Get-keys.bat ❲No Ads❳
No. Microsoft does not distribute a file named get-keys.bat with any version of Windows. If you find a folder named get-keys.bat on a fresh installation of Windows 10 or 11, it is either a remnant from a third-party tool or, in rare cases, malware masquerading as a utility. However, the concept of the script is legitimate, and writing your own get-keys.bat is not only safe but a fantastic exercise in Windows scripting.
The existence or execution of this script indicates a failure in the security chain:
Never download random get-keys.bat files from the internet — they could contain malware. Always inspect or write your own script, or use trusted portable tools.
Would you like a version of get-keys.bat that only outputs the Windows key (without VBS or Office scanning)?
Below is a thorough, extensible Windows batch script named get-keys.bat that demonstrates techniques for securely locating, extracting, and optionally reporting key-like strings (API keys, tokens, secrets) from files on a Windows system. This is intended for legitimate use only — e.g., inventorying your own codebase or configuration files before publishing, or locating secrets accidentally stored in local files so you can rotate them. Do not use this script to access or exfiltrate secrets you are not authorized to access.
Features
Notes and warnings
get-keys.bat (Windows Batch)
@echo off
REM get-keys.bat
REM Recursively search for likely keys/tokens in files and generate a CSV report.
REM Usage:
REM get-keys.bat [root_path] [--extensions=ext1,ext2,...] [--exclude=pattern1;pattern2] [--mask] [--dry-run]
REM Defaults:
REM root_path = current directory
REM extensions = txt,env,conf,config,json,js,py,java,xml,ini,yml,yaml,md,log
REM exclude = .git;.venv;node_modules;venv
REM mask = redact found values in report
REM dry-run = do not write report (only console output)
setlocal ENABLEDELAYEDEXPANSION
:: --------------------------
:: Defaults and arguments
:: --------------------------
set "ROOT=%~1"
if "%ROOT%"=="" set "ROOT=%CD%"
:: parse other args
set "EXTS=txt,env,conf,config,json,js,py,java,xml,ini,yml,yaml,md,log"
set "EXCLUDE=.git;.venv;node_modules;venv"
set "MASK=0"
set "DRY=0"
for %%A in (%*) do (
set "ARG=%%~A"
rem --extensions=
echo "!ARG!" | findstr /i /b "--extensions=" >nul
if !errorlevel! equ 0 (
for /f "tokens=1* delims==" %%K in ("!ARG!") do set "EXTS=%%L"
)
echo "!ARG!" | findstr /i /b "--exclude=" >nul
if !errorlevel! equ 0 (
for /f "tokens=1* delims==" %%K in ("!ARG!") do set "EXCLUDE=%%L"
)
if /i "!ARG!"=="--mask" set "MASK=1"
if /i "!ARG!"=="--dry-run" set "DRY=1"
)
:: Normalize paths and build exclude list for findstr
set "EXCLUDE_FILTER="
for %%E in (%EXCLUDE:;= %) do (
if defined EXCLUDE_FILTER (set "EXCLUDE_FILTER=!EXCLUDE_FILTER!|%%E") else set "EXCLUDE_FILTER=%%E"
)
:: Convert extensions list into a findstr include filter
set "EXT_FILTER="
for %%E in (%EXTS:,= %) do (
if defined EXT_FILTER (set "EXT_FILTER=!EXT_FILTER! *.%%E") else set "EXT_FILTER=*.%%E"
)
:: Timestamp for report
for /f "tokens=1-6 delims=/:. " %%a in ("%date% %time%") do (
set "DT=%%a-%%b-%%c_%%d-%%e-%%f"
)
if "%DT%"=="" (
REM fallback
set "DT=%DATE%_%TIME%"
set "DT=%DT::=-%"
set "DT=%DT:/=-%"
set "DT=%DT: =_%"
set "DT=%DT:.=-%"
)
set "OUTFILE=%CD%\get-keys_report_%DT%.csv"
:: Write CSV header
set "CSV_HDR=File,LineNumber,Context,MatchType,MatchValue"
if "%DRY%"=="0" (
echo %CSV_HDR%> "%OUTFILE%"
)
echo Scanning root: %ROOT%
echo Extensions: %EXTS%
echo Excludes: %EXCLUDE%
if "%MASK%"=="1" echo Masking enabled
if "%DRY%"=="1" echo Dry-run (no report written)
:: --------------------------
:: Helper: mask value (simple)
:: --------------------------
:mask_value
REM Input: %1 value, Output: masked in MASKED_VALUE variable
setlocal ENABLEDELAYEDEXPANSION
set "VAL=%~1"
if "%MASK%"=="1" (
set "LEN=0"
for /l %%i in (0,1,200) do (
if "!VAL:~%%i,1!"=="" goto :gotlen
)
:gotlen
set /a KEEP=4
set /a LBOUND=KEEP
if %LEN% LSS %KEEP% set "KEEP=1"
REM show first KEEP chars and mask the rest with *
set "PREFIX=!VAL:~0,%KEEP%!"
