Windows XP CD Key Verification/Generator v0.03
by z22
Compile with OpenSSL libs, modify to suit your needs.
0.03 Stack corruptionerror on exit fixed (now pkey is large enough)
More Comments added
0.02 Changed name the *.cpp;
Fixed minor bugs & Make it compilable on VC++
0.01 First version compilable MingW
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/sha.h>
#include <assert.h>
#define FIELD_BITS 384
#define FIELD_BYTES 48
uint8_t cset[] = "BCDFGHJKMPQRTVWXY2346789";
static void unpack(uint32_t *pid, uint32_t *hash, uint32_t *sig, uint32_t *raw)
// pid = Bit 0..30
pid[0] = raw[0] & 0x7fffffff;
// hash(s) = Bit 31..58
hash[0] = ((raw[0] >> 31) | (raw[1] << 1)) & 0xfffffff;
// sig(e) = bit 58..113
sig[0] = (raw[1] >> 27) | (raw[2] << 5);
sig[1] = (raw[2] >> 27) | (raw[3] << 5);
static void pack(uint32_t *raw, uint32_t *pid, uint32_t *hash, uint32_t *sig)
raw[0] = pid[0] | ((hash[0] & 1) << 31);
raw[1] = (hash[0] >> 1) | ((sig[0] & 0x1f) << 27);
raw[2] = (sig[0] >> 5) | (sig[1] << 27);
raw[3] = sig[1] >> 5;
// Reverse data
static void endian(uint8_t *data, int len)
int i;
for (i = 0; i < len/2; i++) {
uint8_t temp;
temp = data[i];
data[i] = data[len-i-1];
data[len-i-1] = temp;
void unbase24(uint32_t *x, uint8_t *c)
memset(x, 0, 16);
int i, n;
BIGNUM *y = BN_new();
for (i = 0; i < 25; i++)
BN_mul_word(y, 24);
BN_add_word(y, c[i]);
n = BN_num_bytes(y);
BN_bn2bin(y, (uint8_t *)x);
endian((uint8_t *)x, n);
void base24(uint8_t *c, uint32_t *x)
uint8_t y[16];
int i;
// Convert x to BigNum z
memcpy(y, x, sizeof(y)); // Copy X to Y; Y=X
for (i = 15; y[i] == 0; i--) {} i++; // skip following nulls
endian(y, i); // Reverse y
z = BN_bin2bn(y, i, NULL); // Convert y to BigNum z
// Divide z by 24 and convert remainder with cset to Base24-CDKEY Char
c[25] = 0;
for (i = 24; i >= 0; i--) {
uint8_t t = BN_div_word(z, 24);
c[i] = cset[t];
void print_product_id(uint32_t *pid)
2019-08-21 15:29:48 +00:00
char raw[12];
char b[6], c[8];
int i, digit = 0;
// Cut a away last bit of pid and convert it to an accii-number (=raw)
sprintf(raw, "%d", pid[0] >> 1);
// Make b-part {640-....}
strncpy(b, raw, 3);
b[3] = 0;
// Make c-part {...-123456X...}
strcpy(c, raw + 3);
// Make checksum digit-part {...56X-}
assert(strlen(c) == 6);
for (i = 0; i < 6; i++)
digit -= c[i] - '0'; // Sum digits
while (digit < 0)
digit += 7;
c[6] = digit + '0';
c[7] = 0;
printf("Product ID: 55274-%s-%s-23xxx\n", b, c);
void print_product_key(uint8_t *pk)
int i;
assert(strlen((const char *)pk) == 25);
for (i = 0; i < 25; i++) {
if (i != 24 && i % 5 == 4) putchar('-');
2019-08-21 15:29:48 +00:00
void verify(EC_GROUP *ec, EC_POINT *generator, EC_POINT *public_key, char *cdkey)
uint8_t key[25];
int i, j, k;
BN_CTX *ctx = BN_CTX_new();
2019-08-21 15:29:48 +00:00
// remove Dashs from CDKEY
for (i = 0, k = 0; i < strlen(cdkey); i++) {
for (j = 0; j < 24; j++) {
if (cdkey[i] != '-' && cdkey[i] == cset[j]) {
key[k++] = j;
assert(j < 24);
if (k >= 25) break;
// Base24_CDKEY -> Bin_CDKEY
uint32_t bkey[4] = {0};
uint32_t pid[1], hash[1], sig[2];
unbase24(bkey, key);
// Output Bin_CDKEY
printf("%.8x %.8x %.8x %.8x\n", bkey[3], bkey[2], bkey[1], bkey[0]);
// Divide/Extract pid_data, hash, sig from Bin_CDKEY
unpack(pid, hash, sig, bkey);
printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
BIGNUM *e, *s;
/* e = hash, s = sig */
e = BN_new();
BN_set_word(e, hash[0]);
endian((uint8_t *)sig, sizeof(sig));
s = BN_bin2bn((uint8_t *)sig, sizeof(sig), NULL);
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
EC_POINT *u = EC_POINT_new(ec);
EC_POINT *v = EC_POINT_new(ec);
/* v = s*generator + e*(-public_key) */
EC_POINT_mul(ec, u, NULL, generator, s, ctx);
EC_POINT_mul(ec, v, NULL, public_key, e, ctx);
EC_POINT_add(ec, v, u, v, ctx);
EC_POINT_get_affine_coordinates_GFp(ec, v, x, y, ctx);
