2

I'm using C# and .NET 2.0. My app needs some way to check the different users so I'll use hardware id, but I saw that I can use only:

  • mac address - easily changeable and not everybody have it // NO
  • processor id - using WMI it returns a value for the cpu model, it's not unique // NO
  • motherboard serial - not every motherboard have it // NO
  • the Windows's volume serial - I'm not sure if it will be changed on Windows reinstall and format of the volume

So is there something I didn't mention for hwid? I want something that everybody have and it won't be erased on windows reinstall. Else I'd have to use the windows's volume serial number.

EDIT: From the commments I think it's best to use HDD id. How to get it? EDIT2: I just read that the SCSI drives don't have serial. Is that true?

FINAL EDIT: I'm already using the root drive serial on my app. It work's pretty well. Thanks all.

blez
  • 4,939
  • 5
  • 50
  • 82

5 Answers5

2

HDD Serial number: unique, unchangeable, and everyone has it.

not a perfect option but...

Andrey
  • 59,039
  • 12
  • 119
  • 163
  • You mean the HDD serial, not the logical drive (volume) serial? If so, how to get it? – blez Aug 06 '10 at 15:28
  • This is no good option, because there is no way to get that value if you are using a (hardware) RAID. – ur. Jan 07 '11 at 13:53
1

Well i'd go for more than one id. If you combine enough IDs they will get you enough uniqueness.

EDIT: you might also go for the place on the harddisk your program was installed too (Platter, Cylinder etc.)

Yves M.
  • 3,330
  • 14
  • 12
  • And then if the user changes only one of the components, I'll have to renew his license. – blez Aug 06 '10 at 15:32
  • Well not really. If you have enough ids you can still identify the user. – Yves M. Aug 06 '10 at 15:34
  • Yes, but the idea is to make the user information copy protected. To prevent leaking of the user/serial – blez Aug 06 '10 at 15:36
0

Why do you want to use hardware Id? I'd go with some kind of forms-based (or AD based) security, myself.

Given that, however: The thing about HWID is that it identifies that particular computer configuration: it is designed to change if there are system changes. You mention that Windows Volume Serial could change on reinstall and reformat, but won't your software also have to be reinstalled at that point? HDD Serial could also change if, say, the user swaps HDDs for some reason.

If you have to use HWID, you'll probably need to select one (or more) of the available options to provide uniqueness and either code around, or inform users about, hardware changes requiring a re-install and/or reconfigure of your software.

AllenG
  • 8,112
  • 29
  • 40
  • What are the "forms-based (or AD based)" security? – blez Aug 06 '10 at 15:40
  • 1
    "forms based" refers to the idea (usually used on web apps, but you can implement it on Windows applications as well) that you have to log on (via a form) to use an application. AD refers to active directory; that is, hooking into a company's Active Directory server to retrieve user permissions. AD requires that Active Directory (or something similar) be installed, forms security requires some kind of Data store (even if its local to the machine in use). – AllenG Aug 06 '10 at 15:46
0

The MAC address is not very reliable. You should use something that cannot be changed such a CPU ID or HDD IDE ID.

Here is want I mean:
http://www.soft.tahionic.com/download-hdd_id/index.html
http://www.soft.tahionic.com/download-hdd_id/hardware%20ID%20programmer%27s%20DLL.html

And to answer your question, Yes, SCSI does not have a hardware ID.

Gabriel
  • 20,797
  • 27
  • 159
  • 293
0

Do you have to think about security or only reliability, i.e. does the user want to tamper your ID check? If you need (high) security, buy one of the "software protection" products, this is far cheaper than to do it yourself.

No high security required? => Another possibility is to use the User or Machine SID. You have to take into account that your application is executed elvated => User is Administrator then.

Last but not least: Write a random value of some bytes into the registry (possibly at various places) under HKEY_CURRENT_USER and use these as an ID.

ur.
  • 2,890
  • 1
  • 18
  • 21