Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Speedbird

How to detect Windows piracy

Recommended Posts

Posted · Original PosterOP

Intro

I have worked with Windows for quite some time, and I have not pirated it. However, I have of course seen some pirated systems. Some of these systems very easily identified as pirated, but with some it took some advanced stuff. So, I decided to write this guide to help you detect if a system that you are working on, or your own system if you’re not sure, has a pirated copy of Windows.

Some basic terms

Product key – the series of 25 alphanumeric characters distributed to prove legitimacy of the OS. A Windows operating system needs a product key installed. It looks something like this: XXXXX-XXXXX-XXXXX-XXXXX

Product ID – an ID consisting mostly of numbers, but can contain letters too. According to Microsoft, the Product ID is used to qualify for support. On Windows 7 and earlier, it looks like this: 00000-000-0000000-00000. On Windows 8 and later, it looks like this: 00000-00000-00000-AA000. The Product ID can be found in the Control Panel, and is generated from the product key and the system language.

Activation – The process of verifying the legitimacy of the product key. During this process, the product key is verified by the Microsoft servers to make sure it matches the operating system, and that it isn’t on their blacklist. This method can be bypassed in several ways.

Validation – The process of verifying the legitimacy of the operating system. During this process, the Windows system files, product key, and activation status are checked. This is a part of Windows Genuine Advantage, which was removed in Windows 8.

The easy way

 

The easiest way to check if Windows is genuine is by running Microsoft Genuine Advantage Diagnostic Tool (MGADiag). This tool can be downloaded from https://go.microsoft.com/fwlink/?linkid=52012. This is an official tool provided by Microsoft, and works on Windows XP, Vista and 7. It runs the validation on the operating system and displays the result.  By pressing the copy button, the whole report, including advanced information will be copied to the clipboard. Here’s a full report from a virtual machine:  http://pastebin.com/WCG2bcDT.

On a non-genuine system, the error should be displayed right away at the validation status.  Sometimes, installing KB971033 helps detect it. However, you can take a closer look to identify more sophisticated piracy.  I have created some virtual machine with various Windows “cracks” and will show you how to identify them.

KMS cracks

KMS, or Key Management Service, is considered one of the easiest ways to bypass Windows activation. This method has been developed by Microsoft for use with Volume Licencing. A KMS server has a KMS Host key, also known as CSVLK (Customer-Specific Volume License Key), which is a special type of product key licenced only for KMS servers. The computers all have KMS Client keys, also known as GVLK (Generic Volume Licence Key), which are publicly available. These GVLKs cannot be used for activation with Microsoft servers, but can be used with KMS servers. A KMS server will activate any client as long as it has a GVLK installed. A KMS crack usually consists of a KMS Server running on the computer, which is used to activate Windows. Here’s how to detect this.

  1. Run MGADiag and check the Product ID Channel. If it is 1 – KMS Client, then you most likely have a pirated system at hand. However, it maybe activated with a legitimate system with a KMS server.
  2. Check the Licensing tab of MGADiag. This is the output of slmgr /dlv, and you can find KMS information in there. The KMS host should not be 127.0.0.x address. If it is, then it is activated with a local KMS server and is pirated.

 

SLP Cracks

System Locked Preinstallation, like KMS, was developed by Microsoft themselves to bypass Windows Activation. SLP was designed for system manufacturers (OEMs) who deploy system images to thousands of systems per day, and who cannot activate every single system manually.  SLP consists of 3 things – a Software Licensing Internal Code (SLIC) Table in the BIOS of the computer, a license file, and an SLP Product Key. All of these three are generic, and a single OEM uses one of each for all of their manufactured systems. Many of these have been leaked, and can easily be downloaded. A common way to use them is to modify the master boot record of the hard drive to inject a SLIC to the RAM, and then install the license file and key. Another method is by actually modifying the BIOS by adding a SLIC table. As this method is used by many computer manufacturers, such as HP and Dell, it is not easy to detect. But anyway, here’s how it’s done.

