Getting the Windows ProductId string from UM

It appears that the (or maybe “a”) unique serial number string for a given
machine is the ProductId string in
HKLM->Software->Windows->CurrentVersion->ProductId.

Does anyone know if there is a builtin function call that will return this
value, or is the Approved Method to walk to registry to get it?

Also, is this a unique key that should remain constant on a given machine
dispite minor hardware and OS upgrades? And will be different on different
machines?

I’m looking for something reasonably reliable and hopefully reasonably
unspoofable that will indicate one particular machine from the universe of
available PCs, and that is available at all times. It has to work on at
least W2K and XP, and hopefully also on NT4, ME, and 98OSR2. Going for the
network id is unreliable since on some versions of the OS it isn’t available
while offline, and it can change if you have more than one network adapter.

Since MS has already come up with some field that does something much like
what I want, I’d rather bootstrap off of that rather than hack something
unreliable of my own. (Which I already have, and it is unreliable, so I’m
looking for something else.)

Oh, another question. Is this ProductId field actually unique to the
machine in the case of Dell, who makes a zillion identical machines with OPK
cloned disks, all of which have the identical serial number (zero)? Or are
all Dells going to have the same Product Id value, since everything else is
identical? This is the problem I’m fighting currently.

Thanks,
Loren

Would cpuid work for you ?. You might have considered it already !.

-pro

----- Original Message -----
From: “Loren Wilton”
To: “Windows System Software Devs Interest List”
Sent: Thursday, June 02, 2005 3:05 AM
Subject: [ntdev] Getting the Windows ProductId string from UM

> It appears that the (or maybe “a”) unique serial number string for a given
> machine is the ProductId string in
> HKLM->Software->Windows->CurrentVersion->ProductId.
>
> Does anyone know if there is a builtin function call that will return this
> value, or is the Approved Method to walk to registry to get it?
>
> Also, is this a unique key that should remain constant on a given machine
> dispite minor hardware and OS upgrades? And will be different on
> different
> machines?
>
> I’m looking for something reasonably reliable and hopefully reasonably
> unspoofable that will indicate one particular machine from the universe of
> available PCs, and that is available at all times. It has to work on at
> least W2K and XP, and hopefully also on NT4, ME, and 98OSR2. Going for
> the
> network id is unreliable since on some versions of the OS it isn’t
> available
> while offline, and it can change if you have more than one network
> adapter.
>
> Since MS has already come up with some field that does something much like
> what I want, I’d rather bootstrap off of that rather than hack something
> unreliable of my own. (Which I already have, and it is unreliable, so I’m
> looking for something else.)
>
> Oh, another question. Is this ProductId field actually unique to the
> machine in the case of Dell, who makes a zillion identical machines with
> OPK
> cloned disks, all of which have the identical serial number (zero)? Or
> are
> all Dells going to have the same Product Id value, since everything else
> is
> identical? This is the problem I’m fighting currently.
>
> Thanks,
> Loren
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

BTW, I meant to say 'concatenate this with the regular productID, if the
productID is not dynamically generated. Hence disk cloaning(mastering) takes
the bits as is.

-pro

----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Thursday, June 02, 2005 5:28 AM
Subject: Re: [ntdev] Getting the Windows ProductId string from UM

