Reliable way of generating unique hardware ID
Asked Answered
Z

4

37

Question: I have to come up with unique ID for each networked client, such that:

  • it (ID) should persist once client software is installed on target computer, and should continue to persist if software is re-installed on same computer and same OS installment,
  • it should not change if hardware configuration is modified in most ways (except changing the motherboard)
  • When hard drive with client software installed is cloned to another computer with identical hardware configuration (or, as similar as possible), client software should be aware of that change.

A little bit of explanation and some back-story:

This question is basically age old question that also touches the topic of software copy-protection, as some of the mechanisms used in that area are mentioned here. I should be clear at this point that I'm not looking for a copy-protection scheme. Please, read on. :)

I'm working on a client-server software that is supposed to work in a local network. One of the problems I have to solve is to identify each unique client in the network (not so much of a problem), so that I can apply certain attributes to every specific client, retain and enforce those attributes during the deployment lifetime of a specific client.

While I was looking for a solution, I was aware of the following:

  • Windows activation system uses some kind of heavy fingerprinting mechanism that is extremely sensitive to hardware modifications,
  • Disk imaging software copies along all Volume IDs (tied to each partition when formatted), and custom, uniquely generated IDs during installation process, during first run, or in any other way, that is strictly software in its nature, and stored in registry or on hard drive, so it's very easy to confuse two.

The obvious choice for this kind of problem would be to find out BIOS identifiers (not 100% sure if this is unique through identical motherboard models, though), as that's the only thing I can rely on that isn't duplicated, transferred by cloning, and that can't be changed (at least not by using some user-space program). Everything else fails as either being not reliable (MAC cloning, anyone?), or too demanding (in terms that it's too sensitive to configuration changes).

Sub-question that I'd like to ask is, am I doing it correctly, architecture-wise? Perhaps there is a better tool for the task that I have to accomplish...

Another approach I had in mind is something similar to a handshake mechanism, where a server maintains an internal lookup table of connected client IDs (which can be even completely software-based and non-unique at any given moment), and tells the client to come up with a different ID during handshake, if a duplicate ID is provided upon connection. That approach, unfortunately, doesn't play nicely with one of the requirements to tie attributes to specific client during lifetime.

Zack answered 15/5, 2010 at 23:44 Comment(1)
Hi mr.b an interesting problem, I did some research as it intrigues me. But something occurred to me, looking at it from a different angle are you looking at a way of uniquely identifying a user after connecting to a server? If it can be on a user level, opposed to a machine level - could you generate the ID yourself server-side and store on the machine? Similar to how a session id keeps track of users within a web application and stores a cookie (but persist it for longer)?Kiloliter
E
10

It seems to me that you should construct the unique ID corresponding to your requirements. This ID can be constructed as a hash (like MD5, SHA1 or SHA512) from the information which is important for you (some information about software and hardware component).

You can make your solution more secure if you sign such hash with your private key and your software verify during the starting, that the key (signed hash value) is signed (only public key must be installed together with your software). One can expand such kind of solution with different online services, but corporate clients could find online services not so nice.

Euphemia answered 15/5, 2010 at 23:57 Comment(8)
Software component is not reliable, as it can easily be cloned, right? Combination of two could be a better solution, as you proposed, since that could enable remote server to identify cloned clients, so to call them. Good idea. Thanks.Zack
I mean, that you can produce a string or byte array with all information (concatenation of this information) which are important and are invariant during the cloning of computer. Then you calculate a hash from this array of bytes. This hash value will be your unique ID. You save such hash value during software installation. Every time as your software will be started you calculate the ID (hash) one more time and compare with the saved during installation value. Is that not what you want? How to read hardware information is not a problem. There are a lot of ways inclusive WMI.Euphemia
Although this is very close to what I'm looking for, another poster has provided more to-the-point answer. However, I must emphasize that I like your suggestion to build hash based on "information about software and hardware component". This led me to think of additional feature that I might incorporate, which is ability to detect cloned clients, by having separate hw and sw IDs - say that hw ID is truly unique, and sw ID might not be unique, in which case, it's clearly cloned instance.Zack
If you don't know how to read BIOS or MAC information, you should asked this in your question. Moreover, you don't wrote whether you use .NET or unmanaged code, C/C++ or VB and so on. For C/C++ developer usage of WMI is not the easiest and not the best way, there are a lot of easy C-like Windows API which can give you information what you look for. Your question sound much more as you are looking for an idea for constructing of IDs like Microsoft and other this do. I just shortly explain the main idea of such implementations. Good luck.Euphemia
Thanks, I was probably too descriptive, from best intent to explain what I want to accomplish. I didn't mean to say that I was looking for exact code solution, but I was looking for a piece of uniquely-identifiable information, such as BIOS and/or Motherboard ID string. How would I read it is another story (despite having gotten precise location where I can read it from). True, WMI might not be the way to go, as you have suggested. Sorry for confusion. To be perfectly honest, I was looking for a second opinion on the subject, which is exactly what I got from both of you. Thank you very much!Zack
To be even more honest, both of you gave perfectly acceptable answers, but instead of not marking any answer as "the answer", I have figured it would be better to mark one that is IMO closer to what I was expecting, sort of.Zack
It's not a problem. I have enough reputation points. You welcome. It is just funny if I find a question which I stay me some year ago. I know too exactly how to implement what you are searching for because of my previous experience. So you welcome and good luck!Euphemia
DON'T YOU EVER RELY ON MAC. A user can google and download a free tool and change the MAC within 30 seconds! It is the most used and unfortunately the most unreliable "hardware" ID.Philippe
P
10

What you're looking for is the Windows WMI. You can get the motherboard ID (which is unique across the same type of motherboard) or many many other types of unique identifiers and come up with some clever seeded function to generate a UHID. Whoa did I just make up an acronym?