  1. Detecting SLP itself is easy – Run MGADiag and check the Product ID Type. If it’s 2 – OEM SLP, then it’s SLP. The hard part is detecting if it’s legitimate or not. There are several ways to do this, but I’m going to show you a method where MGADiag is the only needed tool.
  2. System manufacturers usually add some information to identify themselves. One of the methods of doing this is adding OEMIDs to the BIOS. This can be used to identify tampering – if one added a SLIC from a different OEM, it would have a different OEMID. To see these, you can copy the MGADiag report and scroll down to OEM Activation 2.0 information. If you see that the SLIC table has a different OEMID than others, then an SLP crack has been used. This is very easy to detect on custom-built systems, as retail motherboards usually have generic OEMIDs, like ALASKA or AMI. Also make sure to check OEMTableIDs – all should be the same. If the SLIC is different, then it’s pirated.
  3. If that didn’t detect it, then the only way to check is by looking at the Certificate of Authenticity and making sure that it matches the installed edition of Windows. SLP can be very hard to detect sometimes, and in those cases looking at the COA is the only way

So what do you guys think of this? If I screwed up somewhere or missed something totally important that everybody needs to know, just reply to this thread.


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites

Seems legit.

Idk why you would need to find if a pc was pirated or not though. xD


 

 

 

Link to post
Share on other sites
Posted · Original PosterOP

Seems legit.

Idk why you would need to find if a pc was pirated or not though. xD

maybe one works at a repair shop and refuses to work on pirated systems?


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites

maybe one works at a repair shop and refuses to work on pirated systems?

doesn't really seem like a valid reason..........but i could see that happen.


 

 

 

Link to post
Share on other sites

I bought Windows 98SE so i'm entitled to every subsequent version of Windows released xD.

But anyway, I have an idea, what if you were to download the Windows 7 activators, like the one by DAZ.

Then looking at all the SLIC data that it would inject and crosscheck them with what the system has installed.


Comb it with a brick

Link to post
Share on other sites
Posted · Original PosterOP

I bought Windows 98SE so i'm entitled to every subsequent version of Windows released xD.

But anyway, I have an idea, what if you were to download the Windows 7 activators, like the one by DAZ.

Then looking at all the SLIC data that it would inject and crosscheck them with what the system has installed.

I used the DAZ loader for SLP crack testing here, but I haven't tried it on a system with an installed SLIC. As far as I know, it uses binary dumps of SLICs that have been collected from various systems.


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites
-removed, because spoilers don't work...-

 

Windows 7 and office purchased from Microsoftsoftwareswaps... Legit or not? There's a lot of N/As and blanks in there... 

Link to post
Share on other sites
Posted · Original PosterOP

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: ----------------------------------------------
Windows Product Key Hash: fRtkCGJJJZOFuMLnlDZA9D1+3M8=
Windows Product ID: -----------------------------------------------
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {22F42164-74DC-451F-A56B-FED273DC1201}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150525-0603
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{22F42164-74DC-451F-A56B-FED273DC1201}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-R9DPK</PKey><PID>00371-220-6160161-06698</PID><PIDType>5</PIDType><SID>S-1-5-21-1514768023-2607320537-3432079673</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>B85N PHOENIX</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F6</Version><SMBIOSVersion major="2" minor="7"/><Date>20140704000000.000000+000</Date></BIOS><HWID>176D0600018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: c1e88de3-96c4-4563-ad7d-775f65b1e670
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00212-220-616016-00-2057-7601.0000-1232015
Installation ID: 003164099156894724006721507731271415568486312536778001
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: R9DPK
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 09/07/2015 18:45:38
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:1:2015 16:52
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: KgAAAAAAAQABAAEAAAACAAAAAQABAAEAln0g+OxqbB0MwMIbXvD+fMj2
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC ALASKA A M I
  FACP ALASKA A M I
  HPET ALASKA A M I
  MCFG ALASKA A M I
  FPDT ALASKA A M I
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  DMAR INTEL HSW 
 
 
Windows 7 and office purchased from Microsoftsoftwareswaps... Legit or not? There's a lot of N/As and blanks in there... 

