serial number (activation code)

[Jassim Rahma]

I want to create a unique serial number (activation code) which must be used
on one PC. The only way I thought of is to generate a serial number from the
PC's MAC address and i want to know how can I do that?

 

[Peter Duniho]

I want to create a unique serial number (activation code) which must be
used on one PC. The only way I thought of is to generate a serial number
from the PC's MAC address and i want to know how can I do that?

Since a MAC address is not necessarily unique, I am not convinced that
your approach is going to work.

Also, keep in mind that existing implementations of "activation codes"
(such as Microsoft's Product Activation for Windows and Office products)
cause a lot more inconvenience to paid users of their products than they
do to software pirates. In fact, they only inconvenience paid users;
the pirates have, by definition, gotten around the activation feature
and so don't ever run into any trouble with it.

So if your goal is to defend against piracy, an activation code isn't
really a very nice thing to do to your paid users.

The key point here is that anything that could be a barrier to a
software pirate can also potentially be a barrier to your paid users.
And for a software pirate, they only have to break your barrier once,
and then it is no longer an inconvenience for _any_ person who has
pirated your software, while your paid users, since they are not using a
hacked version of your software in which the barrier has been removed,
will continue to have problems with your barrier.

Of course, the same thing can be said of most copy protection schemes.

It is much better to provide your users with non-barrier incentives to
licensing your software legally. For example, offering excellent
product support to paid users, and not charging ridiculous prices for
your software (to name a couple of things many software publishers get
wrong).

Pete

 

[G.Doten]

Since a MAC address is not necessarily unique, I am not convinced that
your approach is going to work.

All MAC addresses had better be unique; they are designed to be, anyhow.
But what you probably mean is which MAC address should be used? Probably
most PC's only have one NIC but a lot have more than one so there's two
or more MAC addresses right there. Other devices like Bluetooth radios
also can—and usually do—have MAC addresses, like in the case of a
Bluetooth Personal Area Network.

So Jassim, if you go the MAC address route, you have to first decide
which one you want to use. Not an easy problem to solve.

 

[Bob Johnson]

Well, if you *must* protect your investment - even at the soft expenses
described by Mr. Duniho - then you might want to go with a real licensing
system:

http://www.desaware.com/products/licensingsystem/index.aspx

Protecting your code is something that is incremental - you can only raise
the bar for would-be crooks. It can be easily argued that you must do ALL of
a bunch of things or NONE of them; as doing only a subset would only
increase your expense, tick off paying customers, and really not raise the
bar as high as possible.

IN the spirit of going "all out"... in addition to the serious licensing
system at the link above, you would need to obfuscate your code. There are a
few other things as well....

- "HTH"

 

[Bob Johnson]

The core issue here is "how do we _define_" a given PC? You must do that
before you can proceed to _identify_ any PC. Going off of a NIC is just one
way to do it.

The licensing system at the following link lets you change the very
definition of a given computer to suite your needs. Do you want to define it
as simply one of the installed NICs? Great - you can do that. How about
going off of the HD. Great. How about both plus CPU - no problem (IIRC).

http://www.desaware.com/products/licensingsystem/index.aspx

HTH

 

[Jassim Rahma]

but when say MAC i thought that's a PC (physical PC) not any other
componant?

 

[G.Doten]

but when say MAC i thought that's a PC (physical PC) not any other
componant?

No, MAC is a unique number assigned to things like Network Interface
Cards and similar devices. Each manufacturer of such cards is assigned a
unique range of MAC addresses that they can burn into the actual
hardware. A PC can have no NIC cards or one or more. Plus, like I said
previously, not just NIC cards use MAC addresses, and a PC can have any
number of such non-NIC devices.

So a MAC address does not uniquely identify a PC or anything like that.
In fact, as stated, some PCs won't have any devices that use a MAC
address and therefore won't have any MAC addresses you could use for
license enforcement.

You'll need to pick some other way to uniquely identify a PC. And if you
come up with something, please post it here.

 

[Jon Skeet [C# MVP]]

All MAC addresses had better be unique; they are designed to be, anyhow.

IIRC, a MAC addrses has to be unique within a subnet in order for
routing to work - beyond that it's all down to the IP address.

Some network cards allow you to specify the MAC address yourself
(again, IIRC), which completely kills any claim of uniqueness.

 

[Guest]

a "unique serial number" is only part of the equation. As other comments have
indicated, I'd be extremely reluctant to use only the MAC address since it's
common for NICs to be switched out. Not only that but utilities like
"etherchange" can actually change the reported MAC address at will.
Maybe if you could be more specific about exactly what is the goal of your
proposed licensing scheme, you can get better help.

Virtually ANY licensing scheme can be broken by a determined cracker. I
repeat: ANY.
-- Peter
Recursion: see Recursion
site: http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
bogMetaFinder: http://www.blogmetafinder.com

 

[G.Doten]

IIRC, a MAC addrses has to be unique within a subnet in order for
routing to work - beyond that it's all down to the IP address.

Some network cards allow you to specify the MAC address yourself
(again, IIRC), which completely kills any claim of uniqueness.

Yes, you can override the value of the MAC address burned into any of
the devices that the networking layer will then use (it's just software,
after all; there's nothing to force the software to use the address
burned-in to the device). But all the addresses burned-in to such a
device had better be unique, and you can easily get that number, again,
using software, to use in a licensing scheme (or whatever) if you want to.

If a MAC address burned-into one of these devices isn't unique, then the
device manufacturer screwed up. Each manufacturer is assigned a unique
number by the IEEE that goes into the first 24-bits of a MAC address,
and the manufacturer assigns the remaining 24-bits as they see fit, so
long as they never reuse a number.

If bit 41 of a MAC address is 0 then it is the address burned-in to the
device; if it is 1 then the address has been changed by a network admin.
Although why a network admin would do this I've never fully understood.
The only thing that pops to mind is that a device manufacturer screwed
up and duplicated a MAC address and some unlucky sole ended up with two
devices having the same MAC address on their local subnet, in which case
they can override the number (pretty much only for some manufacturer's
NICs though).

The fact that manufacturer's may indeed screw up assigning these
addresses, that's yet another good reason not to use them in some
licensing scheme which attempts to uniquely identify a PC.

 

[Peter Duniho]

All MAC addresses had better be unique; they are designed to be, anyhow.

Hardware MAC addresses are intended to be as unique as possible. But
there is no requirement that they be unique, and since you can
arbitrarily set the MAC address on most network devices, they easily can
be non-unique.

As long as a MAC address doesn't show up twice on the same network
segment, it's not even a problem for them to be non-unique.

But what you probably mean is which MAC address should be used?

Nope. That's not at all what I mean. But it's a good point to bring up
as well.

Probably

most PC's only have one NIC but a lot have more than one so there's two
or more MAC addresses right there. Other devices like Bluetooth radios
also can—and usually do—have MAC addresses, like in the case of a
Bluetooth Personal Area Network.

I am currently using a computer that has four MAC addresses: Bluetooth,
Firewire, wireless, and wired Ethernet. To further complicate matters,
I sometimes run a VM with Windows XP in it, and that VM's network
adapter has its own MAC address, as do other virtual network adapters
based on the Bluetooth and Firewire hardware.

So Jassim, if you go the MAC address route, you have to first decide
which one you want to use. Not an easy problem to solve.

As an example of the issues I brought up in my previous post, consider
the scenario where someone is using software on a computer that also has
a VM installation. I see no legitimate reason to prevent that person
from running the given software either within the VM or under the
non-virtual instance, but if the MAC addresses aren't the same under
both OS instances (and they very well might not be, especially if the VM
is configured to have the network adapter on the same network segment as
the non-VM instance), the software will insist on being "activated" on
one or the other, but not both.

I have, in fact, had this exact problem with Office 2007 and their
incredibly annoying Product Activation "feature" (I do use that term
loosely).


Pete

 

[Peter Duniho]

but when say MAC i thought that's a PC (physical PC) not any other
componant?

The MAC address is associated with network adapters. You'll generally
have one unique MAC address per network adapter, and lots of different
devices on a given computer can look like a network adapter (as has been
mentioned), including those that actually _are_ network adapters.

The MAC address is definitely not "one-per-PC".

Pete

 

[Peter Duniho]

Yes, you can override the value of the MAC address burned into any of
the devices that the networking layer will then use (it's just software,
after all; there's nothing to force the software to use the address
burned-in to the device). But all the addresses burned-in to such a
device had better be unique, and you can easily get that number, again,
using software, to use in a licensing scheme (or whatever) if you want to.

And the user can just as easily reconfigure a given PC's MAC address to
match that used to license the software.

Pete

 

[ajk]

I want to create a unique serial number (activation code) which must be used
on one PC. The only way I thought of is to generate a serial number from the
PC's MAC address and i want to know how can I do that?

assuming you are running under windows you could just leech on the
windows product key and use that as base for creating your unique
serial number.

 

[G.Doten]

And the user can just as easily reconfigure a given PC's MAC address to
match that used to license the software.

Pete

Well, no, they can't. Not unless they hack the OS, that is. I wouldn't
say that's very easy...

 

[G.Doten]

Hardware MAC addresses are intended to be as unique as possible. But
there is no requirement that they be unique, and since you can
arbitrarily set the MAC address on most network devices, they easily can
be non-unique.

Yes they are required to be unique, although a given manufacturer may
screw up, they each have an assigned range of values they are allowed to
use. Think of a MAC address like a GUID; both are supposed to be
globally unique. Or think of it as an IP address where the network
portion of the address is handed out to specific organizations so they
will in theory be unique. They too don't have to be unique but you
probably don't want more than one instance of the same IP address being
used on your network. (Though the IP address analogy isn't 100% since
there are so-called private IP addresses in the 10, 192.168, etc.,
network ranges, but you get the idea.)

As long as a MAC address doesn't show up twice on the same network
segment, it's not even a problem for them to be non-unique.

Agreed. But they are designed to be globally unique because a
manufacturer of a device has no idea what network a given device will be
used on.

I am currently using a computer that has four MAC addresses: Bluetooth,
Firewire, wireless, and wired Ethernet. To further complicate matters,
I sometimes run a VM with Windows XP in it, and that VM's network
adapter has its own MAC address, as do other virtual network adapters
based on the Bluetooth and Firewire hardware.

Exactly my point, which is why a PC does not have a single MAC address
that Jassim thought they did. Maybe use the CPU ID? Ha ha ha.

 

[Jesse Houwing]

* G.Doten wrote, On 29-7-2007 15:39:

Well, no, they can't. Not unless they hack the OS, that is. I wouldn't
say that's very easy...

You'd have to write very specific code (as ins specific to that device)
to extract the original MAC address if it's overridden in the driver.
All Intel, 3COM and BroadCom NIC's I've used so far have an option to
easily, from the driver, override the MAC address.

I've seen software being hacked before relying on the MAC address. The
hack was done in a pretty simple fashion. They put an altered version of
the windows dll that can read the mac address in the executables
directory. That dll always returns the same address, so the keygen
would've been pretty easy from that moment on.

The only way you can truly get am identifying piece of information from
a PC is when they have a TPM installed (Trusted Platform Module). Most
consumer PC's dont' have this, but it's becoming more common in business
workstations.

Jesse

 

[G.Doten]

* G.Doten wrote, On 29-7-2007 15:39:

You'd have to write very specific code (as ins specific to that device)
to extract the original MAC address if it's overridden in the driver.
All Intel, 3COM and BroadCom NIC's I've used so far have an option to
easily, from the driver, override the MAC address.

I've seen software being hacked before relying on the MAC address. The
hack was done in a pretty simple fashion. They put an altered version of
the windows dll that can read the mac address in the executables
directory. That dll always returns the same address, so the keygen
would've been pretty easy from that moment on.

The only way you can truly get am identifying piece of information from
a PC is when they have a TPM installed (Trusted Platform Module). Most
consumer PC's dont' have this, but it's becoming more common in business
workstations.

Jesse

I stand corrected; good point. I was assuming that the driver would
always return the burnt-in MAC address when asked for it via a system
call (as opposed to asking for the currently active MAC address).

 

[Peter Duniho]

Agreed. But they are designed to be globally unique because a
manufacturer of a device has no idea what network a given device will be
used on.

I think you understand the error in the above statement already, but
just to make sure it's clear:

While the hardware's default MAC address should always be globally
unique, this is not the MAC address that is necessarily being used.
Even if hardware MAC addresses were guaranteed to be unique (and because
of mistakes by manufacturers, this is not even always the case), that's
not relevant to the discussion here, because there's no standardized way
for arbitrary software to get the hardware's default MAC address, and
the MAC address being used could be set to whatever the user wants.

Pete

 

[G.Doten]

I think you understand the error in the above statement already

I don't seed the error. The statement is correct in that a built-in MAC
address on *any* device that has one is without question supposed to be
unique. No ifs ands or buts about it. I do hope that's clear enough. I'm
*not* trying to argue that a very small number of manufacturers allow
you to change the built-in MAC address on a very small number of their
devices/cards; that ability seems to be dwindling tremendously as many
more devices now use MAC addresses.

Further, it is codified in the IEEE MAC address standard that these
built-in addresses are unique. That's all I'm saying.

, but
just to make sure it's clear:

While the hardware's default MAC address should always be globally
unique, this is not the MAC address that is necessarily being used. Even
if hardware MAC addresses were guaranteed to be unique (and because of
mistakes by manufacturers, this is not even always the case), that's not
relevant to the discussion here, because there's no standardized way for
arbitrary software to get the hardware's default MAC address, and the
MAC address being used could be set to whatever the user wants.

Pete

Apparently it isn't that difficult to get the built-in MAC address for a
device. One way is on this page:

http://www.nthelp.com/NT6/change_mac_w2k.htm

Just clear the appropriate registry key then use the
Win32_NetworkAdapterConfiguration WMI class to retrieve the device's
built-in MAC address. Not pretty, but it would work. Not that I believe
any of this to be very user-friendly in a license management system,
mind you.