Fog Creek Software
Discussion Board




Computer ID

If you need a unique (or nearly unique) ID to identify a machine (PC), what would you use?

Volume ID - changes if you reformat the drive

Mac Address - what if they don't have a network card or replace the card

IP address - see Mac + what if dynamic IP address

CPU ID - not enabled on all (most?) machines

Any better/other ideas?

S. Tanna
Wednesday, May 28, 2003

Gotta know the "why"
Is it for some kind of internal company control? Shareware registration? Communications need?

Philo

Philo
Wednesday, May 28, 2003

Windows Serial Number.... ROFL.. nm hehe

Crest Toothpaste
Wednesday, May 28, 2003

Shareware.

Idea is the user needs a password that ties to their particular PC.  I don't care if very occassionally 2 PCs get the same ID (and therefore same password), but I don't want users to control/determine the IDs themselves.

I've used various systems before, looking to see if I can better these.

S. Tanna
Wednesday, May 28, 2003

On UNIX you can use the hostid.  I think the system call to get it is gethostid().    On Sun hardware this is tied to the PROM on the motherboard (I think on Linux it's something that's easier to change than that).

On Windows you can use the volume serial number of the C: drive.    You can get this with the GetVolumeInformation() function (e.g.  http://groups.google.com/groups?selm=%23OdCVfrcBHA.1728%40tkmsftngp05&oe=UTF-8&output=gplain).    It tends to be fairly unique.

I'll warn you ahead of time that any licensing scheme that ties the software to a particular machine tends to be a pain in the ass to support. 

anon
Wednesday, May 28, 2003

Use email address - then you know it has to be valid when you provide the registration, and you know who's been passing out codes when you see them on Usenet.

Why tie it to one computer?

Philo

Philo
Wednesday, May 28, 2003

Mac addresses change more often than you might think -- for example, laptop users with PCMCIA network adapters.

You can expect IP addresses to change regularly. 

I believe Microsoft uses a scheme that combines something like eight possibly unique identifiers.  It then has some level of forgiveness built in if some of them change.

SomeBody
Wednesday, May 28, 2003

If it is for Windows based systems, I'd just use the Win32 API to generate a COM-ish GUID (you can do this in one call).  Not guaranteed unique, but the chance of collision is astronomically small.  Then store the GUID in the registry and just send that registry key (if it already exists) next time it is needed.

Someone CAN change the registry key, but someone could also hack the winsock DLLs to insert whatever key they wanted in the outgoing direction no matter what method you use for generation...  So if you're going to trust the client to generate the passcode you can't ever be fully sure they aren't tampering with it.

This does have an outstanding issue in that if someone reinstalls their OS from scratch, the password is gone and can't ever be redetermined since it was generated somewhat randomly, but I don't think you'll find any method where a consistent unique key is guaranteed.

George McBay
Wednesday, May 28, 2003

The app is Win32 C++

I intend to tie it to a machine, as (a) I don't want to pursue every twit who posts their info to usenet, (b) the license is per PC

I will also keep their email addresses in a database, so if they lose their password, switch machines etc. they can get a replacement automatically issued to them via e-mail up to a certain number of times.  After that they have to ask. This would allow some cheating but not excessive amounts.

I like the forgiveness idea, and have been toying with this in my mind.

Whether or not forgiveness, I want things (or several things if using forgiveness idea) that infrequently change and are not (easily) under user control.

Volume ID - a reasonable one except for reformat problem

Registry - I don't see why this is any better than Volume ID, as it is easy to change with regedit, and is also lost of reinstall Windows

Other idea - CPU info.  I get can stuff like CPU type, CPU flags, etc.  Problem is this is not very unique

Another idea - hardware info, e.g. number of serial ports, what else?

Mac Address IP address - I'm not real keen on these for reasons already stated by others

S. Tanna
Wednesday, May 28, 2003

I believe that Windows machines have an id which is supposed to be unique tucked away in the registry, under SECURITY\SAM\Domains\Account - I think the final 128 bits of the "V" value are the id. One possible problem with this is that two machines could in practice have the same id if they've been set up with disk cloning software.

ajs
Wednesday, May 28, 2003

Using a GUID stored in the registry is useless.