 

The spoiler didn't work....

 

Anyway, it's a retail key, so if it activated normally with the MS servers, it's legit. The N/As and balnks are normal, and the only way to check Office 2010 and newer is with ospp.vbs. But your Windows is genuine. Also, no need to remove the product ID or the partial product key.


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites

The spoiler didn't work....

 

Anyway, it's a retail key, so if it activated normally with the MS servers, it's legit. The N/As and balnks are normal, and the only way to check Office 2010 and newer is with ospp.vbs. But your Windows is genuine. Also, no need to remove the product ID or the partial product key.

 

I removed them just because, i can. I know there was no need to, but why not. Thanks. 

Link to post
Share on other sites

doesn't really seem like a valid reason..........but i could see that happen.

I refuse to support pirated software and have had clients bring PCs that use it.


CPU: Core i7 4970K | MOBO: Asus Z87 Pro | RAM: 32GBs of G.Skill Ares 1866 | GPU: MSI GAMING X GTX 1070 | STOR: 2 X Crucial BX100 250GB, 2 x WD Blk 1TB (mirror),WD Blk 500GB | CASE: Cooler Master HAF 932 Advanced | PSU: EVGA SUPERNOVA G2 750W | COOL: Cooler Master Hyper T4 | DISP: 21" 1080P POS | KB: MS Keyboard | MAU5: Redragon NEMEANLION | MIC: Snowball Blue | OS: Win 8.1 Pro x64, (Working on Arch for dual boot) |

Link to post
Share on other sites

maybe one works at a repair shop and refuses to work on pirated systems?

Well that is pretty damn dumb


I got the best Waifu a man could ever ask for Lieselotte Sherlock is my girl ( in my profile pic ) 

Link to post
Share on other sites

I refuse to support pirated software and have had clients bring PCs that use it.

To be honest I wouldn't really care. As long as am getting money for what I do to repair it.


I got the best Waifu a man could ever ask for Lieselotte Sherlock is my girl ( in my profile pic ) 

Link to post
Share on other sites

I refuse to support pirated software and have had clients bring PCs that use it.

You don't know them, theirs a shit ton of reasons that they did.


 

 

 

Link to post
Share on other sites

You don't know them, theirs a shit ton of reasons that they did.

I don't care about their reasons. If someone wants to pirate, that is their choice. Not making a judgement, it is just from a business standpoint. My time isn't worth the headache.


CPU: Core i7 4970K | MOBO: Asus Z87 Pro | RAM: 32GBs of G.Skill Ares 1866 | GPU: MSI GAMING X GTX 1070 | STOR: 2 X Crucial BX100 250GB, 2 x WD Blk 1TB (mirror),WD Blk 500GB | CASE: Cooler Master HAF 932 Advanced | PSU: EVGA SUPERNOVA G2 750W | COOL: Cooler Master Hyper T4 | DISP: 21" 1080P POS | KB: MS Keyboard | MAU5: Redragon NEMEANLION | MIC: Snowball Blue | OS: Win 8.1 Pro x64, (Working on Arch for dual boot) |

Link to post
Share on other sites

I don't care about their reasons. If someone wants to pirate, that is their choice. Not making a judgement, it is just from a business standpoint. My time isn't worth the headache.

Headache?

Pirated windows does not act differently (if good crack used)

 

if my key stops working...im not buying windows agian....thats just dum.