> Would cpuid work for you ?. You might have considered it already !.
>
> -pro
>
> ----- Original Message -----
> From: “Loren Wilton”
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, June 02, 2005 3:05 AM
> Subject: [ntdev] Getting the Windows ProductId string from UM
>
>
>> It appears that the (or maybe “a”) unique serial number string for a
>> given
>> machine is the ProductId string in
>> HKLM->Software->Windows->CurrentVersion->ProductId.
>>
>> Does anyone know if there is a builtin function call that will return
>> this
>> value, or is the Approved Method to walk to registry to get it?
>>
>> Also, is this a unique key that should remain constant on a given machine
>> dispite minor hardware and OS upgrades? And will be different on
>> different
>> machines?
>>
>> I’m looking for something reasonably reliable and hopefully reasonably
>> unspoofable that will indicate one particular machine from the universe
>> of
>> available PCs, and that is available at all times. It has to work on at
>> least W2K and XP, and hopefully also on NT4, ME, and 98OSR2. Going for
>> the
>> network id is unreliable since on some versions of the OS it isn’t
>> available
>> while offline, and it can change if you have more than one network
>> adapter.
>>
>> Since MS has already come up with some field that does something much
>> like
>> what I want, I’d rather bootstrap off of that rather than hack something
>> unreliable of my own. (Which I already have, and it is unreliable, so
>> I’m
>> looking for something else.)
>>
>> Oh, another question. Is this ProductId field actually unique to the
>> machine in the case of Dell, who makes a zillion identical machines with
>> OPK
>> cloned disks, all of which have the identical serial number (zero)? Or
>> are
>> all Dells going to have the same Product Id value, since everything else
>> is
>> identical? This is the problem I’m fighting currently.
>>
>> Thanks,
>> Loren
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@garlic.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Loren Wilton wrote:

It appears that the (or maybe “a”) unique serial number string for a given
machine is the ProductId string in
HKLM->Software->Windows->CurrentVersion->ProductId.

Nope. The “product” that is being identified here is Windows, NOT your
computer. The ProductId will be the same for every machine that uses
the same system, version, service pack, and CD key. It is not related
to the machine at all.

Also, is this a unique key that should remain constant on a given machine
dispite minor hardware and OS upgrades? And will be different on different
machines?

No in both cases.

I’m looking for something reasonably reliable and hopefully reasonably
unspoofable that will indicate one particular machine from the universe of
available PCs, and that is available at all times. It has to work on at
least W2K and XP, and hopefully also on NT4, ME, and 98OSR2. Going for the
network id is unreliable since on some versions of the OS it isn’t available
while offline, and it can change if you have more than one network adapter.

There is simply no such unique identifier. Consider: it CAN’T be done
in software, because many corporate environments install all of their
computers from a single Ghost image, so the hard disks all start out
identical. It has to be something in hardware. The Intel CPU serial
number is the closest thing we’ve had, and we all know what a fuss that
caused when the media blew it out of proportion.

If your product really needs dongle protection, then you will have to
resort to a dongle.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

> If your product really needs dongle protection, then you will have to

resort to a dongle.

The higher-end versions need dongle protection, and have a dongle. Much as
both the users and I dislike dongles.

The low-end product won’t bear the cost of a dongle in the basic price,
although one is available as an extra-cost option to let the program run on
any machine with the dongle plugged in. Without a dongle, the program
should only run on some single machine, at least in theory. That is the
problem I’m trying to solve at the moment.

Now XP & friends have the product activation key. We all know that the dev
keys are reasonably common and may show up on multiple machines. But I’m
not real concerned about that case; people owning copies of MSDN are
unlikely to be my customers for this product, in general.

In theory, although perhaps not in practice, shrinkwrap XP is supposed to
have a separate activation key for every copy. Is that key stored someplace
on the machine where it is accessible, even in an encrypted form? Seems
that might pretty much do what I want, possibly in a corporate
mass-distribution case (not that that is a likely target for my products.)

Loren

Well, unless the machine happens to have a TPM, there isn’t really any
secure way to do this even if you can find such a unique id. But as long
as true security isn’t the goal…

It’s too bad you don’t like the (lowest of the) MAC address(es) of the
network adaptor(s) as a unique key. It’s about as good as it gets when
it comes to widely present non-(easily-)user-changeable globally unique IDs.

If the disk the software is installed on has a SCSI MMC-3 logical unit
serial number that’s another good one. ATA volume serial numbers can be
reasonable too (though not guaranteed to be unique, they’re “pretty”
unique). Again, like MAC addresses, people can (with sufficient effort)
change these with AFAIK no ill effects by writing a very simple filter
driver.

If you’re just looking for a unique id that isn’t particularly secure
(not sure why that would help), there’s the mount manager’s volume GUID
for the disk the software is installed on, which can be retrieved with
GetVolumeNameForVolumeMountPoint.

