0

I made an intranet which will work on a local computer. I have got Windows XP and Appserver which has got apache, php, mysql and ext.... on the computer. There will be no network. I want to make sure the person i am going to give the computer can not copy the files and use it on another computer.

I am using Zend Guard to protect the files.

I want to include some information which will be only on that computer. What can this be?

Regards

edit

When i use this:

$output = shell_exec('wmic diskdrive get model');
echo $output;
echo "<br>";
$output1 = shell_exec('wmic csproduct get name,vendor,identifyingNumber');
echo $output1;

I get this output:

Model Maxtor 6Y080L0

IdentifyingNumber Name Vendor FRB4270G5K HP d530 SFF(DC578AV) Hewlett-Packard

I think this will be ok. for me. Nobody can change the hard disk. I did not really get the second part. What is

IdentifyingNumber Name Vendor FRB4270G5K HP d530 SFF(DC578AV) Hewlett-Packard

eMRe
  • 3,097
  • 5
  • 34
  • 51

2 Answers2

3

There will be no network. I want to make sure the person i am going to give the computer can not copy the files and use it on another computer.

Then ask your lawyer to draft up a contract that dictates this as a condition of using the software, with appropriate penalties.

PHP bytecode encoding is amazingly easy to crack, and it's a waste of your money and time.

Charles
  • 50,943
  • 13
  • 104
  • 142
  • Do you think it will be safe If i use ZEND Guard and iclude this? `code` $output = shell_exec('wmic diskdrive get model'); echo $output; echo "
    "; $output1 = shell_exec('wmic csproduct get name,vendor,identifyingNumber'); echo $output1; `code`     – eMRe Apr 10 '11 at 19:44
  • If they can simply strip the protection from the code, they can easily just remove your checks. Your best bet here is legal, not technological. – Charles Apr 10 '11 at 19:47
  • But how can a normal user strip the protection in the code if it is done by zend guard? They need to get a professional help to do this. Even then i think it will not be easy. There is no way to track it down if the person uses it on another computer. I will have it on at least 30 different computer. I think this will be enough protection. – eMRe Apr 10 '11 at 20:02
  • @baris, it takes 30 seconds in Google to find *commercial services* that will remove the protection for you for just a few dollars. The fact that these services exist makes the encoders ineffective. You **can not** stop someone determined to pirate software. – Charles Apr 10 '11 at 20:38
-1

I suppose the MAC address would be useful.

Nabeel
  • 557
  • 4
  • 15
  • 1
    While this is the normal method that Zend Guard uses, MAC addresses are *trivial* to change. – Charles Apr 10 '11 at 16:57
  • -1, MAC addresses can be changed easily. this kind of protection isn't a protection at all – Frantisek Apr 10 '11 at 17:00
  • baris22 wants to make sure that the user is the same user who supposes to use the application. So, when the MAC address is changed, the user will not be able to use the application anymore and this the needed functionality. – Nabeel Apr 10 '11 at 17:03
  • what about hard disk serial number or something like that? – eMRe Apr 10 '11 at 17:06
  • @Nabeel, you missed the point a bit. The MAC address on *another machine* can be changed to that of the first, allowing the software to run there as well. (As long as those two machines don't operate on the same network, this won't cause any problems.) – Charles Apr 10 '11 at 17:06
  • @baris22, that's equally as ineffective, but for a more annoying reason. Hard drives *inevitably* fail and require replacement. – Charles Apr 10 '11 at 17:06
  • @RIMMER, can you use my MAC address if I gave the address string to you? – Nabeel Apr 10 '11 at 17:07
  • @RIMMER, I just want to know. – Nabeel Apr 10 '11 at 18:23
  • I managed to get the hard disk name and model by $output = shell_exec('wmic diskdrive get model'); echo $output; So i think this will be ok. just now. I can check and compare this – eMRe Apr 10 '11 at 18:24
  • Yes, MAC address can be overridden by any other value. If nobody did it, it could be considered a unique identifier, but as changing it is pretty easy for any average pc user, it can't be used as a unique identifier, especially not for security purposes. – Frantisek Apr 10 '11 at 18:26