Tooling Tuesday - Windows Serial Checker...from Linux!
Something for those auditing Windows machines, but using Linux bootable USB drives / dual booting.
This little tool is for dual booting Windows users, or system administrators using live Linux USB drives. It can read the Windows serial key stored in the ACPI system description table.
So where did you find out about this?
Via this Tweet from Brandon Perry
Did your laptop come with Windows but no sticker? On Linux, try running "sudo cat /sys/firmware/acpi/tables/MSDM | tail -c 32 | xargs -0 echo"
— Brandon Perry (@BrandonPrry) September 8, 2018
It may print the original key of your Windows install.
So what is it?
It is a command that can be entered from the Terminal to read the serial from the ACPI table.
So how does it work?
sudo cat /sys/firmware/acpi/tables/MSDM | tail -c32 | xargs -0 echo
The command is broken down into four parts.
sudo as only the root user or a user in the sudo group can access the ACPI table.
cat is used to concatenate and print files.
tail is used to output the last part of a file.
xargs is used execute commands from standard input.
Between each part there is a | which pipes the standard output of a command, into the input of the next.
So the command first uses cat to read the file /sys/firmware/acpi/tables/MSDM and then the output of that command is "piped" to the tail command which has the parameter -c32 to print the last 32 bytes of data. Another pipe is used to send this to xargs which has a parameter -0 to terminate using null characters, rather than whitespace. The output is then printed to the terminal using echo
So I want to make this into a script
The script is just two lines long...
The first tells the script where to find the interpreter.
#!/bin/bash
The second line is the command to get the serial key.
cat /sys/firmware/acpi/tables/MSDM | tail -c32 | xargs -0 echo
Save the script as win-serial and then in the terminal make it into an executable.
chmod +x win-serial
I can then run the command by typing the following in the same directory as the script.
sudo ./win-serial
But what if I want to run it across the system?
You may want to install the command, so that you can use it in any directory / location of your system.
Well we can copy the command to the /usr/bin directory so that it is accessible across the system.
sudo cp win-serial /usr/bin/
Then to run the command just type.
sudo win-serial
So there we have it!
Useful for those of us that need to get serials from Windows devices (audits etc) and a good bit of fun in the terminal!
Happy hacking!