Using the Drive Serial Number for protection

D

Damon Heron

I do on-site installs of my db software. I get the HD serial number of the
drive where I install the db, and make that a constant prior to splitting
and converting to an MDE. The user's license is for single-copy use. On
some key forms of the db, I have a test to compare the current HD serial #
with the constant I established on installation. If they don't match, then
a msg asks the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing unauthorized
copies of my app from being distributed?

TIA
Damon
 
T

Tony Toews [MVP]

Damon Heron said:
I do on-site installs of my db software. I get the HD serial number of the
drive where I install the db, and make that a constant prior to splitting
and converting to an MDE. The user's license is for single-copy use. On
some key forms of the db, I have a test to compare the current HD serial #
with the constant I established on installation. If they don't match, then
a msg asks the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing unauthorized
copies of my app from being distributed?
Click to expand...

Yes, that would work depending on how you are getting the HD serial
number. Are you using the S.M.A.R.T. API calls to get the true serial
number or the Volume Serial Number? If the Volume Serial Number then
that can be duplicate quite easily using free tools.

However the biggest problem is user acceptance. What happens if the
computer dies or the hard drive dies or you go out of business? At
the very least allow the user to use your product say 10 times before
canceling them out. In this case I'd suggest using database
properties as those can only be located programmatically. Someone
poking about in tables or the registry wouldn't see those.

Tools available from sites such as sysinternals.com can crack any
method you use to store a future date anywhere on a system such as in
the registry or a file. Unless it's encrypted. But even then if you
delete the date from wherever it's stored your app may think it's just
installed.

Thus I prefer to limit the number of records in one key table such as
5 units or 50 volunteers but allow unlimited access for everything
else. Once I get paid then I email them an encrypted file containing
the number of records they are licensed for as well as their company
name which goes on the bottom of every page of every report.

For more of my thoughts on this topic see the "Copy protection or how
to safely distribute a demo Microsoft Access Application" page at
http://www.granite.ab.ca/access/demo.htm

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
 
D

Damon Heron

Thanks for the advice, Tony. I will consider all of your suggestions!
BTW- I am using the API calls.

Damon
 
D

David W. Fenton

I do on-site installs of my db software. I get the HD serial
number of the drive where I install the db, and make that a
constant prior to splitting and converting to an MDE. The user's
license is for single-copy use. On some key forms of the db, I
have a test to compare the current HD serial # with the constant I
established on installation. If they don't match, then a msg asks
the user to contact me, and the app quits. My question, short of
someone hacking the MDE, - is this a good scheme for preventing
unauthorized copies of my app from being distributed?
Click to expand...

Are you encrypting your MDE? If not, somebody could browse the raw
file and edit the serial number.

I'd suggest you use some form of encryption. You could put an MD5
hash as your constant, and calculate it in your code from the actual
drive serial number, for instance. Or, you could use SHA encryption
with a private key of your own to create the key you store in your
constant. Once the MDE is encrypted, it would be pretty hard for
anybody to crack it.
 
P

Peter

Damon,

That's the right idea, but you should consider what happens if your
customer has a hard drive failure, or needs a re-install. There's also
a (virtually) unique NIC MAC address that you can do the same thing
with. Of course, they could change out their NIC card as well.

It appears that you're required to be present at each installation of
your software which may be time consuming for you and could limit your
application's use.

All the best,

Peter De Baets
Peter's Software - Microsoft Access Tools for Developers
http://www.peterssoftware.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help with creating a model serial number 2
serial number use 3
Trusted location or publisher on removable drive 3
polling hardware serial numbers? 8
Selling a show - adding a serial number? 3
Partial Serial number 4
Licenses and serial numbers 3
Find serial number used 4

Top