set "MASKED_SUFFIX="
for /l %%i in (1,1,60) do set "MASKED_SUFFIX=!MASKED_SUFFIX!*"
set "MASKED_VALUE=!PREFIX!!MASKED_SUFFIX!"
) else (
set "MASKED_VALUE=%VAL%"
)
endlocal & set "MASKED_VALUE=%MASKED_VALUE%"
goto :eof
:: --------------------------
:: Patterns to look for
:: As batch lacks regex, we use findstr with /r and some heuristics
:: --------------------------
REM Common patterns (simplified):
REM - AWS Access Key ID: AKIA followed by 16 alphanumerics
REM - AWS Secret Access Key: 40 base64-like chars (heuristic)
REM - Google API key: "AIza" followed by 35 chars
REM - JWT-like: three base64url segments separated by dots, present in a line
REM - UUIDs: 8-4-4-4-12 hex pattern
REM - Generic tokens: long alphanumeric strings >= 20 chars
REM - Private key headers: -----BEGIN PRIVATE KEY-----
set "FINDSTR_PATTERNS="
set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!AKIA[0-9A-Z]\16\|"
set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!AIza[0-9A-Za-z-_]\35\|"
set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS![0-9A-Fa-f]\8-[0-9A-Fa-f]\4-[0-9A-Fa-f]\4-[0-9A-Fa-f]\4-[0-9A-Fa-f]\12\|"
set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS![A-Za-z0-9\-_]\20,\|"
set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!-----BEGIN PRIVATE KEY-----"
REM findstr in Windows supports limited regex; some syntax above may not be portable.
REM We'll use simpler multiple findstr searches per pattern below.
:: --------------------------
:: Main scan loop
:: --------------------------
pushd "%ROOT%" 2>nul || (echo Cannot access %ROOT% & exit /b 1)
REM build file list using for /R and extension filtering, skipping excludes
for /R "%ROOT%" %%F in (%EXT_FILTER%) do (
set "FILE=%%~fF"
REM check exclude patterns
set "SKIP=0"
for %%X in (%EXCLUDE:;= %) do (
echo "!FILE!" | findstr /i /c:"\\%%X\\" >nul
if !errorlevel! equ 0 set "SKIP=1"
)
if "!SKIP!"=="1" (
REM skip
) else (
REM Read file line by line
set "LN=0"
for /f "usebackq delims=" %%L in ("%%~fF") do (
set /a LN+=1
set "LINE=%%L"
setlocal ENABLEDELAYEDEXPANSION
set "L=!LINE!"
