How to retrieve serial number of OS or CPU for copy protection?

[Mihai N.]

I was not referring to the law in this case. I was trying to address the

moral and ethical aspect of that.

Kind of unrelated to cars and other things, but here is something to think
about, from ethical aspect, not legal. Legal is clear.

Question: "Bill Gates stealing 10$ from a blind beggar's hat" is the same
as "a blind beggar stealing 10$ from Bill Gates"?

Question: Quark XPress (English version, non-localized) in Romania
(medium salary 200$) is double the price of the same Quark XPress in U.S.
Why? Is this ethical? I know it it legal.

Question: same drug, fabricated in U.S.A. by company X costs half the
price in Canada, sometimes only 5 miles disstance, accross the border.
Why? Because they can get away with it.

Question: RIAA cried louder than anybody else about pirats distroying the
industry. But las year they had the highest profit in history. Hmmm...


In general, all the noise about piracy is not about really stopping piracy.
Is about getting laws to "protect" the company and allow it to go after
everybody. RIAA did not went after big Bulgarian and Russian music
copy-ing industry, but after 6 years old. It is cheaper to rip-off the
regular customer.

On some other side, look hos' doing the activations and on what.
It is mostly the big companies (monopoly?) and for the products where
they are strong.
Microsoft (Windows), Adobe (Photoshop only), Quicken.
Microsoft does not protect Dev.Studio, they give away the 2005 beta for
free. Photoshop does give for free the SDKs for all their software, except
for Photoshop and Acrobat. They don't use activation for any other product.
My conclusion: protections and "anti piracy" are pushed (mostly) by companies
having monopoly (at least with the products they protect) and wanting to
keep it.
Is it legal. Yes. Is is right, and ethical? Maybe.
But are they "victims" and do they deserve our compasion? I don't think so.

 

[Slava M. Usov]

[...]

Sorry, but this (ages +/10 thru 18) is the largest group of offenders.


Which is again why the youth should not be discarded as being
non-important: It's those people that should be made aware of the
implications of not honoring interlectual property.

I must confess I do not have a solution. I know that if everybody believes
that copying software, books, films, etc is "OK" then many will do so and
that will affect the producers severely. It is easy to pass a law that says
"copying is forbidden" and many adults will abide, but with kids and
teenagers it is a different story. I still believe that the only kind of
software that really suffers from unauthorized copying by kids is games, and
that makes the problem moot, for me.

[...]

*Only* when the software-company thinks it's benificiary to do so. And
only for the time that you are a student.

There are many such companies and a person is a student for a long time.
This may not be a perfect solution, but it is as best as it gets now.

And that means that at the moment you are no student anymore, you should
remove the software from your computer. And that gives you two choices :
buy their software for it's "normal" price (enabeling you to continue
working with a known product, continue using your build-up knowledge &
created data, *or* find another (maybe even cheaper and/or better)
package, and having the re-learn about everything, as well as having to
re-create old work .... I think we can make a safe gues that the first
option will be choosen, generating new revenue for the software-company.

Option three: find a job that will provide you with this software. This is
way to go, at least for me. Home use does not require all these expensive
applications -- most of the time you can buy a PC and it will have more than
adequate software installation.

Yes, they are called "microcontrollers". The only problem is that the
bottle-neck of such a solution (letting all calculations be done in such a
"dongle") is the transfer-speed of the data, as well as the easiness of
replacing such modules (by another piece of "software").

You misunderstood. There is no transfer. Everything is done in that
"super-dongle". A play station does not even have a CPU, it only has
video/sound/networking/HID and possibly external RAM.

This solution is not appropriate for a general purpose computer where
multiple applications must coexist, but it is entirely appropriate for a
play station.

[...]

And, in the past any kind of external device ment for continuous usage has
been cracked.

You would need an electron microscope and a high precision laser slicer to
crack that dongle. Not impossible, but very expensive.

S

 

[R.Wieser]

Slava M. Usov <[email protected]> schreef in berichtnieuws
(e-mail address removed)...

