Solved

Retrieving the real harddisk serial number and in any condition for any hard drive

Posted on 2010-08-19
7
1,220 Views
Last Modified: 2012-06-21
Hi,

I am using VB.NET in VS2005 and trying to get the manufacturer assigned (unchangeable) serial number of the harddisk. I will use this id for distribution protection of my software.

The number should not be the HardDisk VolumeSerialNumber of the partition that can be re-assigned by software methods.

I am working on this problem for a period and searched some solutions the first one is "using WMI" by the value "Win32_physicalmedia". But this method returns the serial number as blank for some harddrives or for some PC configuration (I could not find the actual reason for it is doing so but I am lucky to find it happening on my development PC). There are many different examples of WMI, for example the following;
---
Dim TheSearcher As ManagementObjectSearcher = New ManagementObjectSearcher("SELECT * FROM Win32_PhysicalMedia")

For Each wmi_HD As ManagementObject In TheSearcher.Get()
            MessageBox.Show(wmi_HD("SerialNumber"))
Next
---
It returns an empty string in my PC, but returns the actual manufacturer assigned serial when run at my colleagues PC's.

And the second method I found; Using CreateFile from "kernel32.dll" API. It is something like this (not the full code given here because the original example is long, just for giving an idea about the example);
---
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Integer, ByVal dwShareMode As Integer, ByVal lpSecurityAttributes As Integer, ByVal dwCreationDisposition As Integer, ByVal dwFlagsAndAttributes As Integer, ByVal hTemplateFile As Integer) As Integer

handle = CreateFile("\\.\PhysicalDrive" & "0", HDDID_GENERIC_READ + HDDID_GENERIC_WRITE, HDDID_FILE_SHARE_READ + HDDID_FILE_SHARE_WRITE, 0, HDDID_OPEN_EXISTING, 0, 0)

serialNumber = HDDID_SwapChars(sco.IDS.SerialNumber)
model = HDDID_SwapChars(sco.IDS.ModelNumber)
CloseHandle(handle)
---
It works for all disks that I have, but the "CreateFile" function does not work when logged in with limited administrative privileges (i.e. logged in as limited user account in Windows).

Is there any third method that works in all conditions? Or a trick to make above examples working.
0
Comment
Question by:Weigher
  • 4
  • 2
7 Comments
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33474430
It could be that some hard drives don't have serial numbers assigned internally, that is, all they have is a sticker with the serial number but the manufacturer hasn't inserted it mechanically.

Using hard drive serial isn't a good idea anyway, because it's a component that isn't meant to last that long, and once it breaks and the owner replaces it, they can't use your software anymore.
0
 

Author Comment

by:Weigher
ID: 33474746
Hi,

I am sure the harddisk does have a serial number where WMI fails, because the second method (API) gets the number on the PC that WMI returns an empty string. And both return same ID on PC's those both methods run succesfully.

Reinstallation is not a problem for me because the installation is under control, the user may reactivate the product from internet or phone after reinstallation. It is for protecting against some semi-pro crackers those use simple known methods or easy software to crack.

Is there any other cost-free method providing protection that can the PC can be identified (Board Id, Bios Id, etc. also WMI depended)? I do not want to use MAC of ETH interface.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33474878
Crackers will be able to bypass it anyway. But sorry, I can't help you with it, as I'm not familiar with hardware programming.

However, if you want, you can go the way of internet activation, meaning, the user must have internet when using the program, requiring it to connect to your server and authenticate. Still crackable, but less so.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 18

Accepted Solution

by:
BigSchmuh earned 500 total points
ID: 33474987
We had this kind of topic some month/year ago where the conclusion was:
-Using more than 1 figure with a N-1/N validation may strongly reduce licence support
-Figures can come serials or full model number from : NIC, HDD, MB

Ex of a validation rule: Use the Network Mac address + HDD Model + GPU Model; validate the license and update the license referral figures if 2 of 3 are valid (Same Mac adress + One HDD has same model + Same GPU Model)
==> So your "bad" user have to know the Mac address and buy the exact same HDD or GPU of the licensee which add some real complexity and price to the piracy
0
 

Author Comment

by:Weigher
ID: 33475079
Cluskitt:
I agree in general and any software can be cracked. But I think cracking the hardware serial number encrypted (by multiple number of scrambled tricks used together) will not be as easy as directly copying the files competely to another computer. And unfortunatelly my PC's are at locations those are far from a continuous internet connection. Anyway, thank you for the comments.
0
 

Author Comment

by:Weigher
ID: 33475427
BigSchmuh:
I considered to use three HW ID sources together, that WMI returns. But have lost my trust for WMI method after I have seen it is returning an empty string as the Serial Number where other method returns it successfully (provided that with administrator privilleges). I will have to find out methods to obtain the MB, CPU, MAC Address etc, other than using WMI.

I think the number will be a simple string concatenation of the collected possible ID's prior to be encoded by the cipher, because this string is not reproducable locally after validation, it is hased to a shorter value. The validation phase is already scrambled by doing some fake, misguiding validations in code (and some other methods that I do not want to say here) against reverse compiling and debugging of the executable (Unfortunatelly, I have only the chance to use limited free obfuscator provided with VS).

How secure is the information provided by the WMI in general? Does anyone have an idea?
0
 

Author Comment

by:Weigher
ID: 33483057
I created a new question regarding the WMI Win32 classes security in
 http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_26417011.html because the subject of the questin has been changed.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
What is Python programming? 3 64
Find value in LINQ result ? 4 17
.net VBA word safemode 1 24
Not needed 13 53
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now