uint8_t buf[FIELD_BYTES], md[20];
uint32_t h;
uint8_t t[4];
SHA_CTX h_ctx;
/* h = (fist 32 bits of SHA1(pid || v.x, v.y)) >> 4 */
t[0] = pid[0] & 0xff;
t[1] = (pid[0] & 0xff00) >> 8;
t[2] = (pid[0] & 0xff0000) >> 16;
t[3] = (pid[0] & 0xff000000) >> 24;
SHA1_Update(&h_ctx, t, sizeof(t));
memset(buf, 0, sizeof(buf));
BN_bn2bin(x, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
BN_bn2bin(y, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
SHA1_Final(md, &h_ctx);
h = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
h &= 0xfffffff;
printf("Calculated hash: %.8x\n", h);
if (h == hash[0]) printf("Key valid\n");
else printf("Key invalid\n");
void generate(uint8_t *pkey, EC_GROUP *ec, EC_POINT *generator, BIGNUM *order, BIGNUM *priv, uint32_t *pid)
BN_CTX *ctx = BN_CTX_new();
BIGNUM *k = BN_new();
BIGNUM *s = BN_new();
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
EC_POINT *r = EC_POINT_new(ec);
uint32_t bkey[4];
// Loop in case signaturepart will make cdkey(base-24 "digits") longer than 25
do {
BN_pseudo_rand(k, FIELD_BITS, -1, 0);
EC_POINT_mul(ec, r, NULL, generator, k, ctx);
EC_POINT_get_affine_coordinates_GFp(ec, r, x, y, ctx);
SHA_CTX h_ctx;
uint8_t t[4], md[20], buf[FIELD_BYTES];
uint32_t hash[1];
/* h = (fist 32 bits of SHA1(pid || r.x, r.y)) >> 4 */
t[0] = pid[0] & 0xff;
t[1] = (pid[0] & 0xff00) >> 8;
t[2] = (pid[0] & 0xff0000) >> 16;
t[3] = (pid[0] & 0xff000000) >> 24;
SHA1_Update(&h_ctx, t, sizeof(t));
memset(buf, 0, sizeof(buf));
BN_bn2bin(x, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
BN_bn2bin(y, buf);
endian((uint8_t *)buf, sizeof(buf));
SHA1_Update(&h_ctx, buf, sizeof(buf));
SHA1_Final(md, &h_ctx);
hash[0] = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
hash[0] &= 0xfffffff;
/* s = priv*h + k */
BN_copy(s, priv);
BN_mul_word(s, hash[0]);
BN_mod_add(s, s, k, order, ctx);
uint32_t sig[2] = {0};
BN_bn2bin(s, (uint8_t *)sig);
endian((uint8_t *)sig, BN_num_bytes(s));
pack(bkey, pid, hash, sig);
printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
} while (bkey[3] >= 0x62a32);
base24(pkey, bkey);
int main()
// Init
BIGNUM *a, *b, *p, *gx, *gy, *pubx, *puby, *n, *priv;
BN_CTX *ctx = BN_CTX_new();
// make BigNumbers
a = BN_new();
b = BN_new();
p = BN_new();
gx = BN_new();
gy = BN_new();
pubx = BN_new();
puby = BN_new();
n = BN_new();
priv = BN_new();
// Data from pidgen-Bink-resources
/* Elliptic curve parameters: y^2 = x^3 + ax + b mod p */
BN_hex2bn(&p, "92ddcf14cb9e71f4489a2e9ba350ae29454d98cb93bdbcc07d62b502ea12238ee904a8b20d017197aae0c103b32713a9");
BN_set_word(a, 1);
BN_set_word(b, 0);
/* base point (generator) G */
BN_hex2bn(&gx, "46E3775ECE21B0898D39BEA57050D422A0AF989E497962BAEE2CB17E0A28D5360D5476B8DC966443E37A14F1AEF37742");
BN_hex2bn(&gy, "7C8E741D2C34F4478E325469CD491603D807222C9C4AC09DDB2B31B3CE3F7CC191B3580079932BC6BEF70BE27604F65E");
/* inverse of public key */
BN_hex2bn(&pubx, "5D8DBE75198015EC41C45AAB6143542EB098F6A5CC9CE4178A1B8A1E7ABBB5BC64DF64FAF6177DC1B0988AB00BA94BF8");
BN_hex2bn(&puby, "23A2909A0B4803C89F910C7191758B48746CEA4D5FF07667444ACDB9512080DBCA55E6EBF30433672B894F44ACE92BFA");
// Computed data
/* order of G - computed in 18 hours using a P3-450 */
BN_hex2bn(&n, "DB6B4C58EFBAFD");
/* THE private key - computed in 10 hours using a P3-450 */
BN_hex2bn(&priv, "565B0DFF8496C8");
// Calculation
EC_GROUP *ec = EC_GROUP_new_curve_GFp(p, a, b, ctx);
EC_POINT *g = EC_POINT_new(ec);
EC_POINT_set_affine_coordinates_GFp(ec, g, gx, gy, ctx);
EC_POINT *pub = EC_POINT_new(ec);
EC_POINT_set_affine_coordinates_GFp(ec, pub, pubx, puby, ctx);
uint8_t pkey[26];
uint32_t pid[1];
pid[0] = 640000000 << 1; /* <- change */
// generate a key
generate(pkey, ec, g, n, priv, pid);
print_product_key(pkey); printf("\n\n");
// verify the key
verify(ec, g, pub, (char*)pkey);
// Cleanup
return 0;