All someone has to do is use one of the registry access watchers to see which keys your app looks up, then send the GUID plus your key for that GUID to all their friends and the internet.

It has to be some attribute of the machine. Microsoft's fuzzy approach is good, but takes a fair bit of work. I would go with the volume ID.

echidna
Wednesday, May 28, 2003

volume id + processor speed or other relatively stable info is fine. if it changes, they re-request a new key from you, since they registered by email address.

mb
Wednesday, May 28, 2003

Philo,  I've been pondering a similar problem recently I can't believe I didn't think to use email address!  Thanks for speaking up!

Steve H
Wednesday, May 28, 2003

> You can expect IP addresses to change regularly.

And for dozens of users to use the same IP address. I'm behind a Linksys network, and I'm sure I'm not the only 192.168.1.100 in the world.

It doesn't get much more unique than e-mail address. Way to think "outside the box."

www.MarkTAW.com
Wednesday, May 28, 2003

Here's info on how WPA generates hardware ids:
http://www.licenturion.com/xp/

Download the sample application here for some code to generate a hardware id:
http://www.activatesoft.net/download.asp

pUnk
Wednesday, May 28, 2003

I doubt an email address will meet S.'s requirements.  It's not tied to a specific machine so it would do little to prevent people from copying the installed software (or just the license information) to another machine, or posting it to the net somewhere.  Anyone can go to Hotmail.com to get an anonymous email address to register the software under.  Also, believe it or not, in some environments it can be difficult to pin down an email address for a given user. 

SomeBody
Wednesday, May 28, 2003

Volume ID is not very good. Not only will a reformat change it, but utilities to set it to whatever you want are readily available.

sgf
Thursday, May 29, 2003

Can't you just use a web cam? Ask all new users to send a passport photo dated and signed by a professional known by the users with witnesses. You can use the web cam to observe their use. This way you can watch people who allow their family members to use your software without your permissions. I think there's a WROX book on this.

Li-fan Chen
Thursday, May 29, 2003

Compile a unique executable, for each person, with the serial number of that computers motherboard.  Obtain this number via a telnet session with the users workstation.  Use some kind of scheme scattering this registration number throughout your code preferably encrypting that number before inserting it into your code.  Record the number so that if the person looses it you can simple compile a new exe and ship it off to them.














Well I thought it was an ok idea ;)

Right Now
Thursday, May 29, 2003

Hi

By coincidence I've been looking into this recently. While I think the webcam idea is so brilliant I'm unworthy to comment on it, my thoughts about the other ideas are:

Volume ID - This is OK. It's such a pain to reinstall Windows and I think HDs are not reformatted so often.

Mac Address - Not so good as it may not exist.

IP address - I don't know how to get this under Windows. Also it's usually dynamically (magically) created.

CPU ID - This is OK, the pentium is supposed to return a unique string.

Email - Not so good as it may change, or people have several.

Windows product i/d - This is easily obtained and is OK.

Motherboard i/d - This would be good but I don't know how to obtain it.

**BUT**

however you obtain the i/d using a mixture of techniques, it's no good storing it in clear text. You have to encrypt it else it's too obvious.

UniqueId
Thursday, May 29, 2003

Heh Li-fan Chen and Right Now, I've got a better idea.

Why not spend 12 months doing something really interesting or innovative, with the bills piling up, release it to the market and have tens of thousands of people agree it's interesting and worthwhile to the extent they want it, and then have ltr34987@hotmail.com post the key to warez.org.

Try paying your bills with goodwill.


Thursday, May 29, 2003

While the Volume ID can be changed, I think for most practical purposes you want a copy protection scheme that's difficult for the average Joe to crack, not impossible for experienced hackers.  I would say that encoding the Volume ID into the license key would probalby be good enough to prevent casual users from pirating the product.

anon
Thursday, May 29, 2003

*  Recent Topics

*  Fog Creek Home