0

I am writing a licencing system for my software and wondering what are some good ways to generate stable (as in it's always going to be generated the same for that computer) and unique HWID's? It needs to be unique as I will be hardware locking licenses to this ID and do not want to run into issues with duplicate ID's locking out customers accidently.

Edit:

Ok. I understand no method will be 100 percent stable. If I were to hash some things like cpu id, memory amount, hard driver serial would these at least be stable enough to generate the same key up until the user upgrades their PC? What are some things that are not dynamically changed at any point unless an actual physical component is swapped, upgraded, etc.?

Zach Johnson
  • 2,047
  • 6
  • 24
  • 40
  • Anything you pick runs the risk of prematurely locking out a legit customer: if they upgrade that item (computer, Windows, motherboard etc). You may want to make sure the license covers that situation (legally). Otherwise pick 2-3 things and create a hash from it. A lot depends on the licensing model. – Ňɏssa Pøngjǣrdenlarp Sep 08 '16 at 16:00
  • Nothing apart from server side generation will guarantee you unique sequence. As @Plutonix said, you may use hashes of some hardware (you need to check that the hardware you use for generating hash is not virtual or clients will eat you in a blink of an eye). – Sergey.quixoticaxis.Ivanov Sep 08 '16 at 16:04
  • Solid tip thank you. – Zach Johnson Sep 08 '16 at 16:14
  • 1
    Mac address of network adapter, for example. My point was it would be tricky to understand where is the real one, and where is a virtual one. Source: my painful experience with sound adapters. – Sergey.quixoticaxis.Ivanov Sep 08 '16 at 16:17
  • 1
    Re: Edit. We still do not know the licensing model, so there is not much more to be said. It is a complex subject involving crypto (maybe), programming issues, permissions, communication, business concerns (re issuing license because they bought a new hard drive which they ought to be able to do). How do you plan to use the hash/HWID? Is the key or a token to get a key? Its complicated. One model: http://stackoverflow.com/q/34559141/1070452 – Ňɏssa Pøngjǣrdenlarp Sep 08 '16 at 16:20
  • 1
    Solving for stability is much easier than solving for uniqueness. Yes, you could base it on motherboard/CPU/HDD serial number(s) or MAC addresses, which are not likely to change very often, but anything hardware-based is not guaranteed to be unique (and quite-often is not), especially when you consider virtual machines, virtual networks, and other forms of virtual hardware. It's not uncommon, for instance, for all machines on a VPN to have the same MAC address for that VPN. – Steven Doggart Sep 08 '16 at 16:27
  • The license modle is roughly this: The HWID is actually only going to be used in issuing trial license keys. For example the user can request a trial license key via the program. If the users HWID is not found in the database a HWID will be generated and sent to my server where a license is then created with that HWID attached and stored. The trial key is then sent back to the user. Fairly simple. I just want people to be kept as much as possible from cheating the trial system. I absolutely understand nothing is perfect and can be gamed. Just looking to minimize that. – Zach Johnson Sep 08 '16 at 16:27
  • 1
    I would say that it would be better to assign a GUID, from the server, and then store it somewhere secret on the machine, where it's unlikely to be tampered with. That way uniqueness isn't a problem. – Steven Doggart Sep 08 '16 at 16:31
  • 3
    It seems to me like it would significantly easier to just prompt for an email address to tie the license to. Sure, someone could go to the trouble of creating a bunch of email addresses, but they could cheat any system you create. This should be equivalent to the cheap locks people put on luggage, just something to keep the honest people honest. You will never be able to stop a determined dishonest person. – Bradley Uffner Sep 08 '16 at 16:32
  • Thank you guys for the input it's appreciated. I think a GUID is the direction I will head in. – Zach Johnson Sep 08 '16 at 16:38

0 Answers0