Unique hardware identifier (example project / code ?)

Does anyone have example code or projects for finding a unique hardware identifier … Preferably hard drive where OS is installed. And both for Win and Mac… At this point I’m ok with using plugins… because I can’t find anything.

MBS has a plugin SystemInformationMBS.MachineID.

I use the ToringoLib, they are a pretty inexpensive plugin. I think they are mentioned in the Xojo 3rd party store.

Edit-- I think it may be the ToringoDRMInfo plugin, I own all of their stuff, but can’t recall which one I use.

Apple has two variable, one is the system serial number and t’other is a hardware UUID. Currently I’m trying to figure out how to get the hardware UUID, but you can get the system serial number by poking system profiler console command.

I’m far from being able to interpret some of these tech words… which is why I was hoping someone had some pertinent project or code example… It looks like the SystemInformationMBS class has bugs which is so frustrating lol…

Sometimes the disk serial returns a “” string ?.. And doesn’t work at all on Mac OSX 10.4 … hmm… And it appears that the machineID is a string of different values which includes the disk serial… so it follows that neither is machineID reliable…

Is it really that hard to get a UUID… ?

In addition is there no way for the application to tell if its running in a virtual machine ? It seems running in a virtual machine could be a security breach.

Careful using this function with Windows. The issue is that it uses calls to WMI functions for the hard disk serial number. If a thumb drive is inserted, Windows will think the thumb drive is the primary drive and return its value instead. I had nightmarish problems because of this. I think it’s clearly a bug in the Windows API. I tried writing my own functions using the WMI APIs and had the same instability. I ended up using things like the CPU serial number and some other items as well and not using the hard disk serial number at all. It’s much better now.

Ok so then… use the cpu serial number ? It’s kind of crazy how important this feature is and yet it seems such blurry answers exist both in here and on the web… I’m not trying to be disrespectful, I understand this is kind of a sketchy solution… but software piracy is so prevalent :confused:

[quote=131117:@chris ridgeway]I’m far from being able to interpret some of these tech words… which is why I was hoping someone had some pertinent project or code example… It looks like the SystemInformationMBS class has bugs which is so frustrating lol…

Sometimes the disk serial returns a “” string ?.. And doesn’t work at all on Mac OSX 10.4 … hmm… And it appears that the machineID is a string of different values which includes the disk serial… so it follows that neither is machineID reliable…

Is it really that hard to get a UUID… ?

In addition is there no way for the application to tell if its running in a virtual machine ? It seems running in a virtual machine could be a security breach.[/quote]

It’s not that hard. Don’t grab the disk serial number - particularly in Windows - it’s a recipe for disaster.

There’s a number of things you can do. Here’s some sample code that I use:

Function CalculateID As String
  #If TargetMacOS Then
     Return  SystemInformationMBS.MachineID   //CalculateSystemCode
  #elseIf TargetWin32 Then
       
      Dim CPUModel as String = SystemInformationMBS.CPUBrandString.Trim
      Dim WinKey as String = SystemInformationMBS.WinProductKey.Trim
      
      Dim s as New shell
      
      s.Execute("wmic bios get serialnumber")
      Dim s1() as String = s.Result.Split(EndOfLine)
      
      Dim BiosSerial as String
      Try
        BiosSerial= s1(1).Trim
        System.DebugLog("Bios Serial from Shell: "+BiosSerial)
      Catch
        BiosSerial = ""
      End Try
  
      Dim Salt as String = "9878235359809809"
      Dim n as string = System.EnvironmentVariable("COMPUTERNAME").Trim
      Dim m as string = MD5StringMBS(Salt+CPUModel+WinKey+n+BiosSerial).Trim
      Return m
     
  #elseIF TargetLinux Then
    
    Dim HostName as String = SystemInformationMBS.HostName
    Dim CPUModel as String = SystemInformationMBS.CPUBrandString
    Dim Salt as String = "9878787328979"
    Dim m as string = MD5StringMBS(HostName+CPUModel+Salt)
    Return m
    
  #endif
End Function

Yes piracy is a problem, but so is spending so much time on trying to lock down your program. There’s a lot of ways to generate machine specific IDs. I use the code above and then have the user give me that value along with their name and e-mail. I then use that to generate the license key using some of the MBS Registration classes. It works pretty well. Even so, I’ve had my code cracked by some Chinese hackers. I don’t care that much because my application is pretty specific and I pretty much know nearly everywhere it goes. It wouldn’t be very useful to anyone just downloading it off a pirate board.

