# Generating UID for a machine

## Recommended Posts

I would like to create a function that generates an unique ID for a computer (usable for software activation), but I'm not sure how and on what to base that generation on. After googling a bit, I found that some dudes used stuff like computer name, number of processors, logical drives and so on.

What would you use to build such an ID and are there any good references for this?

##### Share on other sites
Identifying PCs isn't simple - you probably don't want your product to fail if the user makes a small upgrade to their PC (e.g. adding a hard drive, plugging in a USB memory stick, installing RAM, etc). You could consider doing [url="http://en.wikipedia.org/wiki/Windows_XP#Product_activation_and_verification"]something like Windows does[/url] and not complain until multiple hardware components have changed.

Even with a fairly lenient system like that you will have to handle extra support requests when people find out that they can't play the game they bought on their new PC.

Alternatively save yourself all that work, and use something simpler, or find a library to handle activation for you.

##### Share on other sites
ApochPiQ    23003
Personally, I wouldn't screw with product activation at all. It's a losing battle.

Unless your product license sells for many hundreds or thousands of dollars, you will never recoup the time it takes to build robust DRM on the sales you gain by avoiding piracy. People will steal it anyways.

If your product sells for hundreds or thousands of dollars, people will have extra incentive to break the DRM and steal it anyways.

Frankly, my personal view these days is that unless you're talking about nuclear weapons or aliens in Area 51, [i]DRM is totally pointless[/i]. It's trivial to circumvent, even when invented by experts, and the gap between expert and flawed DRM is massive. Treat your users like responsible human beings, and you'll get a lot better mileage.

##### Share on other sites
The idea was that the hardware won't change too often over a short period of time unless many people (with different machines ofcourse) are using the same serial number, so the hardware changes are accepted on a limited number of activations. After reading more stuff, I'm thinking that a simple MAC address hash should be enough (sent to server along with the serial number which will also be hashed to protect it over the network).

About the usefulness of such protection, well it's not intended to fight a decisive battle against the hackers, but rather to "control" the potential clients. Usually a normal person who would like to acquire the product will be impressed by the activation process and will understand that is too much trouble to find an "alternative" solution and should just buy it. So the main task of such system would be not to protect some secret technology, but rather to stop people who buy the software from simply passing it to their friends.

##### Share on other sites
ApochPiQ    23003
I wasn't talking about security of secrets, I was talking about trying to force people into generating sales by using DRM systems.

Maybe I'm not "normal" (whatever that means) but I don't see an activation screen and think "oh, wow, you use DRM! Let me throw my money at you!" I see activation screens and think "fuck you, open source exists for a reason." And then I add your software provider to my mental list of people to never do business with.

As for the ease of finding "alternative solutions" to buying software... are you kidding? Or just hideously naive? Finding pirated software, keygens, cracks, and whatever else is a ten second job on today's internet. I can steal pretty much any popular program in a few minutes of effort, and I'm not even all that well versed in the contemporary warez circles.

Want to get money from me in exchange for your software? Put an unobtrusive but easy-to-find donation link somewhere in there, or on your project's site. If I find it worthwhile, I'll chip you a few bucks - often substantially more than you might have tried to sell it for in the first place, if I find it truly good stuff.

Granted, maybe I'm an extreme outlier, I don't know. But this idea you have that activation screens make people respect you seems [i]painfully[/i] dubious to me. I don't know anyone who finds that shit enticing.

##### Share on other sites
[quote name='ApochPiQ' timestamp='1310426745' post='4834051']<br />I wasn't talking about security of secrets, I was talking about trying to force people into generating sales by using DRM systems.<br /><br /><br />Maybe I'm not &quot;normal&quot; (whatever that means) but I don't see an activation screen and think &quot;oh, wow, you use DRM! Let me throw my money at you!&quot; I see activation screens and think &quot;fuck you, open source exists for a reason.&quot; And then I add your software provider to my mental list of people to never do business with.<br /><br />As for the ease of finding &quot;alternative solutions&quot; to buying software... are you kidding? Or just hideously naive? Finding pirated software, keygens, cracks, and whatever else is a ten second job on today's internet. I can steal pretty much any popular program in a few minutes of effort, and I'm not even all that well versed in the contemporary warez circles.<br /><br />[/quote]<br /><br /><br />

I can see you're very started against DRM and I understand you, sounds stupid if you ask me to use all sorts of limitation against your honest buyers (the CD check is the most stupid cause the CD can break and you are actually forced to look for the "no-cd crack"), but as I said the purpose of using such stuff is not to mock and annoy these buyers, but rather to keep them from being corrupted themselves (no protection = easy to just get it from your friends, why buy?).

