News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Serial number

Started by jj2007, October 25, 2021, 11:50:32 AM

Previous topic - Next topic

jj2007

When searching for computer serial number, you get most of the time the advice to use, from a DOS prompt
wmic bios get serialnumber

However, the number I get (LXRX...B3400) does not correspond to the one that I see in the Control Panel under System (00123-OEM-1234567-00001).

Any ideas about that? From what I see on the web, this issue is messy, to say the least.

hutch--


C:\WINDOWS\system32>wmic bios get serialnumber
SerialNumber
Default string

Nothing useful on my Win10.

Caché GB

#2
.data

      UTF_16                   szString00,       "Serial Number", 0

      UTF_16                   szString01,       "open", 0 
      UTF_16                   szString02,       "cmd.exe", 0 
      UTF_16                   szString03,       "/c wmic bios get serialnumber \r sn.txt", 0


SomeProc proc

     local  szBuffer[64]:word
     local  filePtr:ptr

            add  rsp,-38h
            and  rsp,-10h

         invoke  ShellExecute, null, &szString01, &szString02, &szString03, null, SW_HIDE
         invoke  SleepEx, 500, false
 
         invoke  fopen, CSTR("sn.txt"), CSTR("rt, ccs=UNICODE")
            mov  filePtr, rax

         invoke  fgetws, &szBuffer, 64, filePtr     ; dummy read of first line
         invoke  fgetws, &szBuffer, 64, filePtr     ; now sn contains 2nd line

         invoke  fclose, filePtr
         invoke  remove, CSTR("sn.txt")

         invoke  MessageBox, null, &szBuffer, &szString00, MB_OK

            ret

SomeProc endp
Caché GB's 1 and 0-nly language:MASM

jj2007

@Caché GB - a shorter version:

include \masm32\MasmBasic\MasmBasic.inc         ; download
  Init
  Inkey "The info: ", Launch$("cmd /c wmic bios get serialnumber")
EndOfCode


Output:
The info: SerialNumber
LXRX**********3400


But that doesn't solve the problem. As Hutch noted, often there is nothing useful... and it doesn't correspond to the Control Panel version.

hutch--

If I remember correctly from long ago, Intel wanted to provide unique ID for each processor but the outrage was so severe that they dropped the idea. I think Microsoft use a multiple technique for the board, BIOS, CPU and probably hard disks to identify a computer for registration purposes. Some useful data may be in the Microsoft boot manager in the BIOS but this will depend on your BIOS and OS version.

jj2007

The serial number displayed in the control panel is actually stored in the registry! I wrote a snippet to get it from there but, surprise, it refuses to get read. GetLastError for RegQueryValueEx returns "no error", but eax==2, so it definitely doesn't read that value properly. I have no clue what happens there, especially because most of the other values in that registry key read just fine:

include \masm32\MasmBasic\MasmBasic.inc
show macro arg
  mov ecx, repargA(arg)
  PrintLine ecx, Tb$, GetRegVal(esi, ecx, "not found")
endm
  Init
  Let esi="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
  show "ProductId"
  show "SystemRoot"
  show "CSDVersion"
  show "BuildGUID"
  show "CurrentBuild"
  show "BuildLab"
  show "ProductName"
  show "EditionID"
  show "InstallionType"
  Inkey "hit any key"
EndOfCode


ProductId       not found
SystemRoot      C:\Windows
CSDVersion      not found
BuildGUID       3b42db76-c1db-4ecd-8368-b2e532306b4a
CurrentBuild    7601
BuildLab        7601.win7sp1_ldr_escrow.200102-1707
ProductName     Windows 7 Home Premium
EditionID       HomePremium
InstallionType  not found
hit any key
ProductId       not found
SystemRoot      C:\Windows
CSDVersion      not found
BuildGUID       3b42db76-c1db-4ecd-8368-b2e532306b4a
CurrentBuild    7601
BuildLab        7601.win7sp1_ldr_escrow.200102-1707
ProductName     Windows 7 Home Premium
EditionID       HomePremium
InstallionType  not found


Btw as admin I can easily change my serial number :cool:

This is Windows 7-64. Grateful for tests on other machines - source & exe attached (sorry, it's MasmBasic)

Biterider


six_L

cmd RunAs administrator.
wmic bios get serialnumber
Say you, Say me, Say the codes together for ever.

jj2007

Quote from: six_L on October 26, 2021, 05:24:13 AM
cmd RunAs administrator.
wmic bios get serialnumber

See first post. No difference between admin and normal user :cool:

jj2007

Quote from: Biterider on October 26, 2021, 01:30:35 AM
Sorry JJ  :sad:

https://virusscan.jotti.org/en-US/filescanjob/2ulfty3ig2

Three of them report "Gen:Trojan.Heur.UT.biW@aOmyCsd", whatever that is. False positive, as usual.
Even worse at VirusTotal, but some find the same trojan

What is odd is that neither Jotti nor VirusTotal give any info about aOmyCsd :cool:

hutch--

Is there anything useful that you can get using CPUID ? I have only ever used it for identification purposes but it can access a mountain of information.

jj2007

Lots of useful things indeed, but...:

QuoteBit 18: Processor Serial Number. The processor supports the 96-bit processor identification number feature and the feature is enabled.

include \masm32\MasmBasic\MasmBasic.inc
  Init
  m2m eax, 1
  cpuid
  Inkey Bin$(edx, f)
EndOfCode


10111111111010111111101111111111
10987654321098765432109876543210

From my googling it seems that many people try to find the unique number that could identify a machine, without success. Strange that this feature is not easily accessible.

What looks promising is the creation date of some special folders, such as
12.07.2007 03:48   C:\Windows
12.07.2007 03:51   C:\Windows\System32
14.07.2009 05:18   C:\$Recycle.Bin
14.07.2009 05:20   C:\Users
14.10.2011 05:53   C:\OEM
16.01.2012 10:04   C:\System Volume Information
10.11.2012 14:58   C:\Users\Myself\Documents

These are 64-bit numbers, and if you xor them with each other, you'll get a pretty unique number that could serve to identify the machine.


P.S.: Jonathan Hu, The Best Way To Uniquely Identify A Windows Machine
QuoteThat UUID is the best way to ID a machine, it exists in Windows, Mac and many other platforms. It is 32 characters in length, a universally unique identifier. You can run the above wmic command to get it.

But wait, that's not always the case. Some of the motherboard vendors might not include this UUID in their motherboard, which is quite common on those non-OEM machines. In that case, when you use wmic trying to retrieve it you will get all FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF as the ID back.

C:\Windows\system32>wmic csproduct get UUID
UUID
FDE6EB15-BD1C-E111-B5DB-DC0EA12459A6