Best way to generate a machine fingerprint?
Asked Answered
S

6

8

I need to generate a unique string that will differ from machine to machine -- a "device fingerprint".

What are...

  • possible approaches for custom implementations? (I've got a few ideas, but I figure you guys probably have BETTER ones)
  • existing solutions? (both commercial / non commercial are acceptable)
Sternwheeler answered 9/11, 2011 at 22:6 Comment(3)
Do you want the fingerprint to change or stay the same when the user upgrades their CPU / memory / harddisk / network card / etc...Wisla
Can you give us a more detailed use case? Are your machines mobile? Are you able to install certificates and the like (as opposed to a dedicated appliance)? Do you have control/ownership of the machines or the network on which they reside?Capacitance
Just a heads up for anyone interested -- for our use case, we ended up deciding that device fingerprinting wasn't all that important.Sternwheeler
C
3

Device fingerprinting is a complex topic if you want to cover the many edge cases (e.g. hardware upgrades, OS upgrades, etc.) and if you are worried about people expending energy to either forge a known-good device fingerprint (good meaning the fingerprint is known to you and receives some benefit such as software usage rights), or create a brand-new fingerprint you have no knowledge of (e.g. the fingerprint was on a blacklist of some sort, and the user wants to create a new Device ID for the device that is not on the blacklist).

Some things are fairly static and a reasonable basis for a simple fingerprint. MAC address best fits that category, but is also very easy to change. Also, some computers have several MAC addresses (including MAC's from virtual machines), so you need to deal with that complexity. Some network devices are ephemeral, e.g. tethered cell phone.

Other aspects of the computer are harder (but by no means impossible) to forge, such as CPU information, BIOS checksum, hard drive serial numbers, etc. Those things that tend to be harder to forge, however, are also more likely to change (BIOS upgrade, new hard drive, removable hard drives, etc).

You also need to consider carefully protecting the code that actually generates the fingerprint. If that code is easy (enough) to hack, someone attempting to defeat your solution will simply insert whatever fingerprint they want directly in the code that gathers and evaluates components.

Cheney answered 9/11, 2011 at 22:27 Comment(0)
P
3

Windows and Mac devices have a UUID that is tied to the hardware or specifically to the motherboard BIOS.

You can query it in the following ways.

Windows (reference and more ways)

wmic csproduct get UUID

Mac (reference)

ioreg -d2 -c IOPlatformExpertDevice | awk -F\" '/IOPlatformUUID/{print $(NF-1)}'
Pangolin answered 20/9, 2020 at 8:24 Comment(0)
W
2

You can use WMI and get NIC MAC address, HDD serial (not volume serial), CPU ID and BIOS ID. Downside of this method is that on some machines for several reasons some of this information are not available, but you can combine info from that 4 source and at least one will be there, but WMI on some machines simply doesn't work as expected and you must have some sort of fallback, something that surley work on all machines eg. volume serial number.

Another problem is that you must have administrator rights to get this info trough WMI, I solved that problem with windows service that uses WMI and send info to application(s).

Here are some of interesting WMI queries:

Hard discs serials:

SELECT SerialNumber FROM Win32_PhysicalMedia where SerialNumber <> null

BIOS serial:

SELECT SerialNumber FROM Win32_BIOS where SerialNumber <> null

CPU serial:

SELECT ProcessorID FROM Win32_Processor

NIC MAC:

SELECT MACAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True

btw. you can test WMI with Paessler WMI Tester

Wheeler answered 9/11, 2011 at 22:46 Comment(2)
Volume serial number does not survive a hard drive replacement/upgrade.Cheney
I know, it's a last option and only in case that you can't get any info from WMIWheeler
B
1

Well what I do with my apps is usually create a special ID by taking the hash from the machine name found in Environment, concat it with a hash value of my app's name, and then apply a salt (probably not even necessary but it helps to be paranoid) to produce a "fingerprint" for an app/machine combo.

This works in my situation because there is only one copy of my app on a machine at a time.

Bosun answered 9/11, 2011 at 22:11 Comment(3)
That approach is somewhat brittle, though may be fine for many use cases. Machine names do change from time to time in the real world. If a large client decides to change the machine naming scheme, that will result in a lot of broken installs.Cheney
That's true, but I wasn't answering the question with fingerprinting for installs. I use my fingerprinting for app-to-app communication, namely for apps that monitor several other applications for status/error reporting. That's why I do it this way.Bosun
Sure, the OP didn't state the use case yet. Certainly works well for many scenarios.Cheney
E
1

Most machines have a NIC with a MAC Addresses now (if it isn't attached to the net then what do you need a unique id for the machine for?). Just make sure you are getting the physical NIC's MAC address and not a virtual mac (created by VMWare or Virtualbox). You may want to store the name of the device the MAC is coming from so that you always get the same MAC address when you are enumerating the MAC addresses. Also don't use this for security as it is always possible to fake a MAC address, it just provides a relatively unique identifier.

Erne answered 9/11, 2011 at 22:20 Comment(1)
How to get physical MAC inside of vmware? I have different mac on Vmware and virtual NIC.Dennisedennison
C
0

Some of what you want may depend on your visibility into the systems in question. For example, you may have personal and/or network firewalls and VLANs that prevent you from interrogating the devices themselves. I find that an SNMP query against devices in your network infrastructure (your switches for MAC address info, and your routers for IP addresses) gives a good fast picture. Otherwise, NMAP is your friend.

Capacitance answered 9/11, 2011 at 22:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.