4

While having to implement a license server I am facing the problem to identify the server the software is running on uniquely with some host id. The server can be any Windows or Linux. Also a virtual machine is possible. Going for the MAC address of the network card would allow the virtual machine to be copied without the host id changing.

Any ideas how to calculate a host id? Preferrably feasable with Java.

jww
  • 97,681
  • 90
  • 411
  • 885
micgn
  • 245
  • 1
  • 4
  • 14
  • A virtual machine's MAC address will typically change when it's copied, to avoid conflicts if both VMs run at the same time. But there's no truly reliable way to distinguish one VM from another if you're concerned about the user deliberately trying to make an exact duplicate. Even the BIOS UUID can be modified. – Wyzard Jun 01 '12 at 23:52
  • That' what I guessed. So in the end the VM principle kills every license management trying to do a host restriction... – micgn Jun 02 '12 at 06:30
  • Also see [Getting a unique id from a unix-like system](https://stackoverflow.com/q/328936/608639). – jww May 28 '18 at 11:21

3 Answers3

2

I had to do this once, and ended up using the UUID inside the SMBios.

In my case, I used C in a unix environment, not Java, but you might be interested in reading the SMBios specification, and take a shot at reading the UUID, which should be a little better than reading MAC's, hard disks serial numbers, etc, because the user might replace these more often than the bios.

EDIT: Updated to add what we've discussed in the comments (just to have everything together in the same place).

On virtual machines (VMWare, that is), the UUID is generated from the UUID of the physical machine and the path to where the vm "lives" (see: http://www.vmware.com/support/ws55/doc/ws_move_uuid_format.html)

For Java, I know there's javax.realtime.RawMemoryAccess, that let's you read and write memory. I've never actually tried it, but seems to be the right way to do it from Java (if anyone's got any experience on this please comment!)

Otherwise, there's a not-that-portable solution: a JNI, and that means C++. As I stated before, my only experience was on unix systems, and in my particular case I found the source for dmidecode, quite helpful. For windows, you could try this SO question, which might be helpful.

Yes, I know it might look like a lot to research on at first :) But I guess that reading the specification and (if needed) looking at the source of dmidecode, you should be able to do it, and will (in my experience) yield better results "in the field" than hashing serial numbers from disks or network cards.

Community
  • 1
  • 1
marcelog
  • 7,062
  • 1
  • 33
  • 46
  • How is that in a virtual machine? Does the virtual machine have its own Bios UUID which stays the same when the virtual machine is copied from one server machine to another? This would be unfortunate for licensing exactly for one server host... – micgn Jun 01 '12 at 06:56
  • 1
    I'm assuming you're talking about vmware here. Each vm has its own uuid, based on the uuid of the physical machine and the path to where the vm resides. See: http://www.vmware.com/support/ws55/doc/ws_move_uuid_format.html – marcelog Jun 01 '12 at 10:26
  • Thanks for this hint!! How could I access that? With VBS? I found this one here: http://www.rgagnon.com/javadetails/java-0580.html – micgn Jun 01 '12 at 21:02
  • sure :) I've updated the answer to include the vm's reference and my thoughs on how it could be accessed – marcelog Jun 01 '12 at 23:29
  • 1
    @marcelog, a VMware virtual machine's BIOS UUID is stored in its `.vmx` file, in a property called `uuid.bios`. The *default* value might be based on the physical machine's UUID and the path, but anyone with a text editor can change it afterward. – Wyzard Jun 01 '12 at 23:54
  • @Wyzard Correct. My point about using the UUID was just that it is better than using serial numbers or mac's. Thanks for pointing it out, though – marcelog Jun 01 '12 at 23:58
1

Unfortunately the SMBIOS UUID is not unique on all systems. It should be but it isn't.

This is not because of a failure in the specification of the SMBIOS UUID, but is due to the fact that many manufacturers don't follow the spec when creating this UUID.

For more information about how this goes wrong in practice see this Intel blog http://software.intel.com/en-us/blogs/2007/06/08/are-uuids-enterprise-worthy and the following instructive tale has some really awful examples from the real world: http://howtowriteaprogram.blogspot.nl/2012/06/smbios-uuid-fail.html.

By the way there is another more informative topic on stackoverflow about creating machine unique id's at Generating a unique machine id

Community
  • 1
  • 1
bvanlew
  • 1,465
  • 16
  • 13
0

MAC address may not be the best way to do this since MAC addresses are relatively easy to spoof. Since Java 5, there has been the UUID class that can be used to create unique id's. I'm not sure what you are shooting for so I hope that is what you are looking for.

It Grunt
  • 3,300
  • 3
  • 21
  • 35