.NET copy protection

Question

Is it possible to restrict a .NET executable to a specific machine somehow so that it can only be run on that machine.

Please give some more info. What's your purpose behind this? — rahul, Jul 17 '09 at 09:21
It would be interesting to know if you're trying to protect against accidental misuse or against malicious users (the latter being much more complicated). — Paolo Tedesco, Jul 17 '09 at 09:24
Pretty much, yes. Ali, I suggest you read http://en.wikipedia.org/wiki/Copy_protection#Copy_protection_for_computer_software — John Saunders, Jul 17 '09 at 13:35

score 10 · Accepted Answer · answered Jul 18 '09 at 06:02

Yes, and I do that in my apps. It works wonderfully.

Getting the system info (CPUID, MacID, HDD details) is easy using WMI (highly recommended).

I created a system that's practically foolproof (unless you're a pro hacker).

When my apps are installed for the first time on the user's PC, they go back to my server using web services. They identify themselves using a password hash and look for an authorisation code/order id for the client.

If the client has the correct authorisation code the application encrypts and stores the system details on the client's computer and sends a hash of the info to my server where it is stored. The software is then activated on the client's computer using some hashed flags and every time the app is run the system info is compared with the hashed info in the files.

If the client re-formats the computer, all he needs is the order id to activate the software again automatically (when the program checks with my server, the system details are verified and approved if they match). If the client installs the software on another machine he must contact my support team to get approval.

-- All the information is encrypted and hashed (double encryption). -- All code is obfuscated and packed.

It's working pretty securely at the moment.

So yes, it's possible, it's been field tested and found working as well as any other protection system.

The problem with using WMI is that it requires the application to run as an admin for many of the most stable components (MAC address, HDD serial, etc.) This is a usability issue on Vista/Windows 7 where applications no longer have admin access by default. — Paul Alexander, Aug 31 '10 at 18:40
The question would always be. Do the software then generate more income cause of this. Dev time, mainteance, customers getting irriteted over the reactivation and so on. The list is long. — Syska, Oct 13 '11 at 22:46

score 2 · Answer 2 · answered Jul 17 '09 at 09:21

Can't use the processor id and check it everytime(?)

Here is a sample code which I wrote some time back.

Imports System.Management

Public Class Form1

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

        'Declare following three object variables

        Dim objMOS As ManagementObjectSearcher
        Dim objMOC As Management.ManagementObjectCollection
        Dim objMO As Management.ManagementObject

        'Now, execute the query to get the results
        objMOS = New ManagementObjectSearcher("Select * From Win32_Processor")

        objMOC = objMOS.Get

        'Finally, get the CPU's id.
        For Each objMO In objMOC
            MessageBox.Show("CPU ID = " &amp; objMO("ProcessorID"))
        Next

        'Dispose object variables

        objMOS.Dispose()
        objMOS = Nothing
        objMO.Dispose()
        objMO = Nothing

    End Sub
End Class

CPU ID didn't used to be a reliable unique ID. Has that changed? — John Saunders, Jul 17 '09 at 09:25
It may not be a reliable solution. but one of the solution (?) ;-) — Shoban, Jul 17 '09 at 09:43

score 2 · Answer 3 · edited May 23 '17 at 12:24

2

Assuming the machine has an NIC you can use the MAC address:

Read MAC Address from network adapter in .NET

edited May 23 '17 at 12:24

Community

1
1

answered Jul 17 '09 at 13:34

Ian G

29,468
21
78
92

1

You can do that, but this is exactly one of the techniques that infuriates users. They should be able to update their networking equipment without having to inform their software vendors! – John Saunders Jul 17 '09 at 13:44
I completely agree. I'm just saying :D – Ian G Jul 17 '09 at 13:50
1

On some systems, I've seen MAC addresses change on reboot. In particular one old IBM Thinkpad system. – Duncan Bayne Jan 08 '10 at 06:16
@DuncanBayne: I used to work with networking software that changed the MAC address based on a unique property of each computer. Change that property, and, boom, all the software licensed to that MAC address would fail. – John Saunders Jan 10 '14 at 04:43

score 1 · Answer 4 · answered Jul 17 '09 at 09:23

1

Out of the box - no.

You can try generating a machine signature during installation and lock your application to not start when the signature file is not present or is not valid for this particular machine.

answered Jul 17 '09 at 09:23

User

30,403
22
79
107

score 1 · Answer 5 · answered Mar 22 '11 at 21:43

.NET is awful because it's so easy to reverse it back to source code with commonly-available tools. (We do a demo where we crack .NET in about 2 minutes). Cyril's solution sounds good because he's using encryption and a hash of fingerprints to the target machine. These solutions regrettably are vulnerable to some kinds of man-in-the-middle attacks although his solution sounds better than most. One problem with machine binding is that the fingerprinting tokens you want to use (like MAC address, CPU serial number, etc) must be retrieved with OS calls, which can be spoofed by a mid-level cracker.

Depending on the $ value of your software using a good dongle like CodeMeter, Hasp HL, or KeyLok will give you significant protection. Using a "bad" dongle won't help you a bit, though.

'Awful'? Most users would call that a feature. – Duncan Bayne Jan 14 '14 at 01:54 — Duncan Bayne, Jan 14 '14 at 01:54

score 0 · Answer 6 · answered Jul 17 '09 at 13:24

You could digitally sign your EXE and use certificates to aid some sort of protection, however if you truly want to prevent your EXE from running on a specific PC you might be better prompting the user for a password and using a key file?

.NET Encryption Examples https://web.archive.org/web/20210707015555/http://aspnet.4guysfromrolla.com/articles/112002-1.aspx http://www.eggheadcafe.com/articles/20020630.asp

score 0 · Answer 7 · answered Dec 13 '10 at 09:53

For this, you would need to embed your license code with some sort of machine-code generated from the machine's MAC ID, HDD ID, CPU ID, etc.

Then check this embedded code with the machine code generated when your software is run. If these do not match, it means that the software is being used on a different machine.

If you want a ready-made license scheme which supports this scenario, see CryptoLicensing

score 0 · Answer 8 · answered Apr 03 '12 at 00:54

0

If you want a ready-made license scheme which supports this scenario, see CryptoLicensing

This is not really true. CryptoLicensing only uses the computer name, not even CPU ID.

answered Apr 03 '12 at 00:54

wbp

21
1

1

What is used as machine code are implementation details. But CryptoLicensing supports machine-locking which is what OP is looking for. Also see http://www.ssware.com/support/viewtopic.php?t=635 – logicnp May 03 '12 at 09:48

.NET copy protection

8 Answers8

Linked