Hello Slava,

[...]

Sorry, but this (ages +/10 thru 18) is the largest group of offenders.


Which is again why the youth should not be discarded as
being non-important: It's those people that should be made
aware of the implications of not honoring interlectual property.

I must confess I do not have a solution. I know that if everybody
believes that copying software, books, films, etc is "OK" then
many will do so and that will affect the producers severely. It is
easy to pass a law that says "copying is forbidden" and many
adults will abide,

but with kids and teenagers it is a different story. I still believe
that the only kind of software that really suffers from unauthorized
copying by kids is games, and that makes the problem moot, for me.

Not to the games-industry (which is software too), who complains loudly

[...]

*Only* when the software-company thinks it's benificiary to
do so. And only for the time that you are a student.

There are many such companies and a person is a student for a
long time. This may not be a perfect solution, but it is as best as
it gets now.

It's not *a solution* at all. It's what you get, only because the
software-companies think they will benifit from it. That the students can
use the software for lower prices than other people, is nothing more than
a(n un-wanted) side-effect.

Option three: find a job that will provide you with this software.

Same problems apply : Those persons will have to learn a new package, which
(outside of people like in this newgroup) they might not desire ...

This is way to go, at least for me. Home use does not require
all these expensive applications -- most of the time you can
buy a PC and it will have more than adequate software installation.


You misunderstood. There is no transfer. Everything is done in that
"super-dongle". A play station does not even have a CPU, it only has
video/sound/networking/HID and possibly external RAM.

Well, I just can imagine a cubicle for a software-engeneer, having (quite a
number) of those "super dongles" sitting around

But, maybe they could be linked to the LAN, which would take away the need
for having them in the persons vincinity ... Ofcourse, these kind of
solutions would only apply for companies, as now the software *as well as
the protecting hardware* have to be payed for.

Funily enough, that is mostly the very reason why most software-companies
have not applied such methods Complaining about others being "wrong"
is a lot cheaper, and may actually, with aid of some horrendous laws, be
even more benificiary to them ...

This solution is not appropriate for a general purpose computer
where multiple applications must coexist, but it is entirely
appropriate for a play station.

Alas, playstation software has allready been cracked, and can be copied too.
The only reason why it does not happen on a wide scale is because they need
a sort of Mod-chip, which is quite difficult to come by, costly to install,
and will disable the persons ability to get on the play-stations
internet-servers. No such restrictions apply (yet) for PC's.

You would need an electron microscope and a high precision laser slicer to
crack that dongle. Not impossible, but very expensive.

Maybe. But just *one* crack would be enough, the internet would take care
of a rapid spread of the resulting, unencumbered software.

Regards,
Rudy Wieser

 

[Slava M. Usov]

[...]

Same problems apply : Those persons will have to learn a new package,
which (outside of people like in this newgroup) they might not desire ...

Why? They use the same software.

[...]

Well, I just can imagine a cubicle for a software-engeneer, having (quite
a number) of those "super dongles" sitting around

Who's talking about software engineers? We're talking about play stations.

[...]

Alas, playstation software has allready been cracked, and can be copied
too.

Because they do not use a "single-chip" technology. If you have a bit of
silicone that cannot be programmed, how are you going to crack it? Your only
option is to crack it _physically_, which is a bit too expensive to do.

[...]

Maybe. But just *one* crack would be enough, the internet would take care
of a rapid spread of the resulting, unencumbered software.

How? What are going to be the results of this crack? Code that executes on
hardware that does not exist except for this very software? This is as
useful as cracking P4 for its microcode.

S

 

[R.Wieser]

Slava M. Usov <[email protected]> schreef in berichtnieuws
(e-mail address removed)...

Hello Slava,

[...]

Same problems apply : Those persons will have to learn a new package,
which (outside of people like in this newgroup) they might not desire

....

Why? They use the same software.

Sorry, I over-read the "same" word :-\

Yes, if you can find a company that will want to do that, you can continue
using your accumulated knowledge & data.

But what are the chances to that ? When you enter a company where there
are more people doing a job like yours, or to replace someone, you will have
to adapt to whatever is allready there ....

[...]

Well, I just can imagine a cubicle for a software-engeneer, having (quite
a number) of those "super dongles" sitting around

Who's talking about software engineers? We're talking about play stations.

And I was projecting your "super dongle"/playstation-idea to a
software-engeneers work-cubicle What I ment is that such a "super
dongle" which, as far as I understood, cannot be tampered with, as it's an
(allmost) self-enclosed piece of firmware, only accepting input, and
providing output, would look like a play-station, would take a lot of space.

Now I say that, I do remember having seen a computer with multiple old-style
dongles plugged in into it's printer-port : they actually had an
extention-cord between the computer and the dongles, so they could place the
dongles on a flat surface, not mechanical tugging on the computer (about 5
attached to each other !)

[...]

Alas, playstation software has allready been cracked, and can be copied
too.

Because they do not use a "single-chip" technology. If you have a bit of
silicone that cannot be programmed, how are you going to crack it? Your only
option is to crack it _physically_, which is a bit too expensive to do.

Well, I've worked with micro-controllers which where fitted with a "disable
reading-out of the contents" -bit (you could leave it clear, or set it in
software). The controllers where based on EPROM technology, but without the
erasure-window fitted (you could actually order some with such a window, for
experimenting purposes, but they where four times the price), making it
PROM's.

The "read-disable" -bit could be erased, just like the rest of the memory,
although they made sure that that specific cell would need a lot more time
to get erased.

Later versions that cell could not be disabled anymore, as (so the story
goes) some handy gauy had found a method to remove the plastic body from
above the chip, and use some sort of laser-UV to erase just that cell
(enabeling him to read-out the chip again)

I did not hear of the cost that was involved with it, but the process was
described as "easy" ... :-\

[...]

Maybe. But just *one* crack would be enough, the internet would take care
of a rapid spread of the resulting, unencumbered software.

How? What are going to be the results of this crack? Code that executes on
hardware that does not exist except for this very software? This is as
useful as cracking P4 for its microcode.

Did not think of that. Well, you got me there

Ofcourse, if that specific processor could be bought, I do think that some
people would just place the ripped code in a new procesor, and merrily
continue their way (much like chip-cards that are used to unscramble
sattelite-tv receiver signals can be bought empty, and the code that should
be put in it is available within certain circles ...)

Regards,
Rudy Wieser

 

[Slava M. Usov]

[...]

[...]

But what are the chances to that ? When you enter a company where there
are more people doing a job like yours, or to replace someone, you will
have to adapt to whatever is allready there ....

If you cannot find a job that will pay you for using the software that you
have learned to use, then why do you need to have that software? The only
software that you need is that for home use, and you get that software when
you buy your PC.

[...]

What I ment is that such a "super dongle" which, as far as I understood,
cannot be tampered with, as it's an (allmost) self-enclosed piece of
firmware, only accepting input, and providing output, would look like a
play-station, would take a lot of space.

Hardly. I imagine that you can package a decent CPU with lots of ROM and
some RAM within a PII cartridge easily. Looking at the modern mobile phones,
it can probably be much less than that.

[...]

Well, I've worked with micro-controllers which where fitted with a
"disable reading-out of the contents" -bit (you could leave it clear, or
set it in software). The controllers where based on EPROM technology,

So, do not make it EPROM. The entire ROM (with its contents) can be printed
in the silicon.

[...]

Ofcourse, if that specific processor could be bought, I do think that some
people would just place the ripped code in a new procesor,

If you consider again that the CPU I'm talking about is printed together
with ROM and RAM, then it might be difficult to "reprogram" it. Your only
option would be to get a CPU with the same architecture and instruction set,
which may not be available. The latter can be made harder if the
architecture and the instruction set of the super dongles changes for each
game. Then you would have to buy either a very high performance generic
"emulator", which will cost a lot more than a few games, or buy a "blank"
super-dongle for each game, which will probably cost more than the game
itself.

(much like chip-cards that are used to unscramble sattelite-tv receiver
signals can be bought empty, and the code that should be put in it is
available within certain circles ...)

Right. Which forces you to spend money and effort, which is a lot less
comfortable than downloading a cracked game. Do you think that the number of
"cracked" sat-TV receivers is comparable with the number of "regular"
receivers?

S

 

[R.Wieser]

Slava M. Usov <[email protected]> schreef in berichtnieuws
(e-mail address removed)...

Hello Slava,

[...]

Option three: find a job that will provide you with this software.

[...]

But what are the chances to that ? When you enter a company
where there are more people doing a job like yours, or to replace
someone, you will have to adapt to whatever is allready there ....

If you cannot find a job that will pay you for using the software
that you have learned to use, then why do you need to have
that software?

Because you needed *some*/any program to enable you to learn the generics of
a certain type of software ?

Hmm .. I think we where talking next to each other here ... :-\

Although the generics of all types of spreadsheets are the same, every
company's implementation of it has got it's specifics.

The only software that you need is that for home use, and you
get that software when you buy your PC.

I've got no idea what software nowerday's is sold as part of the OS, but it
better contain an layout-program (for electronics -use), as that is what I
use at home (in my hobby)

Hardly. I imagine that you can package a decent CPU with lots of ROM and
some RAM within a PII cartridge easily. Looking at the modern mobile phones,
it can probably be much less than that.

That leaves the question of how it will be connected to your computer
(keyboard, screen, harddisk) ...

So, do not make it EPROM. The entire ROM (with its contents) can be printed
in the silicon.

The story was an example. Think of *any* solution, and probably a
counter-solution will be thought of within shortly. If not intended to
make copying possible, than just as an exercise in solving a puzzle

If you consider again that the CPU I'm talking about is printed together
with ROM and RAM, then it might be difficult to "reprogram" it. Your only
option would be to get a CPU with the same architecture and instruction set,
which may not be available. The latter can be made harder if the
architecture and the instruction set of the super dongles changes for each
game. Then you would have to buy either a very high performance generic
"emulator", which will cost a lot more than a few games, or buy a "blank"
super-dongle for each game, which will probably cost more than the game
itself.

Things that where thought to be true for DVD-decoding chips too (locking the
customer to a certain region), but yet, just a few weeks ago some company
was charged with illegal producing of "unlocked" chips ...

Right. Which forces you to spend money and effort, which is a lot less
comfortable than downloading a cracked game. Do you think that the number of
"cracked" sat-TV receivers is comparable with the number of "regular"
receivers?

I would not know, as I can't remember ever having seen such numbers.

But I do know that using those hacked cards was/is as easy as going to your
nearest hack-dealer. In other words : you just buy the hacked hardware from
someone else, and do not do it yourself at all.

Regards,
Rudy Wieser

But shall we stop here ? My response was aimed at software-companies
artificially upping their loss-figures, and we have deviated from it quite a
bit. It's maybe possible to get at a point at which, due to a
combination of points (of which not all may be of a technical nature), it's
not doable/advicable to copy software. The future will tell us. Let's wait
for it

 

[Klaus Bonadt]

Kazi,

Do you know whether or not, this activation signature is changed when
hardware configuration is modified?
Furthermore, what about OS upgrades? When Longhorn will be installed over
XP, is the activation signature affected?

Thanks and regards,
Klaus

 

[Tim Roberts]

Do you know whether or not, this activation signature is changed when
hardware configuration is modified?

Yes, it is. There is a description of the activation signature process on
Microsoft's licensing web site. There are about 10 hardware configuration
items included in the signature. Some small number of them be modified
without invalidating the signature.

Furthermore, what about OS upgrades? When Longhorn will be installed over
XP, is the activation signature affected?

Service packs and hotfixes do not affect the signature, but a brand-new
operating system (assuming that Longhorn is not release as XP SP4) will
probably have a new activation scheme.

