Retrieving the real harddisk serial number and in any condition for any hard drive


I am using VB.NET in VS2005 and trying to get the manufacturer assigned (unchangeable) serial number of the harddisk. I will use this id for distribution protection of my software.

The number should not be the HardDisk VolumeSerialNumber of the partition that can be re-assigned by software methods.

I am working on this problem for a period and searched some solutions the first one is "using WMI" by the value "Win32_physicalmedia". But this method returns the serial number as blank for some harddrives or for some PC configuration (I could not find the actual reason for it is doing so but I am lucky to find it happening on my development PC). There are many different examples of WMI, for example the following;
Dim TheSearcher As ManagementObjectSearcher = New ManagementObjectSearcher("SELECT * FROM Win32_PhysicalMedia")

For Each wmi_HD As ManagementObject In TheSearcher.Get()
It returns an empty string in my PC, but returns the actual manufacturer assigned serial when run at my colleagues PC's.

And the second method I found; Using CreateFile from "kernel32.dll" API. It is something like this (not the full code given here because the original example is long, just for giving an idea about the example);
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Integer, ByVal dwShareMode As Integer, ByVal lpSecurityAttributes As Integer, ByVal dwCreationDisposition As Integer, ByVal dwFlagsAndAttributes As Integer, ByVal hTemplateFile As Integer) As Integer


serialNumber = HDDID_SwapChars(sco.IDS.SerialNumber)
model = HDDID_SwapChars(sco.IDS.ModelNumber)
It works for all disks that I have, but the "CreateFile" function does not work when logged in with limited administrative privileges (i.e. logged in as limited user account in Windows).

Is there any third method that works in all conditions? Or a trick to make above examples working.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It could be that some hard drives don't have serial numbers assigned internally, that is, all they have is a sticker with the serial number but the manufacturer hasn't inserted it mechanically.

Using hard drive serial isn't a good idea anyway, because it's a component that isn't meant to last that long, and once it breaks and the owner replaces it, they can't use your software anymore.
WeigherAuthor Commented:

I am sure the harddisk does have a serial number where WMI fails, because the second method (API) gets the number on the PC that WMI returns an empty string. And both return same ID on PC's those both methods run succesfully.

Reinstallation is not a problem for me because the installation is under control, the user may reactivate the product from internet or phone after reinstallation. It is for protecting against some semi-pro crackers those use simple known methods or easy software to crack.

Is there any other cost-free method providing protection that can the PC can be identified (Board Id, Bios Id, etc. also WMI depended)? I do not want to use MAC of ETH interface.
Crackers will be able to bypass it anyway. But sorry, I can't help you with it, as I'm not familiar with hardware programming.

However, if you want, you can go the way of internet activation, meaning, the user must have internet when using the program, requiring it to connect to your server and authenticate. Still crackable, but less so.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

We had this kind of topic some month/year ago where the conclusion was:
-Using more than 1 figure with a N-1/N validation may strongly reduce licence support
-Figures can come serials or full model number from : NIC, HDD, MB

Ex of a validation rule: Use the Network Mac address + HDD Model + GPU Model; validate the license and update the license referral figures if 2 of 3 are valid (Same Mac adress + One HDD has same model + Same GPU Model)
==> So your "bad" user have to know the Mac address and buy the exact same HDD or GPU of the licensee which add some real complexity and price to the piracy

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WeigherAuthor Commented:
I agree in general and any software can be cracked. But I think cracking the hardware serial number encrypted (by multiple number of scrambled tricks used together) will not be as easy as directly copying the files competely to another computer. And unfortunatelly my PC's are at locations those are far from a continuous internet connection. Anyway, thank you for the comments.
WeigherAuthor Commented:
I considered to use three HW ID sources together, that WMI returns. But have lost my trust for WMI method after I have seen it is returning an empty string as the Serial Number where other method returns it successfully (provided that with administrator privilleges). I will have to find out methods to obtain the MB, CPU, MAC Address etc, other than using WMI.

I think the number will be a simple string concatenation of the collected possible ID's prior to be encoded by the cipher, because this string is not reproducable locally after validation, it is hased to a shorter value. The validation phase is already scrambled by doing some fake, misguiding validations in code (and some other methods that I do not want to say here) against reverse compiling and debugging of the executable (Unfortunatelly, I have only the chance to use limited free obfuscator provided with VS).

How secure is the information provided by the WMI in general? Does anyone have an idea?
WeigherAuthor Commented:
I created a new question regarding the WMI Win32 classes security in because the subject of the questin has been changed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.