Can a unique ID be created for each PC?

  • Thread starter Thread starter Robert
  • Start date Start date
R

Robert

I am helping in the development of a shareware program and we would
like to find a way to link our registration codes to the physical
machines our software is installed on.

We need a reliable way to tell if the machine our software is run on is
the same machine it was installed on.

Could you please suggest a reliable way to create such a unique
identification number for each PC our software is installed on?

Or could you please direct us to a good (Internet) source of
information?

Thank you very much for any help.
 
Cant tell you exactly how to do it, but the idea would be to do it the
same way MS does WPA. (windows product activation). You associate your
reg codes to the hardware config of the machine its installed on. Create
a "hardware hash" which is made up of a number of hardware components
that characterize the machine. The hash is then combined with the reg
codes to give you the Installation ID. Which is then verified by you
before or during the install.
 
Project722 said:
Cant tell you exactly how to do it, but the idea would be to do it
the same way MS does WPA. (windows product activation). You associate
your reg codes to the hardware config of the machine its installed
on. Create a "hardware hash" which is made up of a number of hardware
components that characterize the machine. The hash is then combined
with the reg codes to give you the Installation ID. Which is then
verified by you before or during the install.
_________________________________
Hi!
Big PC manufacturers make thousands of completely identical PCs with
same motherboard, chipset, BIOS, graphic card, OS.
We need to find a way to create a unique ID even on these
run-of-the-mill PCs.
 
Thats why you configure your software to generate unique installation
ID's, taken from the combination of the hardware hash(which doesn't have
to be the same just because the hardware is the same on all machines)
and your reg codes.
 
Robert said:
_________________________________
Hi!
Big PC manufacturers make thousands of completely identical PCs with
same motherboard, chipset, BIOS, graphic card, OS.
We need to find a way to create a unique ID even on these
run-of-the-mill PCs.

Even so, serial numbers on the hard drive and processor would be different,
as would the mac address on the network card, if it existed. And the serial
number on the motherboard as well. You could pick one or more of those as
your ID, but whatever you choose, you will have users who will tell you that
they upgraded that component and want to keep the software.
 
D.Currie said:
Even so, serial numbers on the hard drive and processor would be
different, as would the mac address on the network card, if it
existed. And the serial number on the motherboard as well. You could
pick one or more of those as your ID, but whatever you choose, you
will have users who will tell you that they upgraded that component
and want to keep the software.
_________________________________

Hi!
Thanks to everybody for the help.
Could anyone give some indication on how to proceed programmatically to
get all these hardware serial numbers?
 
From MSDN this is an API you can use to get the MAC address... Hope it
helps.

FILTEROBJECT

The FILTEROBJECT structure defines a single object of a display filter. The
FilterAddObject function uses FILTEROBJECT to build a display filter.


typedef struct _FILTEROBJECT { FILTERACTIONTYPE Action; HPROPERTY
hProperty; union { VALUETYPE Value; HPROTOCOL hProtocol; LPVOID
lpArray; LPPROTOCOLTABLETYPE lpProtocolTable; LPADDRESS lpAddress;
ULPLARGEINT lpLargeInt; ULPTIME lpTime; LPOBJECT_IDENTIFIER lpOID; };
union { WORD ByteCount; WORD ByteOffset; }; struct _FILTEROBJECT*
pNext;
} FILTEROBJECT, *LPFILTEROBJECT;Members
Action
Flag that specifies the FILTEROBJECT action. A flag can specify a
property, value, or operator.
The following table lists Action member property flags.

Value Meaning
FILTERACTION_PROPERTY Contains this property.
FILTERACTION_PROPERTYEXIST Indicates that a filter action property
is already defined.

The following table lists Action member value flags.

