Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
35 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Is the BIOS Serial Number Always Set, Constant & Reliable

Started by
11 comments, last by aregee 9 years, 8 months ago

Hello

I am thinking of using the users BIOS/Motherboard Serial Number to uniquely identify a user (the application runs on Windows OS). When I refer to the BIOS/Motherboard Serial Number I am referring to the serial number returned when you type in: wmic BIOS get SerialNumber

I have previously attempted to use the Hard Drive serial number to uniquely identify a user but WMI is notoriously unreliable. For example; if you are running your .exe as an elevated process you will get a different Hard Drive serial number back from WMI. Also as crazy as this sounds, I have had 2 different Windows 8 machines change their Hard Drive serial no. on me when the Hard Drives were not changed at all - I'm not crazy this really happened - I realise there's no better way for people to think you're crazy than saying 'I'm not crazy' but putting that aside - do you know if I will experience these same issues with the BIOS/Motherboard' Serial Number?

Some queries

  • Can the user change this serial number? Either using third party applications or through Windows.
  • According to this forum post, not all vendors supply a motherboard UUID so I cannot use this to uniquely identify the user. Do venders mostly/always supply/fill out the BIOS/Motherboard Serial Number or will I also find some computers dont have a serial number?
  • I have tried to uniquely identify a user using the Hard Drive's Serial Number. But I have run into the issue that the serial number can change and that Windows API is unreliable and can return different values. Do you know if I may experience the same issue for the BIOS/Motherboard's Serial Number?
  • Can a standard process (Standard Windows User) retrieve the BIOS/Motherboard Serial Number? Or does the process need to be elevated (Admin User)?
  • What would happen if the user has a virtual machine?

Just to confirm the BIOS is the motherboard, correct? I am a little unclear because I thought the BIOS is the simple software installed on the motherboard.

Advertisement

I am referring to the serial number returned when you type in: wmic BIOS get SerialNumber

When I run that command, I get back "To be filled by O.E.M." laugh.png

. 22 Racing Series .

*Sigh* Well I guess that answers that just like the UUID, not all vendors fill out the serial number information. Back to the drawing board.

I am referring to the serial number returned when you type in: wmic BIOS get SerialNumber

When I run that command, I get back "To be filled by O.E.M." laugh.png

I get:


SerialNumber
System Serial Number

ph34r.png

“If I understand the standard right it is legal and safe to do this but the resulting value could be anything.”

Mine prints out a serial no. Weird so many computers dont have this information filled out.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Your_Awesomeness>wmic BIOS get SerialNumber
SerialNumber
YA017957H

I would maybe suggest aggregating several numbers together, concatenating them, and then performing a hash to get a unique ID. You could use BIOS serial number, CPUID info, hard drive serial numbers, ethernet MAC addresses, any bit of info you can get your hands on (but only from sources which will remain static).

Yes I think you're right. From what I've read many anti-piracy software applications do this - even Windows does this to verify a purchased version of Windows (they use 10 different hardware ids to produce a hash). The only problem is; if the user changes their hard drive, or wireless device, etc. the hash will change. So I'll need to be more forgiving and create a 'verification measure'. Hash bios UUID and hard drive serial, hash ethernet mac address and something else, and so on. If 4 out of 5 hashes match ( a 'verfication measure' of 4/5) then we have correctly identified the user.

Something along these lines appears to be a good enough compromise of security and legitimate hardware modifications.

Note that it is easy for a hacker to modify your checking logic itself to bypass such protection.

Niko Suni

Actually, what do you need the ID for?

On Android, google tracks your preferences by identifying you via an "advertising ID", essentially a GUID that gets created once but can be recreated manually by the user. Would a similar mechanism work for you? Create a GUID uppon installation, store it in some config file and use that for user identification?

Our bug reporting system often (with the permission of the reporter) includes the BIOS Id with other system information. I've noticed it is usually 'to be filled by OEM'. Given the margins in the PC business and the lack of a business case to spent a fraction of a cent to fill that out, I'm hardly surprised.

Tying restrictions to specific hardware identifications has always been a bust, which is why dongles were invented (they provided a reliable hardware identity). Notice how popular dongles are today? Gone are the good old days of a chain of USB or better yet serial dongles sticking out the back of your computer. If ever there was a reason to torrent a cracked copy of software, the dongle was it. Fortunately, cracking hardware-based protection is so easy such cracked copies were effectively available on day zero.

Stephen M. Webb
Professional Free Software Developer

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
AliAbdulKareem
Understanding the wavy-like shape in alpha-testing magnification for text rendering Graphics and GPU Programming
Advertisement

Recommended Tutorials

khawk
Rendering with Shaders: Implementing Lighting Effects in C++ Game Development Graphics and GPU Programming
IssamLahlali
Spring RTS Engineering Internals Music and Sound FX
Myopic Rhino
Getting Into Game Development Career Development
Myopic Rhino
Striving For Graphics API Independence II Graphics and GPU Programming
Myopic Rhino
IGF 09 Interviews: Part 2 Interviews

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top