It’s too bad there exist boot-time defragmenters, or the disk layout of
your executable (suitably marked as “unmovable” :slight_smile: would be pretty
unique.

The activation key (on XP) or product key won’t work, though, because
volume licensed Windows (not just MSDN, but most corporate copies)
aren’t individually activated and all have the same product key. Also,
you can set the product key with a WMI interface (or probably just
change it in the registry), and while that might screw up activation on
XP, it won’t do squat on 2k AFAIK.

Loren Wilton wrote:

>If your product really needs dongle protection, then you will have to
>resort to a dongle.

The higher-end versions need dongle protection, and have a dongle. Much as
both the users and I dislike dongles.

The low-end product won’t bear the cost of a dongle in the basic price,
although one is available as an extra-cost option to let the program run on
any machine with the dongle plugged in. Without a dongle, the program
should only run on some single machine, at least in theory. That is the
problem I’m trying to solve at the moment.

Now XP & friends have the product activation key. We all know that the dev
keys are reasonably common and may show up on multiple machines. But I’m
not real concerned about that case; people owning copies of MSDN are
unlikely to be my customers for this product, in general.

In theory, although perhaps not in practice, shrinkwrap XP is supposed to
have a separate activation key for every copy. Is that key stored someplace
on the machine where it is accessible, even in an encrypted form? Seems
that might pretty much do what I want, possibly in a corporate
mass-distribution case (not that that is a likely target for my products.)

Loren


…/ray..

Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.

Hi Ray, thanks for the suggestions.

What I had been using was GetVolumeInformation on the C:\ drive and then
mangling the various information returned. The problem turns out to be that
all Dell machines return a zero serial number for the drive, which made my
derived key less than unique.

The problem with using the mac address is that on, um, I forget - XP or W2K,
with one of the newer service packs, if the network cable isn’t plugged in,
the networks aren’t installed sufficiently to be able to obtain the mac
address. There is a workaround of setting a registry key, but this I think
basically disables power management. Which people using laptops seem to not
appreciate for some reason.

Of course, the problem is that my app will be installed with the network
cable attached, so I’ll be able to set up a mac-based key just fine. But
since it is an audio playback app for use in a live theater where you really
need things to happen when you ask and not 30 seconds later, everyone knows
to have auto-update turned off and the network cable unplugged. Poof, no mac
address to validate that key I generated during the install…

Hence my desire to find something reasonably simple that is likely to be
around, even if the cable is unplugged, or the machine has two network cards
and the user never remembers which one he used last time. (Another problem
that I’ve had.) Dongles are just sooo much simpler… :slight_smile:

Now, if I knew a way to reliably find the same mac address every time, even
with the network adapter powered down…

I think I’ll play with the GetVolumeNameForVolumeMountPoint call you mention
and see what sort of results I get from it. Maybe that will be ‘good
enough’.

The target here isn’t to try to stop dedicated hackers from using the
product for free. A dedicated hacker can get around *any* security if they
have an executable copy of the code, even if it is hardware protected. The
idea is to preserve a small revenue stream by making it somewhat difficult
for Joe User to buy one copy of the program for 20 bucks and then put it on
every machine he has, and also give it to all of his friends for free, and
upload it to a ‘free audio toolz’ site for everyone else to download for
free. The idea is to make it so Joe User finds it easier to just shell out
another 20 bucks (or 15 if he registered, and so gets a discount) than to
try to hack the machine or program to get around the protection. Or just
buy a dongle for 30 bucks and use it anywhere without more hassle.

