[TO DO] How to look for a pirated product key in a DMP file
- Thread starter Patrick
- Start date
The full key is not in any of the data we request, the Product ID number is in the Systeminfo.txt file in the Windows7_Vista_jcgriff2 upload file.
If you google the product ID number and come up with a lot of hits there is a good chance it's pirated. The exception being it's a Dell OEM key and the op hasa Dell or a Acer ID on a Acer, HP on HP etc.
Product ID: 00426-292-0000007-85980
If you google the product ID number and come up with a lot of hits there is a good chance it's pirated. The exception being it's a Dell OEM key and the op hasa Dell or a Acer ID on a Acer, HP on HP etc.
Product ID: 00426-292-0000007-85980
$systeminfo.txt?
If so, I don't see it in this one.
The reason I ask is because a user on TSF made this thread - Persistant BSOD ntoskrnl.exe +MSKSSRV.sys + hal.dll - Tech Support Forum
and admitted to using a pirate Windows, so I locked it.
Shortly after, the user made another thread - bsod help - Tech Support Forum (you can also get the files here yourself to look at for the product ID)
????
Before I lock it again, this time I'd like to be a little more 'blunt' in the kindest way possible by showing the user that their OS is indeed pirated.
If so, I don't see it in this one.
The reason I ask is because a user on TSF made this thread - Persistant BSOD ntoskrnl.exe +MSKSSRV.sys + hal.dll - Tech Support Forum
and admitted to using a pirate Windows, so I locked it.
Shortly after, the user made another thread - bsod help - Tech Support Forum (you can also get the files here yourself to look at for the product ID)
????
Before I lock it again, this time I'd like to be a little more 'blunt' in the kindest way possible by showing the user that their OS is indeed pirated.
Its there 00426-OEM-8992662-00400 is the product ID number
Hi Patrick,
The way Wrench describes is the way pretty much all of us do it. :) There are a couple of tips I've learnt over the years however.
1) If you see Windows 7 Ultimate - be suspicious. Don't instantly condemn the OP, but very few machines come with the Ultimate edition and it's the one that's pirated the most.
2) Compare the Product ID with the manufacturer of the computer. Taking the attached file in Wrench's post as an example:
It's ultimate - I'm suspisious
Custom build PC - In that case, I would expect to see a retail key.
Google the last three parts: OEM-8992662-00400, and surround them in speech marks for better results.
Google returns a lot of results - I'm now almost certain this is a crack.
One of the pages further down the list shows exactly what I want to see: Windows 7 OEM SPL KEYS - XiZi's Blog
It's a Dell OEM key used on a custom build PC - It's non genuine.
If the key appears lots in Google but matches the manufacturer of the PC, then it tends to be legit. If it doesn't - then it's a crack.
3) Check how many Updates are installed. Cracked systems are often not updates in order to preserve the crack. In this case:
4) Ask for an MGADiag report! They look scary, but can be very useful. I like to ask for an MGADiag report before declaring the OS is non-genuine.
My canned speech for MGADiag -
Let's give you a quick guide for MGADiag...
For an OEM SLP key to be genuine, a few things much match up in the MGADiag report - The key itself, the manufacturer and the SLIC key in the BIOS.
Let's look at an example:
First, look at the key:
It's an ASUS key according to Google.
Now look at the BIOS information at the end of the log:
The BIOS is reporting MSI_NB as the SLIC value. Looks like an ASUS key on an MSI system.
For one last check, let's find the true manufacturer. OPs sometimes don't say - or just lie.
Find the Other Data--> line in the report.
I've highlighted the bit you're looking for in red. It's an MSI MS-7641 computer.
So, it's an MSI machine with an ASUS key ---> NON GENUINE.
5) If you're really unsure, look at the date of the install. If it's before 28/7/2009 (Windows 7 release date), then it's impossible for a OEM key to be on the machine!
I've highlighted it in blue in the above code block - it's in the format YYYYMMDD. In this case, it's the 28th Nov 2012, so it's fine.
6) If the Product ID is
XXXXX-OEM-8992662-00497
Then it's counterfit - no questions asked. The Key was blocked and destroyed even before launch and no machine in the world has a legal copy.
---
I'm no expert, but that's what I know. Speak to NoelDP if you're really interested in the ins and outs!
Stephen
The way Wrench describes is the way pretty much all of us do it. :) There are a couple of tips I've learnt over the years however.
1) If you see Windows 7 Ultimate - be suspicious. Don't instantly condemn the OP, but very few machines come with the Ultimate edition and it's the one that's pirated the most.
2) Compare the Product ID with the manufacturer of the computer. Taking the attached file in Wrench's post as an example:
Code:
OS Name: Microsoft Windows 7 Ultimate
Code:
System Manufacturer: To be filled by O.E.M.
System Model: To be filled by O.E.M.
Code:
Product ID: 00426-OEM-8992662-00400Google returns a lot of results - I'm now almost certain this is a crack.
One of the pages further down the list shows exactly what I want to see: Windows 7 OEM SPL KEYS - XiZi's Blog
Code:
XXXXX-OEM-8992662-00400 --- DELLIt's a Dell OEM key used on a custom build PC - It's non genuine.
