how to identify if windows license is legit?

[venm11]

This isn't as obvious as I would have thought. I have a mystery computer here that has Windows 7 installed, and a Vista COA. Microsoft update works as it should. I have no way of knowing if it's legit, or if MS is providing updates grudgingly, or if an activation crack is getting around that.

If it's real, I obviously want to use it, and not Vista. The only other idea I have is to pull the os and software keys off with Jellybean and reinstall everything with legit media using those keys -- which is a pita.

 

[Liger88]

For Windows 7 it's fairly easy.

Check the Windows Update history and see if KB971033 is installed. That patch only affects pirated copies and reverses them if they are illegal copies instantly. If they hid the update then most likely it's a pirated copy since it wouldn't affect any machine who has a legit copy.

Windows Vista I'm not too sure of. There really isn't a way to tell from Windows Vista and before without doing some heavy auditing, most likely requiring someone at MS that specializes in the field. I think you could hunt down the key from Vista and try and visit MS's site to see if it's a legit key or not, but I can't say for sure.

 

[artimusbill]

Windows Genuine Advantage.

Unless you don't want MS looking into your stuff.

 

[evilsofa]

http://www.microsoft.com/genuine/validate/

 

[MrsOldMX]

Download MGADiag Tool and copy / paste the report.

 

[venm11]

thanks for the tips, guys. i'll try all of them.

 

[venm11]

Download MGADiag Tool and copy / paste the report.

Ok. so I ran WindowsActivationUpdate.exe (which took a while) and then ran mgadiag.exe. The output is the following:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {18A7A5C0-0E8C-4F6A-864E-E2BAF519BB82}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.130318-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{18A7A5C0-0E8C-4F6A-864E-E2BAF519BB82}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-4015308781-2465745060-3821973581</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>FQ604AA-ABA m9552p</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.35   </Version><SMBIOSVersion major="2" minor="5"/><Date>20081216000000.000000+000</Date></BIOS><HWID>49BB3607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>840F0CC99059586</Val><Hash>fcveo6XniMlddHaPQiJkfyoKohs=</Hash><Pid>89388-707-3354213-65460</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-1632010
Installation ID: 010002368163677706502332720810851972914322592555894046
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 6/19/2013 2:18:24 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:11:2013 21:12
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAAABAAEAAQACAAAAAwABAAEAln3oSrz89rN4k+JsmogIypI1ukkwYExY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			HPQOEM		SLIC-CPC
  FACP			HPQOEM		SLIC-CPC
  HPET			HPQOEM		SLIC-CPC
  MCFG			HPQOEM		SLIC-CPC
  OEMB			HPQOEM		SLIC-CPC
  GSCI			HPQOEM		SLIC-CPC
  SLIC			HPQOEM		SLIC-WKS
  SSDT			HPQOEM		SLIC-CPC

 

[MrsOldMX]

Microsoft Office Enterprise 2007 <--- is it legit?

And slic seems to be V2.0, Vista only, so yes, looks like it was patched/cracked.

 

[MrsOldMX]

pls delete, hit reply twice :/

 

[venm11]

Microsoft Office Enterprise 2007 <--- is it legit?

And slic seems to be V2.0, Vista only, so yes, looks like it was patched/cracked.

office - no idea. i doubt it *if* the windows isn't legit. but it would be great if ms' own tool could clearly (and conclusively) show that

w7 - well, this machine did come with vista. the owner still could have installed w7 legitimately, but how do you determine from the tool output that this isn't the case?

 

[lilfiend]

if you google the last part of your key you find it online... probably not legit

more specifically the acer windows 7 ultimate key, which is the default key used in the most popular crack for windows 7, its most likely not legit

 

[venm11]

if you google the last part of your key you find it online... probably not legit

more specifically the acer windows 7 ultimate key, which is the default key used in the most popular crack for windows 7, its most likely not legit

indeed, i found the full key and product id together via google. it is acer.

so, there's good reason to believe that it's not genuine. still, it's frustrating that microsoft itself can't confirm this. every check seems to pass, including online wga verification, even after installing the wga update. MS doesn't see an issue that the license key is in circulation?

 

[lilfiend]

indeed, i found the full key and product id together via google. it is acer.

so, there's good reason to believe that it's not genuine. still, it's frustrating that microsoft itself can't confirm this. every check seems to pass, including online wga verification, even after installing the wga update. MS doesn't see an issue that the license key is in circulation?

the key is an OEM volume license so its supposed to be in circulation but for it to pass windows activation your computer is supposed to be an acer computer, it identifies this through slic, which the activator spoofs. It is done this way specifically so MS doesn't detect it as pirated.

