C# - PC fingerprint (for program piracy protection) - Page 2-VBForums
Page 2 of 2 FirstFirst 12
Results 41 to 68 of 68

Thread: C# - PC fingerprint (for program piracy protection)

  1. #41

    Thread Starter
    Fanatic Member BrianHawley's Avatar
    Join Date
    Aug 2001
    Location
    Saudi Arabia
    Posts
    796

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by kasracer
    Redundancy. Dial-up doesn't matter since you're only sending a few bytes (not entire applications).

    I also doubt selling a crapload of copies will overload the server unless the server admin doesn't know what he's doing and/or the programmer create a huge amount of overhead.

    Like I said, you'd only be transfering a few bytes verifying that someone's login.
    Hmm...

    Well if I had bought, for instance, a word processor and it had to establish a dial-up connection and swap even a few bytes each time I wanted to use it, I think I would not be a happy customer. Particularly if I was using my lap-top on an airplane. But it's a free world. We can all protect our apps (or not) as we think best.
    Brian
    (Fighting with the RightToLeft bugs in VS 2005)

  2. #42
    New Member pixolut's Avatar
    Join Date
    Mar 2005
    Location
    Australia
    Posts
    5

    Lightbulb Re: C# - PC fingerprint (for program piracy protection)

    Veeery good point Brian. Customers have very set expectations when it comes to app protection. High-end and specialist apps are EXPECTED to have a dongle or 'call to base' and be hard to install. A lot of customers actually LIKE this with their high end software as it validates for them the high cost of the software - good examples are high end 3D software packages like Houdini or management software like ShortCuts. Brian's point is valid - because a low end software package is not expected to have high-end security features to protect it. Its all relative and very much built in to the psychology of software consumers.

    In the software we built using the authentication scheme above we were using it to enable web based services which were 'pay per use' so customers were very happy to have software which 'chatted' on the internet to validate it was authorized.

    Note - they don't like getting feedback about the chats. We found that some of the errors which were raised that were network related were best ignored. We started out showing them to customers (like 'could not connect to server') but found later that since the software was not being used, the error was useless. Customers get the transport errors when they try to use the software - even if they have been going on all day before hand - thats the first they find out about it. Its all in the psychology...

    -Joe
    Joe Cincotta
    http://www.itokhome.com
    http://www.pixolut.com

  3. #43

    Thread Starter
    Fanatic Member BrianHawley's Avatar
    Join Date
    Aug 2001
    Location
    Saudi Arabia
    Posts
    796

    Re: C# - PC fingerprint (for program piracy protection)

    Well put.

    Use the appropriate tool for the job.

    Don't use your Ferrari to transport 20 bags of cement and don't race your 18-wheeler (although there are some people who will do both!)
    Brian
    (Fighting with the RightToLeft bugs in VS 2005)

  4. #44
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,705

    Re: C# - PC fingerprint (for program piracy protection)

    I move that we go back to putting programs on cassette tapes - or better yet, punch cards - yes punch cards - that would stop piracy.

  5. #45

    Thread Starter
    Fanatic Member BrianHawley's Avatar
    Join Date
    Aug 2001
    Location
    Saudi Arabia
    Posts
    796

    Re: C# - PC fingerprint (for program piracy protection)

    I've got an old Commodore PET (1970s PC) with programs on tape. Still works! A whole 8 Kilobytes of RAM.
    Brian
    (Fighting with the RightToLeft bugs in VS 2005)

  6. #46
    Banned dglienna's Avatar
    Join Date
    Jun 2004
    Location
    Center of it all
    Posts
    17,901

    Re: C# - PC fingerprint (for program piracy protection)

    paper tape was the bomb! 300 baud also!

  7. #47
    New Member
    Join Date
    Apr 2005
    Posts
    2

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by BrianHawley
    If you just cut and paste the code in the post at the top of this thread, it should work for you. You can then step through the code and see how it works.
    Hello,
    can you please help me do this. So I put this code in the program(forgot the name) as C#, now what, how do I make into a exe file?


    using System;
    using System.Globalization;
    using System.Threading;
    using System.Resources;



    using System.Drawing;
    using System.Collections;
    using System.ComponentModel;
    using System.Windows.Forms;
    using System.Data;
    using System.Reflection;
    using System.Text;


    namespace Whatever
    {

    public class Fingerprint
    //Fingerprints the hardware
    {
    public string Value()
    {
    return pack(cpuId()
    + biosId()
    + diskId()
    + baseId()
    + videoId()
    + macId());
    }
    private string identifier(string wmiClass, string wmiProperty, string wmiMustBeTrue)
    //Return a hardware identifier
    {
    string result="";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach(System.Management.ManagementObject mo in moc)
    {
    if(mo[wmiMustBeTrue].ToString()=="True")
    {

    //Only get the first one
    if (result=="")
    {
    try
    {
    result = mo[wmiProperty].ToString();
    break;
    }
    catch
    {
    }
    }

    }
    }
    return result;
    }
    private string identifier(string wmiClass, string wmiProperty)
    //Return a hardware identifier
    {
    string result="";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach(System.Management.ManagementObject mo in moc)
    {

    //Only get the first one
    if (result=="")
    {
    try
    {
    result = mo[wmiProperty].ToString();
    break;
    }
    catch
    {
    }
    }

    }
    return result;
    }

    private string cpuId()
    {
    //Uses first CPU identifier available in order of preference
    //Don't get all identifiers, as very time consuming
    string retVal = identifier("Win32_Processor","UniqueId");
    if (retVal=="") //If no UniqueID, use ProcessorID
    {
    retVal = identifier("Win32_Processor","ProcessorId");

    if (retVal=="") //If no ProcessorId, use Name
    {
    retVal = identifier("Win32_Processor","Name");


    if (retVal=="") //If no Name, use Manufacturer
    {
    retVal = identifier("Win32_Processor","Manufacturer");
    }

    //Add clock speed for extra security
    retVal +=identifier("Win32_Processor","MaxClockSpeed");
    }
    }

    return retVal;

    }
    private string biosId()
    //BIOS Identifier
    {
    return identifier("Win32_BIOS","Manufacturer")
    + identifier("Win32_BIOS","SMBIOSBIOSVersion")
    + identifier("Win32_BIOS","IdentificationCode")
    + identifier("Win32_BIOS","SerialNumber")
    + identifier("Win32_BIOS","ReleaseDate")
    + identifier("Win32_BIOS","Version");
    }
    private string diskId()
    //Main physical hard drive ID
    {
    return identifier("Win32_DiskDrive","Model")
    + identifier("Win32_DiskDrive","Manufacturer")
    + identifier("Win32_DiskDrive","Signature")
    + identifier("Win32_DiskDrive","TotalHeads");
    }
    private string baseId()
    //Motherboard ID
    {
    return identifier("Win32_BaseBoard","Model")
    + identifier("Win32_BaseBoard","Manufacturer")
    + identifier("Win32_BaseBoard","Name")
    + identifier("Win32_BaseBoard","SerialNumber");
    }
    private string videoId()
    //Primary video controller ID
    {
    return identifier("Win32_VideoController","DriverVersion")
    + identifier("Win32_VideoController","Name");
    }
    private string macId()
    //First enabled network card ID
    {
    return identifier("Win32_NetworkAdapterConfiguration","MACAddress", "IPEnabled");
    }
    private string pack(string text)
    //Packs the string to 8 digits
    {
    string retVal;
    int x = 0;
    int y = 0;
    foreach(char n in text)
    {
    y ++;
    x += (n*y);
    }

    retVal = x.ToString() + "00000000";

    return retVal.Substring(0,8);
    }

    }
    }

  8. #48

    Thread Starter
    Fanatic Member BrianHawley's Avatar
    Join Date
    Aug 2001
    Location
    Saudi Arabia
    Posts
    796

    Re: C# - PC fingerprint (for program piracy protection)

    I would respectfully suggest that before you start with code of this complexity, you learn the fundamentals of how to use Visual Studio .NET and how to generate EXE programs. There is a lot of help documentation included with Visiual Studio itself, as well as a lot of free information on the Internet. If you run into specific problems, then I'm sure if you post them in the appropriate places on this fiorum, people wil be glad to help.
    Brian
    (Fighting with the RightToLeft bugs in VS 2005)

  9. #49
    New Member
    Join Date
    Dec 2005
    Posts
    10

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by BrianHawley
    5) Keep security code isolated and encapsulated in different places - don't just call the same routine from different places. Checksum the EXE using a non-standard method. Have several layers of security that cut in at different and increasing time intervals - hacker breaks the daily one and sells your code, then the weekly one cuts in - he breaks that then the monthly one cuts in etc. etc.
    Hi
    Can you elaborate on this? What do you mean "security code isolated and encapsulated in different places"? Like have a real code class then a dozen 'empty' fn/cls that just forward to the real one?

    Checksum - difficult in the .net obfuscation world

    "Have several layers of security..." that would require more than once code right? I don't see how you can have diff checks for one reg code.

  10. #50

    Thread Starter
    Fanatic Member BrianHawley's Avatar
    Join Date
    Aug 2001
    Location
    Saudi Arabia
    Posts
    796

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by Malf
    Hi
    Can you elaborate on this? What do you mean "security code isolated and encapsulated in different places"? Like have a real code class then a dozen 'empty' fn/cls that just forward to the real one?

    Checksum - difficult in the .net obfuscation world

    "Have several layers of security..." that would require more than once code right? I don't see how you can have diff checks for one reg code.
    Most hackers will break your protection by finding the block of code in your application that does the security, then modifying it or commenting it out.

    If you have two (or more) completely separate code blocks that each independently do security, then the hacker might find one (and remove it) but not the other(s).

    What I mean by layers, is that if one block checks security every time the program starts, and stops the program if it is pirated, then the hacker might find this block and remove it. But if there is a completely separate second block that only checks security, say every 9th hour, then he/she may not at first notice this and may release the program as 'hacked'.

    But anyone who uses it will find it stops working after nine hours (preferably with a storm of false warnings about it being a hacked/infected version, to frighten-off any illegal user) . The hacker becomes aware of this and hacks the second block - but there is a third block that impliments security only on Friday 13th - and so on for as far as you want to go. You can keep a hacker tied up for a long time until he loses interest and his "client base" loses faith in the hacked version.

    Not a war you can win against someone persistant and skilled, but there is no need to make it easy for them.

    We have a message that pops up in hacked versions of our software that tell the user we will give them a free copy if they help us find and succesfully prosecute the person who gave them the illegal version. We have nailed 2 people so far.
    Brian
    (Fighting with the RightToLeft bugs in VS 2005)

  11. #51
    New Member
    Join Date
    Mar 2006
    Posts
    2

    Re: C# - PC fingerprint (for program piracy protection)

    Hi Brian,

    Really interesting, and long running !, thread.

    I'm trying to implement a "low-end" license key and at first sight your fingerprint (with the SHA1 hash mod.) seemed ideal. However when I did some testing I found the return values were regularly changing and in particular I found, surprisingly, that Win32_Processor can change even when there has been no hardware change.

    Have you or anyone else come across this problem ?

    The answer may lie in the value WMI returns for Win32_Processor. For "convenience" here's what the MSDN docs less than helpfully say on the subject:

    " Processor information that describes the processor features.
    For an x86 class CPU, the field format depends on the processor support of the CPUID instruction. If the instruction is supported, the property contains 2 (two) DWORD formatted values.The first is an offset of 08h-0Bh, which is the EAX value that a CPUID instruction returns with input EAX set to 1. The second is an offset of 0Ch-0Fh, which is the EDX value that the instruction returns.
    Only the first two bytes of the property are significant and contain the contents of the DX register at CPU reset—all others are set to 0 (zero), and the contents are in DWORD format. "

    So that's perfectly clear, eh !

    It's a while since I've hacked at assembler but I thinks it saying that what's returned depends on the status of the EAX register. This may account for the lack of consistency.

    Appreciate any inspiration - on reflection maybe it'd be better to drop processor id altogether as I've also noticed from my download logs that some machines just don't return any value (maybe this is the security policy issue pixolit came up against). And of course the above doc only applies to x86 CPUs.

    I'd appreciate views on what's the best fingerprint combination - your original concept was "the more the better" but given the above problems, I'd like to balance comprehensiveness with reliability.

    There's also the question of giving weightings to fingerprint items and scoring the overall value against a threshold failure point - I believe this is how MS others do it.

    Hope this keeps the thread going. In fact come to think of it this subject is worth a dedicated site !


    Jon

    http//www.fm-alive.com

  12. #52
    New Member
    Join Date
    Jul 2006
    Posts
    1

    Re: C# - PC fingerprint (for program piracy protection)

    I've used this mechanism in my program licencing and it works pretty well.

    I was worried that the fingerprint would change on every configuration change, so I only combine macID, motherboardID (only the serial#) and biosID (only the id code and serial#). I only resort to cpuID, diskID, or videoID if the default IDs return nothing (possible I suppose).

    Only one of my 20 users has needed a new key so far (in 2 active months) because of a fingerprint change; I haven't found out exactly why yet though. If it becomes more frequent I'll have to look into building the fingerprint from something that changes less often - perhaps just the motherboard serial number only.

    The more things you make it dependent on, the more unique and secure it may be, but the more likely it is to change frequently I suppose - it's a trade off.

    But, does
    identifier("Win32_BaseBoard", "SerialNumber")
    always return a value ?

  13. #53
    Junior Member
    Join Date
    Aug 2005
    Posts
    20

    Re: C# - PC fingerprint (for program piracy protection)

    A certain proportion of users will install a second copy on another machine and ask for a new code. That's just one of the drawbacks of this method, You have to use judgement if a user requests several codes in a short time and decide if they are honest or not. But at least you can limit each dishonest user to half-a-dozen pirate copies (or whatever you decide). They do not have the capacity to give away thousands.

  14. #54
    Hyperactive Member ..:RUDI:..'s Avatar
    Join Date
    Aug 2005
    Location
    Yorkshire, England! c0d: Da Vinci
    Posts
    344

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by batgurl
    A certain proportion of users will install a second copy on another machine and ask for a new code. That's just one of the drawbacks of this method, You have to use judgement if a user requests several codes in a short time and decide if they are honest or not. But at least you can limit each dishonest user to half-a-dozen pirate copies (or whatever you decide). They do not have the capacity to give away thousands.
    Hmm, I remember purchasing a game where it used something like this hardware validation method, and it only let your request a key 3 times per 2 months, that seems to be an effective method.

    I mean seriously, how many people change their computer configuration over once each month?



    My Personal Home | MageBB Home | Elders Online
    Yes, Noteme is my father.

  15. #55
    Junior Member
    Join Date
    Aug 2005
    Posts
    20

    Re: C# - PC fingerprint (for program piracy protection)

    That's a good idea. Limiting installs by time sounds fair.

    You could also perhaps do something with upgrades. Only allow upgrades to the system with the most recently issued activation key.

    If the program has an automatic 'check for updates over internet' facility, you could even build in automatic deactivation (or revert to demo version) - although that's a bit risky. You would need to be very sure your code was robust.

  16. #56
    Hyperactive Member BramVandenbon's Avatar
    Join Date
    Jan 2002
    Location
    Belgium
    Posts
    502

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by BrianHawley
    Yes, ok.
    In DotNet they can always pull the code apart anyway if they want to break in!
    That's not totally true. In that matter .NET can be just as secure as C++. All you need to do is precompile it to native code, after compilation. You can do this with Ngen.exe (The Native Image Generator).

    In fact not only is it good for security, but also for the speed. People who claim that C# is too slow should just use this little program because it makes C# code as fast as C++.

    By the way, there are a lot of people who always compile their code in Debug mode, and who forget to compile in Release mode when releasing software. This also makes a big difference in speed and in security too I guess.
    ____________________________________________

    Please rate my messages. Thank you!
    ____________________________________________
    Bram Vandenbon
    http://www.bramvandenbon.com

  17. #57
    New Member
    Join Date
    Oct 2006
    Posts
    1

    Re: C# - PC fingerprint (for program piracy protection)

    Unfortunately that's not true. NGEN still requires the original meta data to be available which makes it easy to read and disassemble. And if the NGEN'd assembly is not valid for the given machine - say compiled on x86 machine and run on x64 - then the original assembly is used instead. There are other conditions where the original file is used in place of the NGEN assembly but I don't recall off hand. The only thing NGEN is good for is a potential increase in load time. It has 0 benefit to run time since the code is JITTed exactly once by the runtime and runs with the same performance characteristics as an NGEN assembly. While Microsoft warns that NGEN assembly use might prevent the JIT from taking advantage of advanced scheduling and instruction ordering for the specific machine, in practice the NGEN code and JIT code are generally the same.

    The only way to protect your assembly from prying eyes and modification is to use an assembly encryption system.

    [advertisements snipped]
    Last edited by sunburnt; Oct 5th, 2006 at 12:04 AM. Reason: advertisements

  18. #58
    New Member
    Join Date
    Dec 2006
    Posts
    1

    Cool Re: C# - PC fingerprint (for program piracy protection)

    Nice code. That's what I was looking for. I do have one suggestion though; consider removing the macId() since I ran into a problem. I have a wireless card and a Lan card in my laptop and some days I use either. The Fingerprint I received was different because of this and my code did now work.

    Thanks
    Nick

  19. #59
    New Member
    Join Date
    Jan 2007
    Posts
    2

    Question Re: C# - PC fingerprint (for program piracy protection)

    This is a very nice code.

    I am somewhat new to this, so sorry if the question is a bit basic.

    If I put the check on the fingerprint as follows. The idea is: if the person tried to run the program, the person would get a windows that would allow him or her to generate the fingerprint.

    if (fp.Value() == "some number")
    {
    Application.Run(new frmSTABL());
    }
    else
    {
    Application.Run(new frmActivationMsg());
    }

    then the user will have to reinstall software he/she may have already downloaded and installed. Is there a better way?

    Thanks,

    RS

  20. #60
    New Member
    Join Date
    Jan 2007
    Posts
    2

    Re: C# - PC fingerprint (for program piracy protection)

    After thinking about this, it seems that the idea is to use the encryption functions of .NET so that all I have to send the user is a file with the encrypted computer fingerPrint. If I am not correct, I hpe someone will point me in the right direction.

    Thanks.

  21. #61
    New Member
    Join Date
    Apr 2007
    Posts
    1

    Re: C# - PC fingerprint (for program piracy protection)

    Hello, My Name Is Mr. Chetachukwu I Will Really Like To Know Why Your Site Is Not Showing Me Where I Will Send Sms Message Please Advis Me Urgently

  22. #62
    Hyperactive Member
    Join Date
    Dec 2006
    Location
    Ubuntu Haters Club
    Posts
    405

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by chetachukwu
    Hello, My Name Is Mr. Chetachukwu I Will Really Like To Know Why Your Site Is Not Showing Me Where I Will Send Sms Message Please Advis Me Urgently
    What?

    And thanks again for this code, it's great. As I said before (as ..:RUDI:..), very effective.
    » Twitter: @rudi_visser : Website: www.rudiv.se «

    If Apple fixes security flaws, they are heralded as proactive. If Microsoft fixes a security flaw, they finally got around to fixing their buggy OS.

  23. #63
    New Member
    Join Date
    Jan 2008
    Posts
    1

    Re: C# - PC fingerprint (for program piracy protection)

    well guys the code work well but there is a bit of problem. The code can not
    enumerate devices that are disabled by the device manager.

    e.g run the program and generate your serial number ( unique to your system).
    save the number and then disable your network card( or enable it if it is already disabled). run the program again and u will get a different number.

  24. #64
    New Member
    Join Date
    Jul 2007
    Posts
    13

    Talking Re: C# - PC fingerprint (for program piracy protection)

    First off, I've been looking for something like this, and it is awesome.
    And props for the VB.net translation.

    Second, just in case someone else runs into the problem I did, you have to add in the System.Management.dll as a reference, because this part threw me for a couple minutes (I'm a bit of a newbie with .Net)

    Once again, awesome job.

    Oh, one more thing... the program I am working on has to connect to an online database on one of our servers to get the data (we don't want to give the users the data, since that is what they will be paying us for). so since they will be accessing a sql server anyway, I plan on just storing their registration key and fingerprint in the database, and make it so they have to match or no data for them.
    That way we can charge a subscription fee, and if they cancel their subscription, we can invalidate their key and cut them off. They will still have the program, but it won't do them any good.

    Just my thoughts
    Last edited by andyd273; Apr 17th, 2008 at 11:12 AM.

  25. #65
    New Member
    Join Date
    Jul 2007
    Posts
    13

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by shakir1311
    well guys the code work well but there is a bit of problem. The code can not
    enumerate devices that are disabled by the device manager.

    e.g run the program and generate your serial number ( unique to your system).
    save the number and then disable your network card( or enable it if it is already disabled). run the program again and u will get a different number.
    Just remove the + macId() from the value function.
    The other stuff can't/shouldn't be disabled.
    cpu, bios and base aren't disableable (I don't think),
    and if you disable the disk or the video then other bad things happen (like not being able to run your computer). Not impossible, just unlikely.

    Then as a last safeguard, I liked the one idea of letting them update their system id 3 times over 2 months. That way if they do have to disable something, it won't bother them. but if they are sharing a key, it'll lock them out pretty quick.

  26. #66
    New Member
    Join Date
    Jan 2010
    Posts
    1

    Re: C# - PC fingerprint (for program piracy protection)

    Hey...

    I am not sure if this thread is still allive, but I found it on a google search and found it interesting.

    I have a question though:

    You can make your application to start only once on each machine to prevent multiple instances of your application running if you lets say had an application which had a license allowing you to have 1000 database entries of some kind.
    If more instances of the application were allowed, then all this hardware checking would make no sense because hardware information would be the same for each instance.

    But:
    What if one's application is installed on a virtual machine - you then clone the virtual machine and run two instances of the virtual machine on the same physical machine - each now allowing 1000 database entries = 2000 entries. Is there some way to distinguish the two virtual machines? I've tried to look at some of the wmi calls and the info looks similar on both virtual machines. But perhaps I haven't looked deep enough?

    When I run clones of one virtual machine on two different physical machines there are differences though. But it is the instance above I am worried about.

    - rick -

  27. #67
    New Member
    Join Date
    Jul 2007
    Posts
    13

    Re: C# - PC fingerprint (for program piracy protection)

    Quote Originally Posted by rickbear View Post
    What if one's application is installed on a virtual machine - you then clone the virtual machine and run two instances of the virtual machine on the same physical machine - each now allowing 1000 database entries = 2000 entries. Is there some way to distinguish the two virtual machines? I've tried to look at some of the wmi calls and the info looks similar on both virtual machines. But perhaps I haven't looked deep enough?
    Well, it seems like a possible solution to this would be to generate some kind of key on the first run of the program, MD5 the datetime or something. Then just allow 1000 entries per key. So if they clone the machine it'll have the same key and the same entries. If they somehow put the key into a different machine then the fingerprint will be different, and if they run it on the same machine then who cares, because they only get 1000 entries anyway, and only one person can effectively use it at the same time...
    It seems like a key/fingerprint combo could solve this problem.

  28. #68
    New Member
    Join Date
    Aug 2011
    Posts
    13

    Re: C# - PC fingerprint (for program piracy protection)

    I have developed checking computer finger print program in c#. Now what logic i should apply to check finger print before installing setup of application.

    Pls help.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width

Survey posted by VBForums.