Remember that the locks are there to keep honest people honest. The real thieves are going to figure out how to pick your lock no matter how much time you spend making it secure. So put in protections but at the same time, don’t spend so much time that you don’t develop your program!

what does the cpuBrandString look like ? Is that just like … the brand ? AMD, Intel… etc., ?

You should try it yourself but here are some examples:

Hard Disc Serial: S1K4NYBF184923
Mac Serial: D25MD02NF7J5
Mac Model: iMac14,3
CPUBrand: Intel® Core™ i5-4570S CPU @ 2.90GHz

Hi Chris,
I can see that you’re getting pissed off, and I understand why, there’s nothing more frustrating than being at the last stretch and struggling to get it working exactly how you want it.

I have several things to say:
#1 OS X 10.4; are you mad? As a smaller developer, try to minimize what systems you need to support. It’s totally possible that the APIs MBS uses don’t exist on such a system that old. In fact if you’re using the latest version of Xojo, it’s designed to have 10.7 as it’s minimum OS version.

#2 Do your best to prevent casual software piracy, prevent users from copying prefs files is one of the ways to do it, but chances are they’ll just share the serial number, so you may want ensure you have product activation.

#3 You’ll never stop piracy, ever! Using the right tools, a cracker can ‘see’ what your application is doing, and they can alter the compiled binary code. Most crackers will crack your software, just to prove that they can. The simplest thing they can change is a binary switch (if statement). There are things you can do to slow them down, and you should at least try. Make your registration routine complicated, don’t put all the code in one place and have more than one check.

#4 Make sure that you have a reliable update system in place, that will replace the cracked version with legitimate versions!

#5 Have an e-mail support system within your application, even if it simply opens the users e-mail client, most importantly capture the application’s code signature. This way you can tell if someone who’s asking for support is a genuine customer or a thief. When thieves ask for support, which they do; the first thing I tell them is it seems that their copy is corrupted and they need to re-download it. I often never hear any further from them.

#6 Almost every single cracked copy of my application, that I’ve come across; has been adjusted in file size, one copy was 20mb larger in the binary! I didn’t run it, instead just left it for the unsuspecting thief to install some malware or worse on their system.

#7 Last time I tried to download cracked copies of my applications, only 1 out of 10 was valid. The rest were either MacKeeper, or some Windows based application. (Goes to show what kind of people develop MacKeeper huh?).

#8 If this is version 1.0 of your application, consider not worrying so much. Instead take your time and build up your piracy defenses as you go… Am I mad? Not at all, think about it. If it’s easy to pirate, then people will do so, if they like your application. Then with your automated update system and tougher restrictions, slowing down the crackers and delivering the latest version to the thieves. You may be able to persuade some thieves to actually hand over their cash.

I have broken people’s security (not on purpose) when it was tied to hardware. How did I do it? rearranging the PCI cards in the computer.

I broke CA’s hardware tie in bye changing which banks have memory in them. Nothing else.

And today with virtual hardware (virtual machines), it is even easier to get around it.

I would consider another way to tie the software to a user and to prevent piracy.

For simplicity sake, I would go with volume( 0 ).creationDate.totalSecond

About 1/10th as hard as plopping down $15 for the ToringoLib. You said you weren’t opposed to using the plugin, what’s the problem with using it?

is it reliable though ? on windows and mac ?

Not sure what you mean by reliable, but I haven’t had any problems with it. …and yes use it on Windows and Mac. The calls are something like this:

strMachID = ToringoDRMInfo.GetMachineID

then salt it, hash it and compare it to the unlock key the users has. Just there to keep honest folks from becoming accidentally dishonest.

Forgive the noobishness… not familiar with salting… although I do already have hashing implemented with HMAC. I imagine salting is what it sounds like… just one small layer of added obfuscation?

Or an extra piece of information that isn’t present in the preferences. The way I understand salting is with transaction signing, where you’d use an extra piece of information when signing, but it’s not included in the transaction.

i.e. If your transaction information was , ; you’d add + to get +++, which you then generate the signature from; so you’d then send ,,.

At the other end, it does the same thing and compares the signature.

Correct, just another layer, just tack on some metadata with the machine string ID, then run that new string through the SHA1 hash that is built into Xojo. What it returns is what you can compare (and will have issued to the user previously). And you don’t have to pass around huge strings, just a substring of the final string will do. As mentioned above this is not going to stop piracy, just keeps your honest customers honest.