Loren

----- Original Message -----
From: “Ray Trent”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Thursday, June 02, 2005 5:30 PM
Subject: Re:[ntdev] Getting the Windows ProductId string from UM

> Well, unless the machine happens to have a TPM, there isn’t really any
> secure way to do this even if you can find such a unique id. But as long
> as true security isn’t the goal…
>
> It’s too bad you don’t like the (lowest of the) MAC address(es) of the
> network adaptor(s) as a unique key. It’s about as good as it gets when
> it comes to widely present non-(easily-)user-changeable globally unique
IDs.
>
> If the disk the software is installed on has a SCSI MMC-3 logical unit
> serial number that’s another good one. ATA volume serial numbers can be
> reasonable too (though not guaranteed to be unique, they’re “pretty”
> unique). Again, like MAC addresses, people can (with sufficient effort)
> change these with AFAIK no ill effects by writing a very simple filter
> driver.
>
> If you’re just looking for a unique id that isn’t particularly secure
> (not sure why that would help), there’s the mount manager’s volume GUID
> for the disk the software is installed on, which can be retrieved with
> GetVolumeNameForVolumeMountPoint.
>
> It’s too bad there exist boot-time defragmenters, or the disk layout of
> your executable (suitably marked as “unmovable” :slight_smile: would be pretty
> unique.
>
> The activation key (on XP) or product key won’t work, though, because
> volume licensed Windows (not just MSDN, but most corporate copies)
> aren’t individually activated and all have the same product key. Also,
> you can set the product key with a WMI interface (or probably just
> change it in the registry), and while that might screw up activation on
> XP, it won’t do squat on 2k AFAIK.
>
> Loren Wilton wrote:
> >>If your product really needs dongle protection, then you will have to
> >>resort to a dongle.
> >
> >
> > The higher-end versions need dongle protection, and have a dongle. Much
as
> > both the users and I dislike dongles.
> >
> > The low-end product won’t bear the cost of a dongle in the basic price,
> > although one is available as an extra-cost option to let the program run
on
> > any machine with the dongle plugged in. Without a dongle, the program
> > should only run on some single machine, at least in theory. That is the
> > problem I’m trying to solve at the moment.
> >
> > Now XP & friends have the product activation key. We all know that the
dev
> > keys are reasonably common and may show up on multiple machines. But
I’m
> > not real concerned about that case; people owning copies of MSDN are
> > unlikely to be my customers for this product, in general.
> >
> > In theory, although perhaps not in practice, shrinkwrap XP is supposed
to
> > have a separate activation key for every copy. Is that key stored
someplace
> > on the machine where it is accessible, even in an encrypted form? Seems
> > that might pretty much do what I want, possibly in a corporate
> > mass-distribution case (not that that is a likely target for my
products.)
> >
> > Loren
> >
> >
>
> –
> …/ray..
>
> Please remove “.spamblock” from my email address if you need to contact
> me outside the newsgroup.
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@earthlink.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Try the OOBETimer value in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\WPAEvents key. It has something to do with Windows
activation (if you mess with it, you will have to activate your Windows).

Also, check the Identifier value in the
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\6\DiskController\0\DiskPeripheral\0
key. This looks like disk drive serial number or something. I’ve seen some
products that use these value among others to identify a machine. Note that
some other value may be in key name instead of 6 depending on the version of
Windows.

I cannot guarantee that these values are exactly what you are looking for,
but I’ve seen sources where they are used. If you come up with a good
solution, be sure to post a message here (I’m also looking for a reliable
way to identify a machine).

“Loren Wilton” wrote in message news:xxxxx@ntdev…
> It appears that the (or maybe “a”) unique serial number string for a given
> machine is the ProductId string in
> HKLM->Software->Windows->CurrentVersion->ProductId.
>
> Does anyone know if there is a builtin function call that will return this
> value, or is the Approved Method to walk to registry to get it?
>
> Also, is this a unique key that should remain constant on a given machine
> dispite minor hardware and OS upgrades? And will be different on
> different
> machines?
>
> I’m looking for something reasonably reliable and hopefully reasonably
> unspoofable that will indicate one particular machine from the universe of
> available PCs, and that is available at all times. It has to work on at
> least W2K and XP, and hopefully also on NT4, ME, and 98OSR2. Going for
> the
> network id is unreliable since on some versions of the OS it isn’t
> available
> while offline, and it can change if you have more than one network
> adapter.
>
> Since MS has already come up with some field that does something much like
> what I want, I’d rather bootstrap off of that rather than hack something
> unreliable of my own. (Which I already have, and it is unreliable, so I’m
> looking for something else.)
>
> Oh, another question. Is this ProductId field actually unique to the
> machine in the case of Dell, who makes a zillion identical machines with
> OPK
> cloned disks, all of which have the identical serial number (zero)? Or
> are
> all Dells going to have the same Product Id value, since everything else
> is
> identical? This is the problem I’m fighting currently.
>
> Thanks,
> Loren
>
>

