identify OEM Certificates tutorial

Iron Man 2009-09-20 1,003 views

Unlike SLIC tables, OEM Certificates aren’t as easy to identify.
So here’s a little tutorial that will allow you to properly identify an OEM Certificate, and match it with its correspondent SLIC table.

Tools needed:
- WinHex

Note: as an example, the ubiquitous Asus SLIC table and OEM Certificate.
1. Open up the OEM Certificate with Winhex.

2. Locate and highlight the software licensing data (it always starts with “kgAAAAAAA”).
In this case (Asus certificate) we will highlight this:

Code:

kgAAAAAAAgBfQVNVU18BAAEAb5Kd3LN57icmCPjcW9hfSyE0q2DskMfC1WDV9dmC+S6+6EM41cJbniW4k80VuBvDMH2tVWl5vRp+RMi8WVoXvoGt7+6WITfMikJixhQFCSFpeuGMSs7WyBh4eIYrMGOm5WS30hReK0S+MxJra6O9noW7vmzhsTPC2pGA80S0yp8=

3. Go to “Edit” > “Copy Block” > “Into New File“.
Give it any name you want and save. You will get this:

Code:

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   6B 67 41 41 41 41 41 41  41 67 42 66 51 56 4E 56   kgAAAAAAAgBfQVNV
00000010   55 31 38 42 41 41 45 41  62 35 4B 64 33 4C 4E 35   U18BAAEAb5Kd3LN5
00000020   37 69 63 6D 43 50 6A 63  57 39 68 66 53 79 45 30   7icmCPjcW9hfSyE0
00000030   71 32 44 73 6B 4D 66 43  31 57 44 56 39 64 6D 43   q2DskMfC1WDV9dmC
00000040   2B 53 36 2B 36 45 4D 34  31 63 4A 62 6E 69 57 34   +S6+6EM41cJbniW4
00000050   6B 38 30 56 75 42 76 44  4D 48 32 74 56 57 6C 35   k80VuBvDMH2tVWl5
00000060   76 52 70 2B 52 4D 69 38  57 56 6F 58 76 6F 47 74   vRp+RMi8WVoXvoGt
00000070   37 2B 36 57 49 54 66 4D  69 6B 4A 69 78 68 51 46   7+6WITfMikJixhQF
00000080   43 53 46 70 65 75 47 4D  53 73 37 57 79 42 68 34   CSFpeuGMSs7WyBh4
00000090   65 49 59 72 4D 47 4F 6D  35 57 53 33 30 68 52 65   eIYrMGOm5WS30hRe
000000A0   4B 30 53 2B 4D 78 4A 72  61 36 4F 39 6E 6F 57 37   K0S+MxJra6O9noW7
000000B0   76 6D 7A 68 73 54 50 43  32 70 47 41 38 30 53 30   vmzhsTPC2pGA80S0
000000C0   79 70 38 3D                                        yp8=

4. In the new file you’ve just created, go to “Edit” > “Convert…” > “Base64->Binary”
You will get this:

Code:

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   92 00 00 00 00 00 02 00  5F 41 53 55 53 5F 01 00   ’......._ASUS_..
00000010   01 00 6F 92 9D DC B3 79  EE 27 26 08 F8 DC 5B D8   ..o’Ü³yî'&.øÜ[Ø
00000020   5F 4B 21 34 AB 60 EC 90  C7 C2 D5 60 D5 F5 D9 82   _K!4«`ìÇÂÕ`ÕõÙ‚
00000030   F9 2E BE E8 43 38 D5 C2  5B 9E 25 B8 93 CD 15 B8   ù.¾èC8ÕÂ[ž%¸“Í.¸
00000040   1B C3 30 7D AD 55 69 79  BD 1A 7E 44 C8 BC 59 5A   .Ã0}*Uiy½.~DÈ¼YZ
00000050   17 BE 81 AD EF EE 96 21  37 CC 8A 42 62 C6 14 05   .¾*ïî–!7ÌŠBbÆ..
00000060   09 21 69 7A E1 8C 4A CE  D6 C8 18 78 78 86 2B 30   .!izáŒJÎÖÈ.xx†+0
00000070   63 A6 E5 64 B7 D2 14 5E  2B 44 BE 33 12 6B 6B A3   c¦åd·Ò.^+D¾3.kk£
00000080   BD 9E 85 BB BE 6C E1 B1  33 C2 DA 91 80 F3 44 B4   ½ž…»¾lá±3ÂÚ‘€óD´
00000090   CA 9F 00                                           ÊŸ.

