Reliable Hardware Serial Number For Software Protection?

I am currently developing a program that I would like to protect from unauthorized users (copy protection). The software itself is free but I want my users to register before they can use it. Because the software is free, I can’t really use a third-party solution such as eSellerate because they take payment as a percentage of sales (which is zero).I have played around with several ideas but the one that keeps sticking is using the hard drive serial number as a basis for protection. I’m not a big fan of this idea because I have been the victim of such schemes in the past. For example, I have a removable hard drive and every time I insert the drive a particular piece of software goes crazy and I have to reenter the activation code. Another problem with this software is I have a hybrid SATA and PATA system. For some reason the software (or maybe Windows) sees the PATA drives as primary when in reality a SATA drive is the boot drive.Has anyone had experience in a similar situation and have any suggestions? Also does anyone have any example code for reliably retrieving the hard drive serial? I went over to Code Project (http://forums.xisto.com/no_longer_exists/) and found a nice article about finding the serial number. The big problem with this code is it sees my Zip drive as the first device and you may understand that this could be a problem. Any help or suggestions are welcome.

Has the computer to be on the Internet network in order the software to be used ? Or has it to be able to work even when disconnected from the network ?

What about logging the software into a Sql database. Once that software gets registerd it is logged on OS Processor type and IP address.

That's what I was thinking. However, this needs the computer to be on the public network, a standalone machine will not be able to connect to the Sql database.

hmm true. Unless you wrote into the application aswell once it was registered the info and have it encrypted so it couldnt be used on another machience

hmm true. Unless you wrote into the application aswell once it was registered the info and have it encrypted so it couldnt be used on another machience

And, precisely, the very first question was : which info has to be written and encrypted ? This info has to be related to the hardware on which it is installed.

And, precisely, the very first question was : which info has to be written and encrypted ? This info has to be related to the hardware on which it is installed.

Why don't use CPUID instruction for getting the CPU serial number, stepping, ID string...? I guess there is a way for implementing such instruction in VB, or some activex control or dll..., well there must be a way.

Thank you for your great suggestions. The purpose of the application is to query remote Internet resources so in short it will be on the Internet at all times. I don’t think that using the IP address would be much good because the IP can change at any time. I used to have a DSL line that changed everyday. As for the CPU ID, it is also not a hard and fast rule. If you remember a few years ago Intel had a big controversy over enabling the ID on Pentium 4 chips. From that point on I think that Intel has disabled the ID.I suppose the SQL database would be the best way to go but I have absolutely no experience with SQL and I would rather not go down that path, at least not yet.Great response so far.

You could simply give each guy a serial associated to it's name and mail. Then, your program can ask your computer if this serial/name/mail correct. if it's in your file, your computer says "OK" (it could simple be "grep password |grep name |grep serial |wc -l"). If your computer says OK, the program is activated. (for instance receiving a necessary myfile.dll.If your computer says "NO", the fake dll file is not replaced by the correct one, and the program says "please ask a new registration from tansqrx.com

you could always try to use a ethernet controller MAC address. i used that for a program once and it worked ok, till someone wants to take out their lan card. but topday most lan cards are part of the motherboard so that isn't as much of an issue - till they take out the motherbaord!

you could always try to use a ethernet controller MAC address. i used that for a program once and it worked ok, till someone wants to take out their lan card. but topday most lan cards are part of the motherboard so that isn't as much of an issue - till they take out the motherbaord!

MAC address alone is not safe. MAC address can be change by software too. I saw this software once, when playing with wifi hacking tools. It help to spoof the MAC address so the wifi router thought you're one of the legitimate users. i've also heard of a commercial software that copy protect by MAC address, to copy and use, you just need to edit something in your registry.

I do use a method for license and copy protection. I'm using WMI to access hardware information, like mother board serial number, hdd serial number, logical disk serial number, mac address

tansqrx, i do face your problem once, in my own software, thus for the hdd, i select only non removable drive. Where as for logical drive, i select only drive C.

After i took all those info, i join them up as a string, the apply SHA512 hash on it, that will be the key. Then uses RijndaelManaged encryption to get the code from the key. I uses the key to identify individual client, the generate the code using the same encryption and pass-string

One important thing to take note, if you're using .Net (vb.net or c#.net). you'll need apply some obfuscation on your assembly later, before you ship it, else they can simply disassemble and remove the security check

If you need the source code, let me know, i'll post it here

Good luck

It will backfireReliable Hardware Serial Number For Software Protection?

Not only won't this work, but it will backfire. All that will happen is that someone will hack your program to eliminate the check. Then even the users who like your program won't want to register because they have a hacked version of your program. You will also get cut off from most distribution sites because they require your program to work without special registration -- so most people will never even know your program exists.

Your plan sounds like a bad idea all around.

-reply by David Schwartz