|
great so far but I want to reverse the hex string back to plain english, any help much appreciated.
|
|
|
|
|
It is the principal and intention of Hashing that they are irreversible. Of course there are ways to try every combination of input and see if the hashed values match, but you cannot guarantee that you have found the proper value. This also is by intention.
You can do a quick proof of this yourself by "counting" the possible values for an MD5 hash (it has 128 Bit) and the possibles values for a potentially very long input value. As you can have far more input values than MD5 hash values, you will definitely have collisions there.
If you want something reversible, you can use the same way of generating the identifiers and then use encryption instead of hashing to protect them reversible.
Be minded that using hashing also is a method to protect the users privacy, that is well intended here.
|
|
|
|
|
string[] fingerprint = {
"CPU|" + cpuId(),
"BIOS|" + biosId(),
"BASE|" + baseId(),
"DISK|" + diskId(),
"VIDEO|" + videoId(),
"MAC|"+ macId()
};
fingerPrint = string.Join("\r\n", fingerprint);
Software Developer
Jayzon Ragasa
Baguio City, Philippines
|
|
|
|
|
fingerPrint = string.Format("CPU|{0}~BIOS|{1}~BASE|{2}~DISK|{3}~VIDEO|{4}~MAC|{5}",
cpuId(),biosId(),baseId(),diskId(),videoId(),macId());
|
|
|
|
|
Thank you Sowkot, you saved me some time!
|
|
|
|
|
This works fine in a windows based machine but fails to run in Linux.
Any idea how to accomplish the same thing without referencing system.management?
|
|
|
|
|
Is there any way to get back original string from generated key???
Krishna
|
|
|
|
|
Been there, done that. This is not so easy. From my experience
- video card is unreliable, as quite a few notebooks out there now use dual video, dynamically switching between them according to system's graphic power needs. Sometimes even remote access tool change this.
- BIOS data is unreliable - first a BIOS update might change things, second there are BIOS bugs. I've seen BIOS reporting textual or hex vendor id depending on whether there is an eSATA drive connected.
- network is unreliable. There are computers switching off the network card when there is no cable plugged in so that the MAC is not visible to the OS at all. Some do this only if it is running on battery.
I don't think there is a way to build reliable small rigid id. It might be possible to collect the data and allow for a limited number of changes.
|
|
|
|
|
Hi,
As decompilation tools are available so anybody can decode the application being used to create the key. Once the code is in hand , anybody can crack the license key.
|
|
|
|
|
Hahaha...
Joke...Learn first and then say.
There is a solution, we can obfuscate the code.
|
|
|
|
|
|
obfuscating the code will change user made function name and constant to some other random value. obfuscatIng does not change CreateFile function to random value.
Protecting a .NET executable is a joke.
Regards,
Vishal
|
|
|
|
|
Before you "joke" about this, Vishal, you need to take a quick look at some modern tools that provide .NET code protection.
Protection is a bit more than just obfuscation, which on its own, I agree, does very little to protect code.
Have a look at the EZIRIZ Reactor and Intellilock tools as a couple of examples.
I certainly found this article both interesting and informative.
Stay healthy and happy,
|
|
|
|
|
Sorry to say i had to tried it already. and adding all the options in Reactor, makes some function of the program works weirdly, You can search it on net. .NET is good for in-house productions and not for global distribution.
Regards,
Vishal
|
|
|
|
|
Use Ngen.exe (Native Image Generator)
- Convert your .NET code into Machine Code.
The Native Image Generator (Ngen.exe) is a tool that improves the performance of managed applications. Ngen.exe creates native images, which are files containing compiled processor-specific machine code, and installs them into the native image cache on the local computer. The runtime can use native images from the cache instead of using the just-in-time (JIT) compiler to compile the original assembly.
http://msdn.microsoft.com/en-us/library/6t9t5wcf.aspx[^]
|
|
|
|
|
I want to know how to do this in c++
ssss
|
|
|
|
|
thanks for your article, it helped a lot finding what I needed.
My amendment would be a certain speed boost for the whole thing.