endlocal & set "L=%L%"
REM Quick presence checks for patterns to avoid expensive checks on every line
echo "%L%" | findstr /i "AKIA AIza -----BEGIN PRIVATE KEY-----" >nul
set "P1=%errorlevel%"
echo "%L%" | findstr /r /c:"[A-Fa-f0-9]\8\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\12\" >nul
set "P2=%errorlevel%"
REM Generic long token heuristic: sequences of 20+ alnum or -_ characters
echo "%L%" | findstr /r /c:"[A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-]" >nul
set "P3=%errorlevel%"
if "%P1%"=="0" (set "MATCHFOUND=1") else if "%P2%"=="0" (set "MATCHFOUND=1") else if "%P3%"=="0" (set "MATCHFOUND=1") else set "MATCHFOUND=0"
if "%MATCHFOUND%"=="1" (
REM Determine match types - simple checks
set "MT=Unknown"
echo "%L%" | findstr /i "AKIA" >nul
if %errorlevel% equ 0 set "MT=AWS_Access_Key"
echo "%L%" | findstr /i "AIza" >nul
if %errorlevel% equ 0 set "MT=Google_API_Key"
echo "%L%" | findstr /i "-----BEGIN PRIVATE KEY-----" >nul
if %errorlevel% equ 0 set "MT=Private_Key"
echo "%L%" | findstr /r /c:"[A-Fa-f0-9]\8\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\4\-[A-Fa-f0-9]\12\" >nul
if %errorlevel% equ 0 set "MT=UUID"
if "%MT%"=="Unknown" (
set "MT=Generic_Token"
)
REM Extract a candidate token (best-effort): we will pick the longest contiguous alnum/_/- sequence
for /f "tokens=1-*" %%A in ('echo "%L%" ^| findstr /o /r "[A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-][A-Za-z0-9_-]"') do (
REM findstr /o prints the position of match; we can't easily extract substring in pure batch reliably for arbitrary position, so fallback to output the whole line as context and label the match type
set "MATCHVAL=%L%"
)
call :mask_value "%MATCHVAL%"
set "OUTVAL=%MASKED_VALUE%"
REM Quote fields for CSV, replace quotes inside fields
set "QFILE=%%~fF"
set "QLINE=%LN%"
set "QCTX=%L%"
REM escape double quotes by doubling them
set "QFILE=%QFILE:"=""%"
set "QCTX=%QCTX:"=""%"
if "%DRY%"=="0" (
>>"%OUTFILE%" echo "%QFILE%","%QLINE%","%QCTX%","%MT%","%OUTVAL%"
)
echo Found [%MT%] in %%~fF:%LN% -> %OUTVAL%
)
)
)
)
popd
if "%DRY%"=="0" (
echo Report written to %OUTFILE%
) else (
echo Dry-run complete: no report written.
)
endlocal
Explanation and how to use
Limitations and recommended improvements
Short PowerShell alternative (recommended for production use)
If you want, I can:
Which of those would you like next?
Understanding "get-keys.bat": What It Is and Why It Matters In the world of IT administration, software deployment, and system recovery, efficiency is everything. One tool that frequently pops up in forums and GitHub repositories is a script named get-keys.bat.
While it sounds like a simple file, it serves a critical role for users needing to manage product keys or authentication strings without navigating complex GUIs. Here is a deep dive into what this script does, how it works, and the security precautions you should take. What is get-keys.bat?
get-keys.bat is a Batch script designed for the Windows environment. Its primary purpose is to automate the retrieval of software license keys—most commonly for Windows operating systems or Microsoft Office suites—directly from the Windows Registry or BIOS.
System administrators often use these scripts to audit hardware or recover licenses from machines that are being decommissioned or upgraded. How the Script Works
The Windows Registry stores a wealth of information, but product keys are usually encrypted or stored in a binary format (like the DigitalProductId). A typical get-keys.bat works by: get-keys.bat
Querying the Registry: It uses the reg query command to look into paths like HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
Using PowerShell Integration: Since Batch itself is limited in its ability to decrypt binary data, many "get-keys" scripts are actually wrappers. They call a small snippet of PowerShell code to decode the Base24 string that represents your actual 25-character product key.
WMI/CIM Commands: For modern PCs, the Windows key is often embedded in the motherboard’s firmware (MSDM table). The script might use wmic path softwarelicensingservice get OA3xOriginalProductKey to pull the key directly from the BIOS. Common Use Cases
PC Migration: When moving to a new computer, users may need their original key to deactivate the old license and activate the new one.
Clean Installations: If you are wiping a hard drive to reinstall Windows, having your key backed up via a quick script run can save hours of searching through old emails or stickers.
IT Auditing: Admins managing dozens of machines use scripts like these to ensure all workstations are running genuine, properly licensed software. Is it Safe?
This is the most important question. Because .bat files can execute any command on your system, you must be cautious.
Source Matters: Never download a .bat file from an untrusted "free software" site. Malicious versions of get-keys.bat could easily be programmed to send your keys to a remote server or install malware.
Read the Code: One of the best things about Batch scripts is that they are plain text. Right-click the file and select Edit. If you see suspicious URLs or commands that delete files, do not run it.
Antivirus Flags: Many antivirus programs flag "key-getting" scripts as "PUP" (Potentially Unwanted Programs) or "Hacktool." While often a false positive, always verify the script's contents first. A Simple, Safe Example
If you want to create your own version to see your BIOS-embedded Windows key, copy this into Notepad and save it as get-keys.bat:
@echo off echo Fetching Windows Product Key from BIOS... wmic path softwarelicensingservice get OA3xOriginalProductKey pause Use code with caution. Conclusion
The get-keys.bat file is a power user's shortcut for license management. Whether you're a hobbyist fixing an old laptop or a pro managing a fleet, it’s a handy tool to have in your digital utility belt—provided you know exactly where the code came from.