 

 

 

Link to post
Share on other sites

the tool says Validation unsupported OS

and i see no product id channel, only product ID type and it says  0 - unknown

lincesing tab says NA = some hex values no Ip's there.

this tool is broken for win 8.1 i guess

i bought a key from g2a 40$ + original win8 iso and activated over internet with MS server i guess thats legit? since the tool doesnt work? i only need to know for windows 10 else i wouldnt care since i didnt use cracks or modified iso...

Link to post
Share on other sites
Posted · Original PosterOP

the tool says Validation unsupported OS

and i see no product id channel, only product ID type and it says  0 - unknown

lincesing tab says NA = some hex values no Ip's there.

this tool is broken for win 8.1 i guess

i bought a key from g2a 40$ + original win8 iso and activated over internet with MS server i guess thats legit? since the tool doesnt work? i only need to know for windows 10 else i wouldnt care since i didnt use cracks or modified iso...

Yes, this tool only works with XP, Vista and 7.

 

You may provide the output of the command slmgr /dlv and that could help. That's what the licesning tab is.


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites

I think its great to educate folks on how to detect whether a system is legit or not but for the reason of a hypothectical "computer repair shop" running these scans to verify the system is legit seems unethical unless they are forward with the scans they insist on doing before providing service.

Link to post
Share on other sites
Posted · Original PosterOP

I think its great to educate folks on how to detect whether a system is legit or not but for the reason of a hypothectical "computer repair shop" running these scans to verify the system is legit seems unethical unless they are forward with the scans they insist on doing before providing service.

OEMs have every right to not support a non-genuine system. And I don't know why these scans would seem unethical - no personal data is accessed, and nothing should be stored.


LTT's unofficial Windows activation expert.
Am I getting an actually new card or is it just a rebrand? Find out here: http://linustechtips.com/main/topic/222806-what-rx-200-series-card-is-what-7000-series-card/

Link to post
Share on other sites

OEMs have every right to not support a non-genuine system. And I don't know why these scans would seem unethical - no personal data is accessed, and nothing should be stored.

 

Agreed. Having worked at a shop for a few years - Finding out a system has an invalid copy opens alot of doors:

 

1. They keep coming back "the virus you removed is back" after 1 day. A hole-filled cracked copy will allow who knows what into a system.

2. I brought it in to your shop, and now it says it's invalid" after removing virus filled cracks and dirty hosts files. 

3. You do a backup and clean install "will not activate. Must call customer and tell them their computer is 100% unusable and they must pay $110 to have it be usable. 

4. Customer themselves bought the system second hand from another shop, and don't know themselves its pirated. 

5. As an OEM, you have a certain relationship with Microsoft you want to uphold. Them finding out you willingly help people use pirated software.... will not go over well.


D3SL91 | Ethan | Gaming+Work System | NAS System | Photo: Nikon D750 + D5200

Link to post
Share on other sites

Agreed. Having worked at a shop for a few years - Finding out a system has an invalid copy opens alot of doors:

 

1. They keep coming back "the virus you removed is back" after 1 day. A hole-filled cracked copy will allow who knows what into a system.

2. I brought it in to your shop, and now it says it's invalid" after removing virus filled cracks and dirty hosts files. 

3. You do a backup and clean install "will not activate. Must call customer and tell them their computer is 100% unusable and they must pay $110 to have it be usable. 

4. Customer themselves bought the system second hand from another shop, and don't know themselves its pirated. 

5. As an OEM, you have a certain relationship with Microsoft you want to uphold. Them finding out you willingly help people use pirated software.... will not go over well.

1. depends on the crack it ain't hard to find good ones and wrong ones.

2. Personally their fault for getting a crappy crack

3. Again crummy crack

4. Kinda mostly the shop seller tbh.

5. Meh who cares they are getting money right? That is what companies care for anyway well basically anyone to be honest from their jobs and sometimes passions. without money you are nobody you are a piece of shit in other peoples eyes. With poor looking clothes and no place to work or live. Money is what makes the world spin sadly.