If the key appears lots in Google but matches the manufacturer of the PC, then it tends to be legit. If it doesn't - then it's a crack.
3) Check how many Updates are installed. Cracked systems are often not updates in order to preserve the crack. In this case:
Code:
Hotfix(s): 1 Hotfix(s) Installed.
[01]: KB9584884) Ask for an MGADiag report! They look scary, but can be very useful. I like to ask for an MGADiag report before declaring the OS is non-genuine.
My canned speech for MGADiag -
Let's give you a quick guide for MGADiag...
For an OEM SLP key to be genuine, a few things much match up in the MGADiag report - The key itself, the manufacturer and the SLIC key in the BIOS.
Let's look at an example:
Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {1639F2BA-8F7F-4704-B327-7B4318142E7C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1639F2BA-8F7F-4704-B327-7B4318142E7C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-62616032-3399521306-1291915431</SID><SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7641</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V17.12</Version><SMBIOSVersion major="2" minor="6"/><Date>20121128000000.000000+000</Date></BIOS><HWID>F0653307018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MSI_NB</OEMID><OEMTableID>MEGABOOK</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600173-02-1033-7601.0000-3612012
Installation ID: 018992619335663230781142748965295442839531243010475334
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VKM6G
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/31/2012 6:50:10 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:26:2012 14:57
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAln14V9aWVPIQMxiZmKAmO9oRULDvNvxnFA8=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7641MS A7641100
FACP 7641MS A7641100
HPET 7641MS OEMHPET
MCFG 7641MS OEMMCFG
OEMB 7641MS A7641100
SSDT A M I POWERNOW
SLIC MSI_NB MEGABOOKFirst, look at the key:
Code:
Q6MMK-KYK6X-VKM6GNow look at the BIOS information at the end of the log:
Code:
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7641MS A7641100
FACP 7641MS A7641100
HPET 7641MS OEMHPET
MCFG 7641MS OEMMCFG
OEMB 7641MS A7641100
SSDT A M I POWERNOW
SLIC MSI_NB MEGABOOKThe BIOS is reporting MSI_NB as the SLIC value. Looks like an ASUS key on an MSI system.
For one last check, let's find the true manufacturer. OPs sometimes don't say - or just lie.
Find the Other Data--> line in the report.
Code:
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1639F2BA-8F7F-4704-B327-7B4318142E7C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-62616032-3399521306-1291915431</SID>[COLOR=#FF0000][B]<SYSTEM><Manufacturer>MSI</Manufacturer><Model>MS-7641</Model></SYSTEM>[/B][/COLOR]<BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V17.12</Version><SMBIOSVersion major="2" minor="6"/>[B][COLOR=#0000FF]<Date>20121128[/COLOR][/B]000000.000000+000</Date></BIOS><HWID>F0653307018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MSI_NB</OEMID><OEMTableID>MEGABOOK</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>I've highlighted the bit you're looking for in red. It's an MSI MS-7641 computer.
So, it's an MSI machine with an ASUS key ---> NON GENUINE.
5) If you're really unsure, look at the date of the install. If it's before 28/7/2009 (Windows 7 release date), then it's impossible for a OEM key to be on the machine!
I've highlighted it in blue in the above code block - it's in the format YYYYMMDD. In this case, it's the 28th Nov 2012, so it's fine.
6) If the Product ID is
XXXXX-OEM-8992662-00497
Then it's counterfit - no questions asked. The Key was blocked and destroyed even before launch and no machine in the world has a legal copy.
---
I'm no expert, but that's what I know. Speak to NoelDP if you're really interested in the ins and outs!
Stephen
Last edited:
That's way too much work :)
If I'm suspicious I'll Google the ID number seeing the hits like on this one I'll ask the OP where this copy came from along with posting bits of the dump output file, 99 times out of 100 they'll tell you a friend got it off the net or they got it off the net.
If I'm suspicious I'll Google the ID number seeing the hits like on this one I'll ask the OP where this copy came from along with posting bits of the dump output file, 99 times out of 100 they'll tell you a friend got it off the net or they got it off the net.
:lol:
I used to do that - but found that OPs often lied about it or just ignored my questions about it. I also like to be sure before I accuse the user.
I used to do that - but found that OPs often lied about it or just ignored my questions about it. I also like to be sure before I accuse the user.
That's why you have to post the bits of the output file they don't know what it says and don't want to get caught lying to you :)
Personally I don't go out looking to see if every system is pirated or not but if it becomes apparent Win7 with no SP1 or lack of updates, the op readily admits it as in the case above just tell them we don't support pirated copies and close the thread as you did in this case.
Right, yea. I've never actually looked for a pirated copy, and not only because I really didn't know how. Like you said though, in this case, the OP admitted it so in the next thread I nicely summed up that we can see that their OS is indeed counterfeit.
- May 7, 2013
- 10,400
Some keys may look like Retail keys, but they're not. You need to check the CID part too:
Code:
XXXXX-[COLOR=#ff0000]{CID}[/COLOR]-XXXXXXX-XXXXXHas Sysnative Forums helped you? Please consider donating to help us support the site!