 

[Snowknight26]

if you google the last part of your key you find it online... probably not legit

Not at all. Keys that you can find easily by Googling are OEM keys, which can only be activated if you have the right certificate, and the key matches the SLIC in BIOS. Most computers that you buy from manufacturers such as Acer, HP, Dell, etc., come pre-activated with the manufacturer-specific OEM key.

So really, unless the computer's SLP code in BIOS was modified to match the SLIC, the fact that the key can be found online doesn't tell us anything.

What brand is the computer? HP or Acer?

If it's Acer.. because of HPQOEM (and the fact that it says the Manufacturer is HP and the Model is FQ604AA-ABA m9552p) I'm going to say whoever had it previously changed the BIOS to work with the HP OEM key.
If it's HP then it seems they're in the clear (there really is no way of knowing if the SLIC table has been modified as far as I know).

Further reading:
http://hardforum.com/showthread.php?t=1545984
http://www.guytechie.com/articles/2010/2/25/how-slp-and-slic-works.html

Edit:
Though it seems that key is an Acer key and not an HP key, so why it works with an HP SLIC is anyone's guess. Who knows if it's legitimate at this point.

 

[venm11]

Not at all. Keys that you can find easily by Googling are OEM keys, which can only be activated if you have the right certificate, and the key matches the SLIC in BIOS. Most computers that you buy from manufacturers such as Acer, HP, Dell, etc., come pre-activated with the manufacturer-specific OEM key.

So really, unless the computer's SLP code in BIOS was modified to match the SLIC, the fact that the key can be found online doesn't tell us anything.

What brand is the computer? HP or Acer?

If it's Acer.. because of HPQOEM (and the fact that it says the Manufacturer is HP and the Model is FQ604AA-ABA m9552p) I'm going to say whoever had it previously changed the BIOS to work with the HP OEM key.
If it's HP then it seems they're in the clear (there really is no way of knowing if the SLIC table has been modified as far as I know).

Further reading:
http://hardforum.com/showthread.php?t=1545984
http://www.guytechie.com/articles/2010/2/25/how-slp-and-slic-works.html

Edit:
Though it seems that key is an Acer key and not an HP key, so why it works with an HP SLIC is anyone's guess. Who knows if it's legitimate at this point.

You mean, it's the other way around -- that someone patched this HP m9552p's slic table to work with the Acer's w7u key.

So there is no chance that this is legit, then, correct?

 

[venm11]

*finger at the factory-restore button*

 

[TCM]

so, there's good reason to believe that it's not genuine. still, it's frustrating that microsoft itself can't confirm this. every check seems to pass, including online wga verification, even after installing the wga update. MS doesn't see an issue that the license key is in circulation?

If it's a generic OEM key, why should they? That's the whole point.

And of course pirated installs appear totally genuine. That's also the point.

Edit: You could inspect the bootblock of your disk. I believe the most common OEM loader (Daz Loader) works with open source components of GRUB. See if you can find any strings hinting at that.

 

[Quartz-1]

This isn't as obvious as I would have thought. I have a mystery computer here that has Windows 7 installed, and a Vista COA.

You can really stop right here unless the owner of the computer has a VLK. If it had a genuine Windows 7 license, it would have a Windows 7 COA.

 

[BinarySynapse]

Even if MS did detect an illegitimate copy, they will still allow the system to be used and updated to avoid the blowback from "victims of piracy" and a flood of unpatched systems. They just annoy you with popups saying you're using a counterfeit product.

As for royalty OEM product keys, they aren't actually manufacturer specific (in that Acer's assigned key will activate with an HP or Dell certificate). When WIndows does offline pre-activation, it uses the key solely to ensure the proper edition of a certain channel has been installed,not for activation.

You have an OEM product ID of an Ultimate edition using Acer's product key on (what appears to be) on HP hardware. It's an illegitimate installation.

Even if it WASN'T preactivated and using a royalty key, it's still an OEM product, and therefore for a license to be legit, the COA that comes with the disc has to be attached to the system.

 

[GotNoRice]

Funny, I have a "test" computer here with a non-legitimate copy of Windows 7 activated using a common loader crack and it passed every test in this thread with flying colors.

 

[TCM]

What, did you think pirates get an inferior product? Actually, they don't even have to bother with phoning Microsoft just because they swapped too much hardware. So it looks like they even get the superior product.

 

[CEpeep]

Use a bootable linux distro to check the "System Reserved" partition for Daz's Loader.

 

[FnordMan]

Use a bootable linux distro to check the "System Reserved" partition for Daz's Loader.

Oh, is that where that thing lives?
*cough* not that i'd know anything about that particular loader