Retrieve/decrypt Windows 7 product key from Linux
Solution 1
There is a great tool available for Linux called chntpw
. You can get it easily on Debian/Ubuntu via:
sudo apt install chntpw
To look into the relevant registry file mount the Windows disk and open it like so:
chntpw -e /path/to/windisk/Windows/System32/config/software
Now to get the decoded DigitalProductId
enter this command:
dpi \Microsoft\Windows NT\CurrentVersion\DigitalProductId
Solution 2
For those who are not shy to do a little bit of coding.
I found an algorithm about 10 years ago and implemented it in C# (See below)
If you just want to run it on Windows
I took the liberty to convert it to a powershell script:
$dpid = Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name "DigitalProductId"
# Get the range we are interested in
$id = $dpid.DigitalProductId[52..(52+14)]
# Character table
$chars = "BCDFGHJKMPQRTVWXY2346789"
# Variable for the final product key
$pkey = ""
# Calculate the product key
for ($i=0; $i -le 24; $i++) {
$c = 0
for($j=14; $j -ge 0; $j--) {
$c = ($c -shl 8) -bxor $id[$j]
$id[$j] = [Math]::Floor($c / 24) -band 255
$c = $c % 24
}
$pkey = $chars[$c] + $pkey
}
# Insert some dashes
for($i = 4; $i -gt 0; $i--) {
$pkey = $pkey.Insert($i * 5, "-")
}
$pkey
Run this and you get your product key. (So no coding for you after all)
Original post
So this is the actual C# code I dug up and commented.
public static string ConvertDigitalProductID(string regPath, string searchKey = "DigitalProductID") {
// Open the sub key i.E.: "Software\Microsoft\Windows NT\CurrentVersion"
var regkey = Registry.LocalMachine.OpenSubKey(regPath, false);
// Retreive the value of "DigitalProductId"
var dpid = (byte[])regkey.GetValue(searchKey);
// Prepare an array for the relevant parts
var idpart = new byte[15];
// Copy the relevant parts of the array
Array.Copy(dpid, 52, idpart, 0, 15);
// Prepare the chars that will make up the key
var charStore = "BCDFGHJKMPQRTVWXY2346789";
// Prepare a string for the result
string productkey = "";
// We need 24 iterations (one for each character)
for(int i = 0; i < 25; i++) {
int c = 0;
// Go through each of the 15 bytes of our dpid
for(int j = 14; j >= 0; j--) {
// Shift the current byte to the left and xor in the next byte
c = (c << 8) ^ idpart[j];
// Leave the result of the division in the current position
idpart[j] = (byte)(c / 24);
// Take the rest of the division forward to the next round
c %= 24;
}
// After each round, add a character from the charStore to our key
productkey = charStore[c] + productkey;
}
// Insert the dashes
for(int i = 4; i > 0; i--) {
productkey = productkey.Insert(i * 5, "-");
}
return productkey;
}
You'll have to pass it Software\Microsoft\Windows NT\CurrentVersion
as a Key, where it'll find the DigitalProductId
At that time MS Office Products used the same algorithm, so by providing the function with the relevant registry key it could calculate those product keys as well.
You can of course refactor the function so that it takes a byte array as input.
As for today. I just tested it on my Windows 10 Machine, and it still works.
Solution 3
Here is a Python port of the other answer (adapted for Windows 8.1). The advantage of this over chntpw
is that it will work even with drives in read-only state.
Requirements:
pip install python-registry
Code:
#!/usr/bin/env python
import sys
from Registry import Registry
reg = Registry.Registry("/path/to/drive/Windows/System32/config/RegBack/SOFTWARE")
# Uncomment for registry location for Windows 7 and below:
#reg = Registry.Registry("/path/to/drive/Windows/system32/config/software")
key = reg.open("Microsoft\Windows NT\CurrentVersion")
did = bytearray([v.value() for v in key.values() if v.name() == "DigitalProductId"][0])
idpart = did[52:52+15]
charStore = "BCDFGHJKMPQRTVWXY2346789";
productkey = "";
for i in range(25):
c = 0
for j in range(14, -1, -1):
c = (c << 8) ^ idpart[j]
idpart[j] = c // 24
c %= 24
productkey = charStore[c] + productkey
print('-'.join([productkey[i * 5:i * 5 + 5] for i in range(5)]))
Related videos on Youtube
sundiata
Updated on September 18, 2022Comments
-
sundiata almost 2 years
I accidentally disconnected my hard drive while it was still running and corrupted my Windows 7 installation; I am now completely unable to boot into Windows. I have tried everything to try and repair the installation: Windows Startup Repair, chkdsk /r, SFC /scannow, bootrec /rebuildbcd, etc. and no luck. I want to just perform a fresh install, but my problem is that I do not have my Windows product key written down anywhere, and I am unable to use any scripts or utilities to retrieve it from the registry because I cannot boot into Windows.
Windows 7 product keys are stored, encrypted, in the "DigitalProductId" value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion. I was able to mount the corrupted Windows partition read-only from an Ubuntu live CD and copy the Windows\System32\config\SOFTWARE registry hive, which contains the key & value in question, to a flash drive, but loading this hive into regedit on a working Windows installation and then trying to use scripts or utilities to decrypt the loaded "DigitalProductId" value only returns the product key of the host Windows installation, no matter how much fiddling I try. I've tried contacting Microsoft support and they've been rather unhelpful. Would anyone be able to guide me further? Perhaps if there's a different way to retrieve the product key from Linux?
If someone more familiar with scripting/cryptography would be willing to try and follow the decryption script to decrypt the product key by hand, I could e-mail you the exported "DigitalProductId" value, SOFTWARE registry hive, and decryption script.
-
JasonXA about 9 yearsThis doesn't sound right. If you bought a license you should have the key. Now, on the other hand, if you got your hands on someone elses windows image and want to extract its key, that's not really the point of this site.
-
sundiata about 9 yearsI did buy a license. I have the installation DVD but can't find the product key that came with it. But I think I may have found a solution here: dagondesign.com/articles/windows-xp-product-key-recovery/…
-
JasonXA about 9 yearsYes, that does seem to work. Using the method I did manage to reproduce my key.
-
David H about 9 yearsIf your firmware is UEFI-based, the license key is actually stored in the ACPI MSDM table so it persists across a reboot. If so, see blog.fpmurphy.com for details on how to recover it.
-
-
Mohamed EL HABIB almost 7 yearsThe path to the relevant registry file is into /path/to/windisk/Windows/System32/config/RegBack/SOFTWARE
-
Mark Kirby almost 7 yearsThis is a great answer, I quoted it on Ask Ubuntu askubuntu.com/a/953130/75060
-
Paddy Landau almost 7 yearsThank you for this. Please make a note to check the case of the folder and file names. In my case, I had to use uppercase
SOFTWARE
for the file name. -
Mark Kirby almost 7 yearsThis is a good answer but the question is very old and may not recieve many views. As you are a member, please consider adding your answer to our current Ask Ubuntu post askubuntu.com/questions/953126/…
-
MrPaulch almost 7 yearsThank you. But i believe it would be off topic over there. I may slap together a pseudo code implementation. And refer to this post as an actual implementation.
-
Mark Kirby almost 7 yearsNo problem, do what you think is best
-
Lenar Hoyt almost 6 yearsThe inner loop was one iteration too short. It should work now.
-
Markus von Broady over 4 yearsIf you have problems reading the system32 folder, try making a copy and supplying the path to the copy to the chntpw.