As you can see, the information in the OEM Certificate (encoded in Base64) matches the one in the Asus SLIC:

Code:

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   53 4C 49 43 76 01 00 00  01 4B 5F 41 53 55 53 5F   SLICv....K_ASUS_
00000010   4E 6F 74 65 62 6F 6F 6B  24 06 00 11 4D 53 46 54   Notebook$...MSFT
00000020   97 00 00 00 00 00 00 00  9C 00 00 00 06 02 00 00   —.......œ.......
00000030   00 24 00 00 52 53 41 31  00 04 00 00 01 00 01 00   .$..RSA1........
00000040   6F 92 9D DC B3 79 EE 27  26 08 F8 DC 5B D8 5F 4B   o’Ü³yî'&.øÜ[Ø_K
00000050   21 34 AB 60 EC 90 C7 C2  D5 60 D5 F5 D9 82 F9 2E   !4«`ìÇÂÕ`ÕõÙ‚ù.
00000060   BE E8 43 38 D5 C2 5B 9E  25 B8 93 CD 15 B8 1B C3   ¾èC8ÕÂ[ž%¸“Í.¸.Ã
00000070   30 7D AD 55 69 79 BD 1A  7E 44 C8 BC 59 5A 17 BE   0}*Uiy½.~DÈ¼YZ.¾
00000080   81 AD EF EE 96 21 37 CC  8A 42 62 C6 14 05 09 21   *ïî–!7ÌŠBbÆ...!
00000090   69 7A E1 8C 4A CE D6 C8  18 78 78 86 2B 30 63 A6   izáŒJÎÖÈ.xx†+0c¦
000000A0   E5 64 B7 D2 14 5E 2B 44  BE 33 12 6B 6B A3 BD 9E   åd·Ò.^+D¾3.kk£½ž
000000B0   85 BB BE 6C E1 B1 33 C2  DA 91 80 F3 44 B4 CA 9F   …»¾lá±3ÂÚ‘€óD´ÊŸ
000000C0   01 00 00 00 B6 00 00 00  00 00 02 00 5F 41 53 55   ....¶......._ASU
000000D0   53 5F 4E 6F 74 65 62 6F  6F 6B 57 49 4E 44 4F 57   S_NotebookWINDOW
000000E0   53 20 00 00 00 00 00 00  00 00 00 00 00 00 00 00   S ..............
000000F0   00 00 00 00 00 00 24 B0  89 CF B1 F3 1D B8 7A 80   ......$°‰Ï±ó.¸z€
00000100   35 CB CD 4A C8 2F 84 CE  99 A0 4F 38 76 B0 04 F9   5ËÍJÈ/„Î™*O8v°.ù
00000110   6F 05 33 C7 EC A8 58 A6  D7 B7 3F 5B 82 B1 EE 2B   o.3Çì¨X¦×·?[‚±î+
00000120   A7 81 52 F3 45 13 CE EE  D5 57 37 FE 75 5F 5C 62   §RóE.ÎîÕW7þu_\b
00000130   C4 53 DA 86 F1 34 FA ED  91 86 73 9E D2 65 FD 8A   ÄSÚ†ñ4úí‘†sžÒeýŠ
00000140   3D 86 94 2F 2A 65 18 5C  D9 E5 7C 15 1E F2 08 C5   =†”/*e.\Ùå|..ò.Å
00000150   85 C4 8F 0B FA A5 C3 A9  B0 F1 B2 E7 6A 46 FB 18   …Ä.ú¥Ã©°ñ²çjFû.
00000160   01 5D 4C 36 33 DE FB E7  1D E8 15 C2 85 9F 8A A9   .]L63Þûç.è.Â…ŸŠ©
00000170   32 68 1F B4 BC A8                                  2h.´¼¨

BLUE – OEMID

RED – RSA modulus

ORANGE – RSA public exponent
Always: 01 00 01 00 (65537)

GREEN – Windows Marker version
Always: 00 00 02 00 (0×20000)

PURPLE – Size of the OEM Certificate’s licensing data.
Always: 92 00 00 00 (146 bytes)

this resources from crypto mydigitallife

original article，If reprint please Show source： Sourceslaptop parts blog

Permalink: identify OEM Certificates tutorial

If you enjoyed this post, make sure you subscribe to my RSS feed!

Shared Post

Tags: Certificates, identify, OEM, tutorial/ Posted in laptop parts knowledge

Rss Feed: Google Reader| More

identify OEM Certificates tutorial

Related Posts:

Shared Post

Leave a Reply

Translator

Categories

Recent Posts

Google FriendsConnect

Recent Comments

LINK

Meta

Views

Link

September 2010
M	T	W	T	F	S	S
« Jul
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30