11

I want to uniquely identify a machine in C.

The following are sources which have serial numbers, but they aren't guaranteed to be unique, or present (like a removable HDD or network card).

  • CPU: I'm using the cpuid instruction, however, serial number is not implemented for any processor except Pentium 3, i.e. not relevant. I can use the processor signature, but this won't be unique for every processor.
  • HDD: ?
  • BIOS: ?
  • motherboard: ?
  • MAC address: via system function calls.

For all the question marks, how would I get the serial numbers in C? If you answer with a system dependent solution, please provide both Windows/*nix. Also, for Windows, please no WMI.

Thanks!

bluish
  • 26,356
  • 27
  • 122
  • 180
chacham15
  • 13,719
  • 26
  • 104
  • 207
  • You want to spy on the users of your program? – Jens Gustedt Sep 16 '11 at 06:18
  • How does having the serial numbers imply spying? – chacham15 Sep 16 '11 at 07:20
  • Simply because you can track back individual behavior. Imagine you implement this in a web browser. This could then be used to track all the web accesses with that browser from a particular machine, regardless under which web identity it presents itself. So this can be easily misused for privacy breach. – Jens Gustedt Sep 16 '11 at 09:53
  • Ah, see that is where you make the mistake. This code is a client side executable. There is no need for serial numbers, the program itself could keep track of all computer usage via key-logging if that were its purpose. – chacham15 Sep 16 '11 at 10:10
  • No I don't think that I made a "mistake". I well know the concept of cookies. Cookies (at least in principle) can be deleted by the user and polite software asks us if we allow them to store one. Using cpuid for such a thing is malicious since I can't easily change my cpuid as I can delete a cookie. – Jens Gustedt Sep 16 '11 at 10:14
  • I want to only authenticate the one machine, not any other. The problem with a cookie is that it can be copied which is a security hole. Furthermore, anything that can be deleted can be copied. See the problem? – chacham15 Sep 16 '11 at 10:32
  • No, I have a solution: serial numbers. I was just explaining the need to Jens... – chacham15 Sep 16 '11 at 15:56

1 Answers1

2

Generally speaking, you need to identify a combination of components and understand that components can and will change over time. You need tolerance algorithms to make an informed guess about when a change represents an update to a machine you previously identified, or a new machine you have not seen before.

A simple approach would be to enumerate all of the components you listed when you need to determine which machine you're dealing with and compare to previous snapshots of machines you have previously seen. If anything with a serial number matches, you can pretty safely assume you're dealing with the same machine (though of course it's possible that someone transferred a hard drive to a new machine... but then, this is the simple approach. Commercial grade heuristics are much more complicated.).

Use of this approach specifically for software activation is covered by a patent that is actively enforced, so be careful about what you're doing. If you do want to do this to protect your software, it may be better to use a commercial solution. Some are quite affordable. Google "software activation" for options.

Here are some references for obtaining the specific system information (not all are specific C cookbooks, but C can be used in each case).

HDD Windows http://www.codeproject.com/KB/cs/hard_disk_serialno.aspx

HDD Linux http://www.webmasterworld.com/forum40/957.htm

BIOS Windows http://msdn.microsoft.com/en-us/library/aa394077(v=vs.85).aspx

BIOS Linux http://www.dufault.info/blog/a-better-way-to-find-your-bios-version-in-linux/

MAC Address Windows C++: Get MAC address of network adapters on Vista?

MAC Address Linux http://www.linuxquestions.org/questions/programming-9/linux-determining-mac-address-from-c-38217/

Community
  • 1
  • 1
Eric J.
  • 147,927
  • 63
  • 340
  • 553
  • As for the windows links, I specifically stated, no WMI. As for the linux bios link, thats the version, not serial number. – chacham15 Sep 16 '11 at 07:16
  • @Eric J. I appreciate your mention of the existing patent! Any idea when it expires? – Dave Dec 05 '13 at 06:24
  • @supertwang: That is the patent ending in 216 held by Uniloc. Not sure of the expiration. See http://en.wikipedia.org/wiki/Uniloc – Eric J. Dec 05 '13 at 17:25