(value))
def GetIEKey():
return GetKeyFromRegLoc("SOFTWARE\Microsoft\Internet Explorer\Registration")
def GetXPKey():
return GetKeyFromRegLoc("SOFTWARE\Microsoft\Windows NT\CurrentVersion")
def GetWPAKey():
return GetKeyFromRegLoc("SYSTEM\WPA\Key-4F3B2RFXKC9C637882MBM")
print "XP: %s" % GetXPKey()
print "IE: %s" % GetIEKey()
print "WPA: %s" % GetWPAKey()
@opaku

This comment has been minimized.

Copy link

@opaku opaku commented Jul 11, 2011

hi i was wondering, could you post a python script that gets the raw product key from the product key?
where the product key is given as input from the user.

@Throdne

This comment has been minimized.

Copy link

@Throdne Throdne commented Jan 22, 2014

What version of python are you using? because in 3.3 this script isn't working. for one _winreg is not valid any more, winrag is. but I'm also getting a lot more errors and I'm new to python. A little help and understanding will greatly be appreciated.

Thanks

@cwillu

This comment has been minimized.

Copy link

@cwillu cwillu commented Feb 21, 2016

It's not stored encrypted; the product key is just a base-24 representation of the large number stored in binary.

@deajan

This comment has been minimized.

Copy link

@deajan deajan commented Jan 28, 2020

Here's an updated version that works with Python 3.7, has some PEP-8 love, works with 32/64 bit registries and also checks for OEM BIOS product keys::

#! /usr/bin/env python
#  -*- coding: utf-8 -*-

import winreg
import wmi

# This function is derived from https://gist.github.com/Spaceghost/877110
def decode_key(rpk):
    rpkOffset = 52
    i = 28
    szPossibleChars = "BCDFGHJKMPQRTVWXY2346789"
    szProductKey = ""

    while i >= 0:
        dwAccumulator = 0
        j = 14
        while j >= 0:
            dwAccumulator = dwAccumulator * 256
            d = rpk[j + rpkOffset]
            if isinstance(d, str):
                d = ord(d)
            dwAccumulator = d + dwAccumulator
            rpk[j + rpkOffset] = int(dwAccumulator / 24) if int(dwAccumulator / 24) <= 255 else 255
            dwAccumulator = dwAccumulator % 24
            j = j - 1
        i = i - 1
        szProductKey = szPossibleChars[dwAccumulator] + szProductKey

        if ((29 - i) % 6) == 0 and i != -1:
            i = i - 1
            szProductKey = "-" + szProductKey
    return szProductKey


def get_key_from_reg_location(key, value='DigitalProductID'):
    arch_keys = [0, winreg.KEY_WOW64_32KEY, winreg.KEY_WOW64_64KEY]
    for arch in arch_keys:
        try:
            key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, key, 0, winreg.KEY_READ | arch)
            value, type = winreg.QueryValueEx(key, value)
            # Return the first match
            return decode_key(list(value))
        except (FileNotFoundError, TypeError) as e:
            pass


def get_windows_product_key_from_reg():
    return get_key_from_reg_location('SOFTWARE\Microsoft\Windows NT\CurrentVersion')


def get_windows_product_key_from_wmi():
    w = wmi.WMI()
    try:
        product_key = w.softwarelicensingservice()[0].OA3xOriginalProductKey
        if product_key != '':
            return product_key
        else:
            return None
    except AttributeError:
        return None


if __name__ == '__main__':
    print('Key from WMI: %s' % get_windows_product_key_from_wmi())
    print('Key from REG: %s' % get_windows_product_key_from_reg())
@Saizzou

This comment has been minimized.

Copy link

@Saizzou Saizzou commented May 12, 2020

What version of python are you using? because in 3.3 this script isn't working. for one _winreg is not valid any more, winrag is. but I'm also getting a lot more errors and I'm new to python. A little help and understanding will greatly be appreciated.

Thanks

Did you install wmi packages? If not you can install by "pip install wmi". You could use PyCharm for this Code too and add the interpreter over Settings>Your Project. It works fine on PyCharm ;)

@deajan

This comment has been minimized.

Copy link

@deajan deajan commented May 13, 2020

@Saizzou That's grave digging, the comment from that guy is from 2014 ;)
The WMI part only applies to the updated script I posted, which shall work with Python 3+.

@Saizzou

This comment has been minimized.

Copy link

@Saizzou Saizzou commented May 13, 2020

@deajan Ah didnt looked at the Date my bad. Well I have python 3+ and it didn't worked for me before I installed WMI. Still a good script tho. Thumbs up.

@deajan

This comment has been minimized.

Copy link

@deajan deajan commented May 13, 2020

Keep in mind that the registry method does give bogus results for Windows 10 so far.
If you find any better, please report back.

@HiddenAvocado

This comment has been minimized.

Copy link

@HiddenAvocado HiddenAvocado commented Aug 29, 2020

Hi, can you please give me how to check Microsoft product keys with a Python Module? Like in bulk! Thanks!

@technikian

This comment has been minimized.

Copy link

@technikian technikian commented Jul 27, 2021

I just wasted an hour myself on this problem. As @Deejan mentions, this method is broken in current version of windows 10.

This works to get the product key in pre-decoded form:

from os import system
from elevate import elevate

if name == 'main':
elevate()
system("wmic path softwarelicensingservice get OA3xOriginalProductKey")
system("PAUSE")

IDK how to set it, or even where in the windows registry, or how to decode it and I can't find any of this anywhere. The only idea I have at this point is to copy my registry, change my product key, then diff my windows registry, which is really stupid and only tells us where in the registry to look - there should be a better way to do this.

@deajan

This comment has been minimized.

Copy link

@deajan deajan commented Jul 27, 2021

I have created a windows package that does exactly that job, without the need of os.system for security reasons (wmi package is required though).

You can find the code here https://github.com/netinvent/windows_tools/blob/master/windows_tools/product_key/__init__.py which also contains this as a backup solution for elder windows versions.

You might install the whole package with pip install windows_tools.product_key then just use the following:

from windows_tools.product_key import *

pkey = get_windows_product_key_from_wmi()
if not wmi_key:
    pkey = get_windows_product_key_from_reg()

print(pkey)

[EDIT]
I also have a self elevating package that installs with this one, and works with vanilla / pyinstaller / nuitka python builds
You'll find it at https://github.com/netinvent/command_runner
[/EDIT]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment