Random computer number
Author
I was wondering how the 'computer numbers' for key-based programs are created. For instance 3ds Max generates a number you send to Autodesk, after which they send back a calculated number that will unlock the application.
I don't need to know the exact same method, yet I'd do like to know what number a computer has that
1) is so random the number of duplicates is nanoscopic
2) won't change in any case unless a computer is formatted, etc.
3) is unchangable (at best)
Has anybody got any clue?
Thanks in advance.
-Jeroen
(PS: No, I'm not WAREZ'ing, I'm just wondering about this for a game I'm making that'll cost a little ;-)
First of all a small number of duplicates but much more than nanoscopic level should be fine. As far as I know often times hardware-keys are being used, such as the hard disk serial number. Furthermore info can be gathered from the current install, like OS serial number, user name, configuration, etc. They range from unchangeable to changeable at certain cost (user name change is not always possible and nearly always a hassle). Just some ideas.
Illco
Illco
One way to do it is to use a cryptographic hash function. However, if you use a common hash algorithm like md5 some people will easily figure out how to make their own registration codes.
EDIT: after rereading the post, wanted to add that you could use the network card's MAC address to generate the number.
The easiest way to do it though is to have the user just send their name, and use that to generate the code to unlock the app.
EDIT: after rereading the post, wanted to add that you could use the network card's MAC address to generate the number.
The easiest way to do it though is to have the user just send their name, and use that to generate the code to unlock the app.
You can use all kinds of various hashes and data sources to generate unique ID numbers.
Windows(TM) uses something like this for their product key or some such:
double word | offset | length | bit-field value based on
------------+--------+--------+----------------------------
H1 | 0 | 10 | volume serial number string
| | | of system volume
H1 | 10 | 10 | network adapter MAC address
| | | string
H1 | 20 | 7 | CD-ROM drive hardware
| | | identification string
H1 | 27 | 5 | graphics adapter hardware
| | | identification string
H2 | 0 | 3 | unused, set to 001
H2 | 3 | 6 | CPU serial number string
H2 | 9 | 7 | harddrive hardware
| | | identification string
H2 | 16 | 5 | SCSI host adapter hardware
| | | identification string
H2 | 21 | 4 | IDE controller hardware
| | | identification string
H2 | 25 | 3 | processor model string
H2 | 28 | 3 | RAM size
H2 | 31 | 1 | 1 = dockable
| | | 0 = not dockable
(table found in "Inside Windows Product Activation", available from http://www.licenturion.com)
As you can see, a fairly robust product ID may be generated based off a system specs.
Also, you can add in some other randomness, such as the time key was created, BIOS version, first letter of every directory at time of creation, mean value of desktop background's pixels, etc.
Hope that helps answer your question.
Windows(TM) uses something like this for their product key or some such:
double word | offset | length | bit-field value based on
------------+--------+--------+----------------------------
H1 | 0 | 10 | volume serial number string
| | | of system volume
H1 | 10 | 10 | network adapter MAC address
| | | string
H1 | 20 | 7 | CD-ROM drive hardware
| | | identification string
H1 | 27 | 5 | graphics adapter hardware
| | | identification string
H2 | 0 | 3 | unused, set to 001
H2 | 3 | 6 | CPU serial number string
H2 | 9 | 7 | harddrive hardware
| | | identification string
H2 | 16 | 5 | SCSI host adapter hardware
| | | identification string
H2 | 21 | 4 | IDE controller hardware
| | | identification string
H2 | 25 | 3 | processor model string
H2 | 28 | 3 | RAM size
H2 | 31 | 1 | 1 = dockable
| | | 0 = not dockable
(table found in "Inside Windows Product Activation", available from http://www.licenturion.com)
As you can see, a fairly robust product ID may be generated based off a system specs.
Also, you can add in some other randomness, such as the time key was created, BIOS version, first letter of every directory at time of creation, mean value of desktop background's pixels, etc.
Hope that helps answer your question.
....you probably don't want to use the hardware specification as your unique ID, since those are apt to change fairly frequently. (Unless you want to monitor the phone 24 hours a day to deal with people who just upgraded their RAM and can't get your app to work).
If you do use hardware specs to generate your keys, than limit it to that hardware that is less likely to change, or that is intetgrated. (Examples: MAC address is good, modem is probably good if it exists, IDE controller hardware is good).
That being said, the only other way to really generate reproducible results is to use biometrics, but not every user is going to have an iris scanner, or fingerprint reader, or even a webcam. Using their name will not work of course, but using their name, their address, and then an answer to some question that only they know could work.
If you do use hardware specs to generate your keys, than limit it to that hardware that is less likely to change, or that is intetgrated. (Examples: MAC address is good, modem is probably good if it exists, IDE controller hardware is good).
That being said, the only other way to really generate reproducible results is to use biometrics, but not every user is going to have an iris scanner, or fingerprint reader, or even a webcam. Using their name will not work of course, but using their name, their address, and then an answer to some question that only they know could work.
The easiest form of hashing, (and most easy to break) would be a simple xor code: For instance, lets say that my name is WILLIAM C BUBEL and we want to produce an 8 character registration key for me. For fun, I'm using the answer to the universe as our xor code.
My registration code therefor would be 7d636666. Parlor trick, it wouldn't take anyone that long to crack it. However, its possible to expand on that to produce better codes, such as a unique Xor code for each element, merging elements, shifting bits around. Ultimately, however, it boils down to how well you can keep a secret.
Real Hashing systems, such as MD5 and SHA1 and SHA2 work this way, but are way more complex, and are very public knowledge. Don't use them, but learn them anyways, so your own system can benefit.
W : 0x57 ^ 0x2a = 0x7dI : 0x49 ^ 0x2a = 0x63L : 0x4c ^ 0x2a = 0x66L : 0x4c ^ 0x2a = 0x66My registration code therefor would be 7d636666. Parlor trick, it wouldn't take anyone that long to crack it. However, its possible to expand on that to produce better codes, such as a unique Xor code for each element, merging elements, shifting bits around. Ultimately, however, it boils down to how well you can keep a secret.
Real Hashing systems, such as MD5 and SHA1 and SHA2 work this way, but are way more complex, and are very public knowledge. Don't use them, but learn them anyways, so your own system can benefit.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
