FOG Project

    • Register
    • Login
    • Search
    • Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Solved FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment)

    Feature Request
    5
    34
    4893
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • x23piracy
      x23piracy last edited by x23piracy

      Hi,

      i really would like to see the fog clients ability to read out the current windows key and report it back to the fog server, this information should then be added to each specific host definition.

      When i first deploy a new computer, i use my tool setkey.exe as a snapin, this will activate the machine with it’s bios embedded key, if the fog client could report that key i can deploy the next time with the exact key instead of usage of my snapin: https://forums.fogproject.org/post/99211

      That combined with a new report, “key report” would complete it.
      My birthday is at december, 16th. so enough time 😉

      What i cannot tell you is howto read out the bios key, i have tools for it but i don’t know howto do it yourself, for example if you use nirsoft’s key view there is a difference between the bios and the current registry key:

      Bild Text

      Every Win 10 that was activated by a bios key is showing the VK7JG key in its registry.

      @Joe-Schmitt @tom-elliott @Wayne-Workman @george1421 @Sebastian-Roth

      Edit:

      Here is how it works:
      https://github.com/christian-korneck/get_win8key/blob/master/get_win8key.py

      import sys
      import ctypes
      import ctypes.wintypes
      
      #####################################################
      #script to query windows 8.x OEM key from PC firmware
      #ACPI -> table MSDM -> raw content -> byte offset 56 to end
      #ck, 03-Jan-2014 (christian@korneck.de)
      #####################################################
      
      #for ref: common STR to DWORD conversions: ACPI: 1094930505 - FIRM: 1179210317 - RSMB: 1381190978 - FACP: 1178682192 - PCAF: 1346584902 - MSDM: 1297302605 - MDSM  1296323405
      
      def EnumAcpiTables():
      #returns a list of the names of the ACPI tables on this system
      	FirmwareTableProviderSignature=ctypes.wintypes.DWORD(1094930505)
      	pFirmwareTableBuffer=ctypes.create_string_buffer(0)
      	BufferSize=ctypes.wintypes.DWORD(0)
      	#http://msdn.microsoft.com/en-us/library/windows/desktop/ms724259
      	EnumSystemFirmwareTables=ctypes.WinDLL("Kernel32").EnumSystemFirmwareTables
      	ret=EnumSystemFirmwareTables(FirmwareTableProviderSignature, pFirmwareTableBuffer, BufferSize)
      	pFirmwareTableBuffer=None
      	pFirmwareTableBuffer=ctypes.create_string_buffer(ret)
      	BufferSize.value=ret
      	ret2=EnumSystemFirmwareTables(FirmwareTableProviderSignature, pFirmwareTableBuffer, BufferSize)
      	return [pFirmwareTableBuffer.value[i:i+4] for i in range(0, len(pFirmwareTableBuffer.value), 4)]
      
      def FindAcpiTable(table):
      #checks if specific ACPI table exists and returns True/False
      	tables = EnumAcpiTables()
      	if table in tables:
      		return True
      	else:
      		return False
      
      def GetAcpiTable(table,TableDwordID):
      #returns raw contents of ACPI table
      	#http://msdn.microsoft.com/en-us/library/windows/desktop/ms724379x
      	GetSystemFirmwareTable=ctypes.WinDLL("Kernel32").GetSystemFirmwareTable
      	FirmwareTableProviderSignature=ctypes.wintypes.DWORD(1094930505)
      	FirmwareTableID=ctypes.wintypes.DWORD(int(TableDwordID))
      	pFirmwareTableBuffer=ctypes.create_string_buffer(0)
      	BufferSize=ctypes.wintypes.DWORD(0)
      	ret = GetSystemFirmwareTable(FirmwareTableProviderSignature, FirmwareTableID, pFirmwareTableBuffer, BufferSize)
      	pFirmwareTableBuffer=None
      	pFirmwareTableBuffer=ctypes.create_string_buffer(ret)
      	BufferSize.value=ret
      	ret2 = GetSystemFirmwareTable(FirmwareTableProviderSignature, FirmwareTableID, pFirmwareTableBuffer, BufferSize)
      	return pFirmwareTableBuffer.raw
      	
      def GetWindowsKey():
      	#returns Windows Key as string
      	table=b"MSDM"
      	TableDwordID=1296323405
      	if FindAcpiTable(table)==True:
      		try:
      			rawtable = GetAcpiTable(table, TableDwordID)
      			#http://msdn.microsoft.com/library/windows/hardware/hh673514
      			#byte offset 36 from beginning = Microsoft 'software licensing data structure' / 36 + 20 bytes offset from beginning = Win Key
      			return rawtable[56:len(rawtable)].decode("utf-8")
      		except:
      			return False
      	else:
      		print("[ERR] - ACPI table " + str(table) + " not found on this system")
      		return False
      	
      try:	
      	WindowsKey=GetWindowsKey()
      	if WindowsKey==False:
      		print("unexpected error")
      		sys.exit(1)
      	else:
      		print(str(WindowsKey))
      except:
      	print("unexpected error")
      sys.exit(1)
      

      Additional another tool that can read out bios key:
      https://github.com/Superfly-Inc/ShowKeyPlus/releases
      (but it seems the source is missing)

      Another python script: https://github.com/iamacarpet/win10-autoactivate/blob/master/activate.py

      Edit2:

      Maybe this: https://github.com/mrpeardotnet/WinProdKeyFinder/tree/master/WinProdKeyFind
      but i haven’t tried if the code is working. (Damn only registry)

      Regards X23

      ║▌║█║▌│║▌║▌█

      1 Reply Last reply Reply Quote 0
      • Tom Elliott
        Tom Elliott last edited by

        https://www.microsoft.com/en-us/Useterms/OEM/Windows/10/UseTerms_OEM_Windows_10_English.htm

        In case anybody’s overly concerned. Here’s the OEM EULA. Notice, it states that you are allowed to transfer the license to another user so long as it’s with the device and the software is installed and the product key is given with it. There are no rules on what you can/cannot document. That’s like saying you can’t pull the serial number from the bios.

        Just trying to get people to calm down. We know the device and software are owned by the person. We know how to obtain the information. We don’t know how the user intends to use it after it’s been stored, but that’s out of our hands. We cannot control what the admins/users do with the key once it’s know, but that’s out of our control to begin with. There’s plenty of ways for users to get that information to begin with, I don’t see anywhere in the EULA where it states we cannot store a copy of it for ourselves.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 2
        • x23piracy
          x23piracy last edited by x23piracy

          Well one of the most frequent feature requests of all time 😄

          ║▌║█║▌│║▌║▌█

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator last edited by

            @george1421 said in FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment):

            Solution: Switch to Linux Mint and your M$ problems go away.

            Thumbs up for that!!

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • george1421
              george1421 Moderator @x23piracy last edited by

              @x23piracy said in FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment):

              Windows as subscription will come

              Um, yeah its already here: https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation

              Solution: Switch to Linux Mint and your M$ problems go away.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 2
              • x23piracy
                x23piracy @Psycholiquid last edited by x23piracy

                @psycholiquid said in FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment):

                Thats the problem though your buying the rights to use the OS not the license. The key stays with the machine no matter what so if you throw the machine away you throw away the OS. That is why they set it up the way they do. I’m not trying to argue, although it looks like I am just letting everyone know ahead of time I would hate to see backlash. I don’t agree with M$ at all but it is their world and we are just living in it.

                As long as i own the machine, and i do and therefore feeling free to read any information whereever it’s stored as long as i don’t break any encryption or kind of protection this cannot be anything against a law, what ever whoever is writing into their EULA’s it’s up to the OEM and MS to protect this information if they really need this.

                This sorry shit is only a try to gain their own profit against oem reselling or key stealing by removing a sticker or simply make a copy of the productkey only.