 

[Klaus Bonadt]

I tried on two machines (Win2k and XP), both gave the following result:


Hardware ID:
UUID : FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
Vendor :
Name :
IdentifyingNumber :


Feedback:

UUID : not valid
Vendor : empty
Name : empty
IdentifyingNumber : empty


Regards,
Klaus

 

[Kazi]

Hmmm, It's very interesting. We have about 50 computers on our network, 20
of them are running WinXP or Win2000 (the rest is NT4). 15 are brand PCs, 5
are noname. All of them have this kind of hardware information.

 

[Duncan Mole]

I wondered if you would consider using the MAC address for this?

http://www.codeguru.com/Cpp/I-N/network/networkinformation/article.php/c5451/

 

[Guest]

Off the top I would like to say I am a beginner in C# and was not able to
understand your code from your previous posting for protecting my software. I
am trying to add this security to my C# windows form software.

Such as:
1) What is in the foreach statement mean? Could you tell me how this
actually would be written as if I am adding it to my software?
2) Also I assume after adding this method to my main class, how does it
actually prevent the copying? Does this mean that I need to actually check
each customers OS ID and customize it to the OS:
a. Get users OS ID
b. Set key to OS ID so it can only be loaded to that computer.
If so how does this work if I have no direct access to my customers?

Appreciate All your help,

Kidus.

The number one problem of a copy protection algorithm is identifying
machines. Is there a number that uniquely identify a computer? Let’s call
this number as "Serial Number" (SN).

What are the requirements for a Serial Number? There are two:

1. A Serial Number must be different on different computers.
2. A Serial Number must be the same on the same computer.

Today’s PCs do not contain such a hardware id which meet these requirements.
Because of this, we should loosen these hard requirements. I’ve modified the
second requirement this way:

2. The Serial Number must be the same on the same computer, but if somebody
successfully changes the serial number on a computer, it involves serious
consequences.

I think, there is such a "Number" in Windows XP, it’s the following value in
the registry:

HKEY_LOCAL_MACHINE\SYSTEM\WPA\SigningHash-*...*\SigningHashData

It’s a byte array and it contains the Windows Product activation signature.
It’s hard to overwrite (the kernel protects it), but it isn’t worth to
overwrite, because the attacker can’t reactivate his copy of Windows again.

You can read that value in C# in the following way:



public static byte[] GetHardwareIdBytes()
{
using(RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"SYSTEM\WPA",
false))
{
foreach(string subkey in rk.GetSubKeyNames())
{
if(subkey.IndexOf("SigningHash") == 0)
{
using(RegistryKey rk1 = rk.OpenSubKey(subkey))
{
return (byte[])rk1.GetValue("SigningHashData");
}
}
}
}
// It should never happen:
throw new Exception("There is no hardware id on this computer!");
}

This solution has two disadvantages:
1. It works only on Windows XP (or later)
2. The SN changes, when the user reinstalls the operating system.


Kazi

In order to protect software from being copied without licence, I would like
to use something like a key, which fits only to the current system. The
serial number of the CPU or the current operating system would be
appropriate. However, I do not know how to retrieve the information.

Could you help?
Klaus

 

[Willy Denoyette [MVP]]

Off the top I would like to say I am a beginner in C# and was not able to
understand your code from your previous posting for protecting my
software. I
am trying to add this security to my C# windows form software.

Such as:
1) What is in the foreach statement mean? Could you tell me how this
actually would be written as if I am adding it to my software?
2) Also I assume after adding this method to my main class, how does it
actually prevent the copying? Does this mean that I need to actually check
each customers OS ID and customize it to the OS:
a. Get users OS ID
b. Set key to OS ID so it can only be loaded to that computer.
If so how does this work if I have no direct access to my customers?

Appreciate All your help,

Kidus.

I would suggest you learn the C# language before you start asking yourself
about copy protection.
I also suggest you don't cross-post to non relevant NG.

Willy.