Unique hardware identifier (example project / code ?)

what does the cpuBrandString look like ? Is that just like … the brand ? AMD, Intel… etc., ?

You should try it yourself but here are some examples:

Hard Disc Serial: S1K4NYBF184923
Mac Serial: D25MD02NF7J5
Mac Model: iMac14,3
CPUBrand: Intel® Core™ i5-4570S CPU @ 2.90GHz

Hi Chris,
I can see that you’re getting pissed off, and I understand why, there’s nothing more frustrating than being at the last stretch and struggling to get it working exactly how you want it.

I have several things to say:
#1 OS X 10.4; are you mad? As a smaller developer, try to minimize what systems you need to support. It’s totally possible that the APIs MBS uses don’t exist on such a system that old. In fact if you’re using the latest version of Xojo, it’s designed to have 10.7 as it’s minimum OS version.

#2 Do your best to prevent casual software piracy, prevent users from copying prefs files is one of the ways to do it, but chances are they’ll just share the serial number, so you may want ensure you have product activation.

#3 You’ll never stop piracy, ever! Using the right tools, a cracker can ‘see’ what your application is doing, and they can alter the compiled binary code. Most crackers will crack your software, just to prove that they can. The simplest thing they can change is a binary switch (if statement). There are things you can do to slow them down, and you should at least try. Make your registration routine complicated, don’t put all the code in one place and have more than one check.

#4 Make sure that you have a reliable update system in place, that will replace the cracked version with legitimate versions!

#5 Have an e-mail support system within your application, even if it simply opens the users e-mail client, most importantly capture the application’s code signature. This way you can tell if someone who’s asking for support is a genuine customer or a thief. When thieves ask for support, which they do; the first thing I tell them is it seems that their copy is corrupted and they need to re-download it. I often never hear any further from them.

#6 Almost every single cracked copy of my application, that I’ve come across; has been adjusted in file size, one copy was 20mb larger in the binary! I didn’t run it, instead just left it for the unsuspecting thief to install some malware or worse on their system.

#7 Last time I tried to download cracked copies of my applications, only 1 out of 10 was valid. The rest were either MacKeeper, or some Windows based application. (Goes to show what kind of people develop MacKeeper huh?).

#8 If this is version 1.0 of your application, consider not worrying so much. Instead take your time and build up your piracy defenses as you go… Am I mad? Not at all, think about it. If it’s easy to pirate, then people will do so, if they like your application. Then with your automated update system and tougher restrictions, slowing down the crackers and delivering the latest version to the thieves. You may be able to persuade some thieves to actually hand over their cash.

I have broken people’s security (not on purpose) when it was tied to hardware. How did I do it? rearranging the PCI cards in the computer.

I broke CA’s hardware tie in bye changing which banks have memory in them. Nothing else.

And today with virtual hardware (virtual machines), it is even easier to get around it.

I would consider another way to tie the software to a user and to prevent piracy.

For simplicity sake, I would go with volume( 0 ).creationDate.totalSecond

About 1/10th as hard as plopping down $15 for the ToringoLib. You said you weren’t opposed to using the plugin, what’s the problem with using it?

is it reliable though ? on windows and mac ?

Not sure what you mean by reliable, but I haven’t had any problems with it. …and yes use it on Windows and Mac. The calls are something like this:

strMachID = ToringoDRMInfo.GetMachineID

then salt it, hash it and compare it to the unlock key the users has. Just there to keep honest folks from becoming accidentally dishonest.

Forgive the noobishness… not familiar with salting… although I do already have hashing implemented with HMAC. I imagine salting is what it sounds like… just one small layer of added obfuscation?

Or an extra piece of information that isn’t present in the preferences. The way I understand salting is with transaction signing, where you’d use an extra piece of information when signing, but it’s not included in the transaction.

i.e. If your transaction information was , ; you’d add + to get +++, which you then generate the signature from; so you’d then send ,,.

At the other end, it does the same thing and compares the signature.

Correct, just another layer, just tack on some metadata with the machine string ID, then run that new string through the SHA1 hash that is built into Xojo. What it returns is what you can compare (and will have issued to the user previously). And you don’t have to pass around huge strings, just a substring of the final string will do. As mentioned above this is not going to stop piracy, just keeps your honest customers honest.

One last thing I’d like to add (from experience), is that you should allow your verified user a way of seeing what their number is.

We sell our software through various sites, but only one actually allows us to see customer records. So basically we have no idea what serial number customers were issued, unless they purchase directly from us.

I’ve currently got a customer who’s mighty pissed at this, because he can’t recall where he purchased it from, his e-mails don’t match any records in our system and he simply wants to install his software on his new Mac. The serial number is encrypted into the preferences, so I have no way of reading it, and I haven’t provided any way within the apps for the customer to view his serial number.

He claims to have searched his e-mail, but can’t find his original order. While it’s not really my problem, this customer is getting more and more irate and I’ve done what I can (short of giving him free copies).

Just shelled out the $24 for the plug-in! Is it really gona take 24 hours for a key ?

I have no idea, I bought it several years ago. I haven’t had much interaction with them so I can’t really say how quick they are.

Dang… I bought ToringoLib :confused: I think I meant to buy ToringoDRMInfo… They’re the same price hopefully they can work with me on that.

Also it says real basic… i’m hoping it works with xojo too :frowning:

I guess the only thing with this… is volume( 0 ) could change …

Yes, I use it with Xojo. They had to make a change with one of the libs when first Xojo came out, but after no problems.

Thanks for your help, I’m using it in debug right now and its working perfectly. Just need to get that license key for toringo :slight_smile:

Great, just email them and tell them that you meant to purchase the ToringoDRMInfo plugin, I can’t imagine why they would not change the order. But it is there product so work it out with them. I think I bought both of them years ago, has worked well for us.