                Windows as subscription will come 😄

                If the computers life time ends in our company we remove it from active directory, the antivirus software licensing and of course as host in the fog management, if done the key is been deleted, no fear ms i don’t collect your funny product keys 😛

                Regards X23

                ║▌║█║▌│║▌║▌█

                george1421 1 Reply Last reply Reply Quote 1
                • Psycholiquid
                  Psycholiquid Testers @Tom Elliott last edited by

                  @tom-elliott said in FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment):

                  The key is in the bios, and is what is required to activate your systems windows installation. Therefore, when you buy a new system, you purchase the key. How you store that key is up to you. I assure you, there is no “breaking” any laws by pulling the Key out of the BIOS. That’d be like saying it’s illegal for you to replace the hard drive out of the system.

                  Thats the problem though your buying the rights to use the OS not the license. The key stays with the machine no matter what so if you throw the machine away you throw away the OS. That is why they set it up the way they do. I’m not trying to argue, although it looks like I am just letting everyone know ahead of time I would hate to see backlash. I don’t agree with M$ at all but it is their world and we are just living in it.

                  x23piracy 1 Reply Last reply Reply Quote 0
                  • Tom Elliott
                    Tom Elliott last edited by

                    The key is in the bios, and is what is required to activate your systems windows installation. Therefore, when you buy a new system, you purchase the key. How you store that key is up to you. I assure you, there is no “breaking” any laws by pulling the Key out of the BIOS. That’d be like saying it’s illegal for you to replace the hard drive out of the system.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    Psycholiquid 1 Reply Last reply Reply Quote 1
                    • x23piracy
                      x23piracy @Psycholiquid last edited by x23piracy

                      @psycholiquid you are correct and on the same point like @george1421 but please show which law should be broken by reading that information out of the bios, there is no. Please send me links with the fact, we don’t need to talk about reimaging OEM i know the fact but in the end this is my problem ;).

                      Last week i purchased a VL of Windows 10 Enterprise, i will become legal but there is a bit of work to do.

                      I really hate the way MS is pushing all the middle class into the enterprise sector!

                      We had a SAM examination 2 years ago, and it was really easy to please them 😄 The only thing you need to do is beeing coorporative with em. In the end we purchased some SQL licenses (we had to less of them) and had to dig for some invoices for computers with oem os (about 5 of each kind)

                      All that bullshit storys about MS is coming into your company are fables, i don’t know a single person/admin where that happened. With which right (law) would they gain house right for deeper inspections?

                      Regards X23

                      ║▌║█║▌│║▌║▌█

                      1 Reply Last reply Reply Quote 1
                      • Psycholiquid
                        Psycholiquid Testers last edited by

                        OK after reading over all this. This is very illegal. You aren’t supposed to be pulling the OEM key out of the bios / firmware in the first place. Can you? Yes. Should you? No.

                        If you were to get audited and they saw the FOG system was doing this you could get in very deep trouble.

                        The real issue I see here is why. The reason I say this is the following. If you are sysprepping image with the OEM ISO and pushing that to each machine they will activate on their own without intervention you just have to set the rearm.

                        I would personally steer clear of this as I can see M$ taking a stand on this and would hate for them to even look at FOG for that reason. Seems to be a disconnect in how your image is made that they are not auto activating.

                        Personally I don’t like the rule of not imaging OEM machines. You bought them and they are all the same, they got their money you should be aloud to. It seems arbitrary that you have to load by hand…

                        x23piracy 1 Reply Last reply Reply Quote 1
                        • x23piracy
                          x23piracy last edited by x23piracy

                          Hi,

                          just some seconds ago i could test it and it is working.
                          To enable this you have to switch to working branch and enable key reading in the fog options:

                          Bild Text

                          When i run a quick reg with a host that has a productkey in bios i get this:

                          Bild Text

                          Thank you Tom for this really fast realization of the feature.

                          Regards X23

                          ║▌║█║▌│║▌║▌█

                          1 Reply Last reply Reply Quote 0
                          • Tom Elliott
                            Tom Elliott @george1421 last edited by

                            @george1421 I don’t think it matters, one way or the other. If the admins want to use the individual keys that ship with the systems, or if they want to use the VLK, I don’t see the harm. Automating it, I suppose, would actually be a good thing, as trying to keep track of Keys can become cumbersome, though with VLK it does make it easier.

