Using the Drive Serial Number for protection

  • Thread starter Thread starter Damon Heron
  • Start date Start date
D

Damon Heron

I do on-site installs of my db software. I get the HD serial number of the
drive where I install the db, and make that a constant prior to splitting
and converting to an MDE. The user's license is for single-copy use. On
some key forms of the db, I have a test to compare the current HD serial #
with the constant I established on installation. If they don't match, then
a msg asks the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing unauthorized
copies of my app from being distributed?

TIA
Damon
 
Damon Heron said:
I do on-site installs of my db software. I get the HD serial number of the
drive where I install the db, and make that a constant prior to splitting
and converting to an MDE. The user's license is for single-copy use. On
some key forms of the db, I have a test to compare the current HD serial #
with the constant I established on installation. If they don't match, then
a msg asks the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing unauthorized
copies of my app from being distributed?

Yes, that would work depending on how you are getting the HD serial
number. Are you using the S.M.A.R.T. API calls to get the true serial
number or the Volume Serial Number? If the Volume Serial Number then
that can be duplicate quite easily using free tools.

However the biggest problem is user acceptance. What happens if the
computer dies or the hard drive dies or you go out of business? At
the very least allow the user to use your product say 10 times before
canceling them out. In this case I'd suggest using database
properties as those can only be located programmatically. Someone
poking about in tables or the registry wouldn't see those.

Tools available from sites such as sysinternals.com can crack any
method you use to store a future date anywhere on a system such as in
the registry or a file. Unless it's encrypted. But even then if you
delete the date from wherever it's stored your app may think it's just
installed.

Thus I prefer to limit the number of records in one key table such as
5 units or 50 volunteers but allow unlimited access for everything
else. Once I get paid then I email them an encrypted file containing
the number of records they are licensed for as well as their company
name which goes on the bottom of every page of every report.

For more of my thoughts on this topic see the "Copy protection or how
to safely distribute a demo Microsoft Access Application" page at
http://www.granite.ab.ca/access/demo.htm

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
 
Thanks for the advice, Tony. I will consider all of your suggestions!
BTW- I am using the API calls.

Damon
 
I do on-site installs of my db software. I get the HD serial
number of the drive where I install the db, and make that a
constant prior to splitting and converting to an MDE. The user's
license is for single-copy use. On some key forms of the db, I
have a test to compare the current HD serial # with the constant I
established on installation. If they don't match, then a msg asks
the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing
unauthorized copies of my app from being distributed?

Are you encrypting your MDE? If not, somebody could browse the raw
file and edit the serial number.

I'd suggest you use some form of encryption. You could put an MD5
hash as your constant, and calculate it in your code from the actual
drive serial number, for instance. Or, you could use SHA encryption
with a private key of your own to create the key you store in your
constant. Once the MDE is encrypted, it would be pretty hard for
anybody to crack it.
 
Damon,

That's the right idea, but you should consider what happens if your
customer has a hard drive failure, or needs a re-install. There's also
a (virtually) unique NIC MAC address that you can do the same thing
with. Of course, they could change out their NIC card as well.

It appears that you're required to be present at each installation of
your software which may be time consuming for you and could limit your
application's use.

All the best,

Peter De Baets
Peter's Software - Microsoft Access Tools for Developers
http://www.peterssoftware.com
 
Back
Top