And if you're looking specifically for getting the Motherboard (BIOS) ID:

WMI class: Win32_BIOS
Namespace: \Root\Cimv2

Documentation: http://msdn.microsoft.com/en-us/library/aa394077(VS.85).aspx
Sample code: http://msdn.microsoft.com/en-us/library/aa390423%28VS.85%29.aspx

Edit: You didn't specify a language (and I assumed C++), but this can be done in Java (with a COM driver), and any .NET language, as well.

Privy answered 16/5, 2010 at 0:0 Comment(6)
Correct, I didn't specify a language, because I find that specific language is irrelevant to the question at hand. I'm interested in a higher level way to accomplish this. I find your answer very precise. The only thing I have to find out is how backwards-compatible this interface is, ie. how old motherboard are supported using this method?Zack
I'm pretty sure all BIOSs have been standardized since the early to mid 90s. The WMI has been around since Windows 2000 (and is available as a patch to Windows 95 and Windows NT). In short, you have nothing to worry about :) It's fully backwards-compatible unless you're installing your software on Windows 3.1 or computers that were built 30 years ago.Privy
Damn, early-to-mid 90s were 15-20 years ago... Talk about time flying! I was aware that in recent past (say, 10 years ago and onwards) most manufacturers had these standardized, and was interested in hearing how much in time it goes back. Now I have my answer. Thanks.Zack
I have returned with my findings, regarding support for unique, BIOS-related identifier. Unfortunately, none of 4-5 mainboards (all 1-2 years old) had BIOS SerialNumber. Am I doing something wrong? I was using mentioned property to generate unique IDs, but to no avail... Any ideas?Zack
Anyhow, turns out that this is not a solution to my problem. I'll go with a generic answer.Zack
WMI is not available in all computers by default. Also, it breaks down quite a easily. I happen to me. Fortunately, there is a fix ( searchwindowsserver.techtarget.com/tip/Repairing-damaged-WMI ). Anyway, in these cases the license validation code may fail.Philippe
A
5

Many programs use the hostId in order to build a license code (like those based on FlexLM). Have a look at what Matlab does depending on the operative system:

http://www.mathworks.com/support/solutions/en/data/1-171PI/index.html

Also have a look at this question:

Getting a unique id from a unix-like system

Once I also saw some programs basing their licenses on the serial number of the hard drive, an maybe that is the less likely thing to change. Some would suggest to use the MAC of your ethernet card, but that can be reprogrammed.

Aeromarine answered 20/5, 2010 at 15:31 Comment(1)
Good thing about this project is that users don't have to go through an effort to change MAC, since they would gain absolutely nothing by doing it (as it's not form of software protection). But, due to nature of program, hard disk serial number is not an option, unfortunately :( MAC is troublesome, since even networked computers don't expose their MAC address when NIC is disabled... :( That leaves me with probability that majority of users won't mess with their NIC (as they shouldn't, since this program is closely tied with network).Zack
P
5

MAC
DON'T RELY ON MAC! EVER. It is not permanent. The user can easily change it (under 30 seconds).

Volume ID
DON'T RELY ON Volume ID! EVER. It is not permanent. The user can easily change it. It also changes by simply formatting the drive.

WMI
WMI is a service. Can be easily disabled. Actually, I tried that and I find out that on many computers is disabled or broken (yes, quite often broken).

License server
Connection to a validation server may cause you also lots of troubles because:
* your customers may not always be connected to the Internet.
* your customers may connect with special settings (router/NAT/proxy/gateway) that they need to input into your program in order to let it connect to the validation server.
* they may be behind a firewall that will block all programs except a few (my case). In some cases the firewall may not be under their control (valid for MOST corporate users)!
* it is super easy to redirect your program to a local fake webserver that emulates your licensing server.

Hardware data
If you need strong protection you need to rely on hardware. Something that cannot be edited by the user. Something like CPU ID instruction available in the Intel/AMD CPUs and the serial number written into the drive's IDE interface.
The CPU ID and HDD ID are permanent. They will never change, not even after you format the computer and reinstall Windows.

It is doable. For example this library reads the hardware ID of a computer. There is a compiled demo and also sourcecode/DLL. Disclaimer: the link leads to a commercial product (19€/no royalties).

Philippe answered 7/1, 2011 at 13:51 Comment(4)
Sorry but this doesn't answer the question - it simply links to a commercial web site with a supposed DLL that "solves the problem".Prostrate
@Prostrate - It also shows which options are guaranteed NOT to work :)Philippe
@Prostrate ...and I haven't forced anyone to 'extract' money from their pocket to purchase that DLL. I merely suggested that IT IS possible to do it since others have done it. The person that asked the question can implement his own ASM code to get the ID from the IDE drive interface board. But one must be REALLY cheap if he'll start digging into advanced hardware documentation to write his own ASM code, in order to save 19€ :)Philippe
I could have sworn I replied to your recent comment. Look, you're replying to a comment from 4 years ago. Great work on updating your answer to make it clear.Prostrate

© 2022 - 2024 — McMap. All rights reserved.