Getting cracked software is usually much more complicated than a simple activation check! Not everyone is a computer expert that can follow a long install procedure and not everyone is a natural born criminal who is ready to do anything to bypass the lock. Not to mention that almost every crack tries to turn your machine into a zombie system and not everyone likes that.

[quote name='ApochPiQ' timestamp='1310426745' post='4834051']<br />Want to get money from me in exchange for your software? Put an unobtrusive but easy-to-find donation link somewhere in there, or on your project's site. If I find it worthwhile, I'll chip you a few bucks - often substantially more than you might have tried to sell it for in the first place, if I find it truly good stuff.<br /><br />[/quote]<br /><br /><br />

I'm sorry but I cannot agree with this one, in fact it's just lame. A product of any kind has VALUE. A bread has value and you must pay for it, I don't believe you go out each morning to "procure" your food. You cannot survive from donations, unless you are a beggar or a very lucky person. Asking clients to buy your product is not a shame as you seem to think. Imagine that you work hard to produce VALUE, and your boss would "chip you a few bucks" as you say, but only if he finds you did a good job... wouldn't that be slavery?

Show me an economical model where everything can be free and I'll believe you, until then more and more restrictions and law support will be necessary.

PS: Although I highly appreciate your point of view (I want a free world too...), as you may know, using DRM or not is a very controversial subject and that's not what I asked, so I would appreciate if you go offtopic and troll my thread on a non-moderator account, thank you.

##### Share on other sites
ApochPiQ    23003
Dude, chill out. I was just providing my opinion.

##### Share on other sites
mdwh    1108
[quote]sounds stupid if you ask me to use all sorts of limitation against your honest buyers (the CD check is the most stupid cause the CD can break and you are actually forced to look for the "no-cd crack"), but as I said the purpose of using such stuff is not to mock and annoy these buyers, but rather to keep them from being corrupted themselves (no protection = easy to just get it from your friends, why buy?).[/quote]If people's software stops working when they change hardware, that's still a limitation against your honest buyers.

And getting a copy is easy whether or not there's protection. It only takes one person to crack it.

[quote]Getting cracked software is usually much more complicated than a simple activation check![/quote]The concern I think is more when the software no longer works.

Now yes, I appreciate you wanted to know how to do something, rather than a debate on whether it's a good idea. However, the point is that achieving this is not at all easy, if possible at all, unless you are happy with annoying honest buyers.

##### Share on other sites
Waterlimon    4398
Just make half of the features run on a server that requires you yo have an account... People might crack the protections but theyll have to code a few features to make it useful. Unless you want it to work offline.

##### Share on other sites
Amr0    2230
I've asked a couple of people who created great quality freeware and put up a "donate" sign somewhere, and they said it was almost pointless - no considerable amount of money comes from donations.

You said the purpose was to make sure that not the same key is used by hundreds of people. This is an important point to keep in mind. Make the machine ID a buffer containing information about a number of hardware pieces (CPU, MAC address, and HDD serials should be enough), then in your software check to see if ANY of those match the machine on which the software is run. This way, the user will have to create a license only if he changes ALL pieces of hardware used for generating the machine ID.

Also, allow the user to use the same serial number for, say, 6 times without having to contact you. That technically means he can give the license key to 5 of his friends, but hey, there is no perfect solution for this. Good luck, I hope your sales reach millions of !

##### Share on other sites
ApochPiQ    23003
Anecdotal evidence is not data.

I ran a small project with a few thousand users a few years ago called Tiny KeyCounter. I gathered a hell of a good chunk of donations from various sources through the project. I won't disclose how much I made, but I [i]will[/i] say that if I measured it like a full-time job (i.e. compare income versus time invested) it would have been comparable to a decent entry-level industry position.

YMMV, of course, and part of getting good donation revenue is good marketing - and many people who can write good software are utter rubbish at marketing and business. But this idea that it's impossible or pointless to write donationware in this day and age is just ridiculous.

I could point to all kinds of open source projects that survive on donations. Try Google. You might be surprised.

##### Share on other sites
SuperVGA    1132
Hey LeChuckIsBack,

I do agree that copy protection in contrast to regular updates and content delivery, is a losing battle. My suggestion is to query a master server when starting the product. For temporary UIDs let the server generate one, otherwise use an e-mail address and go with logins and/or registration at the first run.

If a curious person decides to crack your product there's just not much you can do about it. Remember to obfuscate security-critical bits of your code.

- But they could lose a degree of customer service and frequent updates if you decide to do it that way.