1

Possible Duplicate:
How to get a unique computer identifier in Java (like disk id or motherboard id)

I am creating a small Java program. In there, I am creating a file called "James.txt". I am using this file to check whether the program has been moved from James computer or not. What I have done there is, writing Jame's computer's IP address to that file. So, when he start the program in the console, it will first check the file and will say "Hey James! Suprise!!!", and if the IP isn't belong to james it will print "Sorry, This is for James Party".

But, the case is, IP address can be changed even in the same PC right? So, how can I uniquely identify James computer? Please help!

Community
  • 1
  • 1
PeakGen
  • 21,894
  • 86
  • 261
  • 463
  • 2
    Look at http://stackoverflow.com/questions/1986732/how-to-get-a-unique-computer-identifier-in-java-like-disk-id-or-motherboard-id – Fabien May 16 '12 at 17:32
  • Look into how Windows does this. You will most likely need JNI to do the same in Java. – Thorbjørn Ravn Andersen May 16 '12 at 17:33
  • Fabien -- the answer to the question you mention suggests using the MAC address, but as pointed out below, that's unreliable. – Neil Coffey May 16 '12 at 17:33
  • oh no guys! I really need some help!! About Mac, I have heard it can be changed and the comments for the below answer says the same.. – PeakGen May 16 '12 at 17:36
  • Use the MAC address as @Fabien suggest – Jean-Christophe Fortin May 16 '12 at 17:37
  • two comments, suggestin mac, two against mac. I am confused now! :o – PeakGen May 16 '12 at 17:38
  • Whatever you do won't be infallible against somebody who deliberately wants to break the system. You *could* use the MAC address, but just bear in mind that this will change it a user changes their network card, which is something they could 'legitimately' do without trying to break your system. I suggest another option below of storing a UUID in the registry and then comparing this to a hash in the local directory. Again, if a savvy user wanted to deliberately get round that, they could easily do so. – Neil Coffey May 16 '12 at 17:45
  • What type of app is it ? if it some basic app that you want to put some security, the MAC will be more than enough. If you build a software for the Department of Defense, none of the above. If security is this important than maybe you can create a certificate on the computer and do some kind of validation... – Jean-Christophe Fortin May 16 '12 at 17:45
  • 1
    And even if you go for a 'fancy' solution involving certificates because you're really trying to protect against savvy users, then you also need to think about users savvy enough to doctor your class files and simply remove whatever protection mechanisms you put in place. You could easily tie yourself in knots without actually bringing the protection you think you're getting. – Neil Coffey May 16 '12 at 17:51

6 Answers6

2

MAC Address will change if the NIC is changed. Motherboard may fail and be replaced. The same may apply to processorId, hard-disk id and stuff.

Bottom line -

  • Develop an identifier for your application
  • Have your application maintain an identifier on the user's computer
  • When your application asks the user to identify himself/herself with userid/password/biometrics, validate the identifier too and then display the message you must.
Everyone
  • 2,366
  • 2
  • 26
  • 39
2

Technically, you can't uniquely identify any computer because everything can be 'spoofed'. You can even change your MAC address as easily as your IP if you know how.

That being said, some systems attempt to calculate combinations of values that together can be used to define a semi-unique instance. Generally these come from hardware identifiers, like:

  • MAC address
  • Hard disc identifier
  • CPUID

These are then mashed together in a way that provides a unique key with some tolerance for change (like a hardware upgrade). There is also a generated identifier used in some systems called UUID which is created when a filesystem is built.

To access some of these you may need to use JNI. Some of these are contentious (CPUID) because they can be used to track people on the internet and thereby reduce their anonymity.

Frequently access to these are unavailable from certain applications (like web browsers). It may be easier to establish a login/password form of security.

tudor -Reinstate Monica-
  • 889
  • 10
  • 23
1

You could use the Java registry to write a simple value into the system registry. This will work on Linux and Windows and is a very basic way to do this. Not secure and quite hackable, but at least it's portable.

You can refer to read/write to Windows Registry using Java for some great examples.

Community
  • 1
  • 1
Ewald
  • 5,691
  • 2
  • 27
  • 31
  • Will it work in all the systems which java supposed to work? – PeakGen May 16 '12 at 17:42
  • I've updated my answer with a link, there are some great answers and examples there that should be just what you are looking for. – Ewald May 17 '12 at 07:46
1

There is no way to guarantee a computer hasn't changed. Your best alternative is to write a key file to the machine on first run that you can then use to check against. Whilst this could be deleted making it appear to be different as long as you have used a sensible hash algorithm to generate your key (i.e. you can be confident no one else could generate it) then you can be happy that you are guaranteed a correct match when the key matches. This method will give you confidence in positive identifications but leave you open to false negatives, which isn't normally an issue. You should look to use something like an SHA algorth based off some salted input that you can use as a reference.

codeghost
  • 1,014
  • 7
  • 14
1

Anything you can do in pure Java won't be very effective against a tech-savvy user who deliberately wants to 'break the system'.

But, nonetheless, low-tech things that you could do in pure Java:

  • just go ahead and store the MAC address; it's not totally reliable, but most users in practice won't change their MAC address;
  • allocate a random UUID and store it on the machine using the Preferences architecture; then, store that UUID, or a secure hash of it, in the program's local directory.

Either of these systems is easy to get round by a savvy user. But at the end of the day, a savvy user could doctor your class files to bypass whatever measure you put in place.

The disadvantage of the MAC address is that there is a 'legitimate' case external to your program where the MAC address may change, since a user may change their network devices.

Neil Coffey
  • 21,615
  • 7
  • 62
  • 83
1

IP address might change quite often (e.g. assigned using DHCP) I propose to use serial number of disk or motherboard for identification.

Example of how to get these serial number on WINDOWS can be found here:

http://www.rgagnon.com/javadetails/java-0580.html (includes source code, platform dependant)

dnsmkl
  • 792
  • 5
  • 17