Mac or Motherboard as a unique identifier for licensing purpose?

Question

OK so i was using MAC address as a unique identifier , all went good until i activated a VPN and the mac address changed.....

So, i have 2 options:

1) Get the MAC Address of the actual physical network card

For mac address i found several tips on how to achieve this:

Link1
Link2

2.) Get the motherboard ID and use that instead, and hope we dont get 2 computer with same id( is that possible? )

public String getMotherBoardID()
{
    String serial = "";
    try
    {
        ManagementObjectSearcher mos = new ManagementObjectSearcher("SELECT SerialNumber FROM Win32_BaseBoard");
        ManagementObjectCollection moc = mos.Get();

        foreach (ManagementObject mo in moc)
        {
            serial = mo["SerialNumber"].ToString();
        }
        return serial;
    }
    catch (Exception)
    {
        return serial;
    }
}

What do you say? Should i try to dig and find code that gets the mac address from the card and not the virtual ones, or should i just switch to motherboard? And i don't need to combine anything, i just need something that is not going to change so easily on the targeted computer.

Don't forget MAC-address can be easily altered, either programmatically or by changing a NIC. — Violet Giraffe, Aug 02 '12 at 10:26
I think stuff like this is a waste of effort - you're deliberately spending time writing anti-features which are trivially bypassed by pirates. The only thing this will ever manage to do is annoy your paying customers when it doesn't work correctly. The time could be better spent adding features that will persuade people your software is great and worth paying for. — Flexo, Aug 02 '12 at 10:26
@Flexo: I see your point, but I disagree. Of course skilled "pirates" can easily circumvent this, but that's beyond the point. The point is to give casual users a stimulus to pay for the product. If someone is determined to break the program - they will, if someone is determined to find a crack - they will, but those are not your customers. — Violet Giraffe, Aug 02 '12 at 10:29
@VioletGiraffe For me personally a guilt trip is more effective than portraying customers as the enemy. That's guaranteed to annoy me and make me look for products from less annoying competitors. — Flexo, Aug 02 '12 at 10:31
Casual customers will change their machines occasionally too. Are you sure you want to tie your software to a single machine per license? How will you allow transfer of licenses to new machines? — Dan Puzey, Aug 02 '12 at 10:34
@DanPuzey: Yea problem comes when they are transferring licenses from a machine to another one, but isn't motherboard id a good idea to start with? — syncis, Aug 02 '12 at 10:35
@VioletGiraffe: I think you've just disproven your own argument, haven't you? People who are not your customers will work around this block anyway, but people who are customers will pay (and then be frustrated that software only works on one machine). Who does this benefit? I would suggest that license keys or a username/password authentication are much more usable, much less fragile, and easier to implement. — Dan Puzey, Aug 02 '12 at 10:36
If you block second hand sales in the EU [you might leave yourself exposed to legal action](http://www.theregister.co.uk/2012/07/03/eu_court_secondhand_licence_ruling/). — Flexo, Aug 02 '12 at 10:38
@syncis: I would suggest that licensing to hardware is a bad idea to start with. If you're verifying this with a server on each launch then why not just username and password? And if not, why not a license key to activate, and limit activations over time (so a key can't easily be reused). All in all, I'd suggest you evaluate the time you're spending on this against how many users you *realistically* think you'll lose to piracy. Chances are your time could be better spent! — Dan Puzey, Aug 02 '12 at 10:40
@DanPuzey: solution my company uses is this: let every customer to activate his license key on 5 different HW IDs, not one, and tell them to contact us if they run out and need more. — Violet Giraffe, Aug 02 '12 at 10:41
@syncis: because a user can give his credentials to his friends, and you'd want every person to pay for his copy, wouldn't you? — Violet Giraffe, Aug 02 '12 at 10:45
I've worked with similar software before, for a large company with a huge customer base. The eventual advice from our business guys was that if a customer had to make just a *single call* to the support line to alter their license details, it'd cost us the entire profit margin on the sale. Unless you're selling software with a really high margin, it just seems to me too costly to be worthwhile. — Dan Puzey, Aug 02 '12 at 10:45
@DanPuzey: I know nothing about how large companies work, our customers only need to send us an e-mail and it costs us under 5 minutes time to resolve the issue. — Violet Giraffe, Aug 02 '12 at 10:46

score 3 · Answer 1 · answered Aug 02 '12 at 10:25

3

Its better if you could use a combination of values from Motherboard, NIC and harddrive.

You may check this article: How To Get Hardware Information (CPU ID, MainBoard Info, Hard Disk Serial, System Information , ...)

answered Aug 02 '12 at 10:25

Habib

219,104
29
407
436

WMI is a terrible idea, high chance it won't work on your target machine. – M Afifi Aug 02 '12 at 10:58

score 2 · Accepted Answer · answered Aug 02 '12 at 10:50

I think an approach similar to the following would be as secure as it can get

you give the user a license key for the software, tied to e.g. customer's name or company
user inputs this data in the program
each time the program is fired, it "phones home" sending licensing info
if license is verified (by your system) to be valid, the software would receive back some data which actually make it able to function. Otherwise it wouldn't work no matter what (some parts would be missing).

An example (i'm thinking C# from now on) of not being able to run unless it's licensed, would be to make some fundamental method extern. You'll send the required assembly in response to a valid license, or fallback to a "Gotcha!" warning.

score 0 · Answer 3 · edited May 23 '17 at 12:33

0

Use something provided by microsoft for this. they use a combination of hardware identifiers. MACs are bad because they can usually be changed. Microsoft is bound to have some unique instlalation identifier.

Windows Unique Identifier?

edited May 23 '17 at 12:33

Community

1
1

answered Aug 02 '12 at 10:27

Markus Mikkolainen

3,397
18
21

Keep in mind that you're identifying a particular OS installation then, not the hardware and not the user. – Violet Giraffe Aug 02 '12 at 10:31
yes. But hardware is a bad licensing target.Also I would not use this kind of tracking for enforcing licensing automatically, but just to call home to make sure that people use one license key only for one active installation. – Markus Mikkolainen Aug 02 '12 at 10:32

score 0 · Answer 4 · edited May 23 '17 at 12:33

I would personally do the following,

Grab a number of hardware keys.
1. UUID
2. Serial Number
3. Hard disk serial number
4. Physical MAC address (for tips on how to do this one see my solution here)
Allow one (or even two) of those to change whilst keeping the license alive.
Require a re-activation of your license.
Track the number of reactivations for a customer and have a maximum of some sort before you get suspicious.

Don't use WMI I'd estimate that at least 1/10 times it doesn't work. You will need to bypass WMI and get these hardware details using Windows APIs.

Developed something similar personally, it tracks 10 different things (including software attributes) with some logic to allow for changes. Using WMI fell flat on its face in the first release.

Mac or Motherboard as a unique identifier for licensing purpose?

4 Answers4