Research: A bit of Googling revealed that while in Windows 95-based operating systems the CD-key was in cleartext in the registry, Windows NT-based versions (including XP) had the key encrypted in the registry. Our task, then, was two-fold.
- Open the registry files from the old hard disk and find the key.
- Decrypt the CD-key once extracted from the registry.
There are several registry files on every computer. Each user has an NTUSER.DAT file in their documents, which is hidden under normal circumstances, but with the proper settings in the file explorer (Tools -> Folder Options -> View tab -> Show protected and system files, Show hidden files) it is displayed. The problem then is viewing the data in this file. This can be accomplished with a tool called loadhive. When you run this, it prompts you for a file to load. Navigate to the hive file mentioned and select it. After clicking Open Hive, it will display a window with some information. Do not close this window! This is telling you where it loaded the hive into the registry, and this hive file will only be loaded while this screen is displayed. Only after you have retrieved your key can you close this window, to unmount the hive file. Note that this will mount the hive file in a non-standard branch of the registry, so it doesn't overwrite your real registry.
Part 1b: Find the Key
Now that you have the hive mounted, go to Start -> Run, type regedit, then press enter or click Okay. Navigate in the registry to the part that was desribed in the loadhive window, for me it was HK_LOCAL_MACHINE\NTUSER. Inside of this, find the Software\Windows NT\Currentversion folder and click on it. In the right pane will be displayed a binary registry key labeled DigitalProductID. Double-click on this key. This will display the encrypted key with it's corresponding hexadecimal values. Don't worry if you don't understand it. The key is stored in sections 34 through 42. Here is a map to help you find your key.
0000 00 00 00 00 00 00 00 00 ..The spots marked 11 indicate the sections where your key is stored. Congratulations, you have found your key!
0008 00 00 00 00 00 00 00 00 ..
0010 00 00 00 00 00 00 00 00 ..
0018 00 00 00 00 00 00 00 00 ..
0020 00 00 00 00 00 00 00 00 ..
0028 00 00 00 00 00 00 00 00 ..
0030 00 00 00 00 11 11 11 11 ..
0038 11 11 11 11 11 11 11 11 ..
0040 11 11 11 00 00 00 00 00 ..
0048 00 00 00 00 00 00 00 00 ..
Troubleshoooting Note:
If the "DigitalProductID" key isn't there or if your key seems to consist of only 00's, your key may not be in the NTUSER.DAT file. In this case, instead open the Windows\System32\Config directory and locate the Software file. It has no extension. Load this into your registry with the method described above and note that this will be loaded into a different area in the registry. Just read the loadhive window to find out where. Then follow the rest of the instructions to find the key normally.
Part 2: Decrypting the Key
This is the easiest part. Just go to this site, enter those pairs of numbers into the entry area (don't worry about spaces or capitalization) and press Decrypt Code. It now displays your 20-digit product key.
Posts
2 comments:
i cant believe i finally looked at this a WHOLE DAY after it was posted!!!!!!! oh btw, IM SO HAPPY MY PICTURE MADE IT TO FAMEEEEEEE!!
So, wow. I'm actually impressed on your article.
I really am.
MAD STUPID PROPS!!!
Post a Comment