My code looks like:
public static string GenerateMachineIdentification()
{
string[,] check = new string[,] {
{"Win32_NetworkAdapterConfiguration","MACAddress"},
{"Win32_Processor", "UniqueId"},
{"Win32_Processor", "ProcessorId"},
{"Win32_Processor", "Name"},
{"Win32_Processor", "Manufacturer"},
{"Win32_BIOS", "Manufacturer"},
{"Win32_BIOS", "SMBIOSBIOSVersion"},
{"Win32_BIOS", "IdentificationCode"},
{"Win32_BIOS", "SerialNumber"},
{"Win32_BIOS", "ReleaseDate"},
{"Win32_BIOS", "Version"},
{"Win32_DiskDrive", "Model"},
{"Win32_DiskDrive", "Manufacturer"},
{"Win32_DiskDrive", "Signature"},
{"Win32_DiskDrive", "TotalHeads"},
{"Win32_BaseBoard", "Model"},
{"Win32_BaseBoard", "Manufacturer"},
{"Win32_BaseBoard", "Name"},
{"Win32_BaseBoard", "SerialNumber"},
{"Win32_VideoController", "DriverVersion"},
{"Win32_VideoController", "Name"}
};
string query = "SELECT {1} FROM {0}", queryex = " WHERE IPEnabled = 'True'";
string result = null;
StringBuilder sb = new StringBuilder();
for (int i = 0; i < check.GetLength(0); i++)
{
System.Management.ManagementObjectSearcher oWMI = new System.Management.ManagementObjectSearcher(
string.Format(query, check[i, 0], check[i, 1]) + (i == 0 ? queryex : string.Empty));
foreach (System.Management.ManagementObject mo in oWMI.Get())
{
result = mo[check[i, 1]] as string;
if (result != null) sb.AppendLine(result);
break;
}
}
MD5 sec = new MD5CryptoServiceProvider();
ASCIIEncoding enc = new ASCIIEncoding();
byte[] bt = enc.GetBytes(sb.ToString());
bt = sec.ComputeHash(bt);
sb.Clear();
for (int i = 0; i < bt.Length; i++)
{
if (i > 0 && i % 2 == 0) sb.Append('-');
sb.AppendFormat("{0:X2}", bt[i]);
}
return sb.ToString();
}
Alex C. D.
|
|
|
|
|
is it generate numbers only?
|
|
|
|
|
Hi,
Excellent Post, but you should explain in depth for.
How generated key looks?
How to validate key?
How to call?
We are looking forward from your side!
any way my vote of 5!
Thanks,
Imdadhusen
sunaSaRa Imdadhusen
+91 99095 44184
|
|
|
|
|
you creates the serial number, but how to validate it when using this serial number?
|
|
|
|
|
...that the user is unlikely to change his motherboard/BIOS/CPU. For one, when a new CPU generation comes out (as is the case right now with Intel's Sandybridge architecture), it's not uncommon for motherboard manufacturers to release BIOSes every few weeks until all the kinks are worked out. If a user flashes his BIOS on a regular basis to keep up to date, you're going to inconvenience your user.
Of course the real matter is what hoops you're going to make your user jump through to get your software working again once you've determined that the hardware has changed and the user needs to be locked out. That, IMO, has got to be worth at least a paragraph or two in any article discussing ways to uniquely identify a computer.
|
|
|
|
|
Isn't the point of an article to teach and give a starting point, more than a complete copy/paste solution for those not interested in doing a little effort?
I think based on this it isn't that hard to add a little logic. If your fingerprint is based on combination of motherboard & CPU & BIOS, and only 1 of the three change, then have your code automatically update the fingerprint on your licensing webserver and don't bother the user. If all three change inside of 30 days then it's an all new computer.
Or map the three fingerprints to one license code. If the motherboard and the CPU get split up to two computers then only enable one of them.
If you are REALLY that worried use a hardware dongle for each software license.
|
|
|
|
|
tlhintoq wrote: Isn't the point of an article to teach and give a starting point, more than a complete copy/paste solution for those not interested in doing a little effort?
I think based on this it isn't that hard to add a little logic.
Oh, I totally agree. I'm just pointing this out in case someones does take code such as this and copy/paste it without giving it much thought. That's why I thought it was important to have a paragraph or two going over this sort of thing as a caveat.
|
|
|
|
|
|
Why do you use foreach loops instead of just quering for the properties you want? WMI supports queries similar to SQL and using SELECT queries instead of loops will make the fingerprint generation much more faster!
And something else - there's no such thing as Unique CPU ID anymore, Intel has removed it long time ago for privacy reasons, so using WMI processor data is pretty much pointless as it does not guarantee that you will end up with a unique machine fingerprint.
modified on Wednesday, January 26, 2011 5:13 AM
|
|
|
|
|