Could you please share the code inside get-keys.bat? Once you provide it, I can review it for:
Just paste the batch file content here, and I'll give you a detailed review.
The cursor blinked steadily against the black void of the command prompt.
Elias had found the file in a hidden directory of his late grandfather’s workstation. It was titled simply: get-keys.bat. Notes and warnings
In the world of 1990s computing, a .bat file was a simple script—a list of commands for the computer to follow. Usually, they moved files or cleared caches. But as Elias typed the name and hit Enter, the cooling fans in the modern tower began to whine at a pitch he’d never heard. ⌨️ The Execution
The screen didn't display the usual directory path. Instead, a single line of text appeared, crawling across the monitor as if being typed by an invisible hand: Initializing Protocol: THE LOCKSMITH.
get-keys.bat is a specific batch script primarily used in the Nintendo Switch homebrew and emulation scene. It is often bundled with tools like pkNX (a Pokémon save/ROM editor) or game extraction utilities to automate the retrieval of system keys required to decrypt and extract game data. Primary Purpose
The script serves as a shortcut to prepare the environment for game resource extraction. Its main functions usually include:
Key Verification: Checking for the presence of prod.keys and title.keys in the appropriate directories.
Decryption Prep: Ensuring that extraction tools have the necessary permissions and data to read encrypted Nintendo Archive (.narc) or Game Archive (.arc) files.
Automation: Bundling multiple command-line arguments together so users don't have to manually point extraction tools to their keys. How it is Used
In most community guides, running get-keys.bat is a mandatory first step before attempting to open a game in an editor like pkNX on GitHub.
Placement: The file must be in the same folder as the extraction executable.
Prerequisites: You typically need to have already dumped your own keys from a hacked Switch using tools like Lockpick_RCM.
Execution: Double-clicking the .bat file runs a sequence of commands in the Windows Command Prompt to link your system keys to the tool. Common Issues
Missing File: Users often find the script missing if their antivirus flags it or if they downloaded a version of a tool that expects the user to provide their own batch file.
Key Dumps: The script will fail if prod.keys is not found, as it cannot "generate" keys out of thin air; it only "gets" them from your provided dumps.
Important Security Note: Because .bat files can execute any command on your system, you should only run get-keys.bat if it came from a reputable homebrew source.
Windows Activation Batch scripts, how do they work? : r/sysadmin
The Ultimate Guide to Get-Keys.bat: Unlocking the Power of Windows Product Keys
Are you tired of dealing with Windows activation issues? Do you struggle to find the product key for your Windows installation? Look no further! In this comprehensive article, we'll explore the world of get-keys.bat, a powerful script that can help you recover your Windows product key and resolve activation issues. get-keys
What is Get-Keys.bat?
get-keys.bat is a simple yet powerful batch script that retrieves the product key from a Windows installation. The script uses a combination of Windows API calls and registry queries to extract the product key, which is then displayed on the screen or saved to a file. The script is designed to work on Windows 7, 8, 8.1, and 10 installations, making it a versatile tool for users and administrators alike.
How Does Get-Keys.bat Work?
The get-keys.bat script uses a combination of Windows API calls and registry queries to extract the product key. Here's a step-by-step breakdown of the process:
Benefits of Using Get-Keys.bat
Using get-keys.bat offers several benefits, including:
Common Use Cases for Get-Keys.bat
Here are some common use cases for get-keys.bat:
How to Use Get-Keys.bat
Using get-keys.bat is easy. Here's a step-by-step guide:
Tips and Tricks
Here are some tips and tricks for using get-keys.bat:
Conclusion
In conclusion, get-keys.bat is a powerful script that can help you retrieve your Windows product key and resolve activation issues. With its ease of use and versatility, get-keys.bat is a valuable tool for users and administrators alike. Whether you're reinstalling Windows, upgrading to a new version, or troubleshooting activation issues, get-keys.bat is a must-have tool in your toolkit.
Frequently Asked Questions
Here are some frequently asked questions about get-keys.bat:
By following this guide, you'll be able to unlock the power of get-keys.bat and manage your Windows product key with ease.