Dreedle

Apologies if this is the wrong forum. I posted on the "Where is the forum.." but no answer yet and I need to push on with this.

I can obtain the Windows serial no from WMI (Win32_OperatingSystem.SerialNo) which provides me with the serial number that is diplayed on "My Computer" properties.

My question is this:

How unique (or not) is this serial number I would hope that this be unique to each copy of Windows. Does anybody know And what about OEM editions of Windows

Can any MS guys looking in help me out on this one

In case you are wondering I was thinking of using this serial number as part of a computed key. I have discounted using CPUID, MAC, and hard disk serial number, for various reasons.

The Windows serial number seems omnipresent and obtainable in the variety of Windows editions and machine combinations I have looked at without collision. However I do not have access to any two machines from the same OEM.

If the serial number was unique it would fit the bill nicely.

Failing that, any suggestions of what unique machine/OS information could be used instead




Re: Visual C# General Windows Serial No

Evan Mulawski

After Windows install, the serial no of the OS is either concealed or deleted.

This is done on purpose so a user cannot create an app that retreives the Serial No to use on another computer (HINT: Theirs or not) :)>






Re: Visual C# General Windows Serial No

Evan Mulawski

If you need a custom serial number, try creating your own and use (int++) to create a number that suceeds the old one.

i.e.

int serial = 000000000000-0;

When registered (or another function):

serial++;

You can use C# mail to send a message to you stating that this product was registered.

Or you can create a separate WebService just for registering.

Does this help






Re: Visual C# General Windows Serial No

Dreedle

Thanks Evan,

The serial no I was talking about can be retrieved via WMI and is also displayed on the My Computer/Properties.

However, I've been looking at this and it seems that this number is all to easily faked along with the registered user and install date of the system (all things I was considering for key generation). So I have abandoned this route.

To clarify, the computed key is used to encrypt a file that contains 'actual keys' where the actual key has been sent (encypted) to the user. One or more actual keys will enable the front end to work.

Therefore to protect the key store I wanted to encrypt it with a key computed from system local information that cannot be easily faked. Therfore the key store file could not be stolen because it would not decrypt propery on another system.

The front end can be stolen and we don't care, it's completely unusable without any actual keys extracted from a key store that can be successfully decrypted.

I'm working at this from the point of view that the front end has already been put through Reflector and the potential hacker knows what information is being used to compute the key and also what cypher is being used to encrypt.

Therefore the easily faked part is proving troublesome. I already abandoned using MAC address, CPUID etc as candidates for computing the local key as they are either not universally available or can be faked/changed.

I am now considering the PnP Device Id of the physical disk where the operating system resides, salted with one two other pieces if information, e.g. the model of the physical disk. Still trying to find out just how unique PnP device id's are, and more importantly, if it (and disk model number etc) can be faked by hacking the registry.

Any thoughts appreciated...






Re: Visual C# General Windows Serial No

Evan Mulawski

That number is the system serial number, not the Windows XP Serial Number.

Is that what you need






Re: Visual C# General Windows Serial No

Dreedle

I have decided to go with data gathered from the physical disk/partition where the OS is installed to compute the key.






Re: Visual C# General Windows Serial No

neophy

Hi Dreedle,

Would you mind elaborating more on what kind of data you are gathering from the physical disk/partition where the OS is installed I too, am on a similar task of attempting to tie a decryption application for use only on a particular pc.

Thanks





Re: Visual C# General Windows Serial No

Dreedle

Hi neophy,

Would like to help you but the code was written for a client and I don't think it would be very responsible of me to disclose it in any detail.

However, the method we used was to examine various system settings (not only hard disk) via WMI etc, and how difficult they would be to fake, how available they were on different machine/OS combinations, and their volatility. We compiled a list of non-volatile candidate items from this experimentation.

By faking I mean that the candidate data cannot be faked by changing a registry setting, or downloading a tool to change things like volume serial number or MAC address (both poor candidates for generating keys).

Availablilty of candidate information across machine/OS combinations proved to be the trickiest problem. We applied a weighting system to the candidate items to give an idea of the probable encyption strength.

We also used a deterministic algorithm that would change/reorder the key data so that the protected file would be encrypted differently under certain conditions.

All of this adds up to a key that is reasonably difficult to break, but hardly impossible.

It does mean, however, that the protected file and software cannot be casually pirated and used on another machine.

Hope this helps.






Re: Visual C# General Windows Serial No

neophy

Hey Dreedle,

Thank you very much for your prompt reply. I understand where you are coming from. Yes, the information you provided is helpful. Thank you again for your ideas on how to go about looking for and evaluating these keys. ^_^