Retrieving the real harddisk serial number and in any condition for any hard drive

Posted on 2010-08-19
Last Modified: 2012-06-21

I am using VB.NET in VS2005 and trying to get the manufacturer assigned (unchangeable) serial number of the harddisk. I will use this id for distribution protection of my software.

The number should not be the HardDisk VolumeSerialNumber of the partition that can be re-assigned by software methods.

I am working on this problem for a period and searched some solutions the first one is "using WMI" by the value "Win32_physicalmedia". But this method returns the serial number as blank for some harddrives or for some PC configuration (I could not find the actual reason for it is doing so but I am lucky to find it happening on my development PC). There are many different examples of WMI, for example the following;
Dim TheSearcher As ManagementObjectSearcher = New ManagementObjectSearcher("SELECT * FROM Win32_PhysicalMedia")

For Each wmi_HD As ManagementObject In TheSearcher.Get()
It returns an empty string in my PC, but returns the actual manufacturer assigned serial when run at my colleagues PC's.

And the second method I found; Using CreateFile from "kernel32.dll" API. It is something like this (not the full code given here because the original example is long, just for giving an idea about the example);
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Integer, ByVal dwShareMode As Integer, ByVal lpSecurityAttributes As Integer, ByVal dwCreationDisposition As Integer, ByVal dwFlagsAndAttributes As Integer, ByVal hTemplateFile As Integer) As Integer


serialNumber = HDDID_SwapChars(sco.IDS.SerialNumber)
model = HDDID_SwapChars(sco.IDS.ModelNumber)
It works for all disks that I have, but the "CreateFile" function does not work when logged in with limited administrative privileges (i.e. logged in as limited user account in Windows).

Is there any third method that works in all conditions? Or a trick to make above examples working.
Question by:Weigher
  • 4
  • 2
LVL 18

Expert Comment

ID: 33474430
It could be that some hard drives don't have serial numbers assigned internally, that is, all they have is a sticker with the serial number but the manufacturer hasn't inserted it mechanically.

Using hard drive serial isn't a good idea anyway, because it's a component that isn't meant to last that long, and once it breaks and the owner replaces it, they can't use your software anymore.

Author Comment

ID: 33474746

I am sure the harddisk does have a serial number where WMI fails, because the second method (API) gets the number on the PC that WMI returns an empty string. And both return same ID on PC's those both methods run succesfully.

Reinstallation is not a problem for me because the installation is under control, the user may reactivate the product from internet or phone after reinstallation. It is for protecting against some semi-pro crackers those use simple known methods or easy software to crack.

Is there any other cost-free method providing protection that can the PC can be identified (Board Id, Bios Id, etc. also WMI depended)? I do not want to use MAC of ETH interface.
LVL 18

Expert Comment

ID: 33474878
Crackers will be able to bypass it anyway. But sorry, I can't help you with it, as I'm not familiar with hardware programming.

However, if you want, you can go the way of internet activation, meaning, the user must have internet when using the program, requiring it to connect to your server and authenticate. Still crackable, but less so.
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 18

Accepted Solution

BigSchmuh earned 500 total points
ID: 33474987
We had this kind of topic some month/year ago where the conclusion was:
-Using more than 1 figure with a N-1/N validation may strongly reduce licence support
-Figures can come serials or full model number from : NIC, HDD, MB

Ex of a validation rule: Use the Network Mac address + HDD Model + GPU Model; validate the license and update the license referral figures if 2 of 3 are valid (Same Mac adress + One HDD has same model + Same GPU Model)
==> So your "bad" user have to know the Mac address and buy the exact same HDD or GPU of the licensee which add some real complexity and price to the piracy

Author Comment

ID: 33475079
I agree in general and any software can be cracked. But I think cracking the hardware serial number encrypted (by multiple number of scrambled tricks used together) will not be as easy as directly copying the files competely to another computer. And unfortunatelly my PC's are at locations those are far from a continuous internet connection. Anyway, thank you for the comments.

Author Comment

ID: 33475427
I considered to use three HW ID sources together, that WMI returns. But have lost my trust for WMI method after I have seen it is returning an empty string as the Serial Number where other method returns it successfully (provided that with administrator privilleges). I will have to find out methods to obtain the MB, CPU, MAC Address etc, other than using WMI.

I think the number will be a simple string concatenation of the collected possible ID's prior to be encoded by the cipher, because this string is not reproducable locally after validation, it is hased to a shorter value. The validation phase is already scrambled by doing some fake, misguiding validations in code (and some other methods that I do not want to say here) against reverse compiling and debugging of the executable (Unfortunatelly, I have only the chance to use limited free obfuscator provided with VS).

How secure is the information provided by the WMI in general? Does anyone have an idea?

Author Comment

ID: 33483057
I created a new question regarding the WMI Win32 classes security in because the subject of the questin has been changed.

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question