TSforge: Reverse Engineering the Windows Software Protection Platform

Looks like this is the private key. They only had the image in the blog post, but the source on github has an RSA CAPI blob that has a well-known format, and I was able to get p and q from that and then rebuild the rest:<p><pre><code> &gt;&gt;&gt; p 11318534160529108036253485236383567956736051114291832384964860497483944138627767735644927194447604146200949263506648764691264005869856504888238541661669931 &gt;&gt;&gt; q 13382005616182000286249448571069734158379697330449348896524695032496827828874510151220386742349656465839102989731103334890387932783643584970264741776141819 </code></pre> This key appears to match the text in the image:<p><pre><code> openssl asn1parse -in &#x2F;tmp&#x2F;key.pem 0:d=0 hl=4 l= 605 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=3 l= 129 prim: INTEGER :D7B160408B97D92ED82159FC3C878DFAA00DA38FD351B57C087E53CDB5F0996A385952389E956A23834D85156C3F420280CA6A9758E0026EF97590C13D3CD14C28FE362D035C8BE4E96865A3F0A52BF7E96543B739143D566044DDC5DE41001E8605655142333A61B811E3F58BDD4F0867F93BB2386B2612D85790523FBA8729 139:d=1 hl=2 l= 3 prim: INTEGER :010001 144:d=1 hl=3 l= 129 prim: INTEGER :BF384481D47FD18E6313E647E58DB3846EA2C8CFB863A706882D1EB4AFC8D6E9C17D0694A59B0716E6D031DD15335B9D067AED56B1F71E912DDD5970C78E8469638DAC1D37527AF6CBCA74611F2E093A663C18FC82B547E96170D9BAEB0ABB94666E6C792CFAFE1B7E8220354E8F4B2AD582E3142B2088648F5498D2D72126D5 276:d=1 hl=2 l= 65 prim: INTEGER :D81BD7B0CEC1C89C75DD4823990208A1824B8A1689C7147B5485D91BB938439204F3DB5253136A80FAFF285E4C94E05CE14D5ADCB7E457B13CCC50B5606E0A2B 343:d=1 hl=2 l= 65 prim: INTEGER :FF81E183CEFBADB7DEB77F51AEF74325D5000A75AD8FD90FF2D89DF57FC79B5EC3A1EEB4320A0DE0F043E1409E96CE1FA7BA3330446929F64B18A7472EA72DFB 410:d=1 hl=2 l= 64 prim: INTEGER :02B5E6B0AB073732EF2F85561CF72F908707D7858CD8D862EB9E7A28A4DC15CCE10F05F334638BF46E31811A1DAFC858A1E2CC7EF43782FA101F27EBFE77A2DD 476:d=1 hl=2 l= 64 prim: INTEGER :5850101E7AE04ABF0EDFE5C5D9EFE4E9A2A18CFBF7AD8C9D129704A1E2349FE33543373A59415862B32903264EAA593C5FC0E00882DCC680369CA2D4DBAF3519 542:d=1 hl=2 l= 65 prim: INTEGER :ABF8B04532E034E5EF74D43C0BDB874C42C1EC77720369769FF990489A0F8CEB46874AB9651BA44B57F4A4E6580A58252FAC827DED8CDAD79EB057FED4E15163</code></pre>

I recall a former Microsoft employee stating that outside of enterprise Microsoft has stopped caring about pirated copies of Windows.<p>It&#x27;s easy to believe given HWID give or take has worked since the release of Windows 10.