views:

1127

answers:

3

I'm developing a small windows app using c++ and i would like to get some kind of fingerprint of the software/hardware on a pc so that i can allow the app to be run only on certain pc's.

I am aware that the app can be cracked but i'm really interested in implementing something like this.
Any ideas how could i achieve this?

+1  A: 

There's no reliable way known to do this in a vanilla PC; people have been trying for years. The problem is that you might change any component at any time, including the CPU and the BIOS ROMs. The closest people have come is using a cryptographically protected "dongle" but that has proven both to be unsatisfactory in operation, and not very secure.

If you come up with something, patent it; it would be very valuable.

Charlie Martin
+4  A: 

It basically depends on how tight you want to couple your software to the underlying hardware. For example you could get some hardware information from the registry, read out the MAC address from the LAN card, retrieve the gfx manufacturer, the CPU id, etc. and hash all these data.
You could then use this hash as a challenge code which is sent to your company. The customer then receives the signed (with your private key) version of this hash.
Upon start up your application is able to check if the signature of the hash is good or bad (i.e. has been signed by your company).
This not only binds your software to a certain hardware configuration, but also forces the crackers to patch your application (because they would need to patch the public key from your executable and replace it in order to write a keygen). Many people consider twice installing a crack obtained from various sources in contrast to just entering a valid serial copied from a keygen.

Edit:
In order to check the signature of the hash, anything from RSA over DSA to ECC can be used. I can recommend Crypto++ or libTomCrypt for that.

jn_
A: 

As the others have said there is nothing perfect for what you want. I made a half-hearted attempt for a similar issue and ended up with a mix of drive volume ID (not good because it can be reformatted) and the OS key (from windows).

In the end I didn't spend much time on it as if people really want to crack your software they'll probably be able to do it. I left the dinky licensing "protection", but it is pretty poor.

Spend the time/effort on making them want to buy it by making it outstanding.

Tim