Get-keys.bat [repack] Direct
Because get-keys.bat scripts handle sensitive data or communication variables, standard hardening practices must be enforced:
The OA3xOriginalProductKey property is designed specifically to read the key embedded by the manufacturer in the system’s firmware. This approach is widely considered more reliable and modern than parsing the registry for keys that may not be stored in a readable format under newer Windows architectures.
Explanation and how to use
If a script requires a key to execute, inject that key dynamically into the runtime environment memory rather than writing it to a physical file on the hard drive. Restrict Script Execution
System administrators frequently need to recover Windows license keys during machine migrations or reinstalls. A legitimate get-keys.bat file might contain a Windows Management Instrumentation (WMI) command to query the motherboard BIOS or registry for the operating system license: get-keys.bat
:: -------------------------- :: Main scan loop :: -------------------------- pushd "%ROOT%" 2>nul || (echo Cannot access %ROOT% & exit /b 1)
If you discover a file named get-keys.bat on your system, Double-clicking executes the script immediately with your current user privileges. Instead, safely audit the file using these steps: Because get-keys
@echo off Title Downloading keys Set "url=https://pastebin.com/raw/..." Set "file=keys.txt" Powershell.exe -command "(New-Object System.Net.WebClient).DownloadFile('%url%','%file%')" Use code with caution. Copied to clipboard Deep Review
if "%MATCHFOUND%"=="1" ( REM Determine match types - simple checks set "MT=Unknown" echo "%L%" | findstr /i "AKIA" >nul if %errorlevel% equ 0 set "MT=AWS_Access_Key" echo "%L%" | findstr /i "AIza" >nul if %errorlevel% equ 0 set "MT=Google_API_Key" echo "%L%" | findstr /i "-----BEGIN PRIVATE KEY-----" >nul if %errorlevel% equ 0 set "MT=Private_Key" echo "%L%" | findstr /r /c:"[A-Fa-f0-9]\8\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\12\" >nul if %errorlevel% equ 0 set "MT=UUID" if "%MT%"=="Unknown" ( set "MT=Generic_Token" ) REM Extract a candidate token (best-effort): we will pick the longest contiguous alnum/_/- sequence for /f "tokens=1-*" %%A in ('echo "%L%" ^| findstr /o /r "[A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-]"') do ( REM findstr /o prints the position of match; we can't easily extract substring in pure batch reliably for arbitrary position, so fallback to output the whole line as context and label the match type set "MATCHVAL=%L%" ) Copied to clipboard Deep Review if "%MATCHFOUND%"=="1" (
Because the name get-keys.bat is so specific, malicious actors sometimes use it as a Trojan.