I got the best Waifu a man could ever ask for Lieselotte Sherlock is my girl ( in my profile pic ) 

Link to post
Share on other sites

I think its great to educate folks on how to detect whether a system is legit or not but for the reason of a hypothectical "computer repair shop" running these scans to verify the system is legit seems unethical unless they are forward with the scans they insist on doing before providing service.

I use to run a shop myself.  What I always did was installed Windows given the OEM key they had.  If they didn't have a OEM key, then I told them that they would have to buy one or provide me with one.

 

If they didn't want one, I would always offer Fedora and Ubuntu as 2 great options.  A lot of people came in with pirated copies of Windows 7 and/or 8, they were irate as fuck when they came to pick up their computer and I had reverted it back to Windows Vista (what their OEM key was for) and they always acted like it was a surprise that I wouldn't do a shady deal for them.


Please spend as much time writing your question, as you want me to spend responding to it.  Take some time, and explain your issue, please!

Spoiler

If you need to learn how to install Windows, check here:  http://linustechtips.com/main/topic/324871-guide-how-to-install-windows-the-right-way/

Event Viewer 101: https://youtu.be/GiF9N3fJbnE

 

Link to post
Share on other sites

Intro

I have worked with Windows for quite some time, and I have not pirated it. However, I have of course seen some pirated systems. Some of these systems very easily identified as pirated, but with some it took some advanced stuff. So, I decided to write this guide to help you detect if a system that you are working on, or your own system if you’re not sure, has a pirated copy of Windows.

Some basic terms

Product key – the series of 25 alphanumeric characters distributed to prove legitimacy of the OS. A Windows operating system needs a product key installed. It looks something like this: XXXXX-XXXXX-XXXXX-XXXXX

Product ID – an ID consisting mostly of numbers, but can contain letters too. According to Microsoft, the Product ID is used to qualify for support. On Windows 7 and earlier, it looks like this: 00000-000-0000000-00000. On Windows 8 and later, it looks like this: 00000-00000-00000-AA000. The Product ID can be found in the Control Panel, and is generated from the product key and the system language.

Activation – The process of verifying the legitimacy of the product key. During this process, the product key is verified by the Microsoft servers to make sure it matches the operating system, and that it isn’t on their blacklist. This method can be bypassed in several ways.

Validation – The process of verifying the legitimacy of the operating system. During this process, the Windows system files, product key, and activation status are checked. This is a part of Windows Genuine Advantage, which was removed in Windows 8.

The easy way

 

The easiest way to check if Windows is genuine is by running Microsoft Genuine Advantage Diagnostic Tool (MGADiag). This tool can be downloaded from https://go.microsoft.com/fwlink/?linkid=52012. This is an official tool provided by Microsoft, and works on Windows XP, Vista and 7. It runs the validation on the operating system and displays the result.  By pressing the copy button, the whole report, including advanced information will be copied to the clipboard. Here’s a full report from a virtual machine:  http://pastebin.com/WCG2bcDT.

On a non-genuine system, the error should be displayed right away at the validation status.  Sometimes, installing KB971033 helps detect it. However, you can take a closer look to identify more sophisticated piracy.  I have created some virtual machine with various Windows “cracks” and will show you how to identify them.

KMS cracks

KMS, or Key Management Service, is considered one of the easiest ways to bypass Windows activation. This method has been developed by Microsoft for use with Volume Licencing. A KMS server has a KMS Host key, also known as CSVLK (Customer-Specific Volume License Key), which is a special type of product key licenced only for KMS servers. The computers all have KMS Client keys, also known as GVLK (Generic Volume Licence Key), which are publicly available. These GVLKs cannot be used for activation with Microsoft servers, but can be used with KMS servers. A KMS server will activate any client as long as it has a GVLK installed. A KMS crack usually consists of a KMS Server running on the computer, which is used to activate Windows. Here’s how to detect this.