You may want to explore the Seagate Trusted Drive. The current
implementation will give you Smartcard with TPM like capabilities from a
hard disc and should provide you the uniqueness you require.


The personal opinion of
Gary G. Little

“Loren Wilton” wrote in message news:xxxxx@ntdev…
>> If your product really needs dongle protection, then you will have to
>> resort to a dongle.
>
> The higher-end versions need dongle protection, and have a dongle. Much
> as
> both the users and I dislike dongles.
>
> The low-end product won’t bear the cost of a dongle in the basic price,
> although one is available as an extra-cost option to let the program run
> on
> any machine with the dongle plugged in. Without a dongle, the program
> should only run on some single machine, at least in theory. That is the
> problem I’m trying to solve at the moment.
>
> Now XP & friends have the product activation key. We all know that the
> dev
> keys are reasonably common and may show up on multiple machines. But I’m
> not real concerned about that case; people owning copies of MSDN are
> unlikely to be my customers for this product, in general.
>
> In theory, although perhaps not in practice, shrinkwrap XP is supposed to
> have a separate activation key for every copy. Is that key stored
> someplace
> on the machine where it is accessible, even in an encrypted form? Seems
> that might pretty much do what I want, possibly in a corporate
> mass-distribution case (not that that is a likely target for my products.)
>
> Loren
>
>

Loren Wilton wrote:
> The problem with using the mac address is that on, um, I forget - XP
or W2K,
> with one of the newer service packs, if the network cable isn’t
plugged in,
> the networks aren’t installed sufficiently to be able to obtain the mac
> address. There is a workaround of setting a registry key, but this I
think
> basically disables power management. Which people using laptops seem
to not
> appreciate for some reason.

If you’re ok with only supporting machines that at some point have
network cards with MAC addresses, why not find the MAC address(s) once,
store it/them in the registry, and then invalidate/revalidate if you
ever see that that a network card is present but has a different MAC
address than those stored (with a timeout, presumably, to deal with
“plug it in once and never again” scenarios).

Yes, someone could theoretically turn off their network or swap their
network card every time they use your software, but is that perhaps
sufficiently in the category of “enough trouble that people won’t bother”?

…/ray..

Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Ray Trent[SMTP:xxxxx@synaptics.spamblock.com]
Reply To: Windows System Software Devs Interest List
Sent: Friday, June 03, 2005 7:38 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Getting the Windows ProductId string from UM

If you’re ok with only supporting machines that at some point have
network cards with MAC addresses, why not find the MAC address(s) once,
store it/them in the registry, and then invalidate/revalidate if you
ever see that that a network card is present but has a different MAC
address than those stored (with a timeout, presumably, to deal with
“plug it in once and never again” scenarios).

It isn’t so simple. There are virtual adapters, for example for VMware. It seems their MAC address depends on virtual network configuration which can be changed easily and it needs to be changed sometimes. Also RAS/NdisWan uses virtual adapters and also direct cable connections do (the use NdisWan).

Yes, someone could theoretically turn off their network or swap their
network card every time they use your software, but is that perhaps
sufficiently in the category of “enough trouble that people won’t bother”?

Bad assumption. I have two physical network cards and one is usually disabled. Why? Because it is for my personal testing network and MS networking behaves better with only one network card so I disable it when don’t need it. If I install this software with card disabled and later enable it, it would stop working. Classic example when “protection” only annoys legal users and pirates smile. Do you think it is so hard to find software tries to use MAC addresses and forge them?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]