Retrieving the real harddisk serial number and in any condition for any hard drive

Posted on 2010-08-19
Last Modified: 2012-06-21

I am using VB.NET in VS2005 and trying to get the manufacturer assigned (unchangeable) serial number of the harddisk. I will use this id for distribution protection of my software.

The number should not be the HardDisk VolumeSerialNumber of the partition that can be re-assigned by software methods.

I am working on this problem for a period and searched some solutions the first one is "using WMI" by the value "Win32_physicalmedia". But this method returns the serial number as blank for some harddrives or for some PC configuration (I could not find the actual reason for it is doing so but I am lucky to find it happening on my development PC). There are many different examples of WMI, for example the following;
Dim TheSearcher As ManagementObjectSearcher = New ManagementObjectSearcher("SELECT * FROM Win32_PhysicalMedia")

For Each wmi_HD As ManagementObject In TheSearcher.Get()
It returns an empty string in my PC, but returns the actual manufacturer assigned serial when run at my colleagues PC's.

And the second method I found; Using CreateFile from "kernel32.dll" API. It is something like this (not the full code given here because the original example is long, just for giving an idea about the example);
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Integer, ByVal dwShareMode As Integer, ByVal lpSecurityAttributes As Integer, ByVal dwCreationDisposition As Integer, ByVal dwFlagsAndAttributes As Integer, ByVal hTemplateFile As Integer) As Integer


serialNumber = HDDID_SwapChars(sco.IDS.SerialNumber)
model = HDDID_SwapChars(sco.IDS.ModelNumber)
It works for all disks that I have, but the "CreateFile" function does not work when logged in with limited administrative privileges (i.e. logged in as limited user account in Windows).

Is there any third method that works in all conditions? Or a trick to make above examples working.
Question by:Weigher
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 18

Expert Comment

ID: 33474430
It could be that some hard drives don't have serial numbers assigned internally, that is, all they have is a sticker with the serial number but the manufacturer hasn't inserted it mechanically.

Using hard drive serial isn't a good idea anyway, because it's a component that isn't meant to last that long, and once it breaks and the owner replaces it, they can't use your software anymore.

Author Comment

ID: 33474746

I am sure the harddisk does have a serial number where WMI fails, because the second method (API) gets the number on the PC that WMI returns an empty string. And both return same ID on PC's those both methods run succesfully.

Reinstallation is not a problem for me because the installation is under control, the user may reactivate the product from internet or phone after reinstallation. It is for protecting against some semi-pro crackers those use simple known methods or easy software to crack.

Is there any other cost-free method providing protection that can the PC can be identified (Board Id, Bios Id, etc. also WMI depended)? I do not want to use MAC of ETH interface.
LVL 18

Expert Comment

ID: 33474878
Crackers will be able to bypass it anyway. But sorry, I can't help you with it, as I'm not familiar with hardware programming.

However, if you want, you can go the way of internet activation, meaning, the user must have internet when using the program, requiring it to connect to your server and authenticate. Still crackable, but less so.
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

LVL 18

Accepted Solution

BigSchmuh earned 500 total points
ID: 33474987
We had this kind of topic some month/year ago where the conclusion was:
-Using more than 1 figure with a N-1/N validation may strongly reduce licence support
-Figures can come serials or full model number from : NIC, HDD, MB

Ex of a validation rule: Use the Network Mac address + HDD Model + GPU Model; validate the license and update the license referral figures if 2 of 3 are valid (Same Mac adress + One HDD has same model + Same GPU Model)
==> So your "bad" user have to know the Mac address and buy the exact same HDD or GPU of the licensee which add some real complexity and price to the piracy

Author Comment

ID: 33475079
I agree in general and any software can be cracked. But I think cracking the hardware serial number encrypted (by multiple number of scrambled tricks used together) will not be as easy as directly copying the files competely to another computer. And unfortunatelly my PC's are at locations those are far from a continuous internet connection. Anyway, thank you for the comments.

Author Comment

ID: 33475427
I considered to use three HW ID sources together, that WMI returns. But have lost my trust for WMI method after I have seen it is returning an empty string as the Serial Number where other method returns it successfully (provided that with administrator privilleges). I will have to find out methods to obtain the MB, CPU, MAC Address etc, other than using WMI.

I think the number will be a simple string concatenation of the collected possible ID's prior to be encoded by the cipher, because this string is not reproducable locally after validation, it is hased to a shorter value. The validation phase is already scrambled by doing some fake, misguiding validations in code (and some other methods that I do not want to say here) against reverse compiling and debugging of the executable (Unfortunatelly, I have only the chance to use limited free obfuscator provided with VS).

How secure is the information provided by the WMI in general? Does anyone have an idea?

Author Comment

ID: 33483057
I created a new question regarding the WMI Win32 classes security in because the subject of the questin has been changed.

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
We look at whether swapping a controller board on a failed hard drive is likely to solve the problem.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Simple Linear Regression

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question