  1. Run MGADiag and check the Product ID Channel. If it is 1 – KMS Client, then you most likely have a pirated system at hand. However, it maybe activated with a legitimate system with a KMS server.
  2. Check the Licensing tab of MGADiag. This is the output of slmgr /dlv, and you can find KMS information in there. The KMS host should not be 127.0.0.x address. If it is, then it is activated with a local KMS server and is pirated.

 

SLP Cracks

System Locked Preinstallation, like KMS, was developed by Microsoft themselves to bypass Windows Activation. SLP was designed for system manufacturers (OEMs) who deploy system images to thousands of systems per day, and who cannot activate every single system manually.  SLP consists of 3 things – a Software Licensing Internal Code (SLIC) Table in the BIOS of the computer, a license file, and an SLP Product Key. All of these three are generic, and a single OEM uses one of each for all of their manufactured systems. Many of these have been leaked, and can easily be downloaded. A common way to use them is to modify the master boot record of the hard drive to inject a SLIC to the RAM, and then install the license file and key. Another method is by actually modifying the BIOS by adding a SLIC table. As this method is used by many computer manufacturers, such as HP and Dell, it is not easy to detect. But anyway, here’s how it’s done.

  1. Detecting SLP itself is easy – Run MGADiag and check the Product ID Type. If it’s 2 – OEM SLP, then it’s SLP. The hard part is detecting if it’s legitimate or not. There are several ways to do this, but I’m going to show you a method where MGADiag is the only needed tool.
  2. System manufacturers usually add some information to identify themselves. One of the methods of doing this is adding OEMIDs to the BIOS. This can be used to identify tampering – if one added a SLIC from a different OEM, it would have a different OEMID. To see these, you can copy the MGADiag report and scroll down to OEM Activation 2.0 information. If you see that the SLIC table has a different OEMID than others, then an SLP crack has been used. This is very easy to detect on custom-built systems, as retail motherboards usually have generic OEMIDs, like ALASKA or AMI. Also make sure to check OEMTableIDs – all should be the same. If the SLIC is different, then it’s pirated.
  3. If that didn’t detect it, then the only way to check is by looking at the Certificate of Authenticity and making sure that it matches the installed edition of Windows. SLP can be very hard to detect sometimes, and in those cases looking at the COA is the only way

So what do you guys think of this? If I screwed up somewhere or missed something totally important that everybody needs to know, just reply to this thread.

what about MSDN keys?


Computer's don't make errors. What they do, they do on purpose. By now your name and particulars have been fed into every laptop, desktop, mainframe and supermarket scanner that collectively make up the global information conspiracy, otherwise known as The Beast. 

You just be careful. Computers have already beaten the Communists at chess. Next thing you know, they'll be beating humans.

Link to post
Share on other sites

1. depends on the crack it ain't hard to find good ones and wrong ones.

2. Personally their fault for getting a crappy crack

3. Again crummy crack

4. Kinda mostly the shop seller tbh.

5. Meh who cares they are getting money right? That is what companies care for anyway well basically anyone to be honest from their jobs and sometimes passions. without money you are nobody you are a piece of shit in other peoples eyes. With poor looking clothes and no place to work or live. Money is what makes the world spin sadly.

I cannot speak for other companies, other than the one above that I was an employee at. Thankfully what you said about companies only caring about money was not the case at all in my situation. Having a customer come back and us repairing issues caused by stolen/illegal copies would, in fact, cost us much more money and wasted time.

All of the scenarios I mentioned are valid scenarios, that can be avoided by not stealing. They also make the lives of both a shop and the client difficult, and by checking for a valid key, can be avoided or made much better. If someone risked problems and insatisfaction because they have a stolen/illegal copy of windows, we would try to address that, as would many other upstanding shops and people who work on systems.

Just saying, there are many good reasons for checking this in a professional shop, beyond just "being the pirate police".


D3SL91 | Ethan | Gaming+Work System | NAS System | Photo: Nikon D750 + D5200

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×