0

I am doing license system. and every time I work for each computer. I created a code snippet. Do you think this is really enough for me to get a unique identity? Is it possible to return null?

I visited certain topics but I could not create a clear idea

    private string CID()
      {
        ManagementObjectSearcher search = new ManagementObjectSearcher("SELECT SerialNumber FROM Win32_BaseBoard");
        ManagementObjectCollection searchs = search.Get();
        string serial=""; string cpuid="";
        foreach (ManagementObject id in searchs)
        {
            serial = (string)id["SerialNumber"];
        }

        search = new ManagementObjectSearcher("Select ProcessorId From Win32_processor");
        searchs = search.Get();
        foreach (ManagementObject id in searchs)
        {
            cpuid = (string)id["ProcessorId"];
        }

        return MD5(serial+cpuid);
    }

I've tried a few computers, the result is positive, but I don't think you can try it on hundreds of computers.

marsze
  • 15,079
  • 5
  • 45
  • 61
mimi
  • 29
  • MAC address perhaps? – Alec. Mar 26 '19 at 16:33
  • MACs can be spoofed. But yeah, if you want something reasonably difficult to get around. – Robert Harvey Mar 26 '19 at 16:34
  • Nice try, but I would do some research on how to approach this properly before inventing your own solutions. – marsze Mar 26 '19 at 16:34
  • Get MAC of PC if you really want something unique. – jdweng Mar 26 '19 at 16:34
  • 1
    I'm using computer mac in the future. but not very useful. because the computer can have more than one mac address and it can mimic it. – mimi Mar 26 '19 at 16:36
  • Possible duplicate of [What's a good way to uniquely identify a computer?](https://stackoverflow.com/questions/671876/whats-a-good-way-to-uniquely-identify-a-computer) – marsze Mar 26 '19 at 16:42
  • 3
    It is not enough. You also need to provide a support phone number for users whose computer failed. With the kind of staff that isn't easily worn down by such users already being on edge by having to replace their machine and now discovering that they can no longer run the software they relied on. Tough job, they can't explain why you decided to inconvenience your most valuable users. And hard to hire such people, they don't last long from the grief that's thrown at them. A dongle is much more affordable. – Hans Passant Mar 26 '19 at 16:43
  • @marsze nice link, I added it to my answer – Cleptus Mar 26 '19 at 16:44
  • let me show you a sample – Reza Paidar Mar 26 '19 at 16:51
  • Just a note: ProcessorId is not a uniuque value, it is just a encoded version of the model of the cpu, two cpus of the exact same model will have the same processor id. – Scott Chamberlain Mar 26 '19 at 17:02

2 Answers2

1

.NET does use windows API calls behind the scenes, you do not have control to the final enviroment. Those calls could be patched/faked, there is no bulletproof .net solution.

If you want a decent uniqueness, do note I dont say perfect, I would add to the motherboard serial number and the processor id the MAC of the PC. Those three things would make it harder to bypass.

Ultimately those hardware checks can by always bypassed unless hardware tokens/dongles are used, but is up to your cost/benefit.

Cleptus
  • 3,446
  • 4
  • 28
  • 34
  • If we're talking "hundreds" of users only, as OP mentioned, I doubt this is a relevant risk. But might be just enough users to think of a 3rd party solution, yes. – marsze Mar 26 '19 at 16:52
  • actually I'm just checking. I'm not making a restriction. The important thing for me is to create as much unique identity as possible. What other IDs of the computer can I get? harddisk may change but cpu and motherboard are hard to change. – mimi Mar 26 '19 at 17:00
  • I would stick to mobo and CPU, are usually constant. Hard disk do break, they often change (and changing a HDD in favor of a SSD is a great thing to do to old hardware) – Cleptus Mar 26 '19 at 17:07
0

I have a lot of application that has serial numbers. The first thing we need to care about it is to prevent to hack our serials numbers. the hackers are just like coders always search for repeated algorithms. in your case you just use the md5 algorithm and CPU ID to find a unique number as a serial number per any systems. But if the hacker knows about your algorithm, so he/she can make a tool to return any CPU Id+ md5.
This is my opinion to help you to clear the way.
First, you need to check the validity on application start. you can check it on Load and every time user Login events. This is a sample

private void checkValidaty()
    {
        if (!setting.checkLicence(settingInfo.validateCode))
        {
            if (MessageBox.Show("Do you want to enter new licence?", MessageBoxButtons.YesNo, MessageBoxIcon.Information, MessageBoxDefaultButton.Button2, MessageBoxOptions.RightAlign) == DialogResult.No)
            {
                Application.Exit();
            }
            else
            {
                frmValidateNewLisence frm = new frmValidateNewLisence();
                frm.ShowDialog();
                this.checkValidaty();
            }
        }
    }

Then you can call checkValidaty() function on mentioned events.

Now I show you a sample to how to create a unique serial number. As you did we have a method to GetProcessorID

private static string GetProcessorID()
    {
        string sProcessorID = "";

        string sQuery = "SELECT ProcessorId FROM Win32_Processor";

        ManagementObjectSearcher oManagementObjectSearcher = new ManagementObjectSearcher(sQuery);

        ManagementObjectCollection oCollection = oManagementObjectSearcher.Get();

        foreach (ManagementObject oManagementObject in oCollection)

        {
            sProcessorID = (string)oManagementObject["ProcessorId"];
        }

        return (sProcessorID);
    }

You can ensure that there is the right id of any CPU.
Now with a password generator app, you can find an impressive static secret password. I just use this site to create strong passwords Secure Password Generator.
On this case, I use this one: y(M6dH%<Wx=)+fr,.
After that, you need to send those password and CPUID to generateCode function. 

private static string generateCode(string GetProcessorID)
    {
        using (SHA1Managed sha1 = new SHA1Managed())
        {
            var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(Id));
            var sb = new StringBuilder(hash.Length * 2);
            foreach (byte b in hash)
            {
                // can be "x2" if you want lowercase
                sb.Append(b.ToString("X2"));
            }
            return sb.ToString() + "y(M6dH%<Wx=)+fr," +  GetProcessorID;
        }
    }

This Method generates a Non-repetitiveand Non-guessable license.
The only weak point is being exposed your static password so you need to lock your source or other ways to secure it.

Reza Paidar
  • 863
  • 4
  • 21
  • 51
  • Is there any chance of conflict with the same brand processors? Many thanks in the reply is highly detailed. – mimi Mar 26 '19 at 20:19
  • As I know, it's imposible one id for two CPU. My code return one id per CPU even with multi cores – Reza Paidar Mar 27 '19 at 21:19