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                            1 Reply Last reply Reply Quote 0
                            • Tom Elliott
                              Tom Elliott last edited by

                              I don’t think storing the Product Key’s is going against any legal issues here. You own the machines, and therefore own the keys for those machines. Storing them however you’d like is totally within your legal rights.

                              I’ve given a partial implementation of this feature already now. It does not store the product keys to the host in question by default though. This way you can still define how you’d like it. It only works for “quick registration” too.

                              The only “ramification” I can think this could cause is using the key may supersede your using a VLK as the product key field is meant to be a way for the client to “activate” the hosts in question as well.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • george1421
                                george1421 Moderator @x23piracy last edited by

                                @x23piracy said in FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment):

                                what i am doing here is legal if the appropriate vl has been purchased

                                While this post is 4 years old, this is EXACTLY what I’ve been saying.

                                My previous post:

                                For FOG Deployment, when you are deploying Windows OS, you must use a Volume License key. These can either be MAK or KMS keys. You can pick up a single VLK license per OS you need to distribute . That is just one license per OS, you pay the same price for the VLK for 10 systems or 100 systems. The only caveat is to buy into the open program you need 5 MS points, the VLK license counts as one. What some people have done is purchased the 1 VLK licenses and 4 network CAL licenses to reach the 5 count.

                                From the article:

                                1. The OEM and the VL license must be the same edition, e.g. you cannot deploy a Pro VL image to Home OEM licensed PCs using this licensing technique.
                                2. You must ensure that the versions are matched, e.g. the OEM license entitles you to Windows 7 (including downgrades) if deploying Windows 7 images. For example, you can’t deploy a Windows 7 VL image to a PC with a Windows Vista OEM sticker/license using this licensing technique.

                                What if you company does not have a VL agreement? You need to 5 products to start one. You can buy a single copy of Windows (to get the ISO download and MAK/KMS keys) and 4 cheap dummy CALs – now you have a VL at minimum cost, and you can re-image your OEM-licensed PCs with an image made from your VL media.

                                You may deploy OEM media, as long as you have purchased a VLK key for that media. But then again once you have a VLK key you have access to download the volume media too. I have not tested it, but I assume a VLK key will activate an OEM image.

                                But again, if you purchased the VLK key and have it, there is no need to query the firmware for the bios OEM key. That key WILL NOT activate volume licensed media.

                                Understand I’m not saying no to this feature, I’m just not seeing the value in it. If you know what needs to be done, by all means fork the fog project make your changes and then submit the changes back to the project. That is one way to get your needed features back into the base code.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                Tom Elliott 1 Reply Last reply Reply Quote 0
                                • x23piracy
                                  x23piracy last edited by x23piracy

                                  @Sebastian-Roth @george1421 please have a look in here: http://www.aidanfinn.com/?p=14534
                                  Legally Deploying Images Windows To OEM Licensed PCs, what i am doing here is legal if the appropriate vl has been purchased.

                                  ║▌║█║▌│║▌║▌█

                                  george1421 1 Reply Last reply Reply Quote 0
                                  • x23piracy
                                    x23piracy last edited by

                                    Hi,

                                    can i have some clues where is the right point to try to embed the command while doing an inventory? which file in the filesystem is doing all the commands while doing inventorisation?

                                    If the team isn’t willing to integrate, i will do it on my own.

                                    Regards X23

                                    ║▌║█║▌│║▌║▌█

                                    1 Reply Last reply Reply Quote 0
                                    • x23piracy
                                      x23piracy @george1421 last edited by

                                      😞 for me it’s hard to follow that position. But i have to respect it.

                                      ║▌║█║▌│║▌║▌█

                                      1 Reply Last reply Reply Quote 0
                                      • george1421
                                        george1421 Moderator last edited by george1421

                                        The more I think about it, the less I’m inclined to say this is a needed feature. While its technically possible to add this to fog. I don’t see the value in having the devs spend their time to read out and store the bios activation key. That key is only of value to activate OEM images. The only way the OEM image can be deployed is via the original media is was delivered on. With OEM media you are not allowed to install, alter, capture and redeploy an OEM install. It may be only installed from the original OEM media. That process is not the intent of FOG Project.