Value Meaning
FILTERACTION_VALUE Contains this value.
FILTERACTION_STRING Contains this string.
FILTERACTION_ARRAY Contains this array.
FILTERACTION_CONTAINSNC Indicates that a property contains a
case-insensitive substring.
FILTERACTION_CONTAINS Indicates that a property contains a case
sensitive substring.
FILTERACTION_ADDRESS Contains the MAC address.
FILTERACTION_ADDRESSANY Matches any MAC address.
FILTERACTION_FROM Indicates the From MAC address.
FILTERACTION_TO Indicates the To MAC address.
FILTERACTION_FROMTO Indicates a From/To pairing of MAC addresses.
FILTERACTION_LARGEINT Contains a large integer.
FILTERACTION_TIME Contains a SYSTEMTIME structure.
FILTERACTION_ADDR_ETHER Contains an Ethernet MAC address.
FILTERACTION_ADDR_TOKEN Contains a token ring MAC address.
FILTERACTION_ADDR_FDDI Contains a FDDI MAC address.
FILTERACTION_ADDR_IPX Contains an IPX MAC address.
FILTERACTION_ADDR_IP Contains an IP MAC address.
FILTERACTION_OID Contains an Object Identifier (OID).

The following table lists Action member operator flags.

Value Meaning
FILTERACTION_INVALID Indicates an invalid filter action.
FILTERACTION_AND Indicates a logical AND statement.
FILTERACTION_OR Indicates a logical OR statement.
FILTERACTION_XOR Indicates a logical exclusive OR (XOR) statement.
FILTERACTION_NOT Indicates a logical NOT statement.
FILTERACTION_EQUALNC Filter action is equal and case insensitive.
FILTERACTION_EQUAL Filter action is equal and case sensitive.
FILTERACTION_NOTEQUALNC Logical NOT statement is equal and case
insensitive.
FILTERACTION_NOTEQUAL Logical NOT statement is equal and is case
sensitive.
FILTERACTION_GREATERNC Filter action is greater than (>) and case
insensitive.
FILTERACTION_GREATER Filter action is greater than (>) and case
sensitive.
FILTERACTION_LESSNC Filter action is less than (<) and case
insensitive.
FILTERACTION_LESS Filter action is less than (<) and case sensitive.
FILTERACTION_GREATEREQUALNC Filter action is greater than or equal
to (>=) and case insensitive.
FILTERACTION_GREATEREQUAL Filter action is greater than or equal to
(>=) and case sensitive.
FILTERACTION_LESSEQUALNC Filter action is less than or equal to (<=)
and case insensitive.
FILTERACTION_LESSEQUAL Filter action is less than or equal to (<=)
and is case sensitive.
FILTERACTION_PLUS Add operator (+).
FILTERACTION_MINUS Subtract operator (-).
FILTERACTION_AREBITSON Indicates BIT-wise operation.
FILTERACTION_AREBITSOFF Indicates non-BIT-wise operation.
FILTERACTION_PROTOCOLSEXIST Indicates that the selected protocols
exist.
FILTERACTION_PROTOCOLEXIST Indicates that the selected protocol
exists.
FILTERACTION_ARRAYEQUAL Indicates that array contents are equal. The
flag must be used with a FILTERACTION_ARRAY structure.
FILTERACTION_DEREFPROPERTY Describes a pattern match at an offset
(in bytes), from the protocol.
FILTERACTION_OID_CONTAINS Evaluates a substring within an object
identifier. The action must be used with the FILTERACTION_OID structure.
FILTERACTION_OID_BEGINS_WITH Evaluates a substring that begins an
object identifier. The flag must be used with FILTERACTION_OID.
FILTERACTION_OID_ENDS_WITH Evaluates a substring that ends an object
identifier. The flag must be used with FILTERACTION_OID.
FILTERACTION_ADDR_VINES Contains a Vines MAC address.
FILTERACTION_EXPRESSION Contains an action expression.
FILTERACTION_BOOL Contains a BOOL data type.
FILTER_DIRECTION_NEXT Controls sequential direction (Next frame)
within a capture file.
FILTER_DIRECTION_PREV Controls sequential direction (Previous frame)
within a capture file.

hProperty
Handle to a property key.
Value
Value of an object.
hProtocol
Handle to display filter protocol.
lpArray
Pointer to an array.
lpProtocolTable
Pointer to a protocol list designed to test the existence of protocol in a
frame.
lpAddress
Pointer to the kernel type address. For example, MAC or IP.
lpLargeInt
Double DWORD used in Windows NT/Windows 2000 applications.
lpTime
Pointer to a SYSTEMTIME structure.
lpOID
Pointer to the OBJECT_IDENTIFIER (OID) structure.
ByteCount
Number of bytes in the frame.
ByteOffset
Offset byte value of the FILTEROBJECT structure used to compare arrays.
pNext
Reserved.
Requirements
Client: Included in Windows XP, Windows 2000 Professional, and Windows NT
Workstation 4.0.
Server: Included in Windows Server 2003, Windows 2000 Server, and Windows NT
Server 4.0.
Header: Declared in Filter.h.





Joshua Smith
DirectInput Test Lab
Microsoft
 
Robert said:
I am helping in the development of a shareware program and we would
like to find a way to link our registration codes to the physical
machines our software is installed on.

We need a reliable way to tell if the machine our software is run on
is the same machine it was installed on.

Could you please suggest a reliable way to create such a unique
identification number for each PC our software is installed on?

Or could you please direct us to a good (Internet) source of
information?

Thank you very much for any help.
_________________________________

Hi again!
Actually processor IDs are either inexistent or unretrievable.
Other people suggested using the MAC address of the netowrk card.
But many PCs have no such card.
Others also suggested getting information from the registry or writing
registration codes into the registry. But any hacker could easily
outwit these naive tactics.

Apparently the best approach would be to retrieve

the CPU make and model
the motherboard chipset make model and serial number
the motherboard make, model and serial number
the BIOS type and serial number
the OS type and version
the graphic card make model and serial number

and build a unique ID from these.

The problem is how can one retrieve all this information
programmatically from a host PC?
 
If you are looking for a reasonable means of securing a registration key you
can use the LsaStorePrivateData() API to encrypt private data. If you don't
use MSDN there is a lot of good information about security and encryption,
among everything else.

This link discusses the LsaStorePrivateData() API:
http://msdn.microsoft.com/library/d...-us/security/security/lsastoreprivatedata.asp

This is the MSDN home page you can use for research:
http://msdn.microsoft.com/library/default.asp

Joshua Smith
DirectInput Test Lab
Microsoft
 
Joshua said:
If you are looking for a reasonable means of securing a registration
key you can use the LsaStorePrivateData() API to encrypt private
data. If you don't use MSDN there is a lot of good information about
security and encryption, among everything else.

This link discusses the LsaStorePrivateData() API:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secur
ity/security/lsastoreprivatedata.asp

This is the MSDN home page you can use for research:
http://msdn.microsoft.com/library/default.asp

Joshua Smith
DirectInput Test Lab
Microsoft
_________________________________

Hi!
Thanks for the tip about encryption but encryption would not help.
Before doing encryption (which we already have), we need to find a way
to create a unique hardware ID for each physical machine our software
is installed on. In other words, we need to make sure that the machine
our software is running on is the same machine it was originally and
uniquely installed on. As I already said, the problem is how can one
retrieve all necessary hardware information programmatically from a
host PC?
 
Robert said:
I am helping in the development of a shareware program and we would
like to find a way to link our registration codes to the physical
machines our software is installed on.

We need a reliable way to tell if the machine our software is run on
is the same machine it was installed on.

Could you please suggest a reliable way to create such a unique
identification number for each PC our software is installed on?

Or could you please direct us to a good (Internet) source of
information?

Thank you very much for any help.
_________________________________

Hi, everybody!
I am posting this so that it might benefit others who have taken
interest in this thread.
Simon Trew in another newsgroup directed me to a gold mine of
information about retrieving a computer’s hardware specifics. It can be
found at
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scri
ptcenter/compmgmt/ScrCM39.asp>
On that same page there are also plenty of sibling topics available
from the menu on the left under “Computer Management”.
 
XP already has such a subsystem built in; it's what Windows Product
Activation uses. But it's not exported for use by other software
vendors, so we can look forward to a mess of different systems bogging
down the PC, conflicting with each other, complicating attempts to
troubleshoot problems (remember all those tshooting advisories that
start with "remove all unessential hardware"?), releasing
false-positive DoS attacks after HD replacement and so on.

Is that the company you want to keep?

If you uniquely identify each PC, then you also assume the
responsibility of keeping that identifier private - else you infringe
the user's privacy rights by providing a tracking hook.

....build relationships with your customers and provide sufficient
per-customer value so they will want to pay for it :-)

When things go wrong with a PC, so that it needs new parts, repair,
etc., the customer's feelings towards the industry will be at a
particularly low ebb. At such times, any additional complications
arising from the self-interest of software vendors (especially where
the customer has paid for the sware) will be unfondly remembered.

So, be careful what you wish for!


--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
 
cquirke said:
run >> >> is the same machine it was installed on.

XP already has such a subsystem built in; it's what Windows Product
Activation uses. But it's not exported for use by other software
vendors, so we can look forward to a mess of different systems bogging
down the PC, conflicting with each other, complicating attempts to
troubleshoot problems (remember all those tshooting advisories that
start with "remove all unessential hardware"?), releasing
false-positive DoS attacks after HD replacement and so on.

Is that the company you want to keep?


If you uniquely identify each PC, then you also assume the
responsibility of keeping that identifier private - else you infringe
the user's privacy rights by providing a tracking hook.


...build relationships with your customers and provide sufficient
per-customer value so they will want to pay for it :-)

When things go wrong with a PC, so that it needs new parts, repair,
etc., the customer's feelings towards the industry will be at a
particularly low ebb. At such times, any additional complications
arising from the self-interest of software vendors (especially where
the customer has paid for the sware) will be unfondly remembered.

So, be careful what you wish for!



Dreams are stack dumps of the soul
_________________________________

Hi!
Our registration scheme will not be a “built-in Windows subsystem” at
all.

Only our software will attempt to make sure that it has been paid for.
According to our own standards, this is perfectly legitimate.

This will be a purely proprietary scheme with no real or potential
conflicts with the host OS. Of course, all this personal information
will be treated with complete confidentiality, just as all registration
information is.

Users will be informed right from the start that any major change(s) in
their hardware setup will entail a need for reactivation. Then they
will have to get in touch with us to get a new registration code. No
questions will be asked. But people changing several major hardware
components within one single year will be treated as special cases. To
be honest, we doubt that there will be any at all. Fee dodgers will not
even bother to get in touch with us. Most other people will not be
changing hardware so frequently. And people doing so in good faith will
not mind if we get curious.

As you might not be aware, currently there are quite a number of
hackers’ sites on the Web offering free hacked registration codes for
all major software. We do not believe that users who can get such
registration codes for free will bother to pay our fees. Even if we
provide the best value for money there is.

We might sound cynical, but we do not have such blind unquestioning
faith in human nature.

On the other hand, we believe that only a very small fraction of our
customers (if any) will actually change major hardware components so
frequently.

To end on a personal note, I have a motherboard with built-in network
card. Windows XP had been activated with network enabled. Then because
I had no longer any use for it, I uninstalled all network hardware and
software from my PC. I immediately got a message from Windows asking me
to reactivate. I did so without even giving it a thought. It seemed
only natural to me. My version of Windows is a genuine fully-paid,
fully-registered version. I did not see any problem when I was asked
to reactivate. Neither my good faith nor Microsoft’s had really been
questioned.
 
cquirke (MVP Win9x) wrote:
Our registration scheme will not be a built-in Windows subsystem at
all.

IOW, it doesn'r underfoot like NAV's current nightmare, or DRM stuff
that patches into critical data streams ("sorry we wiped out your data
after you upgraded your xIDE drivers, but we feel that's an acceptible
price to protect our interests (esp. as *we* aren't paying it)")

That's guuud :-)
Only our software will attempt to make sure that it has been paid for.
According to our own standards, this is perfectly legitimate.

Sure. As this is a public forum, I was writing not just to you, but
to all of us who may be considering such strategies.

I'd consider this approach if I was producing a large foreground
application with small distribution, preferably local. This situation
creates the need (fixed development costs borne by fewer shoulders,
thus costly anyway, and any license leakage really hurts everyone) and
the opportunity (small local client base facilitates a personal
vendor-client relationship) and likely acceptance.

If doing a large foreground application with large global
distribution, I might be tempted to swallow the one-off cost of
developing a hardware USB dongle rather than take on the open-ended
committment to manage incoming calls for the next decade.

With both approaches, the revenue gains can suddenly collapse if the
protection is cracked - and this is harder to shore up if
fire-and-forget hardware dongles are involved. Small-volume products
are unlikely to provide an ROI for factory conterfeit dongle or CD
production, but a global money-spinner might be.


If OTOH your product is general-purpose, then I'd reconsider. The
question to ask is: If all products in my category did the same thing,
would the result be sustainable for the user?

Imagine if you had to phone WinZip, Acrobat Reader, NAV, DiskKeeper
Lite, QuickTime, Real Networks, BitWare fax, Eudora, Netscape, DVD
Player, Photoshop, Corel, Encarta, The Sims etc. every time your
hardware blinked. If your software is in the same general category as
this and it's unacceptable for all of these vendors to take your
approach, what's so special about you? More to the point, why would
clients accept the hassle factor for a non-unique product for which
several hassle-free alternatives exist?

That's why I suggest doing this only for the sort of large foreground
apps that are typically the sole purpose of the PC; things like
AutoCAD, custom business-critical accounting apps, etc.
This will be a purely proprietary scheme with no real or potential
conflicts with the host OS. Of course, all this personal information
will be treated with complete confidentiality, just as all registration
information is.

Registration is usually voluntary, and those who choose not to
register generally do so for privacy reasons. Why trust other
entities that are beyond your control, if you don't have to?
Users will be informed right from the start that any major change(s) in
their hardware setup will entail a need for reactivation. Then they
will have to get in touch with us to get a new registration code.

Free phone call? 24/7 or business hours? If business hours, then how
does that shake out for different time zones?
No questions will be asked. But people changing several major
hardware components within one single year will be treated as
special cases. To be honest, we doubt that there will be any at
all. Fee dodgers will not even bother to get in touch with us.

No, they'll use the inevitable cracked version instead :-(
Most other people will not be changing hardware so frequently.
And people doing so in good faith will not mind if we get curious.

As you might not be aware, currently there are quite a number of
hackersÕ sites on the Web offering free hacked registration codes for
all major software. We do not believe that users who can get such
registration codes for free will bother to pay our fees. Even if we
provide the best value for money there is.

This is true, but you may find yourself competing with a free
"cracked" version that is percieved to offer better value (if the
scheme turns out to be a pain). In fact, you can create the
opportunity to *sell* the cracked version, which can lead to a more
driven distribution of same.
We might sound cynical, but we do not have such blind unquestioning
faith in human nature.

Call me cynical as well, then (if you haven't yet!)
On the other hand, we believe that only a very small fraction of our
customers (if any) will actually change major hardware components so
frequently.

If you are innocent, you have nothing to fear! ;-)
To end on a personal note, I have a motherboard with built-in network
card. Windows XP had been activated with network enabled. Then because
I had no longer any use for it, I uninstalled all network hardware and
software from my PC. I immediately got a message from Windows asking me
to reactivate. I did so without even giving it a thought. It seemed
only natural to me. My version of Windows is a genuine fully-paid,
fully-registered version. I did not see any problem when I was asked
to reactivate. Neither my good faith nor MicrosoftÕs had really been
questioned.

--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
 
_________________________________

Hi again!
Actually processor IDs are either inexistent or unretrievable.
Other people suggested using the MAC address of the netowrk card.
But many PCs have no such card.
Others also suggested getting information from the registry or writing
registration codes into the registry. But any hacker could easily
outwit these naive tactics.

Apparently the best approach would be to retrieve

the CPU make and model
the motherboard chipset make model and serial number
the motherboard make, model and serial number
the BIOS type and serial number
the OS type and version
the graphic card make model and serial number

and build a unique ID from these.

The problem is how can one retrieve all this information
programmatically from a host PC?


Can you use the Microsoft SSID for the system ? This
is a long number for which the MAC address is one factor,
but MSrealized that a NIC card may not exist so they
create some random number. SSIDs are large enough that
they are probably globally unique, even without a MAC #.

Of course if you are writing portable software you are
out of luck.
 
Back
Top