                                        For FOG Deployment, when you are deploying Windows OS, you must use a Volume License key. These can either be MAK or KMS keys. You can pick up a single VLK license per OS you need to distribute . That is just one license per OS, you pay the same price for the VLK for 10 systems or 100 systems. The only caveat is to buy into the open program you need 5 MS points, the VLK license counts as one. What some people have done is purchased the 1 VLK licenses and 4 network CAL licenses to reach the 5 count.

                                        When I get onto my other computer I’ll post a link to a post on Spiceworks that talks about what you can and can’t do (legally) with imaging MS products.
                                        [update]: Here is the link I mentioned above https://community.spiceworks.com/how_to/124056-reimaging-rights-for-windows-10-licensing-how-to

                                        So I think if I had a vote, I would rather have the devs work on this unable to read inode from library issue than spend time adding a feature to FOG that only a limited number of people might use.

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                        x23piracy 1 Reply Last reply Reply Quote 1
                                        • x23piracy
                                          x23piracy last edited by x23piracy

                                          Yes it works,

                                          i just created a FOS USB Stick, thank you @george1421 and booted it with a notebook that has a product key in it’s bios into kernel debug mode (i need shell).

                                          Then i entered the following command:

                                          tail -c+57 /sys/firmware/acpi/tables/MSDM
                                          

                                          What i got was, surprise a product key:

                                          Bild Text

                                          To be sure that this is really our product key i also used the command i found and a key tool to crosscheck the key.

                                          And yes it’s correct:

                                          Bild Text

                                          What we need now is the following @Sebastian-Roth:

                                          • FOS ability to read and report bios product key to the host product key field in db (expand the inventory script with the command above to read the key and report it like any other inventory item)
                                          • FOG Clients ability to also report product key (if not already done) for the case if the fog client has been mass deployed in existing environment where maybe not all host will be booted and inventoried by the FOG Boot Menu.

                                          Afaik this should be all we need because if i fill the product key field of a host today with a product key and deploy a windows system, fog client will set this key into the system. So everything is prepared except the feature that we can read key from the bios and report them to the db.

                                          Who is responsible from the dev team for the FOS?

                                          Regarding to @george1421 post before, another solution could be a second product key field, one is for the manual known input, and another for determined bios product keys, now for each host there could be a switch in the options where we can decide which product key field to use?

                                          Am i wrong?

                                          Regards X23

                                          ║▌║█║▌│║▌║▌█

                                          1 Reply Last reply Reply Quote 0
                                          • george1421
                                            george1421 Moderator @x23piracy last edited by

                                            @x23piracy said in FOG Client report Windows key to FOG WebIf (Host definition) Activate through BIOS key (Deployment):

                                            Yes, i think thats the way to go but what if someone uses FOG in an already deployed but growing environment. Typically FOG Client would be mass installed, is the FOG Client reporting the same inventory stuff like the inventory been done by the boot menu? If not FOG Client also should have the ability to read the key from bios and report it.

                                            I agree, but that is where your handy code comes into use. That can be integrated into the {next} fog client to update the bios key field if the developers see value in it.

                                            can i try your usb FOS Image, maybe boot from the stick and try if i can get the serial from bios?

                                            Yes that should work well. I forgot about that method of booting. There is a debug mode built into that usb stick. So it is pretty easy.

                                            Lets say that works can’t we start with sending that key to fogs database for the current product key field? If this has been done we are good to go because currently fog client can activate a deployed system by an entered key in that host definition field.

                                            The risk here is replacing a MAK or KMS key with the bios value may not be what all users consider useful. That is why I picked a new field, so it is stored. Then a crafty IT admin could write a simple mysql command to copy it over if its blank. I’m not seeing this as a widely used feature. But a useful one if you need it.

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post

                                            240
                                            Online

                                            10.2k
                                            Users

                                            16.3k
                                            Topics

                                            149.9k
                                            Posts

                                            Copyright © 2012-2020 FOG Project